module Msf module Ui module Console module CommandDispatcher class Exploit include Msf::Ui::Console::ModuleCommandDispatcher @@exploit_opts = Rex::Parser::Arguments.new( "-e" => [ true, "The payload encoder to use. If none is specified, ENCODER is used." ], "-h" => [ false, "Help banner." ], "-n" => [ true, "The NOP generator to use. If none is specified, NOP is used." ], "-o" => [ true, "A comma separated list of options in VAR=VAL format." ], "-p" => [ true, "The payload to use. If none is specified, PAYLOAD is used." ], "-t" => [ true, "The target index to use. If none is specified, TARGET is used." ], "-v" => [ false, "Enable verbose output." ], "-z" => [ false, "Do not interact with the session after successful exploitation." ]) def commands { "check" => "Check to see if a target is vulnerable", "exploit" => "Launch an exploit attempt", } end def name "Exploit" end # # Checks to see if a target is vulnerable # def cmd_check(*args) begin code = mod.check if (code) stat = '[*]' if (code == Msf::Exploit::CheckCode::Vulnerable) stat = '[+]' end print_line(stat + ' ' + code[1]) else print_error( "Check failed: The state could not be determined.") end rescue log_error("Check failed: #{$!}.") end end # # Launches an exploitation attempt # def cmd_exploit(*args) opt_str = nil verbose = false payload = mod.datastore['PAYLOAD'] encoder = mod.datastore['ENCODER'] target = mod.datastore['TARGET'] nop = mod.datastore['NOP'] bg = false @@exploit_opts.parse(args) { |opt, idx, val| case opt when '-e' encoder = val when '-n' nop = val when '-o' opt_str = val when '-p' payload = val when '-t' target = val.to_i when '-z' bg = true when '-v' verbose = true when '-h' print( "Usage: exploit [options]\n\n" + "Launches an exploitation attempt.\n" + @@exploit_opts.usage) return false end } if (verbose) end begin session = mod.exploit_simple( 'Encoder' => encoder, 'Payload' => payload, 'Target' => target, 'Nop' => nop, 'OptionStr' => opt_str) rescue log_error("Exploit failed: #{$!}") return false end # If we were given a session, let's see what we can do with it if (session) # If we aren't told to run in the background and the session can be # interacted with, start interacting with it if (bg == false and session.interactive?) # Set the session's input and output handles session.linput = driver.input session.loutput = driver.output # Interact session.interact() # Otherwise, log that we created a session else print_status("Session #{session.id} created.") end else print_status("Exploit completed, no session was created.") end end end end end end end