Adding host-based access control to msfd
git-svn-id: file:///home/svn/framework3/trunk@6089 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
kris
parent
9b210702a3
commit
4c9730b1d8
22
msfd
22
msfd
|
|
@ -19,6 +19,8 @@ arguments = Rex::Parser::Arguments.new(
|
|||
"-p" => [ true, "Bind to this port instead of 55554" ],
|
||||
"-s" => [ false, "Use SSL" ],
|
||||
"-f" => [ false, "Run the daemon in the foreground" ],
|
||||
"-A" => [ true, "Specify list of hosts allowed to connect" ],
|
||||
"-D" => [ true, "Specify list of hosts not allowed to connect" ],
|
||||
"-h" => [ false, "Help banner" ])
|
||||
|
||||
opts = { 'RunInForeground' => true }
|
||||
|
|
@ -35,6 +37,24 @@ arguments.parse(ARGV) { |opt, idx, val|
|
|||
foreground = true
|
||||
when "-s"
|
||||
opts['SSL'] = true
|
||||
when "-A"
|
||||
begin
|
||||
opts['HostsAllowed'] = val.split(',').map { |a|
|
||||
Rex::Socket.resolv_nbo(a)
|
||||
}
|
||||
rescue
|
||||
$stderr.puts "Bad argument for -A: #{$!}"
|
||||
exit
|
||||
end
|
||||
when "-D"
|
||||
begin
|
||||
opts['HostsDenied'] = val.split(',').map { |a|
|
||||
Rex::Socket.resolv_nbo(a)
|
||||
}
|
||||
rescue
|
||||
$stderr.puts "Bad argument for -D: #{$!}"
|
||||
exit
|
||||
end
|
||||
when "-h"
|
||||
print(
|
||||
"\nUsage: #{File.basename(__FILE__)} <options>\n" +
|
||||
|
|
@ -56,4 +76,4 @@ rescue ::NotImplementedError
|
|||
end
|
||||
|
||||
# Run the plugin instance in the foreground.
|
||||
$framework.plugins.load('msfd', opts).run
|
||||
$framework.plugins.load('msfd', opts).run(opts)
|
||||
|
|
|
|||
|
|
@ -49,6 +49,14 @@ class Plugin::Msfd < Msf::Plugin
|
|||
# instead allow the caller to manage executing the daemon through the
|
||||
# ``run'' method.
|
||||
#
|
||||
# HostsAllowed
|
||||
#
|
||||
# List of hosts (in NBO) allowed to use msfd
|
||||
#
|
||||
# HostsDenied
|
||||
#
|
||||
# List of hosts (in NBO) not allowed to use msfd
|
||||
#
|
||||
def initialize(framework, opts)
|
||||
super
|
||||
|
||||
|
|
@ -62,7 +70,7 @@ class Plugin::Msfd < Msf::Plugin
|
|||
# it off in a worker thread.
|
||||
if (opts['RunInForeground'] != true)
|
||||
Thread.new {
|
||||
run
|
||||
run(opts)
|
||||
}
|
||||
end
|
||||
end
|
||||
|
|
@ -85,10 +93,24 @@ class Plugin::Msfd < Msf::Plugin
|
|||
# Runs the msfd plugin by blocking on new connections and then spawning
|
||||
# threads to handle the console interface for each client.
|
||||
#
|
||||
def run
|
||||
def run(opts={})
|
||||
begin
|
||||
client = server.accept
|
||||
|
||||
addr = Rex::Socket.resolv_nbo(client.getpeername[1])
|
||||
|
||||
if opts['HostsAllowed'] and
|
||||
not opts['HostsAllowed'].find { |x| x == addr }
|
||||
client.close
|
||||
next
|
||||
end
|
||||
|
||||
if opts['HostsDenied'] and
|
||||
opts['HostsDenied'].find { |x| x == addr }
|
||||
client.close
|
||||
next
|
||||
end
|
||||
|
||||
# Spawn a thread for the client connection
|
||||
Thread.new(client) { |cli|
|
||||
begin
|
||||
|
|
|
|||
Loading…
Reference in New Issue