From dcae2ac5a7a70b629fcba6e4b3c013998e4e961b Mon Sep 17 00:00:00 2001 From: Matt Miller Date: Mon, 28 Nov 2005 14:26:33 +0000 Subject: [PATCH] a handful of framework samples git-svn-id: file:///home/svn/incoming/trunk@3145 4d416f70-5f16-0410-b530-b9f4589650da --- .../samples/framework/dump_module_info.rb | 26 ++++++++ .../samples/framework/encode_file.rb | 26 ++++++++ .../samples/framework/enumerate_modules.rb | 16 +++++ .../framework/run_exploit_using_base.rb | 48 ++++++++++++++ .../framework/run_exploit_using_core.rb | 64 +++++++++++++++++++ 5 files changed, 180 insertions(+) create mode 100755 documentation/samples/framework/dump_module_info.rb create mode 100755 documentation/samples/framework/encode_file.rb create mode 100755 documentation/samples/framework/enumerate_modules.rb create mode 100755 documentation/samples/framework/run_exploit_using_base.rb create mode 100755 documentation/samples/framework/run_exploit_using_core.rb diff --git a/documentation/samples/framework/dump_module_info.rb b/documentation/samples/framework/dump_module_info.rb new file mode 100755 index 0000000000..ae4a656a7b --- /dev/null +++ b/documentation/samples/framework/dump_module_info.rb @@ -0,0 +1,26 @@ +#!/usr/bin/ruby +# +# This sample demonstrates how a module's information can be easily serialized +# to a readable format. +# + +$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib')) + +require 'msf/base' + +if (ARGV.empty?) + puts "Usage: #{File.basename(__FILE__)} module_name" + exit +end + +framework = Msf::Simple::Framework.create + +begin + # Create the module instance. + mod = framework.modules.create(ARGV.shift) + + # Dump the module's information in readable text format. + puts Msf::Serializer::ReadableText.dump_module(mod) +rescue + puts "Error: #{$!}\n\n#{$@.join("\n")}" +end diff --git a/documentation/samples/framework/encode_file.rb b/documentation/samples/framework/encode_file.rb new file mode 100755 index 0000000000..2b336ae49b --- /dev/null +++ b/documentation/samples/framework/encode_file.rb @@ -0,0 +1,26 @@ +#!/usr/bin/ruby +# +# This sample demonstrates how a file can be encoded using a framework +# encoder. +# + +$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib')) + +require 'msf/base' + +if (ARGV.empty?) + puts "Usage: #{File.basename(__FILE__)} encoder_name file_name format" + exit +end + +framework = Msf::Simple::Framework.create + +begin + # Create the encoder instance. + mod = framework.encoders.create(ARGV.shift) + + puts(Msf::Simple::Buffer.transform( + mod.encode(IO.readlines(ARGV.shift).join), ARGV.shift || 'ruby')) +rescue + puts "Error: #{$!}\n\n#{$@.join("\n")}" +end diff --git a/documentation/samples/framework/enumerate_modules.rb b/documentation/samples/framework/enumerate_modules.rb new file mode 100755 index 0000000000..7a00957f54 --- /dev/null +++ b/documentation/samples/framework/enumerate_modules.rb @@ -0,0 +1,16 @@ +#!/usr/bin/ruby +# +# This sample demonstrates enumerating all of the modules in the framework and +# displays their module type and reference name. +# + +$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib')) + +require 'msf/base' + +framework = Msf::Simple::Framework.create + +# Enumerate each module in the framework. +framework.modules.each_module { |name, mod| + puts "#{mod.type}: #{name}" +} diff --git a/documentation/samples/framework/run_exploit_using_base.rb b/documentation/samples/framework/run_exploit_using_base.rb new file mode 100755 index 0000000000..49abf8578e --- /dev/null +++ b/documentation/samples/framework/run_exploit_using_base.rb @@ -0,0 +1,48 @@ +#!/usr/bin/ruby +# +# This sample demonstrates using the framework core directly to launch an +# exploit. It makes use of the simplified exploit wrapper method provided by +# the Msf::Simple::Exploit mixin. +# + +$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib')) + +require 'msf/base' + +if (ARGV.length == 0) + puts "Usage: #{File.basename(__FILE__)} exploit_name payload_name OPTIONS" + exit +end + +framework = Msf::Simple::Framework.create +exploit_name = ARGV.shift || 'test/multi/aggressive' +payload_name = ARGV.shift || 'windows/meterpreter/reverse_tcp' +input = Rex::Ui::Text::Input::Stdio.new +output = Rex::Ui::Text::Output::Stdio.new + +begin + # Initialize the exploit instance + exploit = framework.exploits.create(exploit_name) + + # Fire it off. + session = exploit.exploit_simple( + 'Payload' => payload_name, + 'OptionStr' => ARGV.join(' '), + 'LocalInput' => input, + 'LocalOutput' => output) + + # If a session came back, try to interact with it. + if (session) + output.print_status("Session #{session.sid} created, interacting...") + output.print_line + + session.init_ui(input, output) + + session.interact + else + output.print_line("Exploit completed, no session was created.") + end + +rescue + output.print_error("Error: #{$!}\n\n#{$@.join("\n")}") +end diff --git a/documentation/samples/framework/run_exploit_using_core.rb b/documentation/samples/framework/run_exploit_using_core.rb new file mode 100755 index 0000000000..4029b9b7dc --- /dev/null +++ b/documentation/samples/framework/run_exploit_using_core.rb @@ -0,0 +1,64 @@ +#!/usr/bin/ruby +# +# This sample demonstrates using the framework core directly to launch an +# exploit. It uses the framework base Framework class so that the +# distribution module path is automatically set, but relies strictly on +# framework core classes for everything else. +# + +$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib')) + +require 'msf/base' + +if (ARGV.length == 0) + puts "Usage: #{File.basename(__FILE__)} exploit_name payload_name OPTIONS" + exit +end + +framework = Msf::Simple::Framework.create +exploit_name = ARGV.shift || 'test/multi/aggressive' +payload_name = ARGV.shift || 'windows/meterpreter/reverse_tcp' +input = Rex::Ui::Text::Input::Stdio.new +output = Rex::Ui::Text::Output::Stdio.new + +begin + # Create the exploit driver instance. + driver = Msf::ExploitDriver.new(framework) + + # Initialize the exploit driver's exploit and payload instance + driver.exploit = framework.exploits.create(exploit_name) + driver.payload = framework.payloads.create(payload_name) + + # Import options specified in VAR=VAL format from the supplied command + # line. + driver.exploit.datastore.import_options_from_s(ARGV.join(' ')) + + # Share the exploit's datastore with the payload. + driver.payload.share_datastore(driver.exploit.datastore) + + # Initialize the target index to what's in the exploit's data store or + # zero by default. + driver.target_idx = (driver.exploit.datastore['TARGET'] || 0).to_i + + # Initialize the exploit and payload user interfaces. + driver.exploit.init_ui(input, output) + driver.payload.init_ui(input, output) + + # Fire it off. + session = driver.run + + # If a session came back, try to interact with it. + if (session) + output.print_status("Session #{session.sid} created, interacting...") + output.print_line + + session.init_ui(input, output) + + session.interact + else + output.print_line("Exploit completed, no session was created.") + end + +rescue + output.print_error("Error: #{$!}\n\n#{$@.join("\n")}") +end