Module: Msf::Simple::Exploit
- Includes:
- Module
- Defined in:
- lib/msf/base/simple/exploit.rb
Overview
A simplified exploit wrapper.
Class Method Summary collapse
-
.check_simple(mod, opts, job_listener: Msf::Simple::NoopJobListener.instance) ⇒ Object
Initiates a check, setting up the exploit to be used.
-
.exploit_simple(oexploit, opts, &block) ⇒ Object
Wraps the exploitation process in a simple single method.
- .job_check_proc(ctx) ⇒ Object protected
Instance Method Summary collapse
-
#check_simple(opts) ⇒ Object
Calls the class method.
-
#exploit_simple(opts, &block) ⇒ Object
Calls the class method.
Methods included from Module
#_import_extra_options, #init_simplified, #inspect, #load_config, #save_config
Class Method Details
.check_simple(mod, opts, job_listener: Msf::Simple::NoopJobListener.instance) ⇒ Object
Initiates a check, setting up the exploit to be used. The following options can be specified:
LocalInput
The local input handle that data can be read in from.
LocalOutput
The local output through which data can be displayed.
187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 |
# File 'lib/msf/base/simple/exploit.rb', line 187 def self.check_simple(mod, opts, job_listener: Msf::Simple::NoopJobListener.instance) Msf::Simple::Framework.simplify_module(mod) mod.(opts) if opts['LocalInput'] mod.init_ui(opts['LocalInput'], opts['LocalOutput']) end unless mod.has_check? # Bail out early if the module doesn't have check raise ::NotImplementedError.new(Msf::Exploit::CheckCode::Unsupported.) end # Validate the option container state so that options will # be normalized mod.validate run_uuid = Rex::Text.rand_text_alphanumeric(24) job_listener.waiting run_uuid ctx = [mod, run_uuid, job_listener] if opts['RunAsJob'] mod.job_id = mod.framework.jobs.start_bg_job( "Exploit: #{mod.refname} check", ctx, Proc.new { |ctx_| self.job_check_proc(ctx_) }, Proc.new { |ctx_| nil } ) [run_uuid, mod.job_id] else self.job_check_proc(ctx) end end |
.exploit_simple(oexploit, opts, &block) ⇒ Object
Wraps the exploitation process in a simple single method. The options hash can have the following values passed in it:
Encoder
The encoder module that should be used.
Payload
The payload module name that should be used.
Target
The selected target index.
Nop
The NOP generator that should be used in preference.
OptionStr
A string of comma separated option values that should be imported into the datastore.
Options
A hash of values to be imported directly into the datastore.
LocalInput
The local input handle that data can be read in from.
LocalOutput
The local output through which data can be displayed.
RunAsJob
Whether or not the exploit should be run in the context of a background job.
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
# File 'lib/msf/base/simple/exploit.rb', line 57 def self.exploit_simple(oexploit, opts, &block) exploit = oexploit.replicant # Trap and print errors here (makes them UI-independent) begin # Clone the module to prevent changes to the original instance Msf::Simple::Framework.simplify_module(exploit) yield(exploit) if block_given? # Import options from the OptionStr or Option hash. exploit.(opts) opts['Payload'] ||= exploit.datastore['Payload'] unless opts['Quiet'] exploit.init_ui(opts['LocalInput'] || exploit.user_input, opts['LocalOutput'] || exploit.user_output) else exploit.init_ui(nil, nil) end # Make sure parameters are valid. if (opts['Payload'] == nil) raise MissingPayloadError, 'A payload has not been selected.', caller end # Verify the options exploit..validate(exploit.datastore) # Start it up driver = ExploitDriver.new(exploit.framework) # Keep the handler of driver running if exploiting multiple targets. driver.keep_handler = true if opts['multi'] # Initialize the driver instance driver.exploit = exploit driver.payload = exploit.framework.payloads.create(opts['Payload']) # Set the force wait for session flag if the caller requested force # blocking. This is so that passive exploits can be blocked on from # things like the cli. driver.force_wait_for_session = true if (opts['ForceBlocking'] == true) # Was the payload valid? if (driver.payload == nil) raise MissingPayloadError, "You specified an invalid payload: #{opts['Payload']}", caller end # Use the supplied encoder, if any. If one was not specified, then # nil will be assigned causing the exploit to default to picking the # best encoder. exploit.datastore['ENCODER'] = opts['Encoder'] if opts['Encoder'] # Use the supplied NOP generator, if any. If one was not specified, then # nil will be assigned causing the exploit to default to picking a # compatible NOP generator. exploit.datastore['NOP'] = opts['Nop'] if opts['Nop'] # Force the payload to share the exploit's datastore driver.payload.share_datastore(driver.exploit.datastore) # Verify the payload options driver.payload..validate(driver.payload.datastore) # Set the target and then work some magic to derive index exploit.datastore['TARGET'] = opts['Target'] if opts['Target'] target_idx = exploit.target_index if (target_idx == nil or target_idx < 0) raise MissingTargetError, "You must select a target.", caller end driver.target_idx = target_idx # Set the payload and exploit's subscriber values unless opts['Quiet'] driver.payload.init_ui(opts['LocalInput'] || exploit.user_input, opts['LocalOutput'] || exploit.user_output) else driver.payload.init_ui(nil, nil) end if (opts['RunAsJob']) driver.use_job = true end # Let's rock this party driver.run # Save the job identifier this exploit is running as exploit.job_id = driver.job_id # Propagate this back to the caller for console mgmt oexploit.job_id = exploit.job_id rescue ::Interrupt exploit.error = $! raise $! rescue ::Msf::OptionValidateError => e exploit.error = e ::Msf::Ui::Formatter::OptionValidateError.print_error(exploit, e) return false rescue ::Exception => e exploit.error = e exploit.print_error("Exploit failed: #{e}") elog("Exploit failed (#{exploit.refname})", error: e) end return driver.session if driver nil end |
.job_check_proc(ctx) ⇒ Object (protected)
230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 |
# File 'lib/msf/base/simple/exploit.rb', line 230 def self.job_check_proc(ctx) mod = ctx[0] run_uuid = ctx[1] job_listener = ctx[2] begin job_listener.start run_uuid mod.setup result = mod.check job_listener.completed(run_uuid, result, mod) rescue => e job_listener.failed(run_uuid, e, mod) mod.handle_exception e ensure mod.cleanup end return result end |
Instance Method Details
#check_simple(opts) ⇒ Object
Calls the class method.
224 225 226 |
# File 'lib/msf/base/simple/exploit.rb', line 224 def check_simple(opts) Msf::Simple::Exploit.check_simple(self, opts) end |
#exploit_simple(opts, &block) ⇒ Object
Calls the class method.
171 172 173 |
# File 'lib/msf/base/simple/exploit.rb', line 171 def exploit_simple(opts, &block) Msf::Simple::Exploit.exploit_simple(self, opts, &block) end |