metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb

130 lines
3.0 KiB
Ruby

module Msf
module Ui
module Console
module CommandDispatcher
class Exploit
include Msf::Ui::Console::ModuleCommandDispatcher
@@exploit_opts = Rex::Parser::Arguments.new(
"-e" => [ true, "The payload encoder to use. If none is specified, ENCODER is used." ],
"-h" => [ false, "Help banner." ],
"-n" => [ true, "The NOP generator to use. If none is specified, NOP is used." ],
"-o" => [ true, "A comma separated list of options in VAR=VAL format." ],
"-p" => [ true, "The payload to use. If none is specified, PAYLOAD is used." ],
"-t" => [ true, "The target index to use. If none is specified, TARGET is used." ],
"-v" => [ false, "Enable verbose output." ],
"-z" => [ false, "Do not interact with the session after successful exploitation." ])
def commands
{
"check" => "Check to see if a target is vulnerable",
"exploit" => "Launch an exploit attempt",
}
end
def name
"Exploit"
end
#
# Checks to see if a target is vulnerable
#
def cmd_check(*args)
begin
code = mod.check
if (code)
stat = '[*]'
if (code == Msf::Exploit::CheckCode::Vulnerable)
stat = '[+]'
end
print_line(stat + ' ' + code[1])
else
print_error(
"Check failed: The state could not be determined.")
end
rescue
log_error("Check failed: #{$!}.")
end
end
#
# Launches an exploitation attempt
#
def cmd_exploit(*args)
opt_str = nil
verbose = false
payload = mod.datastore['PAYLOAD']
encoder = mod.datastore['ENCODER']
target = mod.datastore['TARGET']
nop = mod.datastore['NOP']
bg = false
@@exploit_opts.parse(args) { |opt, idx, val|
case opt
when '-e'
encoder = val
when '-n'
nop = val
when '-o'
opt_str = val
when '-p'
payload = val
when '-t'
target = val.to_i
when '-z'
bg = true
when '-v'
verbose = true
when '-h'
print(
"Usage: exploit [options]\n\n" +
"Launches an exploitation attempt.\n" +
@@exploit_opts.usage)
return false
end
}
if (verbose)
end
begin
session = mod.exploit_simple(
'Encoder' => encoder,
'Payload' => payload,
'Target' => target,
'Nop' => nop,
'OptionStr' => opt_str)
rescue
log_error("Exploit failed: #{$!}")
return false
end
# If we were given a session, let's see what we can do with it
if (session)
# If we aren't told to run in the background and the session can be
# interacted with, start interacting with it
if (bg == false and session.interactive?)
# Set the session's input and output handles
session.linput = driver.input
session.loutput = driver.output
# Interact
session.interact()
# Otherwise, log that we created a session
else
print_status("Session #{session.id} created.")
end
else
print_status("Exploit completed, no session was created.")
end
end
end
end end end end