back from the dead, ignore service manager stuff for now, it sux
git-svn-id: file:///home/svn/incoming/trunk@2860 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
ff02b7a461
commit
811789fa01
|
@ -59,4 +59,4 @@ N - dupe input instance when passing to sessions
|
|||
- etc
|
||||
X - fix module loading order
|
||||
X - problems with dllinject getting loaded after meterpreter due to dependencies
|
||||
- fix default handle inheritance in meterp process execution
|
||||
X - fix default handle inheritance in meterp process execution
|
||||
|
|
|
@ -40,6 +40,12 @@ module Exploit
|
|||
driver.target_idx = target_idx
|
||||
driver.payload = exploit.framework.modules.create(opts['Payload'])
|
||||
|
||||
# Was the payload valid?
|
||||
if (driver.payload == nil)
|
||||
raise MissingPayloadError,
|
||||
"You specified an invalid payload: #{opts['Payload']}", caller
|
||||
end
|
||||
|
||||
# Force the payload to share the exploit's datastore
|
||||
driver.payload.share_datastore(driver.exploit.datastore)
|
||||
|
||||
|
|
|
@ -42,8 +42,8 @@ module Exploit::Brute
|
|||
bf = target.bruteforce
|
||||
|
||||
# Get the start and stop address hashes
|
||||
start = (bf.start_addresses && bf.start_address.dup) || {}
|
||||
stop = (bf.stop_addresses && bf.stop_address.dup) || {}
|
||||
start = bf.start_addresses ? bf.start_address.dup : {}
|
||||
stop = bf.stop_addresses ? bf.stop_address.dup : {}
|
||||
step = bf.step_size
|
||||
delay = bf.delay
|
||||
|
||||
|
|
|
@ -111,4 +111,87 @@ protected
|
|||
|
||||
end
|
||||
|
||||
|
||||
###
|
||||
#
|
||||
# TcpServer
|
||||
# ---------
|
||||
#
|
||||
# This mixin provides a generic interface for running a TCP server of some
|
||||
# sort that is designed to exploit clients. Exploits that include this mixin
|
||||
# automatically take a passive stance.
|
||||
#
|
||||
###
|
||||
module Exploit::Remote::TcpServer
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Stance' => Msf::Exploit::Stance::Passive))
|
||||
|
||||
register_options(
|
||||
[
|
||||
OptAddress.new('SRVHOST', [ true, "The local host to listen on." ]),
|
||||
OptPort.new('SRVPORT', [ true, "The local port to listen on." ])
|
||||
], Msf::Exploit::Remote::TcpServer)
|
||||
end
|
||||
|
||||
#
|
||||
# This mixin overrides the exploit method so that it can initiate the
|
||||
# service that corresponds with what the client has requested.
|
||||
#
|
||||
def exploit
|
||||
start_service
|
||||
end
|
||||
|
||||
#
|
||||
# Stops the service, if one was created.
|
||||
#
|
||||
def cleanup
|
||||
stop_service
|
||||
end
|
||||
|
||||
#
|
||||
# Starts the service.
|
||||
#
|
||||
def start_service
|
||||
if (service_klass)
|
||||
else
|
||||
end
|
||||
end
|
||||
|
||||
#
|
||||
# Stops the service.
|
||||
#
|
||||
def stop_service
|
||||
end
|
||||
|
||||
#
|
||||
# Returns the local host that is being listened on.
|
||||
#
|
||||
def srvhost
|
||||
datastore['SRVHOST']
|
||||
end
|
||||
|
||||
#
|
||||
# Returns the local port that is being listened on.
|
||||
#
|
||||
def srvport
|
||||
datastore['SRVPORT']
|
||||
end
|
||||
|
||||
protected
|
||||
|
||||
#
|
||||
# Returns the protocol class that should be used as an implementator for
|
||||
# the service for this mixin. If it's nil then we just use the
|
||||
# Rex::Socket::TcpServer class to implement a TCP server.
|
||||
#
|
||||
def service_klass
|
||||
nil
|
||||
end
|
||||
|
||||
attr_accessor :service
|
||||
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -541,6 +541,14 @@ protected
|
|||
|
||||
def show_options(mod)
|
||||
print("\n" + Serializer::ReadableText.dump_options(mod) + "\n")
|
||||
|
||||
if (mod.exploit?)
