177 lines
3.2 KiB
Ruby
177 lines
3.2 KiB
Ruby
require 'msf/core'
|
|
|
|
###
|
|
#
|
|
# A target for an exploit.
|
|
#
|
|
###
|
|
class Msf::Module::Target
|
|
|
|
###
|
|
#
|
|
# Bruteforce
|
|
# ----------
|
|
#
|
|
# Target-specific brute force information, such as the addresses
|
|
# to step, the step size (if the framework default is bad), and
|
|
# other stuff.
|
|
#
|
|
###
|
|
class Bruteforce < Hash
|
|
def initialize(hash)
|
|
update(hash)
|
|
end
|
|
|
|
#
|
|
# Returns a hash of addresses that should be stepped during
|
|
# exploitation and passed in to the bruteforce exploit
|
|
# routine.
|
|
#
|
|
def start_addresses
|
|
if (self['Start'] and self['Start'].kind_of?(Hash) == false)
|
|
return {'Address' => self['Start'] }
|
|
else
|
|
return self['Start']
|
|
end
|
|
end
|
|
|
|
#
|
|
# Returns a hash of addresses that should be stopped at once
|
|
# they are reached.
|
|
#
|
|
def stop_addresses
|
|
if (self['Stop'] and self['Stop'].kind_of?(Hash) == false)
|
|
return {'Address' => self['Stop'] }
|
|
else
|
|
return self['Stop']
|
|
end
|
|
end
|
|
|
|
#
|
|
# The step size to use, or zero if the framework should figure
|
|
# it out.
|
|
#
|
|
def step_size
|
|
self['Step'] || 0
|
|
end
|
|
|
|
#
|
|
# Returns the default step direction
|
|
#
|
|
def default_direction
|
|
dd = self['DefaultDirection']
|
|
|
|
if (dd and dd.to_s.match(/(-1|backward)/i))
|
|
return -1
|
|
end
|
|
|
|
return 1
|
|
end
|
|
|
|
#
|
|
# The delay to add between attempts
|
|
#
|
|
def delay
|
|
self['Delay'].to_i || 0
|
|
end
|
|
end
|
|
|
|
#
|
|
# Serialize from an array to a Target instance
|
|
#
|
|
def self.from_a(ary)
|
|
return nil if (ary.length < 2)
|
|
|
|
self.new(ary.shift, ary.shift)
|
|
end
|
|
|
|
#
|
|
# Transforms the supplied source into an array of Target's
|
|
#
|
|
def self.transform(src)
|
|
Rex::Transformer.transform(src, Array, [ self, String ], 'Target')
|
|
end
|
|
|
|
#
|
|
# Init it up!
|
|
#
|
|
def initialize(name, opts)
|
|
opts = {} if (!opts)
|
|
|
|
self.name = name
|
|
self.platform = Msf::Module::PlatformList.from_a(opts['Platform'])
|
|
self.save_registers = opts['SaveRegisters']
|
|
self.ret = opts['Ret']
|
|
self.opts = opts
|
|
|
|
if (opts['Arch'])
|
|
self.arch = Rex::Transformer.transform(opts['Arch'], Array,
|
|
[ String ], 'Arch')
|
|
end
|
|
|
|
# Does this target have brute force information?
|
|
if (opts['Bruteforce'])
|
|
self.bruteforce = Bruteforce.new(opts['Bruteforce'])
|
|
end
|
|
end
|
|
|
|
#
|
|
# Index the options directly
|
|
#
|
|
def [](key)
|
|
opts[key]
|
|
end
|
|
|
|
#
|
|
# Returns whether or not this is a bruteforce target, forces boolean
|
|
# result.
|
|
#
|
|
def bruteforce?
|
|
return (bruteforce != nil)
|
|
end
|
|
|
|
##
|
|
#
|
|
# Target-specific payload modifications
|
|
#
|
|
##
|
|
|
|
def payload_prepend
|
|
opts['Payload'] ? opts['Payload']['Prepend'] : nil
|
|
end
|
|
|
|
def payload_append
|
|
opts['Payload'] ? opts['Payload']['Append'] : nil
|
|
end
|
|
|
|
def payload_prepend_encoder
|
|
opts['Payload'] ? opts['Payload']['PrependEncoder'] : nil
|
|
end
|
|
|
|
def payload_stack_adjustment
|
|
opts['Payload'] ? opts['Payload']['StackAdjustment'] : nil
|
|
end
|
|
|
|
def payload_max_nops
|
|
opts['Payload'] ? opts['Payload']['MaxNops'] : nil
|
|
end
|
|
|
|
def payload_min_nops
|
|
opts['Payload'] ? opts['Payload']['MinNops'] : nil
|
|
end
|
|
|
|
def payload_space
|
|
opts['Payload'] ? opts['Payload']['Space'] : nil
|
|
end
|
|
|
|
attr_reader :name, :platform, :arch, :opts, :ret, :save_registers
|
|
attr_reader :bruteforce
|
|
|
|
protected
|
|
|
|
attr_writer :name, :platform, :arch, :opts, :ret, :save_registers
|
|
attr_writer :bruteforce
|
|
|
|
end
|
|
|