Module: Msf::Exploit::Remote::Udp

Included in:
MSSQL, SNMPClient
Defined in:
lib/msf/core/exploit/udp.rb

Overview

This module provides methods for communicating with a host over UDP

Instance Method Summary collapse

Instance Method Details

#chostObject

Returns the local host for outgoing connections


140
141
142
# File 'lib/msf/core/exploit/udp.rb', line 140

def chost
  datastore['CHOST']
end

#cleanupObject

Performs cleanup, disconnects the socket if necessary


98
99
100
101
# File 'lib/msf/core/exploit/udp.rb', line 98

def cleanup
  super
  disconnect_udp
end

#connect_udp(global = true, opts = {}) ⇒ Object

Creates a UDP socket for communicating with a remote host


35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/msf/core/exploit/udp.rb', line 35

def connect_udp(global = true, opts={})
  nsock = Rex::Socket::Udp.create(
    'PeerHost'  =>  opts['RHOST'] || rhost,
    'PeerPort'  => (opts['RPORT'] || rport).to_i,
    'LocalHost' =>  opts['CHOST'] || chost || "0.0.0.0",
    'LocalPort' => (opts['CPORT'] || cport || 0).to_i,
    'Context'   =>
      {
        'Msf'        => framework,
        'MsfExploit' => self,
      })

  # Set this socket to the global socket as necessary
  self.udp_sock = nsock if (global)

  # Add this socket to the list of sockets created by this exploit
  add_socket(nsock)

  return nsock
end

#cportObject

Returns the local port for outgoing connections


147
148
149
# File 'lib/msf/core/exploit/udp.rb', line 147

def cport
  datastore['CPORT']
end

#disconnect_udp(nsock = self.udp_sock) ⇒ Object

Closes the UDP socket


59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# File 'lib/msf/core/exploit/udp.rb', line 59

def disconnect_udp(nsock = self.udp_sock)
  begin
    if (nsock)
      nsock.shutdown
      nsock.close
    end
  rescue IOError
  end

  if (nsock == udp_sock)
    self.udp_sock = nil
  end

  # Remove this socket from the list of sockets created by this exploit
  remove_socket(nsock)
end

#handler(nsock = self.udp_sock) ⇒ Object

Claims the UDP socket if the payload so desires.


79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'lib/msf/core/exploit/udp.rb', line 79

def handler(nsock = self.udp_sock)
  # If the handler claims the socket, then we don't want it to get closed
  # during cleanup
  if ((rv = super) == Handler::Claimed)
    if (nsock == self.udp_sock)
      self.sock = nil
    end

    # Remove this socket from the list of sockets so that it will not be
    # aborted.
    remove_socket(nsock)
  end

  return rv
end

#initialize(info = {}) ⇒ Object

Initializes an instance of an exploit module that exploits a vulnerability in a UDP service


15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# File 'lib/msf/core/exploit/udp.rb', line 15

def initialize(info = {})
  super

  register_options(
    [
      Opt::RHOST,
      Opt::RPORT,
    ], Msf::Exploit::Remote::Udp)

  register_advanced_options(
    [
      Opt::CPORT,
      Opt::CHOST
    ], Msf::Exploit::Remote::Udp
  )
end

#lhostObject

Returns the local host


126
127
128
# File 'lib/msf/core/exploit/udp.rb', line 126

def lhost
  datastore['LHOST']
end

#lportObject

Returns the local port


133
134
135
# File 'lib/msf/core/exploit/udp.rb', line 133

def lport
  datastore['LPORT']
end

#rhostObject

Returns the target host


112
113
114
# File 'lib/msf/core/exploit/udp.rb', line 112

def rhost
  datastore['RHOST']
end

#rportObject

Returns the remote port


119
120
121
# File 'lib/msf/core/exploit/udp.rb', line 119

def rport
  datastore['RPORT']
end