some improvements to stuff and or things
git-svn-id: file:///home/svn/incoming/trunk@2800 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
c494a71957
commit
8f0d107c1a
|
@ -44,8 +44,8 @@ service.shutdown
|
||||||
handle_request(req)
|
handle_request(req)
|
||||||
create_response
|
create_response
|
||||||
send_response
|
send_response
|
||||||
- findsock payloads
|
X- findsock payloads
|
||||||
- findsock handler
|
X - findsock handler
|
||||||
- meterpreter
|
- meterpreter
|
||||||
- more ui wrapping
|
- more ui wrapping
|
||||||
- fix route addition/removal in stdapi server dll (mib structure issue)
|
- fix route addition/removal in stdapi server dll (mib structure issue)
|
||||||
|
|
|
@ -40,7 +40,9 @@ module FindPort
|
||||||
# transmit the stage and create the session, hoping that it works.
|
# transmit the stage and create the session, hoping that it works.
|
||||||
if (self.payload_type != Msf::Payload::Type::Single)
|
if (self.payload_type != Msf::Payload::Type::Single)
|
||||||
handle_connection(sock)
|
handle_connection(sock)
|
||||||
# Otherwise, check to see if we found a session
|
# Otherwise, check to see if we found a session. We really need
|
||||||
|
# to improve this, as we could create a session when the exploit
|
||||||
|
# really didn't succeed.
|
||||||
else
|
else
|
||||||
create_session(sock)
|
create_session(sock)
|
||||||
end
|
end
|
||||||
|
@ -56,6 +58,12 @@ protected
|
||||||
def _find_prefix(sock)
|
def _find_prefix(sock)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
#
|
||||||
|
# Sends the identifier if there is one.
|
||||||
|
#
|
||||||
|
def _send_id(sock)
|
||||||
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# Wrapper to create session that makes sure we actually have a session to
|
# Wrapper to create session that makes sure we actually have a session to
|
||||||
# create...
|
# create...
|
||||||
|
@ -69,7 +77,7 @@ protected
|
||||||
# This is a hack. If the session is a shell, we check to see if it's
|
# This is a hack. If the session is a shell, we check to see if it's
|
||||||
# functional by sending an echo which tells us whether or not we're good
|
# functional by sending an echo which tells us whether or not we're good
|
||||||
# to go.
|
# to go.
|
||||||
if (self.session.type == 'shell')
|
if (self.session and self.session.type == 'shell')
|
||||||
go = _check_shell(sock)
|
go = _check_shell(sock)
|
||||||
else
|
else
|
||||||
print_status("Trying to use connection...")
|
print_status("Trying to use connection...")
|
||||||
|
@ -92,15 +100,22 @@ protected
|
||||||
def _check_shell(sock)
|
def _check_shell(sock)
|
||||||
ebuf = Rex::Text.rand_text_alphanumeric(16)
|
ebuf = Rex::Text.rand_text_alphanumeric(16)
|
||||||
|
|
||||||
|
# Send any identifying information that the find sock may need on
|
||||||
|
# the other side, such as a tag. If we do actually send something,
|
||||||
|
# wait a bit longer to let the remote side find us.
|
||||||
|
if (_send_id(sock))
|
||||||
|
Rex::ThreadSafe.sleep(1.5)
|
||||||
|
end
|
||||||
|
|
||||||
# Check to see if the shell exists
|
# Check to see if the shell exists
|
||||||
sock.put("echo #{ebuf}\n")
|
sock.put("\necho #{ebuf}\n")
|
||||||
|
|
||||||
# Try to read a response
|
# Try to read a response
|
||||||
rbuf = sock.get(3)
|
rbuf = sock.get(3)
|
||||||
|
|
||||||
# If it contains our string, then we rock
|
# If it contains our string, then we rock
|
||||||
if (rbuf =~ /#{ebuf}/)
|
if (rbuf =~ /#{ebuf}/)
|
||||||
print_status("Found shell...")
|
print_status("Found shell.")
|
||||||
|
|
||||||
return true
|
return true
|
||||||
else
|
else
|
||||||
|
|
|
@ -24,8 +24,16 @@ module FindTag
|
||||||
|
|
||||||
register_advanced_options(
|
register_advanced_options(
|
||||||
[
|
[
|
||||||
OptString.new('TAG', [ true, "The four byte tag to signify the connection.", "msf!" ])
|
OptString.new('TAG',
|
||||||
|
[
|
||||||
|
true,
|
||||||
|
"The four byte tag to signify the connection.",
|
||||||
|
Rex::Text.rand_text_alphanumeric(4),
|
||||||
|
])
|
||||||
], Msf::Handler::FindTag)
|
], Msf::Handler::FindTag)
|
||||||
|
|
||||||
|
# Eliminate the CPORT option.
|
||||||
|
options.remove_option('CPORT')
|
||||||
end
|
end
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
@ -34,7 +42,24 @@ protected
|
||||||
# Prefix the stage with this...
|
# Prefix the stage with this...
|
||||||
#
|
#
|
||||||
def _find_prefix(sock)
|
def _find_prefix(sock)
|
||||||
|
if (self.respond_to?('stage_prefix') == true)
|
||||||
self.stage_prefix = _find_tag
|
self.stage_prefix = _find_tag
|
||||||
|
else
|
||||||
|
_find_tag
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
#
|
||||||
|
# Transmits the tag
|
||||||
|
#
|
||||||
|
def _send_id(sock)
|
||||||
|
if (self.payload_type == Msf::Payload::Type::Single)
|
||||||
|
sock.put(_find_tag)
|
||||||
|
|
||||||
|
return _find_tag
|
||||||
|
end
|
||||||
|
|
||||||
|
return nil
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in New Issue