2012-06-29 05:18:28 +00:00
|
|
|
# -*- coding: binary -*-
|
2011-08-24 21:41:03 +00:00
|
|
|
require 'msf/ui/console/command_dispatcher'
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
module Ui
|
|
|
|
module Console
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# Module-specific command dispatcher.
|
|
|
|
#
|
|
|
|
###
|
|
|
|
module ModuleCommandDispatcher
|
|
|
|
|
2013-08-30 21:28:33 +00:00
|
|
|
include Msf::Ui::Console::CommandDispatcher
|
|
|
|
|
|
|
|
def commands
|
|
|
|
{
|
|
|
|
"pry" => "Open a Pry session on the current module",
|
|
|
|
"reload" => "Reload the current module from disk",
|
|
|
|
"check" => "Check to see if a target is vulnerable"
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# The active driver module, if any.
|
|
|
|
#
|
|
|
|
def mod
|
|
|
|
return driver.active_module
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Sets the active driver module.
|
|
|
|
#
|
|
|
|
def mod=(m)
|
|
|
|
self.driver.active_module = m
|
|
|
|
end
|
|
|
|
|
2014-01-25 05:32:29 +00:00
|
|
|
def check_progress
|
|
|
|
return 0 unless @range_done and @range_count
|
|
|
|
pct = (@range_done / @range_count.to_f) * 100
|
|
|
|
end
|
|
|
|
|
|
|
|
def check_show_progress
|
|
|
|
pct = check_progress
|
|
|
|
if(pct >= (@range_percent + @show_percent))
|
|
|
|
@range_percent = @range_percent + @show_percent
|
|
|
|
tdlen = @range_count.to_s.length
|
|
|
|
print_status("Checked #{"%.#{tdlen}d" % @range_done} of #{@range_count} hosts (#{"%.3d" % pct.to_i}% complete)")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def check_multiple(hosts)
|
2014-01-26 18:15:47 +00:00
|
|
|
# This part of the code is mostly from scanner.rb
|
2014-01-25 05:32:29 +00:00
|
|
|
@show_progress = framework.datastore['ShowProgress'] || mod.datastore['ShowProgress'] || false
|
|
|
|
@show_percent = ( framework.datastore['ShowProgressPercent'] || mod.datastore['ShowProgressPercent'] ).to_i
|
|
|
|
|
|
|
|
@range_count = hosts.length || 0
|
|
|
|
@range_done = 0
|
|
|
|
@range_percent = 0
|
|
|
|
|
2014-01-26 18:15:47 +00:00
|
|
|
# Set the default thread to 1. The same behavior as before.
|
2014-01-25 07:40:05 +00:00
|
|
|
threads_max = (framework.datastore['THREADS'] || mod.datastore['THREADS'] || 1).to_i
|
2014-01-25 05:32:29 +00:00
|
|
|
@tl = []
|
|
|
|
|
|
|
|
|
|
|
|
if Rex::Compat.is_windows
|
2014-01-25 07:40:05 +00:00
|
|
|
if threads_max > 16
|
2014-01-26 18:08:20 +00:00
|
|
|
print_warning("Thread count has been adjusted to 16")
|
2014-01-25 05:32:29 +00:00
|
|
|
threads_max = 16
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
if Rex::Compat.is_cygwin
|
2014-01-25 07:40:05 +00:00
|
|
|
if threads_max > 200
|
2014-01-26 18:08:20 +00:00
|
|
|
print_warning("Thread count has been adjusted to 200")
|
2014-01-25 05:32:29 +00:00
|
|
|
threads_max = 200
|
|
|
|
end
|
|
|
|
end
|
2014-01-25 07:27:48 +00:00
|
|
|
|
2014-01-25 05:32:29 +00:00
|
|
|
while (true)
|
|
|
|
while (@tl.length < threads_max)
|
|
|
|
ip = hosts.next_ip
|
|
|
|
break unless ip
|
|
|
|
|
2014-01-26 22:33:21 +00:00
|
|
|
@tl << framework.threads.spawn("CheckHost-#{ip}", false, ip.dup) { |tip|
|
2014-01-25 05:32:29 +00:00
|
|
|
mod.datastore['RHOST'] = tip
|
|
|
|
check_simple
|
2014-01-26 22:33:21 +00:00
|
|
|
}
|
2014-01-25 05:32:29 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
break if @tl.length == 0
|
|
|
|
|
|
|
|
tla = @tl.length
|
|
|
|
@tl.first.join
|
|
|
|
@tl.delete_if { |t| not t.alive? }
|
|
|
|
tlb = @tl.length
|
|
|
|
|
|
|
|
@range_done += (tla - tlb)
