first shot at letting scriptable.rb handle local exploits

2014-05-06 01:21:11 -05:00 · 2014-05-06 01:21:11 -05:00 · bb13590f02
parent c957d0a1e7
commit bb13590f02
1 changed files with 54 additions and 12 deletions
--- a/lib/msf/base/sessions/scriptable.rb
+++ b/lib/msf/base/sessions/scriptable.rb
@ -58,14 +58,16 @@ module Scriptable
  #
  def execute_script(script_name, *args)
    mod = framework.modules.create(script_name)
-    if (mod and mod.type == "post")
+    if mod
      # Don't report module run events here as it will be taken care of
      # in +Post.run_simple+
+      # meterpreter scripts don't need SESSION, but it's not gonna hurt
      opts = { 'SESSION' => self.sid }
      args.each do |arg|
        k,v = arg.split("=", 2)
        opts[k] = v
      end
+      if mod.type == "post" 
        mod.run_simple(
          # Run with whatever the default stance is for now.  At some
          # point in the future, we'll probably want a way to force a
@ -75,7 +77,47 @@ module Scriptable
          'LocalOutput' => self.user_output,
          'Options'     => opts
        )
-    else
+      elsif mod.type == "exploit" 
+        # well it must be a local, we're not currently supporting anything else
+        if mod.category == "local"
+          # get a copy of the session exploit's datastore if we can
+          original_exploit_datastore = self.exploit.datastore || {}
+          copy_of_orig_exploit_datastore = original_exploit_datastore.dup
+          # we don't want to inherit a couple things, like AutoRunScript's
+          to_neuter = ['AutoRunScript', 'InitialAutoRunScript']
+          to_neuter.each { |setting| copy_of_orig_exploit_datastore.delete(setting) }
+          # @TODO: if opts are the same, we don't need another handler, set
+          # DisablePayloadHandler => true in that case?
+
+          # merge in any opts that were passed in, defaulting to the
+          # copy of the datastore (of the exploit) that spawned the session
+          local_exploit_opts = copy_of_orig_exploit_datastore.merge(opts)
+
+          # try to run this local exploit, which is likely to be exception prone
+          begin
+            new_session = mod.exploit_simple(
+              'Payload'       => local_exploit_opts['PAYLOAD'],
+              'LocalInput'    => self.user_input,
+              'LocalOutput'   => self.user_output,
+              'Options'       => local_exploit_opts
+              )
+          rescue ::Interrupt
+            raise $!
+          rescue ::Exception => e
+            print_error("Local exploit exception (#{mod.refname}): #{e.class} #{e}")
+            if(e.class.to_s != 'Msf::OptionValidateError')
+              print_error("Call stack:")
+              e.backtrace.each do |line|
+                break if line =~ /lib.msf.base.simple/
+                print_error("  #{line}")
+              end
+            end
+          end # end rescue
+
+        end # end if local
+      end # end if exploit
+
+    else # else no mod
      full_path = self.class.find_script_path(script_name)

      # No path found?  Weak.
@ -85,7 +127,7 @@ module Scriptable
      end
      framework.events.on_session_script_run(self, full_path)
      execute_file(full_path, args)
-    end
+    end # end if mod
  end

 end