diff --git a/modules/post/multi/recon/local_exploit_suggestor.rb b/modules/post/multi/recon/local_exploit_suggestor.rb index c61f336c86..15444782cd 100644 --- a/modules/post/multi/recon/local_exploit_suggestor.rb +++ b/modules/post/multi/recon/local_exploit_suggestor.rb @@ -37,6 +37,7 @@ class Metasploit3 < Msf::Post end + def all_platforms Msf::Module::Platform.subclasses.collect {|c| c.realname.downcase } end @@ -44,16 +45,19 @@ class Metasploit3 < Msf::Post def get_target_arch @target_arch ||= lambda { - return nil unless session - session.platform.split('/').first + return '' unless session + arch = '' + arch = session.platform.split('/').first if session.platform.include?('/') + return '' if ARCH_TYPES.include?(arch) + return arch }.call end def get_target_platform @target_platform ||= lambda { - return nil unless session - platform = session.platform.split('/').second + return '' unless session + platform = session.platform.include?('/') ? session.platform.split('/').second : session.platform if platform =~ /^win/ platform = 'win' @@ -69,15 +73,18 @@ class Metasploit3 < Msf::Post mod_arch.include?(get_target_arch) end + def is_module_options_ready?(mod) mod.options.each_pair do |option_name, option| if option.required && option.default.nil? && mod.datastore[option_name].blank? return false end end + true end + def is_module_platform?(mod) platform_obj = nil begin @@ -86,15 +93,18 @@ class Metasploit3 < Msf::Post # When not found, find_platform raises an ArgumentError return false end + module_platforms = mod.target.platform ? mod.target.platform.platforms : mod.platform.platforms module_platforms.include?(platform_obj) end + def set_module_options(mod) mod.datastore.merge!(self.datastore) mod.datastore['SESSION'] = session.sid if !mod.datastore['SESSION'] && session end + def setup print_status "Collecting local exploits..." #Initializes an array @@ -104,17 +114,22 @@ class Metasploit3 < Msf::Post mod = framework.exploits.create(name) next unless mod set_module_options(mod) - if mod.kind_of?(Msf::Exploit::Local) && - mod.respond_to?(:check) && + if mod.kind_of?(Msf::Exploit::Local) && + mod.respond_to?(:check) && is_module_platform?(mod) && - is_module_arch?(mod) && is_module_options_ready?(mod) - @local_exploits << mod - end - end + if !get_target_arch.empty? && is_module_arch?(mod) + @local_exploits << mod + else + @local_exploits << mod + end + end + end end + def run + print_status("Number of exploits being tried: #{@local_exploits.length}") @local_exploits.each do |m| begin checkcode = m.check @@ -125,22 +140,21 @@ class Metasploit3 < Msf::Post #If the datastore option is true, a detailed description will show if datastore['ShowDescription'] # Formatting for the description text - print_line("\n") print_line Rex::Text.wordwrap(Rex::Text.compress(m.description), 2, 70) - end + end else # Prints the full name and the checkcode message for the exploit vprint_status("#{m.fullname}: #{checkcode.second}") end # Creates a log record in framework.log - rescue ::Exception => e - elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}") - vprint_error("#{m.shortname} failled to run: #{e.message}") - end - end - if @local_exploits.length < 1 - print_error "No suggestions available. " - end + rescue Rex::Post::Meterpreter::RequestError => e + elog("#{e.class} #{e.message}\n#{e.backtrace * "\n"}") + vprint_error("#{e.class} #{m.shortname} failled to run: #{e.message}") + end + if @local_exploits.length < 1 + print_error "No suggestions available. " + end + end end def is_check_interesting?(checkcode) @@ -152,14 +166,14 @@ class Metasploit3 < Msf::Post end def print_status(msg='') - super("#{session.sock.peerhost} - #{msg}") + super("#{session.session_host} - #{msg}") end def print_good(msg='') - super("#{session.sock.peerhost} - #{msg}") + super("#{session.session_host} - #{msg}") end def print_error(msg='') - super("#{session.sock.peerhost} - #{msg}") + super("#{session.session_host} - #{msg}") end end