msfcli action
git-svn-id: file:///home/svn/incoming/trunk@2944 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
839f221227
commit
17071db65c
|
@ -28,8 +28,6 @@ X - stack requirements
|
||||||
X - make payload prepend target specific
|
X - make payload prepend target specific
|
||||||
X - sessions
|
X - sessions
|
||||||
X - logging session activity
|
X - logging session activity
|
||||||
- handler sharing
|
|
||||||
- exploits using the same payload/handler can share (ref count)
|
|
||||||
- modules needing ports (above other modules)
|
- modules needing ports (above other modules)
|
||||||
- encoders
|
- encoders
|
||||||
- shikata
|
- shikata
|
||||||
|
@ -42,10 +40,10 @@ X - logging session activity
|
||||||
- user interfaces
|
- user interfaces
|
||||||
- general
|
- general
|
||||||
- add concept of EVASION option (high, normal, low)
|
- add concept of EVASION option (high, normal, low)
|
||||||
- logging improvements
|
X - logging improvements
|
||||||
- provide log file setting interface
|
X - provide log file setting interface
|
||||||
X - log by default in the LogDir
|
X - log by default in the LogDir
|
||||||
- msfcli
|
X - msfcli
|
||||||
- msfweb
|
- msfweb
|
||||||
X - msfpayload
|
X - msfpayload
|
||||||
X - msfencode
|
X - msfencode
|
||||||
|
@ -100,6 +98,9 @@ Things that would be useful to have completed, but not a requirement:
|
||||||
- basic range/port scanner
|
- basic range/port scanner
|
||||||
- basic service identifier
|
- basic service identifier
|
||||||
- basic OS fingerprinting
|
- basic OS fingerprinting
|
||||||
|
- framework-core
|
||||||
|
- handler sharing
|
||||||
|
- exploits using the same payload/handler can share (ref count)
|
||||||
- framework-base
|
- framework-base
|
||||||
- event correlation
|
- event correlation
|
||||||
- recon events correlations
|
- recon events correlations
|
||||||
|
|
|
@ -35,6 +35,43 @@ class ReadableText
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
#
|
||||||
|
# Dumps an exploit's targets.
|
||||||
|
#
|
||||||
|
def self.dump_exploit_targets(mod, indent = '', h = nil)
|
||||||
|
tbl = Rex::Ui::Text::Table.new(
|
||||||
|
'Indent' => indent.length,
|
||||||
|
'Header' => h,
|
||||||
|
'Columns' =>
|
||||||
|
[
|
||||||
|
'Id',
|
||||||
|
'Name',
|
||||||
|
])
|
||||||
|
|
||||||
|
mod.targets.each_with_index { |target, idx|
|
||||||
|
tbl << [ idx.to_s, target.name || 'All' ]
|
||||||
|
}
|
||||||
|
|
||||||
|
tbl.to_s + "\n"
|
||||||
|
end
|
||||||
|
|
||||||
|
def self.dump_compatible_payloads(exploit, indent = '', h = nil)
|
||||||
|
tbl = Rex::Ui::Text::Table.new(
|
||||||
|
'Indent' => indent.length,
|
||||||
|
'Header' => h,
|
||||||
|
'Columns' =>
|
||||||
|
[
|
||||||
|
'Name',
|
||||||
|
'Description',
|
||||||
|
])
|
||||||
|
|
||||||
|
exploit.compatible_payloads.each { |entry|
|
||||||
|
tbl << [ entry[0], entry[1].new.description ]
|
||||||
|
}
|
||||||
|
|
||||||
|
tbl.to_s + "\n"
|
||||||
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# Dumps information about an exploit module.
|
# Dumps information about an exploit module.
|
||||||
#
|
#
|
||||||
|
@ -54,32 +91,20 @@ class ReadableText
|
||||||
output += "\n"
|
output += "\n"
|
||||||
|
|
||||||
# Targets
|
# Targets
|
||||||
tbl = Rex::Ui::Text::Table.new(
|
|
||||||
'Indent' => indent.length,
|
|
||||||
'Columns' =>
|
|
||||||
[
|
|
||||||
'Id',
|
|
||||||
'Name',
|
|
||||||
])
|
|
||||||
|
|
||||||
output += "Available targets:\n"
|
output += "Available targets:\n"
|
||||||
mod.targets.each_with_index { |target, idx|
|
output += dump_exploit_targets(mod, indent)
|
||||||
tbl << [ idx.to_s, target.name || 'All' ]
|
|
||||||
}
|
|
||||||
output += tbl.to_s
|
|
||||||
output += "\n"
|
|
||||||
|
|
||||||
# Options
|
# Options
|
||||||
if (mod.options.has_options?)
|
if (mod.options.has_options?)
|
||||||
output += "Available options:\n"
|
output += "Available options:\n"
|
||||||
output += dump_options(mod)
|
output += dump_options(mod, indent)
|
||||||
output += "\n"
|
output += "\n"
|
||||||
end
|
end
|
||||||
|
|
||||||
# Advanced options
|
# Advanced options
|
||||||
if (mod.options.has_advanced_options?)
