started working on handlers

git-svn-id: file:///home/svn/incoming/trunk@2718 4d416f70-5f16-0410-b530-b9f4589650da

lib/msf/base/serializer/readable_text.rb

@@ -135,7 +135,7 @@ class ReadableText
 
 			val = mod.datastore[name] || opt.default || ''
 
-			tbl << [ name, val, opt.desc ]
+			tbl << [ name, val.to_s, opt.desc ]
 		}
 
 		return tbl.to_s
@@ -156,7 +156,7 @@ class ReadableText
 
 			val = mod.datastore[name] || opt.default || ''
 
-			tbl << [ name, val, word_wrap(opt.desc, 0) ]
+			tbl << [ name, val.to_s, word_wrap(opt.desc, 0) ]
 		}
 
 		return tbl.to_s

lib/msf/core.rb

@@ -25,6 +25,9 @@ require 'msf/core/session_manager'
 require 'msf/core/session'
 require 'msf/core/framework'
 
+# Pseudo-modules
+require 'msf/core/handler'
+
 # Modules
 require 'msf/core/module'
 require 'msf/core/encoder'

lib/msf/core/data_store.rb

@@ -17,7 +17,7 @@ class DataStore < Hash
 	def import_options(options)
 		options.each_option { |name, opt|
 			if (opt.default)
-				self.store(name, opt.default)
+				self.store(name, opt.default.to_s)
 			end
 		}
 	end
@@ -59,7 +59,7 @@ class DataStore < Hash
 	#
 	def import_options_from_hash(option_hash)
 		option_hash.each_pair { |key, val|
-			self.store(key, val)
+			self.store(key, val.to_s)
 		}
 	end
 

lib/msf/core/handler.rb

@@ -0,0 +1,78 @@
+require 'msf/core'
+
+module Msf
+
+###
+#
+# Handler
+# -------
+#
+# This module acts as a base for all handler pseudo-modules.  They aren't
+# really modules, so don't get the wrong idea champs!  They're merely
+# mixed into dynamically generated payloads to handle monitoring for
+# a connection.  Handlers are layered in between the base payload
+# class and any other payload class.  A super cool ASCII diagram would
+# look something like this
+#
+#      Module
+#        ^
+#        |
+#     Payload
+#        ^
+#        |
+#     Handler
+#        ^
+#        |
+#      Stager
+#        ^
+#        |
+#       Stage
+#
+###
+module Handler
+
+	#
+	# Sets up the connection handler
+	#
+	def setup_handler
+	end
+
+	#
+	# Terminates the connection handler
+	#
+	def cleanup_handler
+	end
+
+	#
+	# Start monitoring for a connection
+	#
+	def start_handler
+	end
+
+	#
+	# Stop monitoring for a connection
+	#
+	def stop_handler
+	end
+
+	#
+	# Handles an established connection supplied in the in and out 
+	# handles.  The handles are passed as parameters in case this
+	# handler is capable of handling multiple simultaneous 
+	# connections.
+	#
+	def handle_connection(pipe_in, pipe_out)
+	end
+
+	#
+	# Wait just one second there!
+	#
+	def extra_delay
+		sleep(1)
+	end
+
+protected
+
+end
+
+end