|
|
|
|
check_show_progress if @show_progress
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2013-08-30 21:28:33 +00:00
|
|
|
#
|
|
|
|
# Checks to see if a target is vulnerable.
|
|
|
|
#
|
|
|
|
def cmd_check(*args)
|
|
|
|
defanged?
|
2014-01-23 06:37:32 +00:00
|
|
|
|
2014-01-25 05:32:29 +00:00
|
|
|
ip_range_arg = args.shift || framework.datastore['RHOSTS'] || mod.datastore['RHOSTS'] || ''
|
2014-01-23 06:37:32 +00:00
|
|
|
hosts = Rex::Socket::RangeWalker.new(ip_range_arg)
|
|
|
|
|
2014-01-25 07:27:48 +00:00
|
|
|
begin
|
2014-01-26 06:57:02 +00:00
|
|
|
if hosts.ranges.blank?
|
2014-01-25 07:27:48 +00:00
|
|
|
# Check a single rhost
|
|
|
|
check_simple
|
|
|
|
else
|
2014-01-26 18:15:47 +00:00
|
|
|
# Check multiple hosts
|
2014-01-25 07:27:48 +00:00
|
|
|
last_rhost_opt = mod.rhost
|
|
|
|
last_rhosts_opt = mod.datastore['RHOSTS']
|
|
|
|
mod.datastore['RHOSTS'] = ip_range_arg
|
|
|
|
begin
|
|
|
|
check_multiple(hosts)
|
|
|
|
ensure
|
|
|
|
# Restore the original rhost if set
|
|
|
|
mod.datastore['RHOST'] = last_rhost_opt
|
|
|
|
mod.datastore['RHOSTS'] = last_rhosts_opt
|
|
|
|
mod.cleanup
|
|
|
|
end
|
2014-01-23 06:37:32 +00:00
|
|
|
end
|
2014-01-25 07:27:48 +00:00
|
|
|
rescue ::Interrupt
|
2014-01-26 18:15:47 +00:00
|
|
|
# When the user sends interrupt trying to quit the task, some threads will still be active.
|
|
|
|
# This means even though the console tells the user the task has aborted (or at least they
|
|
|
|
# assume so), the checks are still running. Because of this, as soon as we detect interrupt,
|
|
|
|
# we force the threads to die.
|
2014-01-26 08:49:16 +00:00
|
|
|
if @tl
|
|
|
|
@tl.each { |t| t.kill }
|
|
|
|
end
|
2014-01-25 07:27:48 +00:00
|
|
|
print_status("Caught interrupt from the console...")
|
|
|
|
return
|
2014-01-23 06:37:32 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def check_simple
|
|
|
|
rhost = mod.rhost
|
|
|
|
rport = mod.rport
|
|
|
|
|
2013-08-30 21:28:33 +00:00
|
|
|
begin
|
|
|
|
code = mod.check_simple(
|
|
|
|
'LocalInput' => driver.input,
|
|
|
|
'LocalOutput' => driver.output)
|
|
|
|
if (code and code.kind_of?(Array) and code.length > 1)
|
|
|
|
if (code == Msf::Exploit::CheckCode::Vulnerable)
|
2014-01-23 06:37:32 +00:00
|
|
|
print_good("#{rhost}:#{rport} - #{code[1]}")
|
2013-08-30 21:28:33 +00:00
|
|
|
else
|
2014-01-23 06:37:32 +00:00
|
|
|
print_status("#{rhost}:#{rport} - #{code[1]}")
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
|
|
|
else
|
2014-01-23 06:37:32 +00:00
|
|
|
print_error("#{rhost}:#{rport} - Check failed: The state could not be determined.")
