2008-07-22 19:12:05 +00:00
|
|
|
module Msf
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
2009-07-15 06:40:23 +00:00
|
|
|
# This module provides methods for communicating with a host over raw IP
|
2008-07-22 19:12:05 +00:00
|
|
|
#
|
|
|
|
###
|
|
|
|
module Exploit::Remote::Ip
|
|
|
|
|
|
|
|
#
|
|
|
|
# Initializes an instance of an exploit module that sends
|
|
|
|
# raw IP datagrams.
|
|
|
|
#
|
|
|
|
def initialize(info = {})
|
|
|
|
super
|
|
|
|
|
|
|
|
register_options(
|
|
|
|
[
|
|
|
|
Opt::RHOST,
|
|
|
|
], Msf::Exploit::Remote::Ip)
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Creates an IP socket for communicating with a remote host
|
|
|
|
#
|
|
|
|
def connect_ip(global = true, opts={})
|
|
|
|
|
|
|
|
begin
|
|
|
|
nsock = Rex::Socket::Ip.create(
|
|
|
|
'Context' =>
|
|
|
|
{
|
|
|
|
'Msf' => framework,
|
|
|
|
'MsfExploit' => self,
|
|
|
|
})
|
|
|
|
|
|
|
|
# Set this socket to the global socket as necessary
|
|
|
|
self.ip_sock = nsock if (global)
|
|
|
|
|
|
|
|
# Add this socket to the list of sockets created by this exploit
|
2009-07-09 06:58:11 +00:00
|
|
|
add_socket(nsock)
|
2008-07-22 19:12:05 +00:00
|
|
|
|
|
|
|
return nsock
|
|
|
|
rescue ::Exception => e
|
|
|
|
print_line(" ")
|
|
|
|
print_error(
|
|
|
|
"This module is configured to use a raw IP socket. " +
|
2009-03-13 19:13:12 +00:00
|
|
|
"On Unix systems, only the root user is allowed to create raw sockets. " +
|
2008-07-22 19:12:05 +00:00
|
|
|
"Please run the framework as root to use this module."
|
|
|
|
)
|
|
|
|
print_line(" ")
|
|
|
|
nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Closes the IP socket
|
|
|
|
#
|
|
|
|
def disconnect_ip(nsock = self.ip_sock)
|
|
|
|
begin
|
|
|
|
if (nsock)
|
|
|
|
nsock.close
|
|
|
|
end
|
|
|
|
rescue IOError
|
|
|
|
end
|
|
|
|
|
|
|
|
if (nsock == ip_sock)
|
|
|
|
self.ip_sock = nil
|
|
|
|
end
|
|
|
|
|
|
|
|
# Remove this socket from the list of sockets created by this exploit
|
2009-07-09 06:58:11 +00:00
|
|
|
remove_socket(nsock)
|
2008-07-22 19:12:05 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Claims the IP socket if the payload so desires.
|
|
|
|
# No exploits use raw socket payloads yet...
|
|
|
|
#
|
|
|
|
def handler(nsock = self.ip_sock)
|
|
|
|
true
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Performs cleanup, closes the socket if necessary
|
|
|
|
#
|
|
|
|
def cleanup
|
|
|
|
super
|
|
|
|
disconnect_ip
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Sends a datagram to the host specified in RHOST
|
|
|
|
#
|
|
|
|
def ip_write(dgram)
|
|
|
|
return nil if not ip_sock
|
|
|
|
ip_sock.sendto(dgram, rhost)
|
|
|
|
end
|
|
|
|
|
|
|
|
##
|
|
|
|
#
|
|
|
|
# Wrappers for getters
|
|
|
|
#
|
|
|
|
##
|
|
|
|
|
|
|
|
#
|
|
|
|
# Returns the target host
|
|
|
|
#
|
|
|
|
def rhost
|
|
|
|
datastore['RHOST']
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
protected
|
|
|
|
|
|
|
|
attr_accessor :ip_sock
|
|
|
|
|
|
|
|
end
|
2009-03-13 19:13:12 +00:00
|
|
|
end
|