|
||||
p = framework.modules.create(mod.datastore['PAYLOAD'])
|
||||
|
||||
if (p)
|
||||
print(" Payload options:\n\n" + Serializer::ReadableText.dump_options(p) + "\n");
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def show_advanced_options(mod)
|
||||
|
|
|
@ -12,6 +12,7 @@ require 'rex/string_utils'
|
|||
|
||||
# Thread safety and synchronization
|
||||
require 'rex/thread_safe'
|
||||
require 'rex/ref'
|
||||
require 'rex/read_write_lock'
|
||||
require 'rex/sync/event'
|
||||
|
||||
|
|
|
@ -33,15 +33,15 @@ class Rex::Proto::Http::Server::UnitTest < Test::Unit::TestCase
|
|||
begin
|
||||
s = start_srv
|
||||
c = CliKlass.new(ListenHost, ListenPort)
|
||||
p = Proc.new { |cli, req|
|
||||
resp = Rex::Proto::Http::Response::OK.new
|
||||
|
||||
resp.body = "Chickens everywhere"
|
||||
|
||||
cli.send_response(resp)
|
||||
}
|
||||
s.add_resource('/foo',
|
||||
'Proc' => Proc.new { |cli, req|
|
||||
resp = Rex::Proto::Http::Response::OK.new
|
||||
|
||||
s.add_resource('/foo', 'Proc' => p)
|
||||
resp.body = "Chickens everywhere"
|
||||
|
||||
cli.send_response(resp)
|
||||
})
|
||||
|
||||
1.upto(10) {
|
||||
req = Rex::Proto::Http::Request::Get.new('/foo')
|
||||
|
@ -52,16 +52,11 @@ class Rex::Proto::Http::Server::UnitTest < Test::Unit::TestCase
|
|||
}
|
||||
|
||||
s.remove_resource('/foo')
|
||||
|
||||
#
|
||||
# This stuff crashes ruby, possibly because, specifically sending the
|
||||
# request to the removed resource. Seems like it causes it to
|
||||
# reference something that's been marked for GC
|
||||
#
|
||||
#req = Rex::Proto::Http::Request::Get.new('/foo')
|
||||
#res = c.send_request(req)
|
||||
#assert_not_nil(res)
|
||||
#assert_equal(404, res.code)
|
||||
|
||||
req = Rex::Proto::Http::Request::Get.new('/foo')
|
||||
res = c.send_request(req)
|
||||
assert_not_nil(res)
|
||||
assert_equal(404, res.code)
|
||||
ensure
|
||||
stop_srv
|
||||
end
|
||||
|
|
|
@ -40,9 +40,21 @@ module Ref
|
|||
#
|
||||
def deref
|
||||
@_references_mutex.synchronize {
|
||||
((@_references -= 1) == 0) ? true : false
|
||||
if ((@_references -= 1) == 0)
|
||||
cleanup
|
||||
|
||||
true
|
||||
else
|
||||
false
|
||||
end
|
||||
}
|
||||
end
|
||||
|
||||
#
|
||||
# Called to clean up resources once the ref count drops to zero.
|
||||
#
|
||||
def cleanup
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
|
|
@ -17,6 +17,13 @@ module Rex
|
|||
###
|
||||
module Service
|
||||
include Ref
|
||||
|
||||
#
|
||||
# Calls stop on the service once the ref count drops.
|
||||
#
|
||||
def cleanup
|
||||
stop
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -80,8 +80,6 @@ class ServiceManager < Hash
|
|||
# references has dropped to zero
|
||||
if ((inst = self[als]) and
|
||||
(inst.deref))
|
||||
inst.stop
|
||||
|
||||
# Since the instance may have multiple aliases, scan through
|
||||
# all the pairs for matching stuff.
|
||||
self.each_pair { |cals, cinst|
|
||||
|
|
Loading…
Reference in New Issue