stuff
git-svn-id: file:///home/svn/incoming/trunk@2683 4d416f70-5f16-0410-b530-b9f4589650daunstable
Matt Miller
parent
b0d839da1d
commit
21f440028c
|
|
@ -23,3 +23,6 @@ require 'Msf/Base/Session/CommandShell'
|
||||||
require 'Msf/Base/Session/Meterpreter'
|
require 'Msf/Base/Session/Meterpreter'
|
||||||
require 'Msf/Base/Session/DispatchNinja'
|
require 'Msf/Base/Session/DispatchNinja'
|
||||||
require 'Msf/Base/Session/Vnc'
|
require 'Msf/Base/Session/Vnc'
|
||||||
|
|
||||||
|
# Serialization
|
||||||
|
require 'Msf/Base/Serializer/ReadableText'
|
||||||
|
|
|
||||||
|
|
@ -131,7 +131,7 @@ class Module
|
||||||
def privileged?
|
def privileged?
|
||||||
return (privileged == true)
|
return (privileged == true)
|
||||||
end
|
end
|
||||||
|
|
||||||
attr_reader :author, :arch, :platform, :refs, :datastore, :options
|
attr_reader :author, :arch, :platform, :refs, :datastore, :options
|
||||||
attr_reader :privileged
|
attr_reader :privileged
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -15,9 +15,6 @@ module Msf
|
||||||
class ModuleSet < Hash
|
class ModuleSet < Hash
|
||||||
def initialize(type = nil)
|
def initialize(type = nil)
|
||||||
self.module_type = type
|
self.module_type = type
|
||||||
self.full_names = {}
|
|
||||||
self.alias_names = {}
|
|
||||||
self.ambiguous_names = {}
|
|
||||||
|
|
||||||
# Hashes that convey the supported architectures and platforms for a
|
# Hashes that convey the supported architectures and platforms for a
|
||||||
# given module
|
# given module
|
||||||
|
|
@ -27,19 +24,8 @@ class ModuleSet < Hash
|
||||||
|
|
||||||
# Create an instance of the supplied module by its name
|
# Create an instance of the supplied module by its name
|
||||||
def create(name)
|
def create(name)
|
||||||
# If the supplied name is known-ambiguous, prevent its creation
|
klass = self[name]
|
||||||
if (ambiguous_names[name])
|
|
||||||
raise(NameError.new("The supplied module name is ambiguous with: #{ambiguous_names[name].join}", name),
|
|
||||||
caller)
|
|
||||||
end
|
|
||||||
|
|
||||||
# If not by short name, then by full name, or so sayeth the spider
|
|
||||||
if (((klass = self[name]) == nil) and
|
|
||||||
((klass = alias_names[name]) == nil))
|
|
||||||
klass = full_names[name]
|
|
||||||
end
|
|
||||||
|
|
||||||
# Otherwise, try to create it
|
|
||||||
return (klass) ? klass.new : nil
|
return (klass) ? klass.new : nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -72,26 +58,17 @@ class ModuleSet < Hash
|
||||||
def recalculate
|
def recalculate
|
||||||
end
|
end
|
||||||
|
|
||||||
attr_reader :module_type, :full_names
|
attr_reader :module_type
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
# Adds a module with a supplied short name, full name, and associated
|
# Adds a module with a supplied short name, full name, and associated
|
||||||
# module class
|
# module class
|
||||||
def add_module(short_name, full_name, module_class)
|
def add_module(module_class, alias_name = nil)
|
||||||
if (self[short_name])
|
self[alias_name || module_class.new.alias] = module_class
|
||||||
ambiguous_names[short_name] = [] if (!ambiguous_names[short_name])
|
|
||||||
ambiguous_names[short_name] << full_name
|
|
||||||
else
|
|
||||||
self[short_name] = module_class
|
|
||||||
end
|
|
||||||
|
|
||||||
full_names[full_name] = module_class
|
|
||||||
alias_names[module_class.new.alias] = module_class
|
|
||||||
end
|
end
|
||||||
|
|
||||||
attr_writer :module_type, :full_names
|
attr_writer :module_type
|
||||||
attr_accessor :ambiguous_names, :alias_names
|
|
||||||
attr_accessor :mod_arch_hash, :mod_platform_hash
|
attr_accessor :mod_arch_hash, :mod_platform_hash
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
@ -346,10 +323,10 @@ protected
|
||||||
if (type != MODULE_PAYLOAD)
|
