Use a semi-intelligent OptEnum for CMDSTAGER::FLAVOR

2014-04-30 09:54:44 -04:00 · 2014-04-30 09:54:44 -04:00 · 952c935730
parent 219153c887
commit 952c935730
2 changed files with 21 additions and 5 deletions
--- a/lib/msf/core/exploit/cmdstager.rb
+++ b/lib/msf/core/exploit/cmdstager.rb
@ -44,10 +44,25 @@ module Exploit::CmdStager
  def initialize(info = {})
    super

+    flavors = []
+    if module_info['CmdStagerFlavor']
+      flavors = Array(module_info['CmdStagerFlavor'])
+    else
+      targets.each do |target|
+        flavors += Array(target.opts['CmdStagerFlavor']) if target.opts['CmdStagerFlavor']
+      end
+      flavors.uniq!
+    end
+
+    if flavors.empty?
+      flavors = STAGERS.keys
+    end
+    flavors = flavors.map { |flavor| flavor.to_s }
+    flavors.unshift('auto')
    register_advanced_options(
      [
-        OptEnum.new('CMDSTAGER::FLAVOR', [ false, 'The CMD Stager to use.']),
-        OptString.new('CMDSTAGER::DECODER', [ false, 'The decoder stub to use.'])
+        OptEnum.new('CMDSTAGER::FLAVOR', [false, 'The CMD Stager to use.', 'auto', flavors]),
+        OptString.new('CMDSTAGER::DECODER', [false, 'The decoder stub to use.'])
      ], self.class)
  end

@ -143,7 +158,7 @@ module Exploit::CmdStager
  def select_cmdstager(opts = {})
    self.flavor = select_flavor(opts)
    raise ArgumentError, "Unable to select CMD Stager" if flavor.nil?
-    raise ArgumentError, "The CMD Stager selected isn't compatible with the target" unless compatible_flavor?(flavor)
+    raise ArgumentError, "The CMD Stager '#{flavor}' isn't compatible with the target" unless compatible_flavor?(flavor)
    self.decoder = select_decoder(opts)
  end

@ -205,7 +220,9 @@ module Exploit::CmdStager
  # @return [nil] if a flavor can not be selected.
  def select_flavor(opts = {})
    return opts[:flavor].to_sym if opts.include?(:flavor)
-    return datastore['CMDSTAGER::FLAVOR'].to_sym unless datastore['CMDSTAGER::FLAVOR'].blank?
+    unless datastore['CMDSTAGER::FLAVOR'].blank? or datastore['CMDSTAGER::FLAVOR'] == 'auto'
+      return datastore['CMDSTAGER::FLAVOR'].to_sym
+    end
    guess_flavor
  end

--- a/modules/exploits/multi/ssh/sshexec.rb
+++ b/modules/exploits/multi/ssh/sshexec.rb
@ -78,7 +78,6 @@ class Metasploit3 < Msf::Exploit::Remote

    register_advanced_options(
      [
-        OptEnum.new('CMDSTAGER::FLAVOR', [ true, 'The flavor of CMD stager to use', 'bourne', [ 'bourne', 'echo', 'printf' ]]),
        OptBool.new('SSH_DEBUG', [ false, 'Enable SSH debugging output (Extreme verbosity!)', false])
      ]
    )