2006-01-24 03:59:44 +00:00
|
|
|
require 'msf/core/module'
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# The auxiliary class acts as a base class for all modules that perform
|
|
|
|
# reconnaisance, retrieve data, brute force logins, or any other action
|
|
|
|
# that doesn't fit our concept of an 'exploit' (involving payloads and
|
|
|
|
# targets and whatnot).
|
|
|
|
#
|
|
|
|
###
|
|
|
|
class Auxiliary < Msf::Module
|
|
|
|
|
2006-03-09 17:28:37 +00:00
|
|
|
#
|
|
|
|
# Auxiliary mixins
|
|
|
|
#
|
2006-08-12 08:31:38 +00:00
|
|
|
require 'msf/core/auxiliary/scanner'
|
|
|
|
require 'msf/core/auxiliary/report'
|
2006-06-15 15:52:01 +00:00
|
|
|
require 'msf/core/auxiliary/dos'
|
2007-05-03 20:23:27 +00:00
|
|
|
require 'msf/core/auxiliary/timed'
|
2008-09-22 22:32:20 +00:00
|
|
|
require 'msf/core/auxiliary/wmapmodule'
|
2006-04-02 22:33:34 +00:00
|
|
|
|
2006-01-24 03:59:44 +00:00
|
|
|
#
|
|
|
|
# Returns MODULE_AUX to indicate that this is an auxiliary module.
|
|
|
|
#
|
|
|
|
def self.type
|
|
|
|
MODULE_AUX
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Returns MODULE_AUX to indicate that this is an auxiliary module.
|
|
|
|
#
|
|
|
|
def type
|
|
|
|
MODULE_AUX
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
2006-04-02 23:26:33 +00:00
|
|
|
# Creates an instance of the auxiliary module.
|
2006-01-24 03:59:44 +00:00
|
|
|
#
|
|
|
|
def initialize(info = {})
|
|
|
|
|
|
|
|
# Call the parent constructor after making any necessary modifications
|
|
|
|
# to the information hash.
|
|
|
|
super(info)
|
|
|
|
|
|
|
|
self.actions = Rex::Transformer.transform(
|
|
|
|
info['Actions'], Array,
|
|
|
|
[ AuxiliaryAction ], 'AuxiliaryAction'
|
|
|
|
)
|
|
|
|
|
2006-04-03 00:33:06 +00:00
|
|
|
self.passive = (info['Passive'] and info['Passive'] == true) || false
|
2006-01-24 03:59:44 +00:00
|
|
|
self.default_action = info['DefaultAction']
|
2006-04-02 23:26:33 +00:00
|
|
|
self.sockets = Array.new
|
|
|
|
self.queue = Array.new
|
2006-04-03 00:33:06 +00:00
|
|
|
self.passive_actions = info['PassiveActions'] || []
|
2006-04-02 23:26:33 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Creates a singleton instance of this auxiliary class
|
|
|
|
#
|
|
|
|
def self.create(info = {})
|
|
|
|
return @@aux_singleton if @@aux_singleton
|
|
|
|
@@aux_singleton = self.new(info)
|
2006-01-24 03:59:44 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def run
|
|
|
|
print_status("Running the default Auxiliary handler")
|
|
|
|
end
|
|
|
|
|
2006-03-09 17:28:37 +00:00
|
|
|
def auxiliary_commands
|
|
|
|
return { }
|
|
|
|
end
|
|
|
|
|
|
|
|
def action
|
|
|
|
sa = datastore['ACTION']
|
|
|
|
return find_action(default_action) if not sa
|
|
|
|
return find_action(sa)
|
|
|
|
end
|
|
|
|
|
|
|
|
def find_action(name)
|
|
|
|
return nil if not name
|
|
|
|
actions.each do |a|
|
|
|
|
return a if a.name == name
|
|
|
|
end
|
|
|
|
return nil
|
|
|
|
end
|
2006-04-03 00:33:06 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# Returns a boolean indicating whether this module should be run passively
|
|
|
|
#
|
|
|
|
def passive?
