Refactor datastore names to match standards

bug/bundler_fix
HD Moore 2015-07-05 18:21:45 -05:00
parent 7858d63036
commit d2063c92e1
7 changed files with 36 additions and 34 deletions

View File

@ -54,8 +54,8 @@ module Msf
next if !fullname.include?('browser') || self.fullname == "exploit/#{fullname}"
# The user gets to specify which modules to include/exclude
next if datastore['Include'] && fullname !~ datastore['Include']
next if datastore['Exclude'] && fullname =~ datastore['Exclude']
next if datastore['INCLUDE_PATTERN'] && fullname !~ datastore['INCLUDE_PATTERN']
next if datastore['EXCLUDE_PATTERN'] && fullname =~ datastore['EXCLUDE_PATTERN']
mod = framework.exploits.create(fullname)
unless mod
@ -248,7 +248,7 @@ module Msf
@bap_exploits = []
bap_groups.each_pair do |ranking, module_list|
module_list.each do |m|
break if @bap_exploits.length >= datastore['MaxExploits']
break if @bap_exploits.length >= datastore['MaxExploitCount']
@bap_exploits << m
end
end
@ -301,7 +301,7 @@ module Msf
# @return [void]
def start_payload_listeners
# Spawn nothing if the user doesn't want to pop sessions.
return if datastore['MaxSessions'] == 0
return if datastore['MaxSessionCount'] == 0
# Don't repeat launching payload handlers
wanted_payloads.uniq! { |e| e[:payload_name] }
@ -469,7 +469,7 @@ module Msf
@wanted_payloads = []
# #split might be expensive if the file is really big
@whitelist = datastore['Whitelist'] ? datastore['Whitelist'].split : nil
@whitelist = datastore['AllowedAddresses'] ? datastore['AllowedAddresses'].split : nil
print_status("Searching BES exploits, please wait...")
init_exploits
@ -603,8 +603,8 @@ module Msf
end
end
if datastore['RealList']
show_real_list(cli.peerhost, tag, current_exploit_list)
if datastore['ShowExploitList']
show_exploit_list(cli.peerhost, tag, current_exploit_list)
end
current_exploit_list
@ -630,7 +630,7 @@ module Msf
# @see #sort_bap_exploits Explains how the exploit list is generated at first.
# @see #get_suitable_exploits Explains how we serve exploits to each client.
# @return [void]
def show_real_list(ip, tag, current_exploit_list)
def show_exploit_list(ip, tag, current_exploit_list)
order = 1
table = Rex::Ui::Text::Table.new(
'Header' => '',
@ -711,6 +711,7 @@ module Msf
#
# @return [Fixnum] A session count.
def session_count
# TODO: Restrict these to the active workspace
total = 0
payload_job_ids.each do |id|
@ -737,21 +738,21 @@ module Msf
def build_html(cli, request)
exploit_list = get_exploit_urls(cli, request)
if datastore['MaxSessions'] > -1 && session_count >= datastore['MaxSessions']
print_status("Exploits will not be served because you've reached the max session count of #{datastore['MaxSessions']}")
if datastore['Content'].blank?
if datastore['MaxSessionCount'] > -1 && session_count >= datastore['MaxSessionCount']
print_status("Exploits will not be served because you've reached the max session count of #{datastore['MaxSessionCount']}")
if datastore['HTMLContent'].blank?
send_not_found(cli)
return ''
else
return datastore['Content']
return datastore['HTMLContent']
end
elsif exploit_list.empty?
print_status("No suitable exploits to send.")
if datastore['Content'].blank?
if datastore['HTMLContent'].blank?
send_not_found(cli)
return ''
else
return datastore['Content']
return datastore['HTMLContent']
end
end
@ -807,7 +808,7 @@ module Msf
<body>
</body>
</html>
#{datastore['Content']}|
#{datastore['HTMLContent']}|
end
end

