Timeouts added for handlers

git-svn-id: file:///home/svn/framework3/trunk@3773 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2006-07-29 22:37:39 +00:00
parent c081d7b2b1
commit 817c4c189f
7 changed files with 106 additions and 67 deletions

View File

@ -258,6 +258,11 @@ class Exploit < Msf::Module
self.default_target = info['DefaultTarget']
self.payload_info = info['Payload'] || {}
self.session_count = 0
self.active_timeout = 120
if (info['Payload'] and info['Payload']['ActiveTimeout'])
self.active_timeout = info['Payload']['ActiveTimeout'].to_i
end
end
##
@ -300,6 +305,12 @@ class Exploit < Msf::Module
reset_session_counts
if (payload_instance)
# Configure the payload handler
payload_instance.exploit_config = {
'active_timeout' => self.active_timeout
}
# Set up the payload handlers
payload_instance.setup_handler
@ -823,7 +834,11 @@ protected
# Number of sessions created by this exploit instance.
#
attr_writer :session_count
#
# Maximum number of seconds for active handlers
#
attr_accessor :active_timeout
#
# Overrides the base class method and serves to initialize default
# compatibilities for exploits

View File

@ -112,7 +112,7 @@ module Handler
#
def handler(sock)
end
#
# Handles an established connection supplied in the in and out
# handles. The handles are passed as parameters in case this
@ -151,6 +151,11 @@ module Handler
return session
end
#
# Set by the exploit module to configure handler
#
attr_accessor :exploit_config
protected
@ -199,7 +204,7 @@ protected
attr_accessor :session_waiter_event # :nodoc:
attr_accessor :pending_connections # :nodoc:
end
end

View File

@ -44,12 +44,6 @@ module BindTcp
self.conn_threads = []
end
#
# No setup to speak of for bind handlers.
#
def setup_handler
end
#
# Kills off the connection threads if there are any hanging around.
#
@ -65,6 +59,14 @@ module BindTcp
# Starts monitoring for an outbound connection to become established.
#
def start_handler
# Maximum number of seconds to run the handler
ctimeout = 300
if (exploit_config and exploit_config['active_timeout'])
ctimeout = exploit_config['active_timeout'].to_i
end
self.listener_thread = Thread.new {
client = nil
@ -76,34 +78,33 @@ module BindTcp
caller
end
# Keep trying to connect
callcc { |ctx|
while true
begin
client = Rex::Socket::Tcp.create(
'PeerHost' => datastore['RHOST'],
'PeerPort' => datastore['LPORT'].to_i,
'Proxies' => datastore['Proxies'],
'Comm' => comm,
'Context' =>
{
'Msf' => framework,
'MsfPayload' => self,
'MsfExploit' => assoc_exploit
})
rescue Rex::ConnectionRefused
# Connection refused is a-okay
rescue
wlog("Exception caught in bind handler: #{$!}")
end
ctx.call if (client)
# Wait a second before trying again
Rex::ThreadSafe.sleep(0.5)
stime = Time.now.to_i
while (stime + ctimeout > Time.now.to_i)
begin
client = Rex::Socket::Tcp.create(
'PeerHost' => datastore['RHOST'],
'PeerPort' => datastore['LPORT'].to_i,
'Proxies' => datastore['Proxies'],
'Comm' => comm,
'Context' =>
{
'Msf' => framework,
'MsfPayload' => self,
'MsfExploit' => assoc_exploit
})
rescue Rex::ConnectionRefused
# Connection refused is a-okay
rescue ::Exception
wlog("Exception caught in bind handler: #{$!}")
end
}
break if client
# Wait a second before trying again
Rex::ThreadSafe.sleep(0.5)
end
# Valid client connection?
if (client)
# Start a new thread and pass the client connection
@ -116,6 +117,8 @@ module BindTcp
elog("Exception raised from BindTcp.handle_connection: #{$!}")
end
}
else
wlog("No connection received before the handler completed")
end
}
end

View File

@ -35,7 +35,11 @@ class Module
def fullname
return type + '/' + refname
end
def shortname
return refname.split('/')[-1]
end
#
# Returns this module's ranking.
#
@ -154,6 +158,17 @@ class Module
return self.class.refname
end
#
# Returns the module's framework short name. This is a
# possibly conflicting name used for things like console
# prompts.
#
# reverse_tcp
#
def shortname
return self.class.shortname
end
#
# Returns the unduplicated class associated with this module.
#

