Timeouts added for handlers

git-svn-id: file:///home/svn/framework3/trunk@3773 4d416f70-5f16-0410-b530-b9f4589650da

lib/msf/core/exploit.rb

@@ -258,6 +258,11 @@ class Exploit < Msf::Module
 		self.default_target = info['DefaultTarget']
 		self.payload_info = info['Payload'] || {}
 		self.session_count = 0
+		self.active_timeout = 120
+		
+		if (info['Payload'] and info['Payload']['ActiveTimeout'])
+			self.active_timeout = info['Payload']['ActiveTimeout'].to_i
+		end
 	end
 
 	##
@@ -300,6 +305,12 @@ class Exploit < Msf::Module
 		reset_session_counts
 
 		if (payload_instance)
+		
+			# Configure the payload handler
+			payload_instance.exploit_config = {
+				'active_timeout' => self.active_timeout
+			}
+		
 			# Set up the payload handlers
 			payload_instance.setup_handler
 	
@@ -823,6 +834,10 @@ protected
 	#  Number of sessions created by this exploit instance.
 	#
 	attr_writer :session_count
+	#
+	#  Maximum number of seconds for active handlers
+	#
+	attr_accessor :active_timeout
 	
 	#
 	# Overrides the base class method and serves to initialize default

lib/msf/core/handler.rb

@@ -152,6 +152,11 @@ module Handler
 		return session
 	end
 	
+	#
+	# Set by the exploit module to configure handler
+	#
+	attr_accessor :exploit_config
+
 protected
 
 	#

lib/msf/core/handler/bind_tcp.rb

@@ -44,12 +44,6 @@ module BindTcp
 		self.conn_threads = []
 	end
 
-	#
-	# No setup to speak of for bind handlers.
-	#
-	def setup_handler
-	end
-
 	#
 	# Kills off the connection threads if there are any hanging around.
 	#
@@ -65,6 +59,14 @@ module BindTcp
 	# Starts monitoring for an outbound connection to become established.
 	#
 	def start_handler
+
+		# Maximum number of seconds to run the handler
+		ctimeout = 300
+		
+		if (exploit_config and exploit_config['active_timeout'])
+			ctimeout = exploit_config['active_timeout'].to_i
+		end
+	
 		self.listener_thread = Thread.new {
 			client = nil
 
@@ -76,9 +78,9 @@ module BindTcp
 					caller
 			end
 
-			# Keep trying to connect
+			stime = Time.now.to_i
-			callcc { |ctx|
+			
-				while true
+			while (stime + ctimeout > Time.now.to_i)
 				begin
 					client = Rex::Socket::Tcp.create(
 						'PeerHost' => datastore['RHOST'],
@@ -93,16 +95,15 @@ module BindTcp
 							})
 				rescue Rex::ConnectionRefused
 					# Connection refused is a-okay
-					rescue
+				rescue ::Exception
 					wlog("Exception caught in bind handler: #{$!}")
 				end
 
-					ctx.call if (client)	
+				break if client
 
 				# Wait a second before trying again
 				Rex::ThreadSafe.sleep(0.5)
 			end
-			}
 			
 			# Valid client connection?
 			if (client)
@@ -116,6 +117,8 @@ module BindTcp
 						elog("Exception raised from BindTcp.handle_connection: #{$!}")
 					end
 				}
+			else
+				wlog("No connection received before the handler completed")
 			end
 		}
 	end

lib/msf/core/module.rb

@@ -36,6 +36,10 @@ class Module
 			return type + '/' + refname
 		end
 	
+		def shortname
+			return refname.split('/')[-1]
+		end
+		
 		#
 		# Returns this module's ranking.
 		#
@@ -154,6 +158,17 @@ class Module
 		return self.class.refname
 	end
 
+	#
+	# Returns the module's framework short name.  This is a
+	# possibly conflicting name used for things like console
+	# prompts.
+	#
+	# reverse_tcp
+	#
+	def shortname
+		return self.class.shortname
+	end
+	
 	#
 	# Returns the unduplicated class associated with this module.
 	#

lib/msf/ui/console/command_dispatcher/core.rb

@@ -20,7 +20,7 @@ class Core
 	include Msf::Ui::Console::CommandDispatcher
 
 	# Session command options
-	@@session_opts = Rex::Parser::Arguments.new(
+	@@sessions_opts = Rex::Parser::Arguments.new(
 		"-i" => [ true,  "Interact with the supplied session identifier." ],
 		"-h" => [ false, "Help banner."                                   ],
 		"-l" => [ false, "List all active sessions."                      ],
@@ -53,7 +53,7 @@ class Core
 			"route"    => "Route traffic through a session",
 			"save"     => "Saves the active datastores",
 			"search"   => "Adds one or more module search paths",
-			"session" => "Dump session listings and display information about sessions",
+			"sessions" => "Dump session listings and display information about sessions",
 			"set"      => "Sets a variable to a value",
 			"setg"     => "Sets a global variable to a value",
 			"show"     => "Displays modules of a given type, or all modules",
@@ -544,7 +544,7 @@ class Core
 	#
 	# Provides an interface to the sessions currently active in the framework.
 	#
-	def cmd_session(*args)
+	def cmd_sessions(*args)
 		if (args.length == 0)
 			args.unshift("-h")
 		end
@@ -555,7 +555,7 @@ class Core
 		sid    = nil
 
 		# Parse the command options
-		@@session_opts.parse(args) { |opt, idx, val|
+		@@sessions_opts.parse(args) { |opt, idx, val|
 			case opt
 				when "-q"
 					quiet = true
@@ -575,7 +575,7 @@ class Core
 					print(
 						"Usage: session [options]\n\n" +
 						"Active session manipulation and interaction.\n" +
-						@@session_opts.usage())
+						@@sessions_opts.usage())
 					return false
 			end
 		}
@@ -619,7 +619,7 @@ class Core
 	#
 	# Tab completion for the route command
 	#
-	def cmd_session_tabs(str, words)
+	def cmd_sessions_tabs(str, words)
 		if (not words[1])
 			return %w{-q -i -l -h}
 		end
@@ -984,7 +984,7 @@ class Core
 		mod.init_ui(driver.input, driver.output)
 
 		# Update the command prompt
-		driver.update_prompt("#{mod.type}(#{mod.refname}) ")
+		driver.update_prompt("#{mod.type}(#{mod.shortname}) ")
 	end
 	
 	#

modules/exploits/windows/browser/ms06_001_wmf_setabortproc.rb

@@ -49,6 +49,7 @@ class Exploits::Windows::Browser::MS06_001_WMF_SETABORTPROC < Msf::Exploit::Remo
 						{
 							'ConnectionType' => '-find',
 						},
+					'StackAdjustment' => -3500,
 				},
 			'Platform'       => 'win',
 			'Targets'        =>

modules/exploits/windows/ftp/servu_mdtm.rb

@@ -129,7 +129,7 @@ class Exploits::Windows::Ftp::ServUMDTMOverflow < Msf::Exploit::Remote
 	
 	def exploit
 	
-		p generate_egghunter
+#		generate_egghunter
 		connect_login
 		
 		print_status("Trying target #{target.name}...")