require 'Msf/Core' module Msf ### # # ExploitEvents # ------------- # # Event notifications that affect exploits. # ### module ExploitEvents # # Notified when an exploit is successful # def on_exploit_success(exploit) end # # Notified when an exploit is unsuccessful # def on_exploit_failure(exploit, reason) end end ### # # Exploit # ------- # # The exploit class acts as the base class for all exploit modules. It # provides a common interface for interacting with exploits at the most basic # level. # ### class Exploit < Msf::Module # # The various check codes that can be returned from the ``check'' routine. # module CheckCode Safe = [ 0, "The target is not exploitable." ] Detected = [ 1, "The target service is running, but could not be validated." ] Appears = [ 2, "The target appears to be vulnerable." ] Vulnerable = [ 3, "The target is vulnerable." ] Unsupported = [ 4, "This exploit does not support check." ] end # # The various basic types of exploits # module Type Remote = "remote" Local = "local" Omni = "omnipresent" end # # The types of stances an exploit can take, such as passive or aggressive. # Stances indicate whether or not the exploit triggers the exploit without # waiting for one or more conditions to be met (aggressive) or whether it # must wait for certain conditions to be satisfied before the exploit can # be initiated (passive) # module Stance Aggressive = "aggresive" Passive = "passive" end # # Constructo the clown! Watch as he kills small children with balloons. # def initialize(info = {}) super(info) self.targets = Rex::Transformer.transform(info['Targets'], Array, [ Target ], 'Targets') end ## # # Core exploit interface # ---------------------- # # These are the methods that exploits will override to perform various # tasks, such as checking a target to see if it's vulnerable, automatically # selecting a target, or performing an exploit. # ## # # Checks to see if the target is vulnerable, returning unsupported if it's # not supported. # def check CheckCode::Unsupported end # # Kicks off the actual exploit. Prior to this call, the framework will # have validated the data store using the options associated with this # exploit module. It will also pre-generate the desired payload, though # exploits can re-generate the payload if necessary. # def exploit end ## # # Feature detection # ----------------- # # These methods check to see if there is a derived implementation of # various methods as a way of inferring whether or not a given exploit # supports the feature. # ## def supports_check? derived_implementor?(Msf::Exploit, 'check') end def supports_exploit? derived_implementor?(Msf::Exploit, 'exploit') end # # Returns a hash of the capabilities this exploit module has # def capabilities { 'check' => supports_check?, 'exploit' => supports_exploit? } end ## # # Getters/Setters and information collectors # ## # # The module's type # def type MODULE_EXPLOIT end # # If we don't know the exploit type, then I guess it's omnipresent! # def exploit_type Type::Omni end # # Generally, all exploits take an aggressive stance. # def stance Stance::Aggressive end # # Returns the payload that has been set for this exploit instance # def payload # TODO end attr_accessor :target, :targets ### # # Local # ----- # # The local exploit class is a specialization of the exploit module class that # is geared toward exploits that are performed locally. Locally, in this # case, is defined as an exploit that is realized by means other than network # communication. # ### class Local < Exploit def exploit_type Exploit::Type::Local end end ### # # Remote # ------ # # The remote exploit class is a specialization of the exploit module class # that is geared toward exploits that are performed against targets other than # the local machine. This typically implies exploiting other machines via a # network connection, though it is not limited to this scope. # ### class Remote < Exploit def exploit_type Exploit::Type::Remote end end end end require 'Msf/Core/Exploit/Remote/Tcp' require 'Msf/Core/Exploit/Remote/DCERPC'