|
if (mod.options.has_advanced_options?)
|
||||||
output += "Advanced options:\n"
|
output += "Advanced options:\n"
|
||||||
output += dump_advanced_options(mod)
|
output += dump_advanced_options(mod, indent)
|
||||||
output += "\n"
|
output += "\n"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -198,9 +223,9 @@ class ReadableText
|
||||||
# Dumps the list of options associated with the
|
# Dumps the list of options associated with the
|
||||||
# supplied module.
|
# supplied module.
|
||||||
#
|
#
|
||||||
def self.dump_options(mod, indent = DefaultIndent)
|
def self.dump_options(mod, indent = '')
|
||||||
tbl = Rex::Ui::Text::Table.new(
|
tbl = Rex::Ui::Text::Table.new(
|
||||||
'Indent' => indent,
|
'Indent' => indent.length,
|
||||||
'Columns' =>
|
'Columns' =>
|
||||||
[
|
[
|
||||||
'Name',
|
'Name',
|
||||||
|
@ -222,9 +247,9 @@ class ReadableText
|
||||||
return tbl.to_s
|
return tbl.to_s
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.dump_advanced_options(mod, indent = DefaultIndent)
|
def self.dump_advanced_options(mod, indent = '')
|
||||||
output = ''
|
output = ''
|
||||||
pad = ' ' * indent
|
pad = indent
|
||||||
|
|
||||||
mod.options.sorted.each { |entry|
|
mod.options.sorted.each { |entry|
|
||||||
name, opt = entry
|
name, opt = entry
|
||||||
|
@ -235,7 +260,7 @@ class ReadableText
|
||||||
|
|
||||||
output += pad + "Name : #{name}\n"
|
output += pad + "Name : #{name}\n"
|
||||||
output += pad + "Default: #{val}\n\n"
|
output += pad + "Default: #{val}\n\n"
|
||||||
output += word_wrap(opt.desc, indent + 3)
|
output += word_wrap(opt.desc, indent.length + 3)
|
||||||
}
|
}
|
||||||
|
|
||||||
return output
|
return output
|
||||||
|
|
|
@ -40,6 +40,11 @@ module Exploit
|
||||||
driver.target_idx = target_idx
|
driver.target_idx = target_idx
|
||||||
driver.payload = exploit.framework.modules.create(opts['Payload'])
|
driver.payload = exploit.framework.modules.create(opts['Payload'])
|
||||||
|
|
||||||
|
# Set the force wait for session flag if the caller requested force
|
||||||
|
# blocking. This is so that passive exploits can be blocked on from
|
||||||
|
# things like the cli.
|
||||||
|
driver.force_wait_for_session = true if (opts['ForceBlocking'] == true)
|
||||||
|
|
||||||
# Was the payload valid?
|
# Was the payload valid?
|
||||||
if (driver.payload == nil)
|
if (driver.payload == nil)
|
||||||
raise MissingPayloadError,
|
raise MissingPayloadError,
|
||||||
|
|
|
@ -16,10 +16,11 @@ module Msf
|
||||||
class ExploitDriver
|
class ExploitDriver
|
||||||
|
|
||||||
def initialize(framework)
|
def initialize(framework)
|
||||||
self.payload = nil
|
self.payload = nil
|
||||||
self.exploit = nil
|
self.exploit = nil
|
||||||
self.target_idx = nil
|
self.target_idx = nil
|
||||||
self.use_job = false
|
self.use_job = false
|
||||||
|
self.force_wait_for_session = false
|
||||||
end
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -144,6 +145,7 @@ class ExploitDriver
|
||||||
attr_accessor :exploit
|
attr_accessor :exploit
|
||||||
attr_accessor :payload
|
attr_accessor :payload
|
||||||
attr_accessor :use_job
|
attr_accessor :use_job
|
||||||
|
attr_accessor :force_wait_for_session
|
||||||
|
|
||||||
protected
|
protected
|
||||||
|
|
||||||
|
@ -161,11 +163,12 @@ protected
|
||||||
|
|
||||||
# Launch the exploit
|
# Launch the exploit
|
||||||
exploit.exploit
|
exploit.exploit
|
||||||
|
|
||||||
# Wait the payload to acquire a session if this isn't a passive-style
|
# Wait the payload to acquire a session if this isn't a passive-style
|
||||||
# exploit
|
# exploit.
|
||||||
if (exploit.passive? == false)
|
if (exploit.passive? == false or force_wait_for_session == true)
|
||||||
self.session = payload.wait_for_session
|
self.session = payload.wait_for_session(
|
||||||
|
(exploit.passive? == true) ? nil : payload.wfs_delay)
|
||||||
end
|
end
|
||||||
rescue
|
rescue
|
||||||
elog("Exploit failed: #{$!}", 'core', LEV_0)
|
elog("Exploit failed: #{$!}", 'core', LEV_0)
|
||||||
|
|
Loading…
Reference in New Issue