infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

first shot at letting scriptable.rb handle local exploits

bug/bundler_fix
Joshua Smith 2014-05-06 01:21:11 -05:00
parent c957d0a1e7
commit bb13590f02
1 changed files with 54 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
lib/msf/base/sessions/scriptable.rb
View File

@ -58,14 +58,16 @@ module Scriptable
# #
def execute_script(script_name, *args) def execute_script(script_name, *args)
mod = framework.modules.create(script_name) mod = framework.modules.create(script_name)
if (mod and mod.type == "post") if mod
# Don't report module run events here as it will be taken care of # Don't report module run events here as it will be taken care of
# in +Post.run_simple+ # in +Post.run_simple+
# meterpreter scripts don't need SESSION, but it's not gonna hurt
opts = { 'SESSION' => self.sid } opts = { 'SESSION' => self.sid }
args.each do |arg| args.each do |arg|
k,v = arg.split("=", 2) k,v = arg.split("=", 2)
opts[k] = v opts[k] = v
end end
if mod.type == "post"
mod.run_simple( mod.run_simple(
# Run with whatever the default stance is for now. At some # Run with whatever the default stance is for now. At some
# point in the future, we'll probably want a way to force a # point in the future, we'll probably want a way to force a
@ -75,7 +77,47 @@ module Scriptable
'LocalOutput' => self.user_output, 'LocalOutput' => self.user_output,
'Options' => opts 'Options' => opts
) )
else elsif mod.type == "exploit"
# well it must be a local, we're not currently supporting anything else
if mod.category == "local"
# get a copy of the session exploit's datastore if we can
original_exploit_datastore = self.exploit.datastore || {}
copy_of_orig_exploit_datastore = original_exploit_datastore.dup
# we don't want to inherit a couple things, like AutoRunScript's
to_neuter = ['AutoRunScript', 'InitialAutoRunScript']
to_neuter.each { |setting| copy_of_orig_exploit_datastore.delete(setting) }
# @TODO: if opts are the same, we don't need another handler, set
# DisablePayloadHandler => true in that case?
# merge in any opts that were passed in, defaulting to the
# copy of the datastore (of the exploit) that spawned the session
local_exploit_opts = copy_of_orig_exploit_datastore.merge(opts)
# try to run this local exploit, which is likely to be exception prone
begin
new_session = mod.exploit_simple(
'Payload' => local_exploit_opts['PAYLOAD'],
'LocalInput' => self.user_input,
'LocalOutput' => self.user_output,
'Options' => local_exploit_opts
)
rescue ::Interrupt
raise $!
rescue ::Exception => e
print_error("Local exploit exception (#{mod.refname}): #{e.class} #{e}")
if(e.class.to_s != 'Msf::OptionValidateError')
print_error("Call stack:")
e.backtrace.each do |line|
break if line =~ /lib.msf.base.simple/
print_error(" #{line}")
end
end
end # end rescue
end # end if local
end # end if exploit
else # else no mod
full_path = self.class.find_script_path(script_name) full_path = self.class.find_script_path(script_name)
# No path found? Weak. # No path found? Weak.
@ -85,7 +127,7 @@ module Scriptable
end end
framework.events.on_session_script_run(self, full_path) framework.events.on_session_script_run(self, full_path)
execute_file(full_path, args) execute_file(full_path, args)
end end # end if mod
end end
end end