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2014-01-25 05:32:29 +00:00
|
|
|
rescue ::Rex::ConnectionError, ::Rex::ConnectionProxyError, ::Errno::ECONNRESET, ::Errno::EINTR, ::Rex::TimeoutError, ::Timeout::Error
|
2014-01-26 18:15:47 +00:00
|
|
|
# Connection issues while running check should be handled by the module
|
2014-01-26 02:25:01 +00:00
|
|
|
rescue ::RuntimeError
|
2014-01-26 18:15:47 +00:00
|
|
|
# Some modules raise RuntimeError but we don't necessarily care about those when we run check()
|
2014-01-26 06:57:02 +00:00
|
|
|
rescue Msf::OptionValidateError => e
|
|
|
|
print_error("Check failed: #{e.message}")
|
2013-08-30 21:28:33 +00:00
|
|
|
rescue ::Exception => e
|
2014-01-26 06:57:02 +00:00
|
|
|
print_error("#{rhost}:#{rport} - Check failed: #{e.class} #{e}")
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_pry_help
|
|
|
|
print_line "Usage: pry"
|
|
|
|
print_line
|
|
|
|
print_line "Open a pry session on the current module. Be careful, you"
|
|
|
|
print_line "can break things."
|
|
|
|
print_line
|
|
|
|
end
|
|
|
|
|
|
|
|
def cmd_pry(*args)
|
|
|
|
begin
|
|
|
|
require 'pry'
|
|
|
|
rescue LoadError
|
|
|
|
print_error("Failed to load pry, try 'gem install pry'")
|
|
|
|
return
|
|
|
|
end
|
|
|
|
mod.pry
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Reloads the active module
|
|
|
|
#
|
|
|
|
def cmd_reload(*args)
|
|
|
|
begin
|
|
|
|
reload
|
|
|
|
rescue
|
|
|
|
log_error("Failed to reload: #{$!}")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
@@reload_opts = Rex::Parser::Arguments.new(
|
|
|
|
'-k' => [ false, 'Stop the current job before reloading.' ],
|
|
|
|
'-h' => [ false, 'Help banner.' ])
|
|
|
|
|
|
|
|
def cmd_reload_help
|
|
|
|
print_line "Usage: reload [-k]"
|
|
|
|
print_line
|
|
|
|
print_line "Reloads the current module."
|
|
|
|
print @@reload_opts.usage
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Reload the current module, optionally stopping existing job
|
|
|
|
#
|
|
|
|
def reload(should_stop_job=false)
|
|
|
|
if should_stop_job and mod.job_id
|
|
|
|
print_status('Stopping existing job...')
|
|
|
|
|
|
|
|
framework.jobs.stop_job(mod.job_id)
|
|
|
|
mod.job_id = nil
|
|
|
|
end
|
|
|
|
|
|
|
|
print_status('Reloading module...')
|
|
|
|
|
|
|
|
original_mod = self.mod
|
|
|
|
reloaded_mod = framework.modules.reload_module(original_mod)
|
|
|
|
|
|
|
|
unless reloaded_mod
|
2012-10-04 21:32:12 +00:00
|
|
|
error = framework.modules.module_load_error_by_path[original_mod.file_path]
|
|
|
|
|
2013-08-30 21:28:33 +00:00
|
|
|
print_error("Failed to reload module: #{error}")
|
2012-10-04 21:32:12 +00:00
|
|
|
|
2013-08-30 21:28:33 +00:00
|
|
|
self.mod = original_mod
|
2012-10-04 21:32:12 +00:00
|
|
|
else
|
|
|
|
self.mod = reloaded_mod
|
|
|
|
|
|
|
|
self.mod.init_ui(driver.input, driver.output)
|
|
|
|
end
|
2011-08-24 21:41:03 +00:00
|
|
|
|
2012-10-04 21:32:12 +00:00
|
|
|
reloaded_mod
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2011-08-24 21:41:03 +00:00
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
end end end
|
|
|
|
|