From ca7c8b0f685ec98d855cf6f0aefcd5699e3075e4 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Tue, 22 Jul 2008 19:12:05 +0000 Subject: [PATCH] Adds the Exploit::Remote::Ip mixin git-svn-id: file:///home/svn/framework3/trunk@5566 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/core/exploit.rb | 1 + lib/msf/core/exploit/ip.rb | 117 +++++++++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) create mode 100644 lib/msf/core/exploit/ip.rb diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb index ed5e5d91c7..aa670a0ef8 100644 --- a/lib/msf/core/exploit.rb +++ b/lib/msf/core/exploit.rb @@ -225,6 +225,7 @@ class Exploit < Msf::Module # Protocol require 'msf/core/exploit/tcp' require 'msf/core/exploit/udp' + require 'msf/core/exploit/ip' require 'msf/core/exploit/smb' require 'msf/core/exploit/ftp' require 'msf/core/exploit/http' diff --git a/lib/msf/core/exploit/ip.rb b/lib/msf/core/exploit/ip.rb new file mode 100644 index 0000000000..60a654cf37 --- /dev/null +++ b/lib/msf/core/exploit/ip.rb @@ -0,0 +1,117 @@ +module Msf + +### +# +# This module provides methods for communicating with a host over UDP +# +### +module Exploit::Remote::Ip + + # + # Initializes an instance of an exploit module that sends + # raw IP datagrams. + # + def initialize(info = {}) + super + + register_options( + [ + Opt::RHOST, + ], Msf::Exploit::Remote::Ip) + end + + # + # Creates an IP socket for communicating with a remote host + # + def connect_ip(global = true, opts={}) + + begin + nsock = Rex::Socket::Ip.create( + 'Context' => + { + 'Msf' => framework, + 'MsfExploit' => self, + }) + + # Set this socket to the global socket as necessary + self.ip_sock = nsock if (global) + + # Add this socket to the list of sockets created by this exploit + sockets << nsock + + return nsock + rescue ::Exception => e + print_line(" ") + print_error( + "This module is configured to use a raw IP socket. " + + "On Unix systems, only the root user is allowed to create raw sockets." + + "Please run the framework as root to use this module." + ) + print_line(" ") + nil + end + end + + # + # Closes the IP socket + # + def disconnect_ip(nsock = self.ip_sock) + begin + if (nsock) + nsock.close + end + rescue IOError + end + + if (nsock == ip_sock) + self.ip_sock = nil + end + + # Remove this socket from the list of sockets created by this exploit + sockets.delete(nsock) + end + + # + # Claims the IP socket if the payload so desires. + # No exploits use raw socket payloads yet... + # + def handler(nsock = self.ip_sock) + true + end + + # + # Performs cleanup, closes the socket if necessary + # + def cleanup + super + disconnect_ip + end + + # + # Sends a datagram to the host specified in RHOST + # + def ip_write(dgram) + return nil if not ip_sock + ip_sock.sendto(dgram, rhost) + end + + ## + # + # Wrappers for getters + # + ## + + # + # Returns the target host + # + def rhost + datastore['RHOST'] + end + + +protected + + attr_accessor :ip_sock + +end +end