Refactor datastore names to match standards
parent
7858d63036
commit
d2063c92e1
|
@ -54,8 +54,8 @@ module Msf
|
|||
next if !fullname.include?('browser') || self.fullname == "exploit/#{fullname}"
|
||||
|
||||
# The user gets to specify which modules to include/exclude
|
||||
next if datastore['Include'] && fullname !~ datastore['Include']
|
||||
next if datastore['Exclude'] && fullname =~ datastore['Exclude']
|
||||
next if datastore['INCLUDE_PATTERN'] && fullname !~ datastore['INCLUDE_PATTERN']
|
||||
next if datastore['EXCLUDE_PATTERN'] && fullname =~ datastore['EXCLUDE_PATTERN']
|
||||
|
||||
mod = framework.exploits.create(fullname)
|
||||
unless mod
|
||||
|
@ -248,7 +248,7 @@ module Msf
|
|||
@bap_exploits = []
|
||||
bap_groups.each_pair do |ranking, module_list|
|
||||
module_list.each do |m|
|
||||
break if @bap_exploits.length >= datastore['MaxExploits']
|
||||
break if @bap_exploits.length >= datastore['MaxExploitCount']
|
||||
@bap_exploits << m
|
||||
end
|
||||
end
|
||||
|
@ -301,7 +301,7 @@ module Msf
|
|||
# @return [void]
|
||||
def start_payload_listeners
|
||||
# Spawn nothing if the user doesn't want to pop sessions.
|
||||
return if datastore['MaxSessions'] == 0
|
||||
return if datastore['MaxSessionCount'] == 0
|
||||
|
||||
# Don't repeat launching payload handlers
|
||||
wanted_payloads.uniq! { |e| e[:payload_name] }
|
||||
|
@ -469,7 +469,7 @@ module Msf
|
|||
@wanted_payloads = []
|
||||
|
||||
# #split might be expensive if the file is really big
|
||||
@whitelist = datastore['Whitelist'] ? datastore['Whitelist'].split : nil
|
||||
@whitelist = datastore['AllowedAddresses'] ? datastore['AllowedAddresses'].split : nil
|
||||
|
||||
print_status("Searching BES exploits, please wait...")
|
||||
init_exploits
|
||||
|
@ -603,8 +603,8 @@ module Msf
|
|||
end
|
||||
end
|
||||
|
||||
if datastore['RealList']
|
||||
show_real_list(cli.peerhost, tag, current_exploit_list)
|
||||
if datastore['ShowExploitList']
|
||||
show_exploit_list(cli.peerhost, tag, current_exploit_list)
|
||||
end
|
||||
|
||||
current_exploit_list
|
||||
|
@ -630,7 +630,7 @@ module Msf
|
|||
# @see #sort_bap_exploits Explains how the exploit list is generated at first.
|
||||
# @see #get_suitable_exploits Explains how we serve exploits to each client.
|
||||
# @return [void]
|
||||
def show_real_list(ip, tag, current_exploit_list)
|
||||
def show_exploit_list(ip, tag, current_exploit_list)
|
||||
order = 1
|
||||
table = Rex::Ui::Text::Table.new(
|
||||
'Header' => '',
|
||||
|
@ -711,6 +711,7 @@ module Msf
|
|||
#
|
||||
# @return [Fixnum] A session count.
|
||||
def session_count
|
||||
# TODO: Restrict these to the active workspace
|
||||
total = 0
|
||||
|
||||
payload_job_ids.each do |id|
|
||||
|
@ -737,21 +738,21 @@ module Msf
|
|||
def build_html(cli, request)
|
||||
exploit_list = get_exploit_urls(cli, request)
|
||||
|
||||
if datastore['MaxSessions'] > -1 && session_count >= datastore['MaxSessions']
|
||||
print_status("Exploits will not be served because you've reached the max session count of #{datastore['MaxSessions']}")
|
||||
if datastore['Content'].blank?
|
||||
if datastore['MaxSessionCount'] > -1 && session_count >= datastore['MaxSessionCount']
|
||||
print_status("Exploits will not be served because you've reached the max session count of #{datastore['MaxSessionCount']}")
|
||||
if datastore['HTMLContent'].blank?
|
||||
send_not_found(cli)
|
||||
return ''
|
||||
else
|
||||
return datastore['Content']
|
||||
return datastore['HTMLContent']
|
||||
end
|
||||
elsif exploit_list.empty?
|
||||
print_status("No suitable exploits to send.")
|
||||
if datastore['Content'].blank?
|
||||
if datastore['HTMLContent'].blank?