if (type != MODULE_PAYLOAD)
|
||||||
# Add the module class to the list of modules and add it to the
|
# Add the module class to the list of modules and add it to the
|
||||||
# type separated set of module classes
|
# type separated set of module classes
|
||||||
add_module(mod_short_name, mod_full_name, mod)
|
add_module(mod)
|
||||||
end
|
end
|
||||||
|
|
||||||
module_sets[type].add_module(mod_short_name, mod_full_name, mod)
|
module_sets[type].add_module(mod)
|
||||||
end
|
end
|
||||||
|
|
||||||
attr_accessor :modules, :module_sets
|
attr_accessor :modules, :module_sets
|
||||||
|
|
|
||||||
|
|
@ -33,9 +33,9 @@ class PayloadSet < ModuleSet
|
||||||
# of singles, stagers, and stages
|
# of singles, stagers, and stages
|
||||||
def recalculate
|
def recalculate
|
||||||
# Reset the current hash associations
|
# Reset the current hash associations
|
||||||
full_names.clear
|
self.each_key { |key|
|
||||||
alias_names.clear
|
manager.delete(key)
|
||||||
ambiguous_names.clear
|
}
|
||||||
self.clear
|
self.clear
|
||||||
|
|
||||||
# Recalculate single payloads
|
# Recalculate single payloads
|
||||||
|
|
@ -52,6 +52,8 @@ class PayloadSet < ModuleSet
|
||||||
# Associate this class with the single payload's name
|
# Associate this class with the single payload's name
|
||||||
self[name] = p
|
self[name] = p
|
||||||
|
|
||||||
|
manager.add_module(p, name)
|
||||||
|
|
||||||
dlog("Built single payload #{name}.", 'core', LEV_1)
|
dlog("Built single payload #{name}.", 'core', LEV_1)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -95,6 +97,8 @@ class PayloadSet < ModuleSet
|
||||||
|
|
||||||
self[combined] = p
|
self[combined] = p
|
||||||
|
|
||||||
|
manager.add_module(p, combined)
|
||||||
|
|
||||||
dlog("Built staged payload #{combined}.", 'core', LEV_1)
|
dlog("Built staged payload #{combined}.", 'core', LEV_1)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -119,7 +123,7 @@ class PayloadSet < ModuleSet
|
||||||
# set we simply create an instance of the class and do some magic to figure
|
# set we simply create an instance of the class and do some magic to figure
|
||||||
# out if it's a single, stager, or stage. Depending on which it is, we
|
# out if it's a single, stager, or stage. Depending on which it is, we
|
||||||
# add it to the appropriate list
|
# add it to the appropriate list
|
||||||
def add_module(short_name, full_name, pmodule)
|
def add_module(pmodule)
|
||||||
|
|
||||||
# Duplicate the Payload base class and extend it with the module
|
# Duplicate the Payload base class and extend it with the module
|
||||||
# class that is passed in. This allows us to inspect the actual
|
# class that is passed in. This allows us to inspect the actual
|
||||||
|
|
|
||||||
|
|
@ -16,8 +16,10 @@ class Core
|
||||||
"?" => "Help menu",
|
"?" => "Help menu",
|
||||||
"exit" => "Exit the console",
|
"exit" => "Exit the console",
|
||||||
"help" => "Help menu",
|
"help" => "Help menu",
|
||||||
|
"info" => "Displays information about one or more module",
|
||||||
"search" => "Adds one or more module search paths",
|
"search" => "Adds one or more module search paths",
|
||||||
"set" => "Sets a variable to a value",
|
"set" => "Sets a variable to a value",
|
||||||
|
"unset" => "Unsets one or more variables",
|
||||||
"show" => "Displays modules of a given type, or all modules",
|
"show" => "Displays modules of a given type, or all modules",
|
||||||
"use" => "Selects a module by name",
|
"use" => "Selects a module by name",
|
||||||
"quit" => "Exit the console",
|
"quit" => "Exit the console",
|
||||||
|
|
@ -26,8 +28,6 @@ class Core
|
||||||
|
|
||||||
# Instructs the driver to stop executing
|
# Instructs the driver to stop executing
|
||||||
def cmd_exit(args)
|
def cmd_exit(args)
|
||||||
print_line("Exiting...")
