2005-07-09 21:18:49 +00:00
|
|
|
require 'msf/core'
|
|
|
|
|
require 'msf/core/module_manager'
|
2005-07-09 00:24:02 +00:00
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# PayloadSet
|
|
|
|
|
# ----------
|
|
|
|
|
#
|
|
|
|
|
# This class is a special case of the generic module set class because
|
|
|
|
|
# payloads are generated in terms of combinations between various
|
|
|
|
|
# components, such as a stager and a stage. As such, the payload set
|
|
|
|
|
# needs to be built on the fly and cannot be simply matched one-to-one
|
|
|
|
|
# with a payload module. Yeah, the term module is kind of overloaded
|
|
|
|
|
# here, but eat it!
|
|
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
class PayloadSet < ModuleSet
|
|
|
|
|
|
|
|
|
|
def initialize(manager)
|
|
|
|
|
super(MODULE_PAYLOAD)
|
|
|
|
|
|
|
|
|
|
# A reference to the ModuleManager instance
|
|
|
|
|
self.manager = manager
|
|
|
|
|
|
|
|
|
|
# A hash of each of the payload types that holds an array
|
|
|
|
|
# for all of the associated modules
|
|
|
|
|
self.payload_type_modules = {}
|
2005-07-11 05:15:30 +00:00
|
|
|
|
|
|
|
|
# Initialize the hash entry for each type to an empty list
|
|
|
|
|
[
|
|
|
|
|
Payload::Type::Single,
|
|
|
|
|
Payload::Type::Stager,
|
|
|
|
|
Payload::Type::Stage
|
|
|
|
|
].each { |type|
|
|
|
|
|
self.payload_type_modules[type] = []
|
|
|
|
|
}
|
2005-07-09 00:24:02 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Build the actual hash of alias names based on all the permutations
|
|
|
|
|
# of singles, stagers, and stages
|
|
|
|
|
def recalculate
|
|
|
|
|
# Reset the current hash associations
|
2005-07-09 19:35:29 +00:00
|
|
|
self.each_key { |key|
|
|
|
|
|
manager.delete(key)
|
|
|
|
|
}
|
2005-07-09 00:24:02 +00:00
|
|
|
self.clear
|
|
|
|
|
|
|
|
|
|
# Recalculate single payloads
|
|
|
|
|
singles.each { |p|
|
2005-07-11 04:07:52 +00:00
|
|
|
mod, name, handler = p
|
2005-07-09 00:24:02 +00:00
|
|
|
|
|
|
|
|
# Build the payload dupe using the determined handler
|
|
|
|
|
# and module
|
|
|
|
|
p = build_payload(handler, mod)
|
|
|
|
|
|
2005-07-10 19:21:40 +00:00
|
|
|
# Sets the modules derived name
|
|
|
|
|
p.refname = name
|
|
|
|
|
|
2005-07-09 00:24:02 +00:00
|
|
|
# Associate this class with the single payload's name
|
|
|
|
|
self[name] = p
|
|
|
|
|
|
2005-07-09 19:35:29 +00:00
|
|
|
manager.add_module(p, name)
|
|
|
|
|
|
2005-07-09 00:24:02 +00:00
|
|
|
dlog("Built single payload #{name}.", 'core', LEV_1)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Recalculate stagers and stages
|
|
|
|
|
stagers.each { |p|
|
2005-07-11 04:07:52 +00:00
|
|
|
stager_mod, stager_name, handler, stager_platform, stager_arch = p
|
2005-07-09 00:24:02 +00:00
|
|
|
|
|
|
|
|
# Walk the array of stages
|
|
|
|
|
stages.each { |p|
|
2005-07-11 04:07:52 +00:00
|
|
|
stage_mod, stage_name, junk, stage_platform, stage_arch = p
|
|
|
|
|
|
2005-07-09 00:24:02 +00:00
|
|
|
# No intersection between architectures on the payloads?
|
|
|
|
|
if ((stager_arch) and
|
|
|
|
|
(stage_arch) and
|
|
|
|
|
((stager_arch & stage_arch).empty?))
|
|
|
|
|
dlog("Stager #{stager_name} and stage #{stage_name} have incompatible architectures:",
|
|
|
|
|
'core', LEV_3)
|
|
|
|
|
dlog(" Stager: #{stager_arch.join}.", 'core', LEV_3)
|
|
|
|
|
dlog(" Stage: #{stage_arch.join}.", 'core', LEV_3)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# No intersection between platforms on the payloads?
|
|
|
|
|
if ((stager_platform) and
|
|
|
|
|
(stage_platform) and
|
|
|
|
|
(stager_platform & stage_platform).empty?)
