Module: Msf::Handler::FindPort

Includes:

Msf::Handler

Included in:

FindShell, FindTag, FindTty

Defined in:

lib/msf/core/handler/find_port.rb

Overview

This handlers implements port-based findsock handling.

Constant Summary

Constants included from Msf::Handler

Claimed, Unused

Instance Attribute Summary

• #_handler_return_value ⇒ Object protected

  :nodoc:.

Attributes included from Msf::Handler

#exploit_config, #parent_payload, #pending_connections, #session_waiter_event, #sessions

Class Method Summary

• .general_handler_type ⇒ Object

  Returns the connection oriented general handler type, in this case ‘find’.

• .handler_type ⇒ Object

  Returns the string representation of the handler type, in this case ‘find_port’.

Instance Method Summary

• #_check_shell(sock) ⇒ Object protected

  Checks to see if a shell has been allocated on the connection.

• #_find_prefix(sock) ⇒ Object protected

  Prefix to the stage if necessary.

• #_send_id(sock) ⇒ Object protected

  Sends the identifier if there is one.

• #create_session(sock, opts = {}) ⇒ Object protected

  Wrapper to create session that makes sure we actually have a session to create…

• #handler(sock) ⇒ Object

  Check to see if there’s a shell on the supplied sock.

• #initialize(info = {}) ⇒ Object

  Initializes the find port handler and adds the client port option that is required for port-based findsock payloads to function.

Methods included from Msf::Handler

#add_handler, #cleanup_handler, #handle_connection, #handler_name, #interrupt_wait_for_session, #register_session, #setup_handler, #start_handler, #stop_handler, #wait_for_session, #wfs_delay

Instance Attribute Details

#_handler_return_value ⇒ Object (protected)

:nodoc:

# File 'lib/msf/core/handler/find_port.rb', line 145

def _handler_return_value
  @_handler_return_value
end

Class Method Details

.general_handler_type ⇒ Object

Returns the connection oriented general handler type, in this case ‘find’.

# File 'lib/msf/core/handler/find_port.rb', line 26

def self.general_handler_type
  "find"
end

.handler_type ⇒ Object

Returns the string representation of the handler type, in this case ‘find_port’.

# File 'lib/msf/core/handler/find_port.rb', line 18

def self.handler_type
  return "find_port"
end

Instance Method Details

#_check_shell(sock) ⇒ Object (protected)

Checks to see if a shell has been allocated on the connection. This is only done for payloads that use the CommandShell session.

# File 'lib/msf/core/handler/find_port.rb', line 117

def _check_shell(sock)
  ebuf = Rex::Text.rand_text_alphanumeric(16)

  # Send any identifying information that the find sock may need on
  # the other side, such as a tag.  If we do actually send something,
  # wait a bit longer to let the remote side find us.
  if (_send_id(sock))
    Rex::ThreadSafe.sleep(1.5)
  end

  # Make sure the read buffer is empty before we test for a shell
  sock.get_once(-1,1)
  # Check to see if the shell exists
  sock.put("\necho #{ebuf}\n")

  # Try to read a response
  rbuf = sock.get_once

  # If it contains our string, then we rock
  if (rbuf =~ /#{ebuf}/)
    print_status("Found shell.")

    return true
  else
    return false
  end
end

#_find_prefix(sock) ⇒ Object (protected)

Prefix to the stage if necessary.

# File 'lib/msf/core/handler/find_port.rb', line 74

def _find_prefix(sock)
end

#_send_id(sock) ⇒ Object (protected)

Sends the identifier if there is one.

# File 'lib/msf/core/handler/find_port.rb', line 80

def _send_id(sock)
end

#create_session(sock, opts = {}) ⇒ Object (protected)

Wrapper to create session that makes sure we actually have a session to create…

# File 'lib/msf/core/handler/find_port.rb', line 87

def create_session(sock, opts={})
  go = true

  # Give the payload a chance to run
  Rex::ThreadSafe.sleep(1.5)

  # This is a hack.  If the session is a shell, we check to see if it's
  # functional by sending an echo which tells us whether or not we're good
  # to go.
  if (self.session and self.session.type == 'shell')
    go = _check_shell(sock)
  else
    print_status("Trying to use connection...")
  end

  # If we're good to go, create the session.
  rv = (go == true) ? super : nil


  if (rv)
    self._handler_return_value = Claimed
  end

  return rv
end

#handler(sock) ⇒ Object

Check to see if there’s a shell on the supplied sock. This check currently only works for shells.

# File 'lib/msf/core/handler/find_port.rb', line 47

def handler(sock)
  return if not sock

  _find_prefix(sock)

  # Flush the receive buffer
  sock.get_once(-1, 1)

  # If this is a multi-stage payload, then we just need to blindly
  # transmit the stage and create the session, hoping that it works.
  if (self.payload_type != Msf::Payload::Type::Single)
    handle_connection(sock, { datastore: datastore })
  # Otherwise, check to see if we found a session.  We really need
  # to improve this, as we could create a session when the exploit
  # really didn't succeed.
  else
    create_session(sock)
  end

  return self._handler_return_value
end

#initialize(info = {}) ⇒ Object

Initializes the find port handler and adds the client port option that is required for port-based findsock payloads to function.

# File 'lib/msf/core/handler/find_port.rb', line 34

def initialize(info = {})
  super

  register_options(
    [
      Opt::CPORT(rand(64000) + 1024),
    ], Msf::Handler::FindPort)
end