some work on compatible payload stuff

git-svn-id: file:///home/svn/incoming/trunk@2753 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Matt Miller 2005-07-14 14:46:18 +00:00
parent 55516ba790
commit fd02a5de71
6 changed files with 100 additions and 22 deletions

View File

@ -84,12 +84,12 @@ class EncodedPayload
# If the caller had a preferred encoder, try to find it and prefix it
if ((reqs['Encoder']) and
(preferred = framework.encoders[reqs['Encoder']]))
encoders.unshift(preferred)
encoders.unshift([reqs['Encoder'], preferred ])
elsif (reqs['Encoder'])
wlog("#{pinst.refname}: Failed to find preferred encoder #{reqs['Encoder']}")
end
encoders.each { |encmod|
encoders.each { |encname, encmod|
self.encoder = encmod.new
# Try encoding with the current encoder
@ -156,7 +156,7 @@ class EncodedPayload
# Now construct the actual sled
if (self.nop_sled_size > 0)
pinst.compatible_nops.each { |nopmod|
pinst.compatible_nops.each { |nopname, nopmod|
# Create an instance of the nop module
self.nop = nopmod.new

View File

@ -243,6 +243,41 @@ class Exploit < Msf::Module
module_info['Stance'] || Stance::Aggressive
end
#
# Returns the active target for this exploit
#
def target
target_idx = datastore['TARGET']
return (target_idx) ? targets[target_idx.to_i] : nil
end
#
# Returns a list of compatible payloads based on platform, architecture,
# and size requirements.
#
def compatible_payloads
payloads = []
framework.payloads.each_module(
'Platform' => target ? target.platform : nil,
'Arch' => target ? target.arch : nil) { |name, mod|
# Skip over payloads that are too big
if ((payload_space) and
(framework.payloads.sizes[name] > payload_space))
dlog("#{refname}: Skipping payload #{name} for being too large", 'core',
LEV_1)
next
end
# This one be compatible!
payloads << [ name, mod ]
}
return payloads;
end
#
# Return any text that should be prepended to the payload. The payload
# module is passed so that the exploit can take a guess at architecture
@ -335,10 +370,6 @@ class Exploit < Msf::Module
#
##
#
# The active target instance.
#
attr_accessor :target
#
# The list of targets.
#

View File

@ -175,6 +175,29 @@ class Module
return Rex::Socket::Comm::Local
end
#
# Just some handy quick checks
#
def exploit?
return (type == MODULE_EXPLOIT)
end
def payload?
return (type == MODULE_PAYLOAD)
end
def encoder?
return (type == MODULE_ENCODER)
end
def nop?
return (type == MODULE_NOP)
end
def recon?
return (type == MODULE_RECON)
end
attr_reader :author, :arch, :platform, :references, :datastore, :options
attr_reader :privileged

View File

@ -102,11 +102,16 @@ class Msf::Module::Target
opts = {} if (!opts)
self.name = name
self.platforms = Msf::Module::PlatformList.from_a(opts['Platform'])
self.platform = Msf::Module::PlatformList.from_a(opts['Platform'])
self.save_registers = opts['SaveRegisters']
self.ret = opts['Ret']
self.opts = opts
if (opts['Arch'])
self.arch = Rex::Transformer.transform(opts['Arch'], Array,
[ String ], 'Arch')
end
# Does this target have brute force information?
if (opts['Bruteforce'])
self.bruteforce = Bruteforce.new(opts['Bruteforce'])
@ -128,12 +133,12 @@ class Msf::Module::Target
return (bruteforce != nil)
end
attr_reader :name, :platforms, :opts, :ret, :save_registers
attr_reader :name, :platform, :arch, :opts, :ret, :save_registers
attr_reader :bruteforce
protected
attr_writer :name, :platforms, :opts, :ret, :save_registers
attr_writer :name, :platform, :arch, :opts, :ret, :save_registers
attr_writer :bruteforce
end

View File

@ -178,7 +178,7 @@ class Payload < Msf::Module
framework.encoders.each_module_ranked(
'Arch' => self.arch) { |name, mod|
encoders << mod
encoders << [ name, mod ]
}
return encoders
@ -192,7 +192,7 @@ class Payload < Msf::Module
framework.nops.each_module_ranked(
'Arch' => self.arch) { |name, mod|
nops << mod
nops << [ name, mod ]
}
return nops

View File

@ -94,6 +94,7 @@ class Core
# Display the commands
tbl = Table.new(
Table::Style::Default,
'Header' => 'Metasploit Framework Main Console Help',
'Columns' =>
[
'Command',
@ -202,12 +203,15 @@ class Core
# Dump the contents of the active datastore if no args were supplied
if (args.length == 0)
# If we aren't dumping the global data store, then go ahead and
# dump it first
if (!global)
print("\n" +
Msf::Serializer::ReadableText.dump_datastore(
"Global", framework.datastore))
end
# Dump the active datastore
print("\n" +
Msf::Serializer::ReadableText.dump_datastore(
(global) ? "Global" : "Module: #{active_module.refname}",
@ -424,8 +428,20 @@ protected
end
def show_payloads
# If an active module has been selected and it's an exploit, get the
# list of compatible payloads and display them
if (active_module and active_module.exploit? == true)
tbl = generate_module_table("Compatible payloads")
active_module.compatible_payloads.each { |refname, payload|
tbl << [ refname, payload.new.name ]
}
print(tbl.to_s)
else
show_module_set("Payloads", framework.payloads)
end
end
def show_recon
show_module_set("Recon", framework.recon)
@ -440,8 +456,19 @@ protected
end
def show_module_set(type, module_set)
tbl = generate_module_table(type)
tbl = Table.new(
module_set.each_module { |refname, mod|
instance = mod.new
tbl << [ refname, instance.name ]
}
print(tbl.to_s)
end
def generate_module_table(type)
Table.new(
Table::Style::Default,
'Header' => type,
'Prefix' => "\n",
@ -459,14 +486,6 @@ protected
'MaxWidth' => 25
}
})
module_set.each_module { |refname, mod|
instance = mod.new
tbl << [ refname, instance.name ]
}
print(tbl.to_s)
end
end