|
|
||||||
|
|
||||||
driver.stop
|
driver.stop
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -64,6 +64,26 @@ class Core
|
||||||
print(tbl.to_s)
|
print(tbl.to_s)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Displays information about one or more module
|
||||||
|
def cmd_info(args)
|
||||||
|
if (args.length == 0)
|
||||||
|
print(
|
||||||
|
"Usage: info mod1 mod2 mod3 ...\n\n" +
|
||||||
|
"Queries the supplied module or modules for information.\n")
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
args.each { |name|
|
||||||
|
mod = framework.modules.create(name)
|
||||||
|
|
||||||
|
if (mod == nil)
|
||||||
|
print_error("Invalid module: #{name}")
|
||||||
|
else
|
||||||
|
print(Serializer::ReadableText.dump_module(mod))
|
||||||
|
end
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
alias cmd_? cmd_help
|
alias cmd_? cmd_help
|
||||||
|
|
||||||
# Adds one or more search paths
|
# Adds one or more search paths
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
require 'Msf/Core'
|
require 'Msf/Core'
|
||||||
|
require 'Msf/Base'
|
||||||
require 'Msf/Ui'
|
require 'Msf/Ui'
|
||||||
require 'Msf/Ui/Console/Shell'
|
require 'Msf/Ui/Console/Shell'
|
||||||
require 'Msf/Ui/Console/CommandDispatcher'
|
require 'Msf/Ui/Console/CommandDispatcher'
|
||||||
|
|
|
||||||
|
|
@ -24,10 +24,10 @@ module ReverseTcp
|
||||||
'StagerPayload' =>
|
'StagerPayload' =>
|
||||||
{
|
{
|
||||||
'Offsets' =>
|
'Offsets' =>
|
||||||
[
|
{
|
||||||
'LHOST' => [ 221, 'ADDR' ],
|
'LHOST' => [ 221, 'ADDR' ],
|
||||||
'LPORT' => [ 228, 'n' ],
|
'LPORT' => [ 228, 'n' ],
|
||||||
],
|
},
|
||||||
'Payload' =>
|
'Payload' =>
|
||||||
"\xe8\x56\x00\x00\x00\x53\x55\x56\x57\x8b\x6c\x24\x18\x8b\x45\x3c" +
|
"\xe8\x56\x00\x00\x00\x53\x55\x56\x57\x8b\x6c\x24\x18\x8b\x45\x3c" +
|
||||||
"\x8b\x54\x05\x78\x01\xea\x8b\x4a\x18\x8b\x5a\x20\x01\xeb\xe3\x32" +
|
"\x8b\x54\x05\x78\x01\xea\x8b\x4a\x18\x8b\x5a\x20\x01\xeb\xe3\x32" +
|
||||||
|
|
|
||||||
|
|
@ -22,9 +22,9 @@ module Shell
|
||||||
'StagePayload' =>
|
'StagePayload' =>
|
||||||
{
|
{
|
||||||
'Offsets' =>
|
'Offsets' =>
|
||||||
[
|
{
|
||||||
'EXITFUNC' => [ 103 + 28, 'V' ]
|
'EXITFUNC' => [ 103 + 28, 'V' ]
|
||||||
],
|
},
|
||||||
'Payload' =>
|
'Payload' =>
|
||||||
"\xe8\x09\x00\x00\x00\x41\x44\x56\x41\x50\x49\x33\x32\x00\xff\x55" +
|
"\xe8\x09\x00\x00\x00\x41\x44\x56\x41\x50\x49\x33\x32\x00\xff\x55" +
|
||||||
"\x08\x50\x68\x2a\xc8\xde\x50\xff\x55\x04\xff\xd0" +
|
"\x08\x50\x68\x2a\xc8\xde\x50\xff\x55\x04\xff\xd0" +
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue