metasploit-framework/lib/msf/core/exploit/dialup.rb

118 lines
3.7 KiB
Ruby
Raw Normal View History

module Msf
module Exploit::Remote::Dialup
def initialize(info = {})
super
register_options(
[
OptInt.new( 'BAUDRATE', [true, 'Baud Rate', 19200]),
OptEnum.new( 'DATABITS', [true, 'Data Bits (4 is Windows Only)', '8', ['4', '5', '6', '7', '8'], '8']),
OptString.new('DIALPREFIX', [true, 'Dial Prefix', 'ATDT *67, *70,']),
OptString.new('DIALSUFFIX', [false, 'Dial Suffix', nil]),
OptInt.new( 'DIALTIMEOUT', [true, 'Dial Timeout in seconds', 60]),
OptBool.new( 'DISPLAYMODEM', [true, 'Displays modem commands and responses on the console', false]),
OptEnum.new( 'FLOWCONTROL', [true, 'Flow Control', 'None', ['None', 'Hardware', 'Software', 'Both'], 'None']),
OptString.new('INITSTRING', [true, 'Initialization String', 'AT X6 S11=80']),
OptString.new('NUMBER', [true, 'Number to Dial (e.g. 1.800.950.9955, (202) 358-1234, 358.1234 etc.)', nil]),
OptEnum.new( 'PARITY', [true, 'Parity (Mark & Space are Windows Only)', 'None', ['None', 'Even', 'Odd', 'Mark', 'Space'], 'None']),
OptString.new('SERIALPORT', [true, 'Serial Port (e.g. 0 (COM1), 1 (COM2), /dev/ttyS0, etc.)', '/dev/ttyS0']),
OptEnum.new( 'STOPBITS', [true, 'Stop Bits', '1', ['1', '2'], '1']),
], self.class)
deregister_options('RHOST')
begin
require 'telephony'
@telephony_loaded = true
rescue ::Exception => e
@telephony_loaded = false
@telephony_error = e
end
end
# Opens the modem connection
def connect_dialup(global = true, opts={})
if (not @telephony_loaded)
print_status("The serialport module is not available: #{telephony_error}")
raise RuntimeError, "Telephony not available"
end
serialport = datastore['SERIALPORT']
baud = datastore['BAUDRATE'].to_i
data_bits = datastore['DATABITS'].to_i
stop_bits = datastore['STOPBITS'].to_i
parity = case datastore['PARITY']
when 'Even' : Telephony::Modem::EVEN
when 'Odd' : Telephony::Modem::ODD
when 'Mark' : Telephony::Modem::MARK
when 'Space': Telephony::Modem::SPACE
else Telephony::Modem::NONE
end
flowcontrol = case datastore['FLOWCONTROL']
when 'Hardware' : Telephony::Modem::HARD
when 'Software' : Telephony::Modem::SOFT
when 'Both' : Telephony::Modem::HARD | Telephony::Modem::SOFT
else Telephony::Modem::NONE
end
initstring = datastore['INITSTRING']
dialprefix = datastore['DIALPREFIX']
dialsuffix = datastore['DIALSUFFIX']
dialtimeout = datastore['DIALTIMEOUT'].to_i
number = datastore['NUMBER'].tr(' ', '')
modem = Telephony::Modem.new(serialport)
modem.params = {
'baud' => baud,
'data_bits' => data_bits,
'parity' => parity,
'stop_bits' => stop_bits
}
modem.flow_control = flowcontrol
modem.display = datastore['DISPLAYMODEM']
print_status("Initializing Modem")
result = modem.put_command('ATZ', 3)
if result != 'OK'
print_error("Error resetting modem")
return
end
result = modem.put_command(initstring, 3)
if result != 'OK'
print_error("Error initializing modem")
return
end
print_status("Dialing: #{number} (#{dialtimeout} sec. timeout)")
dialstring = dialprefix + ' ' + number
dialstring += (' ' + dialsuffix) if dialsuffix
time = Time.now
result = modem.put_command(dialstring, dialtimeout)
while result =~ /RINGING/i
result = modem.get_response(dialtimeout-(Time.now-time))
end
case result
when /CONNECT/i:
print_status("Carrier: #{result}" )
return modem
else
#print_error("No Carrier")
disconnect_dialup(modem)
return nil
end
end
# Closes the modem connection
def disconnect_dialup(modem)
modem.hangup
modem.close
end
end
end