|
|
|
|
|
dlog("Stager #{stager_name} and stage #{stage_name} have incompatible platforms:",
|
|
|
|
|
'core', LEV_3)
|
2005-07-11 22:51:25 +00:00
|
|
|
dlog(" Stager: #{stager_platform.names}.", 'core', LEV_3)
|
|
|
|
|
dlog(" Stage: #{stage_platform.names}.", 'core', LEV_3)
|
2005-07-09 00:24:02 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Build the payload dupe using the handler, stager,
|
|
|
|
|
# and stage
|
|
|
|
|
p = build_payload(handler, stager_mod, stage_mod)
|
|
|
|
|
|
|
|
|
|
# Associate the name as a combination of the stager and stage
|
2005-07-11 04:07:52 +00:00
|
|
|
combined = stage_name
|
|
|
|
|
|
|
|
|
|
# If a valid handler exists for this stager, then combine it
|
2005-07-11 22:51:25 +00:00
|
|
|
combined += '/stg/' + handler.handler_type if (handler)
|
2005-07-09 00:24:02 +00:00
|
|
|
|
2005-07-10 19:21:40 +00:00
|
|
|
# Sets the modules derived name
|
|
|
|
|
p.refname = combined
|
|
|
|
|
|
2005-07-09 00:24:02 +00:00
|
|
|
self[combined] = p
|
2005-07-11 22:51:25 +00:00
|
|
|
|
2005-07-09 19:35:29 +00:00
|
|
|
manager.add_module(p, combined)
|
|
|
|
|
|
2005-07-09 00:24:02 +00:00
|
|
|
dlog("Built staged payload #{combined}.", 'core', LEV_1)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Return the array of single payloads
|
|
|
|
|
def singles
|
|
|
|
|
return payload_type_modules[Payload::Type::Single] || []
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Return the array of stager payloads
|
|
|
|
|
def stagers
|
|
|
|
|
return payload_type_modules[Payload::Type::Stager] || []
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Return the array of stage payloads
|
|
|
|
|
def stages
|
|
|
|
|
return payload_type_modules[Payload::Type::Stage] || []
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Called when a new payload module class is loaded up. For the payload
|
|
|
|
|
# set we simply create an instance of the class and do some magic to figure
|
|
|
|
|
# out if it's a single, stager, or stage. Depending on which it is, we
|
|
|
|
|
# add it to the appropriate list
|
2005-07-10 00:16:48 +00:00
|
|
|
def add_module(pmodule, name)
|
2005-07-11 22:51:25 +00:00
|
|
|
if (md = name.match(/^(singles|stagers|stages)#{File::SEPARATOR}(.*)$/))
|
|
|
|
|
name = md[2]
|
|
|
|
|
end
|
2005-07-09 00:24:02 +00:00
|
|
|
|
|
|
|
|
# Duplicate the Payload base class and extend it with the module
|
|
|
|
|
# class that is passed in. This allows us to inspect the actual
|
|
|
|
|
# module to see what type it is, and to grab other information for
|
|
|
|
|
# our own evil purposes.
|
|
|
|
|
instance = build_payload(pmodule).new
|
|
|
|
|
|
2005-07-11 05:15:30 +00:00
|
|
|
# Create an array of information about this payload module
|
|
|
|
|
pinfo =
|
2005-07-09 00:24:02 +00:00
|
|
|
[
|
|
|
|
|
pmodule,
|
2005-07-11 22:51:25 +00:00
|
|
|
instance.alias || name,
|
2005-07-11 04:07:52 +00:00
|
|
|
instance.handler,
|
2005-07-09 00:24:02 +00:00
|
|
|
instance.platform,
|
|
|
|
|
instance.arch
|
|
|
|
|
]
|
2005-07-11 05:15:30 +00:00
|
|
|
|
|
|
|
|
# Store the module and alias name for this payload. We
|
|
|
|
|
# also convey other information about the module, such as
|
|
|
|
|
# the platforms and architectures it supports
|
|
|
|
|
payload_type_modules[instance.payload_type] << pinfo
|
|
|
|
|
|
|
|
|
|
# If the payload happens to be a single, but has no defined
|
|
|
|
|
# connection, then it can also be staged. Insert it into
|
|
|
|
|
# the staged list.
|
|
|
|
|
if ((instance.payload_type == Payload::Type::Single) and
|
|
|
|
|
(instance.handler == nil))
|
|
|
|
|
payload_type_modules[Payload::Type::Stage] << pinfo
|
|
|
|
|
end
|
2005-07-09 00:24:02 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
|
|
|
|
# Builds a duplicate, extended version of the Payload base
|
|
|
|
|
# class using the supplied modules.
|
|
|
|
|
def build_payload(*modules)
|
|
|
|
|
klass = Class.new(Payload)
|
|
|
|
|
|
2005-07-11 20:48:13 +00:00
|
|
|
# Remove nil modules
|
|
|
|
|
modules.delete_if { |x| x == nil }
|
2005-07-09 00:24:02 +00:00
|
|
|
|
2005-07-11 20:48:13 +00:00
|
|
|
# Include the modules supplied to us with the mad skillz
|
|
|
|
|
# spoonfu style
|
|
|
|
|
klass.include(*modules)
|
2005-07-09 00:24:02 +00:00
|
|
|
|
|
|
|
|
return klass
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
attr_accessor :manager, :payload_type_modules
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