View File

@ -72,16 +72,17 @@ class Metasploit3 < Msf::Auxiliary
register_options(
[
OptRegexp.new('Include', [false, 'Pattern search to include specific modules']),
OptRegexp.new('Exclude', [false, 'Pattern search to exclude specific modules']),
OptInt.new('MaxExploits', [false, 'Number of browser exploits to load', 20]),
OptString.new('Content', [false, 'HTML Content', '']),
OptAddressRange.new('Whitelist', [false, "A range of IPs you're interested in attacking"]),
OptInt.new('MaxSessions', [false, 'Number of sessions to get', -1]),
OptBool.new('RealList', [true, "Show which exploits will actually be served to each client", false])
] ,self.class)
OptRegexp.new('INCLUDE_PATTERN', [false, 'Pattern search to include specific modules']),
OptRegexp.new('EXCLUDE_PATTERN', [false, 'Pattern search to exclude specific modules'])
], self.class)
deregister_options('Retries', 'DisablePayloadHandler', 'ContextInformationFile')
register_advanced_options([
OptInt.new('MaxExploitCount', [false, 'Number of browser exploits to load', 20]),
OptString.new('HTMLContent', [false, 'HTML Content', '']),
OptAddressRange.new('AllowedAddresses', [false, "A range of IPs you're interested in attacking"]),
OptInt.new('MaxSessionCount', [false, 'Number of sessions to get', -1]),
OptBool.new('ShowExploitList', [true, "Show which exploits will actually be served to each client", false])
] ,self.class)
end
def get_advanced_options

View File

@ -1,6 +1,6 @@
<ruby>
run_single("use auxiliary/server/browser_autopwn2")
run_single("set RealList true")
run_single("set ShowExploitList true")
run_single("set VERBOSE true")
run_single("run")
</ruby>

View File

@ -3,14 +3,14 @@ print_status("Starting BAP...")
print_status("Exploits will not be actually served, but you will know which ones the clients might be vulnerable to.")
print_status("You can do 'notes -t baps.clicks' in msfconsole to track clicks and client-specific exploit info.")
run_single("use auxiliary/server/browser_autopwn2")
run_single("set RealList true")
run_single("set MaxSessions 0")
run_single("set ShowExploitList true")
run_single("set MaxSessionCount 0")
# Instead of set Content, you can also do set Custom404 to redirect the client to an SE training website
# For example (why don't you try this? :-) )
# run_single("set Custom404 https://www.youtube.com/watch?v=dQw4w9WgXcQ")
run_single("set Content \"Hello, this is a security test. You shouldn't have clicked on that link :-)\"")
run_single("set HTMLContent \"Hello, this is a security test. You shouldn't have clicked on that link :-)\"")
run_single("run")
</ruby>

View File

@ -2,7 +2,7 @@
print_status("Starting Browser Autopwn with Firefox-only BrowserExploitServer-based exploits.")
print_status("Older Firefox exploits don't use BES, therefore will not be loaded.")
run_single("use auxiliary/server/browser_autopwn2")
run_single("set Include (mozilla_firefox|firefox)_")
run_single("set RealList true")
run_single("set INCLUDE_PATTERN (mozilla_firefox|firefox)_")
run_single("set ShowExploitList true")
run_single("run")
</ruby>

View File

@ -2,7 +2,7 @@
print_status("Starting Browser Autopwn with Adobe Flash-only BrowserExploitServer-based exploits.")
print_status("Older Adobe Flash exploits don't use BES, therefore will not be loaded.")
run_single("use auxiliary/server/browser_autopwn2")
run_single("set Include adobe_flash")
run_single("set RealList true")
run_single("set INCLUDE_PATTERN adobe_flash")
run_single("set ShowExploitList true")
run_single("run")
</ruby>

View File

@ -2,7 +2,7 @@
print_status("Starting Browser Autopwn with IE-only BrowserExploitServer-based exploits.")
print_status("Older IE exploits don't use BES, therefore will not be loaded.")
run_single("use auxiliary/server/browser_autopwn2")
run_single("set Include (ms\\\\d\\\\d_\\\\d+|ie)_")
run_single("set RealList true")
run_single("set INCLUDE_PATTERN (ms\\\\d\\\\d_\\\\d+|ie)_")
run_single("set ShowExploitList true")
run_single("run")
</ruby>