require 'msf/core'

class MetasploitModule < Msf::Exploit::Remote
  include Exploit::Remote::Tcp
  Rank = ManualRanking

  def initialize(info = {})
    super(update_info(info,
                      'Name'           => 'Exploit Auto-Targeting for Linux',
                      'Description'    => %q{ This module is a test bed for automatic targeting for Linux exploits. },
                      'Author'         => [ 'thelightcosine' ],
                      'License'        => MSF_LICENSE,
                      'Privileged'     => true,
                      'DefaultOptions' =>
                        {
                          'WfsDelay'     => 10,
                          'EXITFUNC' => 'thread'
                        },
                      'Payload'        =>
                        {
                          'Space'        => 3072,
                          'DisableNops'  => true
                        },
                      'Platform'       => 'linux',
                      'Arch'           => [ARCH_X86, ARCH_X64],
                      'Targets'        =>
                        [
                          ['Linux Heap Brute Force (Debian/Ubuntu)',
                           {
                             'Platform'      => 'linux',
                             'Arch'          => [ ARCH_X86 ],
                             'Nops'          => 64*1024,
                             'Bruteforce' =>
                               {
                                 'Start' => { 'Ret' => 0x08352000 },
                                 'Stop'  => { 'Ret' => 0x0843d000 },
                                 'Step'  => 60*1024,

                               }
                           }
                          ],

                          ['Linux Heap Brute Force (Gentoo)',
                           {
                             'Platform'      => 'linux',
                             'Arch'          => [ ARCH_X86 ],
                             'Nops'          => 64*1024,
                             'Bruteforce' =>
                               {
                                 'Start' => { 'Ret' => 0x80310000 },
                                 'Stop'  => { 'Ret' => 0x8042f000 },
                                 'Step'  => 60*1024,

                               }
                           }
                          ],



                          ['Linux Heap Brute Force (Mandriva)',
                           {
                             'Platform'      => 'linux',
                             'Arch'          => [ ARCH_X86 ],
                             'Nops'          => 64*1024,
                             'Bruteforce' =>
                               {
                                 'Start' => { 'Ret' => 0x80380000 },
                                 'Stop'  => { 'Ret' => 0x8045b000 },
                                 'Step'  => 60*1024,

                               }
                           }
                          ],

                          ['Linux Heap Brute Force (RHEL/CentOS)',
                           {
                             'Platform'      => 'linux',
                             'Arch'          => [ ARCH_X86 ],
                             'Nops'          => 64*1024,
                             'Bruteforce' =>
                               {
                                 'Start' => { 'Ret' => 0xb800f000 },
                                 'Stop'  => { 'Ret' => 0xb80c9000 },
                                 'Step'  => 60*1024,

                               }
                           }
                          ],

                          ['Linux Heap Brute Force (SUSE)',
                           {
                             'Platform'      => 'linux',
                             'Arch'          => [ ARCH_X86 ],
                             'Nops'          => 64*1024,
                             'Bruteforce' =>
                               {
                                 'Start' => { 'Ret' => 0x80365000 },
                                 'Stop'  => { 'Ret' => 0x80424000 },
                                 'Step'  => 60*1024,

                               }
                           }
                          ],

                          ['Linux Heap Brute Force (Slackware)',
                           {
                             'Platform'      => 'linux',
                             'Arch'          => [ ARCH_X86 ],
                             'Nops'          => 64*1024,
                             'Bruteforce' =>
                               {
                                 'Start' => { 'Ret' => 0x8033c000 },
                                 'Stop'  => { 'Ret' => 0x80412000 },
                                 'Step'  => 60*1024,

                               }
                           }
                          ],

                          ['Linux Heap Brute Force (OpenWRT MIPS)',
                           {
                             'Platform'      => 'linux',
                             'Arch'          => [ ARCH_MIPSBE ],
                             'Nops'          => 64*1024,
                             'Bruteforce'    =>
                               {
                                 'Start' => { 'Ret' => 0x55900000 },
                                 'Stop'  => { 'Ret' => 0x559c0000 },
                                 'Step'  => 60*1024,
                               }
                           }
                          ]
                        ],
                      'DisclosureDate' => 'Jan 01 1999'
          ))
  end

  def exploit
    print_status("This exploit doesn't actually do anything")
    print_status "Target Selected: #{target.name}"
  end


end