Timeouts added for handlers
git-svn-id: file:///home/svn/framework3/trunk@3773 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
c081d7b2b1
commit
817c4c189f
|
@ -258,6 +258,11 @@ class Exploit < Msf::Module
|
|||
self.default_target = info['DefaultTarget']
|
||||
self.payload_info = info['Payload'] || {}
|
||||
self.session_count = 0
|
||||
self.active_timeout = 120
|
||||
|
||||
if (info['Payload'] and info['Payload']['ActiveTimeout'])
|
||||
self.active_timeout = info['Payload']['ActiveTimeout'].to_i
|
||||
end
|
||||
end
|
||||
|
||||
##
|
||||
|
@ -300,6 +305,12 @@ class Exploit < Msf::Module
|
|||
reset_session_counts
|
||||
|
||||
if (payload_instance)
|
||||
|
||||
# Configure the payload handler
|
||||
payload_instance.exploit_config = {
|
||||
'active_timeout' => self.active_timeout
|
||||
}
|
||||
|
||||
# Set up the payload handlers
|
||||
payload_instance.setup_handler
|
||||
|
||||
|
@ -823,6 +834,10 @@ protected
|
|||
# Number of sessions created by this exploit instance.
|
||||
#
|
||||
attr_writer :session_count
|
||||
#
|
||||
# Maximum number of seconds for active handlers
|
||||
#
|
||||
attr_accessor :active_timeout
|
||||
|
||||
#
|
||||
# Overrides the base class method and serves to initialize default
|
||||
|
|
|
@ -152,6 +152,11 @@ module Handler
|
|||
return session
|
||||
end
|
||||
|
||||
#
|
||||
# Set by the exploit module to configure handler
|
||||
#
|
||||
attr_accessor :exploit_config
|
||||
|
||||
protected
|
||||
|
||||
#
|
||||
|
|
|
@ -44,12 +44,6 @@ module BindTcp
|
|||
self.conn_threads = []
|
||||
end
|
||||
|
||||
#
|
||||
# No setup to speak of for bind handlers.
|
||||
#
|
||||
def setup_handler
|
||||
end
|
||||
|
||||
#
|
||||
# Kills off the connection threads if there are any hanging around.
|
||||
#
|
||||
|
@ -65,6 +59,14 @@ module BindTcp
|
|||
# Starts monitoring for an outbound connection to become established.
|
||||
#
|
||||
def start_handler
|
||||
|
||||
# Maximum number of seconds to run the handler
|
||||
ctimeout = 300
|
||||
|
||||
if (exploit_config and exploit_config['active_timeout'])
|
||||
ctimeout = exploit_config['active_timeout'].to_i
|
||||
end
|
||||
|
||||
self.listener_thread = Thread.new {
|
||||
client = nil
|
||||
|
||||
|
@ -76,9 +78,9 @@ module BindTcp
|
|||
caller
|
||||
end
|
||||
|
||||
# Keep trying to connect
|
||||
callcc { |ctx|
|
||||
while true
|
||||
stime = Time.now.to_i
|
||||
|
||||
while (stime + ctimeout > Time.now.to_i)
|
||||
begin
|
||||
client = Rex::Socket::Tcp.create(
|
||||
'PeerHost' => datastore['RHOST'],
|
||||
|
@ -93,16 +95,15 @@ module BindTcp
|
|||
})
|
||||
rescue Rex::ConnectionRefused
|
||||
# Connection refused is a-okay
|
||||
rescue
|
||||
rescue ::Exception
|
||||
wlog("Exception caught in bind handler: #{$!}")
|
||||
end
|
||||
|
||||
ctx.call if (client)
|
||||
break if client
|
||||
|
||||
# Wait a second before trying again
|
||||
Rex::ThreadSafe.sleep(0.5)
|
||||
end
|
||||
}
|
||||
|
||||
# Valid client connection?
|
||||
if (client)
|
||||
|
@ -116,6 +117,8 @@ module BindTcp
|
|||
elog("Exception raised from BindTcp.handle_connection: #{$!}")
|
||||
end
|
||||
}
|
||||
else
|
||||
wlog("No connection received before the handler completed")
|
||||
end
|
||||
}
|
||||
end
|
||||
|
|
|
@ -36,6 +36,10 @@ class Module
|
|||
return type + '/' + refname
|
||||
end
|
||||
|
||||
def shortname
|
||||
return refname.split('/')[-1]