lib/msf/core/handler/reverse_tcp.rb

@@ -0,0 +1,100 @@
+module Msf
+module Handler
+
+###
+#
+# ReverseTcp
+# ----------
+#
+# This module implements the reverse TCP handler.  This means
+# that it listens on a port waiting for a connection until
+# either one is established or it is told to abort.
+#
+# This handler depends on having a local host and port to
+# listen on.
+#
+###
+module ReverseTcp
+
+	def initialize(info = {})
+		super
+
+		register_options(
+			[
+				Opt::LHOST("0.0.0.0"),
+				Opt::LPORT(4444)
+			], Msf::Handler::ReverseTcp)
+
+		self.conn_threads = []
+	end
+
+	#
+	# Starts the listener but does not actually attempt
+	# to accept a connection.  Throws socket exceptions
+	# if it fails to start the listener
+	#
+	def setup_handler
+		listener_sock = comm.create(
+			'LocalHost' => datastore['LHOST'] || "0.0.0.0",
+			'LocalPort' => datastore['LPORT'].to_i,
+			'Server'    => true,
+			'Proto'     => 'tcp')
+	end
+
+	#
+	# Closes the listener socket if one was created
+	#
+	def cleanup_handler
+		if (listener_sock)
+			listener_sock.close
+			listener_sock = nil
+		end
+
+		# Kill any remaining handle_connection threads that might
+		# be hanging around
+		conn_threads.each { |thr|
+			thr.kill
+		}
+	end
+
+	#
+	# Starts monitoring for an inbound connection.
+	#
+	def start_handler
+		listener_thread = Thread.new {
+			# Accept a client connection
+			begin
+				client = listener_sock.accept	
+			rescue
+				wlog("Exception raised during listener accept: #{$!}"
+			end
+
+			# Start a new thread and pass the client connection
+			# as the input and output pipe
+			conn_threads << Thread.new {
+				handle_connection(client, client)
+			}
+		}
+	end
+
+	# 
+	# Stops monitoring for an inbound connection
+	#
+	def stop_handler
+		# Terminate the listener thread
+		if (listener_thread and listener_thread.alive? == true)
+			listener_thread.kill
+			listener_thread = nil
+		end
+	end
+
+protected
+
+	attr_accessor :listener_sock
+	attr_accessor :listener_thread
+	attr_accessor :conn_threads
+
+end
+
+end
+end

lib/msf/core/module.rb

@@ -150,6 +150,14 @@ class Module
 		return (privileged == true)
 	end
 
+	#
+	# The default communication subsystem for this module.  We may need to move
+	# this somewhere else.
+	#
+	def comm
+		return Rex::Socket::Comm::Local
+	end
+
 	attr_reader   :author, :arch, :platform, :refs, :datastore, :options
 	attr_reader   :privileged
 
@@ -174,6 +182,7 @@ protected
 	#
 	def register_options(options, owner = self.class)
 		self.options.add_options(options, owner)
+		self.datastore.import_options(self.options)
 	end
 
 	#
@@ -181,6 +190,7 @@ protected
 	#
 	def register_advanced_options(options, owner = self.class)
 		self.options.add_advanced_options(options, owner)
+		self.datastore.import_options(self.options)
 	end
 
 	#

lib/msf/core/option_container.rb

@@ -38,6 +38,10 @@ class OptBase
 		return (required? and (value == nil or value.to_s.empty?)) ? false : true
 	end
 
+	def to_s
+		return value.to_s
+	end
+
 	attr_reader   :name, :required, :desc, :default
 	attr_writer   :name
 	attr_accessor :advanced
@@ -92,6 +96,10 @@ class OptBool < OptBase
 	def is_false?
 		return !is_true?
 	end
+
+	def to_s
+		return is_true?.to_s
+	end
 end
 
 class OptPort < OptBase

modules/nops/x86/single_byte.rb

@@ -86,6 +86,11 @@ SINGLE_BYTE_SLED =
 			'Description' => 'Single-byte NOP generator',
 			'Author'      => 'spoonm',
 			'Arch'        => ARCH_IA32)
+
+		register_advanced_options(
+			[
+				OptBool.new('RandomNops', [ false, "Generate a random NOP sled", true ])
+			], Msf::Nops::Ia32::SingleByte)
 	end
 
 	# Generate a single-byte NOP sled for IA32
@@ -95,10 +100,15 @@ SINGLE_BYTE_SLED =
 		sled_cur_idx = 0
 		out_sled     = ''
 
-		random   = opts['Random']        || false
+		random   = opts['Random']
 		badchars = opts['Badchars']      || ''
 		badregs  = opts['SaveRegisters'] || []
 
+		# Did someone specify random NOPs in the environment?
+		if (!random and datastore['RandomNops'])
+			random = (datastore['RandomNops'].match(/true|1|y/i) != nil)
+		end
+
 		# Generate the whole sled...
 		1.upto(length) { |current|