Class: Msf::Plugin::Msfd

Inherits:
Msf::Plugin show all
Defined in:
plugins/msfd.rb

Overview

This class implements the msfd plugin interface.

Constant Summary collapse

DefaultHost =

The default local hostname that the server listens on.

'127.0.0.1'.freeze
DefaultPort =

The default local port that the server listens on.

55554

Instance Attribute Summary collapse

Attributes inherited from Msf::Plugin

#opts

Attributes included from Framework::Offspring

#framework

Instance Method Summary collapse

Methods inherited from Msf::Plugin

#add_console_dispatcher, create, #flush, #input, #output, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #remove_console_dispatcher

Constructor Details

#initialize(framework, opts) ⇒ Msfd

Initializes the msfd plugin. The following options are supported in the hash by this plugin:

ServerHost

The local hostname to listen on for connections. The default is 127.0.0.1.

ServerPort

The local port to listen on for connections. The default is 55554.

SSL

Use SSL

RunInForeground

Instructs the plugin to now execute the daemon in a worker thread and to instead allow the caller to manage executing the daemon through the “run” method.

HostsAllowed

List of hosts (in NBO) allowed to use msfd

HostsDenied

List of hosts (in NBO) not allowed to use msfd



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# File 'plugins/msfd.rb', line 58

def initialize(framework, opts)
  super

  # Start listening for connections.
  self.server	= Rex::Socket::TcpServer.create(
    'LocalHost' => opts['ServerHost'] || DefaultHost,
    'LocalPort' => opts['ServerPort'] || DefaultPort,
    'SSL' => opts['SSL']
  )

  # If the run in foreground flag is not specified, then go ahead and fire
  # it off in a worker thread.
  if (opts['RunInForeground'] != true)
    Thread.new do
      run(opts)
    end
  end
end

Instance Attribute Details

#serverObject (protected)

The listening socket instance.



155
156
157
# File 'plugins/msfd.rb', line 155

def server
  @server
end

Instance Method Details

#cleanupObject

Closes the listener service.



145
146
147
148
# File 'plugins/msfd.rb', line 145

def cleanup
  ilog('Msfd: Shutting down server', 'core')
  server.close
end

#descObject

Returns the msfd plugin description.



87
88
89
# File 'plugins/msfd.rb', line 87

def desc
  'Provides a console interface to users over a listening TCP port'
end

#nameObject

Returns ‘msfd’



80
81
82
# File 'plugins/msfd.rb', line 80

def name
  'msfd'
end

#run(opts = {}) ⇒ Object

Runs the msfd plugin by blocking on new connections and then spawning threads to handle the console interface for each client.



95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
# File 'plugins/msfd.rb', line 95

def run(opts = {})
  loop do
    client = server.accept

    addr = Rex::Socket.resolv_nbo(client.peerhost)

    if opts['HostsAllowed'] &&
       !opts['HostsAllowed'].find { |x| x == addr }
      client.close
      next
    end

    if opts['HostsDenied'] &&
       opts['HostsDenied'].find { |x| x == addr }
      client.close
      next
    end
    msg = "Msfd: New connection from #{client.peerhost}"
    ilog(msg, 'core')
    print_status(msg)

    # Spawn a thread for the client connection
    Thread.new(client) do |cli|
      Msf::Ui::Console::Driver.new(
        Msf::Ui::Console::Driver::DefaultPrompt,
        Msf::Ui::Console::Driver::DefaultPromptChar,
        'Framework' => framework,
        'LocalInput' => Rex::Ui::Text::Input::Socket.new(cli),
        'LocalOutput' => Rex::Ui::Text::Output::Socket.new(cli),
        'AllowCommandPassthru' => false,
        'DisableBanner' => opts['DisableBanner'] ? true : false
      ).run
    rescue StandardError => e
      elog('Msfd client error', error: e)
    ensure
      msg = "Msfd: Closing client connection with #{cli.peerhost}"
      ilog(msg, 'core')
      print_status(msg)
      begin
        cli.shutdown
        cli.close
      rescue IOError
      end
    end
  end
end