Module: Msf::Simple::Exploit

Includes:
Module
Defined in:
lib/msf/base/simple/exploit.rb

Overview

A simplified exploit wrapper.

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Module

#_import_extra_options, #init_simplified, #inspect, #load_config, #save_config

Class Method Details

.check_simple(mod, opts) ⇒ Object

Initiates a check, setting up the exploit to be used. The following options can be specified:

LocalInput

The local input handle that data can be read in from.

LocalOutput

The local output through which data can be displayed.


176
177
178
179
180
181
182
183
184
185
186
187
# File 'lib/msf/base/simple/exploit.rb', line 176

def self.check_simple(mod, opts)
  if opts['LocalInput']
    mod.init_ui(opts['LocalInput'], opts['LocalOutput'])
  end

  # Validate the option container state so that options will
  # be normalized
  mod.validate

  # Run check
  mod.check
end

.exploit_simple(oexploit, opts, &block) ⇒ Object

Wraps the exploitation process in a simple single method. The options hash can have the following values passed in it:

Encoder

The encoder module that should be used.

Payload

The payload module name that should be used.

Target

The selected target index.

Nop

The NOP generator that should be used in preference.

OptionStr

A string of comma separated option values that should be imported into the datastore.

Options

A hash of values to be imported directly into the datastore.

LocalInput

The local input handle that data can be read in from.

LocalOutput

The local output through which data can be displayed.

RunAsJob

Whether or not the exploit should be run in the context of a background job.


58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# File 'lib/msf/base/simple/exploit.rb', line 58

def self.exploit_simple(oexploit, opts, &block)
  # Trap and print errors here (makes them UI-independent)
  begin

    # Clone the module to prevent changes to the original instance
    exploit = oexploit.replicant
    Msf::Simple::Framework.simplify_module( exploit, false )
    yield(exploit) if block_given?

    # Import options from the OptionStr or Option hash.
    exploit._import_extra_options(opts)

    # Make sure parameters are valid.
    if (opts['Payload'] == nil)
      raise MissingPayloadError.new, caller
    end

    # Verify the options
    exploit.options.validate(exploit.datastore)

    # Start it up
    driver = ExploitDriver.new(exploit.framework)

    # Initialize the driver instance
    driver.exploit    = exploit
    driver.payload    = exploit.framework.payloads.create(opts['Payload'])

    # Set the force wait for session flag if the caller requested force
    # blocking.  This is so that passive exploits can be blocked on from
    # things like the cli.
    driver.force_wait_for_session = true if (opts['ForceBlocking'] == true)

    # Was the payload valid?
    if (driver.payload == nil)
      raise MissingPayloadError,
        "You specified an invalid payload: #{opts['Payload']}", caller
    end

    # Use the supplied encoder, if any.  If one was not specified, then
    # nil will be assigned causing the exploit to default to picking the
    # best encoder.
    exploit.datastore['ENCODER'] = opts['Encoder'] if opts['Encoder']

    # Force the payload to share the exploit's datastore
    driver.payload.share_datastore(driver.exploit.datastore)

    # Verify the payload options
    driver.payload.options.validate(driver.payload.datastore)

    # If we still have no target index, try to use the datastore's index
    target_idx = opts['Target'] || exploit.default_target

    # Convert it to an integer if it's valid
    if (target_idx)
      target_idx = target_idx.to_i
    end

    if (target_idx == nil or target_idx < 0)
      raise MissingTargetError,
        "You must select a target.", caller
    end

    driver.target_idx = target_idx

    # Set the payload and exploit's subscriber values
    if ! opts['Quiet']
      driver.exploit.init_ui(opts['LocalInput'] || exploit.user_input, opts['LocalOutput'] || exploit.user_output)
      driver.payload.init_ui(opts['LocalInput'] || exploit.user_input, opts['LocalOutput'] || exploit.user_output)
    else
      driver.exploit.init_ui(nil, nil)
      driver.payload.init_ui(nil, nil)
    end

    if (opts['RunAsJob'])
      driver.use_job = true
    end

    # Let's rock this party
    driver.run

    # Save the job identifier this exploit is running as
    exploit.job_id  = driver.job_id

    # Propagate this back to the caller for console mgmt
    oexploit.job_id = exploit.job_id
  rescue ::Interrupt
    exploit.error = $!
    raise $!
  rescue ::Exception => e
    exploit.error = e
    exploit.print_error("Exploit failed: #{e}")
    elog("Exploit failed (#{exploit.refname}): #{e}", 'core', LEV_0)
    dlog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_3)
  end

  return driver.session if driver
  nil
end

Instance Method Details

#check_simple(opts) ⇒ Object

Calls the class method.


192
193
194
# File 'lib/msf/base/simple/exploit.rb', line 192

def check_simple(opts)
  Msf::Simple::Exploit.check_simple(self, opts)
end

#exploit_simple(opts, &block) ⇒ Object

Calls the class method.


160
161
162
# File 'lib/msf/base/simple/exploit.rb', line 160

def exploit_simple(opts, &block)
  Msf::Simple::Exploit.exploit_simple(self, opts, &block)
end