View File

@ -20,7 +20,7 @@ class Core
include Msf::Ui::Console::CommandDispatcher
# Session command options
@@session_opts = Rex::Parser::Arguments.new(
@@sessions_opts = Rex::Parser::Arguments.new(
"-i" => [ true, "Interact with the supplied session identifier." ],
"-h" => [ false, "Help banner." ],
"-l" => [ false, "List all active sessions." ],
@ -39,30 +39,30 @@ class Core
# Returns the list of commands supported by this command dispatcher
def commands
{
"?" => "Help menu",
"back" => "Move back from the current context",
"banner" => "Display an awesome metasploit banner",
"exit" => "Exit the console",
"help" => "Help menu",
"info" => "Displays information about one or more module",
"irb" => "Drop into irb scripting mode",
"jobs" => "Displays and manages jobs",
"load" => "Load a framework plugin",
"persist" => "Persist or restore framework state information",
"quit" => "Exit the console",
"route" => "Route traffic through a session",
"save" => "Saves the active datastores",
"search" => "Adds one or more module search paths",
"session" => "Dump session listings and display information about sessions",
"set" => "Sets a variable to a value",
"setg" => "Sets a global variable to a value",
"show" => "Displays modules of a given type, or all modules",
"unload" => "Unload a framework plugin",
"unset" => "Unsets one or more variables",
"unsetg" => "Unsets one or more global variables",
"use" => "Selects a module by name",
"version" => "Show the console library version number",
"sleep" => "Do nothing for the specified number of seconds",
"?" => "Help menu",
"back" => "Move back from the current context",
"banner" => "Display an awesome metasploit banner",
"exit" => "Exit the console",
"help" => "Help menu",
"info" => "Displays information about one or more module",
"irb" => "Drop into irb scripting mode",
"jobs" => "Displays and manages jobs",
"load" => "Load a framework plugin",
"persist" => "Persist or restore framework state information",
"quit" => "Exit the console",
"route" => "Route traffic through a session",
"save" => "Saves the active datastores",
"search" => "Adds one or more module search paths",
"sessions" => "Dump session listings and display information about sessions",
"set" => "Sets a variable to a value",
"setg" => "Sets a global variable to a value",
"show" => "Displays modules of a given type, or all modules",
"unload" => "Unload a framework plugin",
"unset" => "Unsets one or more variables",
"unsetg" => "Unsets one or more global variables",
"use" => "Selects a module by name",
"version" => "Show the console library version number",
"sleep" => "Do nothing for the specified number of seconds",
}
end
@ -544,7 +544,7 @@ class Core
#
# Provides an interface to the sessions currently active in the framework.
#
def cmd_session(*args)
def cmd_sessions(*args)
if (args.length == 0)
args.unshift("-h")
end
@ -555,7 +555,7 @@ class Core
sid = nil
# Parse the command options
@@session_opts.parse(args) { |opt, idx, val|
@@sessions_opts.parse(args) { |opt, idx, val|
case opt
when "-q"
quiet = true
@ -575,7 +575,7 @@ class Core
print(
"Usage: session [options]\n\n" +
"Active session manipulation and interaction.\n" +
@@session_opts.usage())
@@sessions_opts.usage())
return false
end
}
@ -619,7 +619,7 @@ class Core
#
# Tab completion for the route command
#
def cmd_session_tabs(str, words)
def cmd_sessions_tabs(str, words)
if (not words[1])
return %w{-q -i -l -h}
end
@ -984,7 +984,7 @@ class Core
mod.init_ui(driver.input, driver.output)
# Update the command prompt
driver.update_prompt("#{mod.type}(#{mod.refname}) ")
driver.update_prompt("#{mod.type}(#{mod.shortname}) ")
end
#

View File

@ -49,6 +49,7 @@ class Exploits::Windows::Browser::MS06_001_WMF_SETABORTPROC < Msf::Exploit::Remo
{
'ConnectionType' => '-find',
},
'StackAdjustment' => -3500,
},
'Platform' => 'win',
'Targets' =>

View File

@ -129,7 +129,7 @@ class Exploits::Windows::Ftp::ServUMDTMOverflow < Msf::Exploit::Remote
def exploit
p generate_egghunter
# generate_egghunter
connect_login
print_status("Trying target #{target.name}...")