Module: Msf::Handler::FindPort

Includes:
Msf::Handler
Included in:
FindShell, FindTag, FindTty
Defined in:
lib/msf/core/handler/find_port.rb

Overview

This handlers implements port-based findsock handling.

Constant Summary

Constants included from Msf::Handler

Claimed, Unused

Instance Attribute Summary collapse

Attributes included from Msf::Handler

#exploit_config, #parent_payload, #pending_connections, #session_waiter_event, #sessions

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Msf::Handler

#add_handler, #cleanup_handler, #handle_connection, #handler_name, #interrupt_wait_for_session, #register_session, #setup_handler, #start_handler, #stop_handler, #wait_for_session, #wfs_delay

Instance Attribute Details

#_handler_return_valueObject (protected)

:nodoc:


145
146
147
# File 'lib/msf/core/handler/find_port.rb', line 145

def _handler_return_value
  @_handler_return_value
end

Class Method Details

.general_handler_typeObject

Returns the connection oriented general handler type, in this case 'find'.


26
27
28
# File 'lib/msf/core/handler/find_port.rb', line 26

def self.general_handler_type
  "find"
end

.handler_typeObject

Returns the string representation of the handler type, in this case 'find_port'.


18
19
20
# File 'lib/msf/core/handler/find_port.rb', line 18

def self.handler_type
  return "find_port"
end

Instance Method Details

#_check_shell(sock) ⇒ Object (protected)

Checks to see if a shell has been allocated on the connection. This is only done for payloads that use the CommandShell session.


117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
# File 'lib/msf/core/handler/find_port.rb', line 117

def _check_shell(sock)
  ebuf = Rex::Text.rand_text_alphanumeric(16)

  # Send any identifying information that the find sock may need on
  # the other side, such as a tag.  If we do actually send something,
  # wait a bit longer to let the remote side find us.
  if (_send_id(sock))
    Rex::ThreadSafe.sleep(1.5)
  end

  # Make sure the read buffer is empty before we test for a shell
  sock.get_once(-1,1)
  # Check to see if the shell exists
  sock.put("\necho #{ebuf}\n")

  # Try to read a response
  rbuf = sock.get_once

  # If it contains our string, then we rock
  if (rbuf =~ /#{ebuf}/)
    print_status("Found shell.")

    return true
  else
    return false
  end
end

#_find_prefix(sock) ⇒ Object (protected)

Prefix to the stage if necessary.


74
75
# File 'lib/msf/core/handler/find_port.rb', line 74

def _find_prefix(sock)
end

#_send_id(sock) ⇒ Object (protected)

Sends the identifier if there is one.


80
81
# File 'lib/msf/core/handler/find_port.rb', line 80

def _send_id(sock)
end

#create_session(sock, opts = {}) ⇒ Object (protected)

Wrapper to create session that makes sure we actually have a session to create…


87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# File 'lib/msf/core/handler/find_port.rb', line 87

def create_session(sock, opts={})
  go = true

  # Give the payload a chance to run
  Rex::ThreadSafe.sleep(1.5)

  # This is a hack.  If the session is a shell, we check to see if it's
  # functional by sending an echo which tells us whether or not we're good
  # to go.
  if (self.session and self.session.type == 'shell')
    go = _check_shell(sock)
  else
    print_status("Trying to use connection...")
  end

  # If we're good to go, create the session.
  rv = (go == true) ? super : nil


  if (rv)
    self._handler_return_value = Claimed
  end

  return rv
end

#handler(sock) ⇒ Object

Check to see if there's a shell on the supplied sock. This check currently only works for shells.


47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# File 'lib/msf/core/handler/find_port.rb', line 47

def handler(sock)
  return if not sock

  _find_prefix(sock)

  # Flush the receive buffer
  sock.get_once(-1, 1)

  # If this is a multi-stage payload, then we just need to blindly
  # transmit the stage and create the session, hoping that it works.
  if (self.payload_type != Msf::Payload::Type::Single)
    handle_connection(sock, { datastore: datastore })
  # Otherwise, check to see if we found a session.  We really need
  # to improve this, as we could create a session when the exploit
  # really didn't succeed.
  else
    create_session(sock)
  end

  return self._handler_return_value
end

#initialize(info = {}) ⇒ Object

Initializes the find port handler and adds the client port option that is required for port-based findsock payloads to function.


34
35
36
37
38
39
40
41
# File 'lib/msf/core/handler/find_port.rb', line 34

def initialize(info = {})
  super

  register_options(
    [
      Opt::CPORT(rand(64000) + 1024),
    ], Msf::Handler::FindPort)
end