|
2007-07-03 04:20:50 +00:00
|
|
|
act = action()
|
|
|
|
return passive_action?(act.name) if act
|
|
|
|
return self.passive
|
2006-04-03 00:33:06 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Returns a boolean indicating whether this specific action should be run passively
|
|
|
|
#
|
2007-07-03 04:20:50 +00:00
|
|
|
def passive_action?(name)
|
|
|
|
passive_actions.include?(name)
|
2006-04-03 00:33:06 +00:00
|
|
|
end
|
2006-09-17 00:39:23 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# Performs last-minute sanity checking of auxiliary parameters. This method
|
|
|
|
# is called during automated exploitation attempts and allows an
|
|
|
|
# auxiliary module to filter bad attempts, obtain more information, and choose
|
|
|
|
# better parameters based on the available data. Returning anything that
|
|
|
|
# evaluates to "false" will cause this specific auxiliary attempt to
|
|
|
|
# be skipped. This method can and will change datastore values and
|
|
|
|
# may interact with the backend database. The default value for auxiliary
|
|
|
|
# modules is false, since not all auxiliary modules actually attempt
|
|
|
|
# to exploit a vulnerability.
|
|
|
|
#
|
|
|
|
def autofilter
|
|
|
|
false
|
|
|
|
end
|
|
|
|
|
2006-04-03 00:33:06 +00:00
|
|
|
#
|
|
|
|
# Called directly before 'run'
|
|
|
|
#
|
|
|
|
def setup
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Called after 'run' returns
|
|
|
|
#
|
|
|
|
def cleanup
|
|
|
|
abort_sockets()
|
|
|
|
end
|
|
|
|
|
2006-04-02 23:26:33 +00:00
|
|
|
#
|
|
|
|
# Adds a socket to the list of sockets opened by this exploit.
|
|
|
|
#
|
|
|
|
def add_socket(sock)
|
|
|
|
self.sockets << sock
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Removes a socket from the list of sockets.
|
|
|
|
#
|
|
|
|
def remove_socket(sock)
|
|
|
|
self.sockets.delete(sock)
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# This method is called once a new session has been created on behalf of
|
2006-04-03 00:33:06 +00:00
|
|
|
# this module instance and all socket connections created by this
|
|
|
|
# module should be closed.
|
2006-04-02 23:26:33 +00:00
|
|
|
#
|
|
|
|
def abort_sockets
|
|
|
|
sockets.delete_if { |sock|
|
2006-10-31 02:11:18 +00:00
|
|
|
if (sock.respond_to?('abortive_close'))
|
|
|
|
sock.abortive_close = true
|
|
|
|
end
|
2006-04-02 23:26:33 +00:00
|
|
|
begin
|
|
|
|
disconnect(sock)
|
|
|
|
rescue
|
|
|
|
end
|
|
|
|
|
|
|
|
true
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2006-01-24 03:59:44 +00:00
|
|
|
#
|
|
|
|
# Allow access to the hash table of actions and the string containing
|
|
|
|
# the default action
|
|
|
|
#
|
2006-04-03 00:33:06 +00:00
|
|
|
attr_reader :actions, :default_action, :passive, :passive_actions
|
2006-04-02 23:26:33 +00:00
|
|
|
attr_accessor :queue
|
2006-01-24 03:59:44 +00:00
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
|
|
attr_writer :actions, :default_action
|
2006-04-02 23:26:33 +00:00
|
|
|
attr_accessor :sockets
|
2006-04-03 00:33:06 +00:00
|
|
|
attr_writer :passive, :passive_actions
|
2006-04-02 23:26:33 +00:00
|
|
|
|
2006-01-24 03:59:44 +00:00
|
|
|
|
|
|
|
end
|
|
|
|
|
2009-05-29 13:46:12 +00:00
|
|
|
end
|