From 8f0d107c1ab669aac4c5b45bea5369bd036d3ebf Mon Sep 17 00:00:00 2001 From: Matt Miller Date: Fri, 22 Jul 2005 00:30:13 +0000 Subject: [PATCH] some improvements to stuff and or things git-svn-id: file:///home/svn/incoming/trunk@2800 4d416f70-5f16-0410-b530-b9f4589650da --- documentation/TODO | 4 ++-- lib/msf/core/handler/find_port.rb | 23 +++++++++++++++++++---- lib/msf/core/handler/find_tag.rb | 29 +++++++++++++++++++++++++++-- 3 files changed, 48 insertions(+), 8 deletions(-) diff --git a/documentation/TODO b/documentation/TODO index 6b40657f5d..d759034380 100644 --- a/documentation/TODO +++ b/documentation/TODO @@ -44,8 +44,8 @@ service.shutdown handle_request(req) create_response send_response -- findsock payloads - - findsock handler +X- findsock payloads +X - findsock handler - meterpreter - more ui wrapping - fix route addition/removal in stdapi server dll (mib structure issue) diff --git a/lib/msf/core/handler/find_port.rb b/lib/msf/core/handler/find_port.rb index c020eec420..5b6110b47f 100644 --- a/lib/msf/core/handler/find_port.rb +++ b/lib/msf/core/handler/find_port.rb @@ -40,7 +40,9 @@ module FindPort # transmit the stage and create the session, hoping that it works. if (self.payload_type != Msf::Payload::Type::Single) handle_connection(sock) - # Otherwise, check to see if we found a session + # Otherwise, check to see if we found a session. We really need + # to improve this, as we could create a session when the exploit + # really didn't succeed. else create_session(sock) end @@ -56,6 +58,12 @@ protected def _find_prefix(sock) end + # + # Sends the identifier if there is one. + # + def _send_id(sock) + end + # # Wrapper to create session that makes sure we actually have a session to # create... @@ -69,7 +77,7 @@ protected # This is a hack. If the session is a shell, we check to see if it's # functional by sending an echo which tells us whether or not we're good # to go. - if (self.session.type == 'shell') + if (self.session and self.session.type == 'shell') go = _check_shell(sock) else print_status("Trying to use connection...") @@ -92,15 +100,22 @@ protected def _check_shell(sock) ebuf = Rex::Text.rand_text_alphanumeric(16) + # Send any identifying information that the find sock may need on + # the other side, such as a tag. If we do actually send something, + # wait a bit longer to let the remote side find us. + if (_send_id(sock)) + Rex::ThreadSafe.sleep(1.5) + end + # Check to see if the shell exists - sock.put("echo #{ebuf}\n") + sock.put("\necho #{ebuf}\n") # Try to read a response rbuf = sock.get(3) # If it contains our string, then we rock if (rbuf =~ /#{ebuf}/) - print_status("Found shell...") + print_status("Found shell.") return true else diff --git a/lib/msf/core/handler/find_tag.rb b/lib/msf/core/handler/find_tag.rb index fe20557931..e2429f22f6 100644 --- a/lib/msf/core/handler/find_tag.rb +++ b/lib/msf/core/handler/find_tag.rb @@ -24,8 +24,16 @@ module FindTag register_advanced_options( [ - OptString.new('TAG', [ true, "The four byte tag to signify the connection.", "msf!" ]) + OptString.new('TAG', + [ + true, + "The four byte tag to signify the connection.", + Rex::Text.rand_text_alphanumeric(4), + ]) ], Msf::Handler::FindTag) + + # Eliminate the CPORT option. + options.remove_option('CPORT') end protected @@ -34,7 +42,24 @@ protected # Prefix the stage with this... # def _find_prefix(sock) - self.stage_prefix = _find_tag + if (self.respond_to?('stage_prefix') == true) + self.stage_prefix = _find_tag + else + _find_tag + end + end + + # + # Transmits the tag + # + def _send_id(sock) + if (self.payload_type == Msf::Payload::Type::Single) + sock.put(_find_tag) + + return _find_tag + end + + return nil end #