|
||||
send_not_found(cli)
|
||||
return ''
|
||||
else
|
||||
return datastore['Content']
|
||||
return datastore['HTMLContent']
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -807,7 +808,7 @@ module Msf
|
|||
<body>
|
||||
</body>
|
||||
</html>
|
||||
#{datastore['Content']}|
|
||||
#{datastore['HTMLContent']}|
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -72,16 +72,17 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
register_options(
|
||||
[
|
||||
OptRegexp.new('Include', [false, 'Pattern search to include specific modules']),
|
||||
OptRegexp.new('Exclude', [false, 'Pattern search to exclude specific modules']),
|
||||
OptInt.new('MaxExploits', [false, 'Number of browser exploits to load', 20]),
|
||||
OptString.new('Content', [false, 'HTML Content', '']),
|
||||
OptAddressRange.new('Whitelist', [false, "A range of IPs you're interested in attacking"]),
|
||||
OptInt.new('MaxSessions', [false, 'Number of sessions to get', -1]),
|
||||
OptBool.new('RealList', [true, "Show which exploits will actually be served to each client", false])
|
||||
] ,self.class)
|
||||
OptRegexp.new('INCLUDE_PATTERN', [false, 'Pattern search to include specific modules']),
|
||||
OptRegexp.new('EXCLUDE_PATTERN', [false, 'Pattern search to exclude specific modules'])
|
||||
], self.class)
|
||||
|
||||
deregister_options('Retries', 'DisablePayloadHandler', 'ContextInformationFile')
|
||||
register_advanced_options([
|
||||
OptInt.new('MaxExploitCount', [false, 'Number of browser exploits to load', 20]),
|
||||
OptString.new('HTMLContent', [false, 'HTML Content', '']),
|
||||
OptAddressRange.new('AllowedAddresses', [false, "A range of IPs you're interested in attacking"]),
|
||||
OptInt.new('MaxSessionCount', [false, 'Number of sessions to get', -1]),
|
||||
OptBool.new('ShowExploitList', [true, "Show which exploits will actually be served to each client", false])
|
||||
] ,self.class)
|
||||
end
|
||||
|
||||
def get_advanced_options
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<ruby>
|
||||
run_single("use auxiliary/server/browser_autopwn2")
|
||||
run_single("set RealList true")
|
||||
run_single("set ShowExploitList true")
|
||||
run_single("set VERBOSE true")
|
||||
run_single("run")
|
||||
</ruby>
|
||||
|
|
|
@ -3,14 +3,14 @@ print_status("Starting BAP...")
|
|||
print_status("Exploits will not be actually served, but you will know which ones the clients might be vulnerable to.")
|
||||
print_status("You can do 'notes -t baps.clicks' in msfconsole to track clicks and client-specific exploit info.")
|
||||
run_single("use auxiliary/server/browser_autopwn2")
|
||||
run_single("set RealList true")
|
||||
run_single("set MaxSessions 0")
|
||||
run_single("set ShowExploitList true")
|
||||
run_single("set MaxSessionCount 0")
|
||||
|
||||
# Instead of set Content, you can also do set Custom404 to redirect the client to an SE training website
|
||||
# For example (why don't you try this? :-) )
|
||||
# run_single("set Custom404 https://www.youtube.com/watch?v=dQw4w9WgXcQ")
|
||||
|
||||
run_single("set Content \"Hello, this is a security test. You shouldn't have clicked on that link :-)\"")
|
||||
run_single("set HTMLContent \"Hello, this is a security test. You shouldn't have clicked on that link :-)\"")
|
||||
|
||||
run_single("run")
|
||||
</ruby>
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
print_status("Starting Browser Autopwn with Firefox-only BrowserExploitServer-based exploits.")
|
||||
print_status("Older Firefox exploits don't use BES, therefore will not be loaded.")
|
||||
run_single("use auxiliary/server/browser_autopwn2")
|
||||
run_single("set Include (mozilla_firefox|firefox)_")
|
||||
run_single("set RealList true")
|
||||
run_single("set INCLUDE_PATTERN (mozilla_firefox|firefox)_")
|
||||
run_single("set ShowExploitList true")
|
||||
run_single("run")
|
||||
</ruby>
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
print_status("Starting Browser Autopwn with Adobe Flash-only BrowserExploitServer-based exploits.")
|
||||
print_status("Older Adobe Flash exploits don't use BES, therefore will not be loaded.")
|
||||
run_single("use auxiliary/server/browser_autopwn2")
|
||||
run_single("set Include adobe_flash")
|
||||
run_single("set RealList true")
|
||||
run_single("set INCLUDE_PATTERN adobe_flash")
|
||||
run_single("set ShowExploitList true")
|
||||
run_single("run")
|
||||
</ruby>
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
print_status("Starting Browser Autopwn with IE-only BrowserExploitServer-based exploits.")
|
||||
print_status("Older IE exploits don't use BES, therefore will not be loaded.")
|
||||
run_single("use auxiliary/server/browser_autopwn2")
|
||||
run_single("set Include (ms\\\\d\\\\d_\\\\d+|ie)_")
|
||||
run_single("set RealList true")
|
||||
run_single("set INCLUDE_PATTERN (ms\\\\d\\\\d_\\\\d+|ie)_")
|
||||
run_single("set ShowExploitList true")
|
||||
run_single("run")
|
||||
</ruby>
|
||||
|
|
Loading…
Reference in New Issue