some improvements to stuff and or things

git-svn-id: file:///home/svn/incoming/trunk@2800 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-22 00:30:13 +00:00 · 2005-07-22 00:30:13 +00:00 · 8f0d107c1a
parent c494a71957
commit 8f0d107c1a
3 changed files with 48 additions and 8 deletions
--- a/documentation/TODO
+++ b/documentation/TODO
@ -44,8 +44,8 @@ service.shutdown
 	   handle_request(req)
 		create_response
 		send_response
- findsock payloads
-  - findsock handler
+X- findsock payloads
+X  - findsock handler
 - meterpreter
  - more ui wrapping
  - fix route addition/removal in stdapi server dll (mib structure issue)
--- a/lib/msf/core/handler/find_port.rb
+++ b/lib/msf/core/handler/find_port.rb
@ -40,7 +40,9 @@ module FindPort
 		# transmit the stage and create the session, hoping that it works.
 		if (self.payload_type != Msf::Payload::Type::Single)
 			handle_connection(sock)
-		# Otherwise, check to see if we found a session
+		# Otherwise, check to see if we found a session.  We really need
+		# to improve this, as we could create a session when the exploit
+		# really didn't succeed.
 		else
 			create_session(sock)
 		end
@ -56,6 +58,12 @@ protected
 	def _find_prefix(sock)
 	end

+	#
+	# Sends the identifier if there is one.
+	#
+	def _send_id(sock)
+	end
+
 	#
 	# Wrapper to create session that makes sure we actually have a session to
 	# create...
@ -69,7 +77,7 @@ protected
 		# This is a hack.  If the session is a shell, we check to see if it's
 		# functional by sending an echo which tells us whether or not we're good
 		# to go.
-		if (self.session.type == 'shell')
+		if (self.session and self.session.type == 'shell')
 			go = _check_shell(sock)
 		else
 			print_status("Trying to use connection...")
@ -92,15 +100,22 @@ protected
 	def _check_shell(sock)
 		ebuf = Rex::Text.rand_text_alphanumeric(16)

+		# Send any identifying information that the find sock may need on
+		# the other side, such as a tag.  If we do actually send something, 
+		# wait a bit longer to let the remote side find us.
+		if (_send_id(sock))
+			Rex::ThreadSafe.sleep(1.5)
+		end
+
 		# Check to see if the shell exists
-		sock.put("echo #{ebuf}\n")
+		sock.put("\necho #{ebuf}\n")

 		# Try to read a response
 		rbuf = sock.get(3)

 		# If it contains our string, then we rock
 		if (rbuf =~ /#{ebuf}/)
-			print_status("Found shell...")
+			print_status("Found shell.")

 			return true
 		else
--- a/lib/msf/core/handler/find_tag.rb
+++ b/lib/msf/core/handler/find_tag.rb
@ -24,8 +24,16 @@ module FindTag

 		register_advanced_options(
 			[
-				OptString.new('TAG', [ true, "The four byte tag to signify the connection.", "msf!" ])
+				OptString.new('TAG', 
+					[ 
+						true, 
+						"The four byte tag to signify the connection.", 
+						Rex::Text.rand_text_alphanumeric(4),
+					])
 			], Msf::Handler::FindTag)
+
+		# Eliminate the CPORT option.
+		options.remove_option('CPORT')
 	end

 protected
@ -34,7 +42,24 @@ protected
 	# Prefix the stage with this...
 	#
 	def _find_prefix(sock)
-		self.stage_prefix = _find_tag
+		if (self.respond_to?('stage_prefix') == true)
+			self.stage_prefix = _find_tag
+		else
+			_find_tag
+		end
+	end
+
+	#
+	# Transmits the tag
+	#
+	def _send_id(sock)
+		if (self.payload_type == Msf::Payload::Type::Single)
+			sock.put(_find_tag)
+
+			return _find_tag
+		end
+
+		return nil
 	end

 	#