metasploit-framework/lib/msf/core/exploit.rb

217 lines
4.3 KiB
Ruby

require 'msf/core'
module Msf
###
#
# ExploitEvents
# -------------
#
# Event notifications that affect exploits.
#
###
module ExploitEvents
#
# Notified when an exploit is successful
#
def on_exploit_success(exploit)
end
#
# Notified when an exploit is unsuccessful
#
def on_exploit_failure(exploit, reason)
end
end
###
#
# Exploit
# -------
#
# The exploit class acts as the base class for all exploit modules. It
# provides a common interface for interacting with exploits at the most basic
# level.
#
###
class Exploit < Msf::Module
#
# The various check codes that can be returned from the ``check'' routine.
#
module CheckCode
Safe = [ 0, "The target is not exploitable." ]
Detected = [ 1, "The target service is running, but could not be validated." ]
Appears = [ 2, "The target appears to be vulnerable." ]
Vulnerable = [ 3, "The target is vulnerable." ]
Unsupported = [ 4, "This exploit does not support check." ]
end
#
# The various basic types of exploits
#
module Type
Remote = "remote"
Local = "local"
Omni = "omnipresent"
end
#
# The types of stances an exploit can take, such as passive or aggressive.
# Stances indicate whether or not the exploit triggers the exploit without
# waiting for one or more conditions to be met (aggressive) or whether it
# must wait for certain conditions to be satisfied before the exploit can
# be initiated (passive)
#
module Stance
Aggressive = "aggresive"
Passive = "passive"
end
#
# Constructo the clown! Watch as he kills small children with balloons.
#
def initialize(info = {})
super(info)
self.targets = Rex::Transformer.transform(info['Targets'], Array,
[ Target ], 'Targets')
end
##
#
# Core exploit interface
# ----------------------
#
# These are the methods that exploits will override to perform various
# tasks, such as checking a target to see if it's vulnerable, automatically
# selecting a target, or performing an exploit.
#
##
#
# Checks to see if the target is vulnerable, returning unsupported if it's
# not supported.
#
def check
CheckCode::Unsupported
end
#
# Kicks off the actual exploit. Prior to this call, the framework will
# have validated the data store using the options associated with this
# exploit module. It will also pre-generate the desired payload, though
# exploits can re-generate the payload if necessary.
#
def exploit
end
##
#
# Feature detection
# -----------------
#
# These methods check to see if there is a derived implementation of
# various methods as a way of inferring whether or not a given exploit
# supports the feature.
#
##
def supports_check?
derived_implementor?(Msf::Exploit, 'check')
end
def supports_exploit?
derived_implementor?(Msf::Exploit, 'exploit')
end
#
# Returns a hash of the capabilities this exploit module has
#
def capabilities
{
'check' => supports_check?,
'exploit' => supports_exploit?
}
end
##
#
# Getters/Setters and information collectors
#
##
#
# The module's type
#
def type
MODULE_EXPLOIT
end
#
# If we don't know the exploit type, then I guess it's omnipresent!
#
def exploit_type
Type::Omni
end
#
# Generally, all exploits take an aggressive stance.
#
def stance
Stance::Aggressive
end
#
# Returns the payload that has been set for this exploit instance
#
def payload
# TODO
end
attr_accessor :target, :targets
###
#
# Local
# -----
#
# The local exploit class is a specialization of the exploit module class that
# is geared toward exploits that are performed locally. Locally, in this
# case, is defined as an exploit that is realized by means other than network
# communication.
#
###
class Local < Exploit
def exploit_type
Exploit::Type::Local
end
end
###
#
# Remote
# ------
#
# The remote exploit class is a specialization of the exploit module class
# that is geared toward exploits that are performed against targets other than
# the local machine. This typically implies exploiting other machines via a
# network connection, though it is not limited to this scope.
#
###
class Remote < Exploit
def exploit_type
Exploit::Type::Remote
end
end
end
end
require 'msf/core/exploit/tcp'
require 'msf/core/exploit/dcerpc'