|
||||
end
|
||||
|
||||
#
|
||||
# Returns this module's ranking.
|
||||
#
|
||||
|
@ -154,6 +158,17 @@ class Module
|
|||
return self.class.refname
|
||||
end
|
||||
|
||||
#
|
||||
# Returns the module's framework short name. This is a
|
||||
# possibly conflicting name used for things like console
|
||||
# prompts.
|
||||
#
|
||||
# reverse_tcp
|
||||
#
|
||||
def shortname
|
||||
return self.class.shortname
|
||||
end
|
||||
|
||||
#
|
||||
# Returns the unduplicated class associated with this module.
|
||||
#
|
||||
|
|
|
@ -20,7 +20,7 @@ class Core
|
|||
include Msf::Ui::Console::CommandDispatcher
|
||||
|
||||
# Session command options
|
||||
@@session_opts = Rex::Parser::Arguments.new(
|
||||
@@sessions_opts = Rex::Parser::Arguments.new(
|
||||
"-i" => [ true, "Interact with the supplied session identifier." ],
|
||||
"-h" => [ false, "Help banner." ],
|
||||
"-l" => [ false, "List all active sessions." ],
|
||||
|
@ -53,7 +53,7 @@ class Core
|
|||
"route" => "Route traffic through a session",
|
||||
"save" => "Saves the active datastores",
|
||||
"search" => "Adds one or more module search paths",
|
||||
"session" => "Dump session listings and display information about sessions",
|
||||
"sessions" => "Dump session listings and display information about sessions",
|
||||
"set" => "Sets a variable to a value",
|
||||
"setg" => "Sets a global variable to a value",
|
||||
"show" => "Displays modules of a given type, or all modules",
|
||||
|
@ -544,7 +544,7 @@ class Core
|
|||
#
|
||||
# Provides an interface to the sessions currently active in the framework.
|
||||
#
|
||||
def cmd_session(*args)
|
||||
def cmd_sessions(*args)
|
||||
if (args.length == 0)
|
||||
args.unshift("-h")
|
||||
end
|
||||
|
@ -555,7 +555,7 @@ class Core
|
|||
sid = nil
|
||||
|
||||
# Parse the command options
|
||||
@@session_opts.parse(args) { |opt, idx, val|
|
||||
@@sessions_opts.parse(args) { |opt, idx, val|
|
||||
case opt
|
||||
when "-q"
|
||||
quiet = true
|
||||
|
@ -575,7 +575,7 @@ class Core
|
|||
print(
|
||||
"Usage: session [options]\n\n" +
|
||||
"Active session manipulation and interaction.\n" +
|
||||
@@session_opts.usage())
|
||||
@@sessions_opts.usage())
|
||||
return false
|
||||
end
|
||||
}
|
||||
|
@ -619,7 +619,7 @@ class Core
|
|||
#
|
||||
# Tab completion for the route command
|
||||
#
|
||||
def cmd_session_tabs(str, words)
|
||||
def cmd_sessions_tabs(str, words)
|
||||
if (not words[1])
|
||||
return %w{-q -i -l -h}
|
||||
end
|
||||
|
@ -984,7 +984,7 @@ class Core
|
|||
mod.init_ui(driver.input, driver.output)
|
||||
|
||||
# Update the command prompt
|
||||
driver.update_prompt("#{mod.type}(#{mod.refname}) ")
|
||||
driver.update_prompt("#{mod.type}(#{mod.shortname}) ")
|
||||
end
|
||||
|
||||
#
|
||||
|
|
|
@ -49,6 +49,7 @@ class Exploits::Windows::Browser::MS06_001_WMF_SETABORTPROC < Msf::Exploit::Remo
|
|||
{
|
||||
'ConnectionType' => '-find',
|
||||
},
|
||||
'StackAdjustment' => -3500,
|
||||
},
|
||||
'Platform' => 'win',
|
||||
'Targets' =>
|
||||
|
|
|
@ -129,7 +129,7 @@ class Exploits::Windows::Ftp::ServUMDTMOverflow < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
|
||||
p generate_egghunter
|
||||
# generate_egghunter
|
||||
connect_login
|
||||
|
||||
print_status("Trying target #{target.name}...")
|
||||
|
|
Loading…
Reference in New Issue