Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/msf/base/simple/exploit.rb
19778 views
1
# -*- coding: binary -*-

2


3
module Msf

4
module Simple

5


6
###

7
#

8
# A simplified exploit wrapper.

9
#

10
###

11
module Exploit

12


13
  include Module

14


15
  #

16
  # Wraps the exploitation process in a simple single method.  The options

17
  # hash can have the following values passed in it:

18
  #

19
  # Encoder

20
  #

21
  # 	The encoder module that should be used.

22
  #

23
  # Payload

24
  #

25
  # 	The payload module name that should be used.

26
  #

27
  # Target

28
  #

29
  # 	The selected target index.

30
  #

31
  # Nop

32
  #

33
  # 	The NOP generator that should be used in preference.

34
  #

35
  # OptionStr

36
  #

37
  # 	A string of comma separated option values that should be imported into

38
  # 	the datastore.

39
  #

40
  # Options

41
  #

42
  # 	A hash of values to be imported directly into the datastore.

43
  #

44
  # LocalInput

45
  #

46
  # 	The local input handle that data can be read in from.

47
  #

48
  # LocalOutput

49
  #

50
  # 	The local output through which data can be displayed.

51
  #

52
  # RunAsJob

53
  #

54
  # 	Whether or not the exploit should be run in the context of a background

55
  # 	job.

56
  #

57
  def self.exploit_simple(oexploit, opts, &block)

58
    exploit = oexploit.replicant

59
    # Trap and print errors here (makes them UI-independent)

60
    begin

61
      # Clone the module to prevent changes to the original instance

62


63
      Msf::Simple::Framework.simplify_module(exploit)

64
      yield(exploit) if block_given?

65


66
      # Import options from the OptionStr or Option hash.

67
      exploit._import_extra_options(opts)

68
      exploit.datastore['ACTION'] = opts['Action'] if opts['Action']

69
      opts['Payload'] ||= exploit.datastore['Payload']

70


71
      unless opts['Quiet']

72
        exploit.init_ui(opts['LocalInput'] || exploit.user_input, opts['LocalOutput'] || exploit.user_output)

73
      else

74
        exploit.init_ui(nil, nil)

75
      end

76


77
      # Make sure parameters are valid.

78
      if (opts['Payload'] == nil)

79
        raise MissingPayloadError, 'A payload has not been selected.', caller

80
      end

81


82
      # Verify the options

83
      exploit.validate

84


85
      # Start it up

86
      driver = Msf::ExploitDriver.new(exploit.framework)

87


88
      # Keep the handler of driver running if exploiting multiple targets.

89
      driver.keep_handler = true if opts['multi']

90


91
      # Initialize the driver instance

92
      driver.exploit    = exploit

93
      driver.payload    = exploit.framework.payloads.create(opts['Payload'])

94


95
      # Set the force wait for session flag if the caller requested force

96
      # blocking.  This is so that passive exploits can be blocked on from

97
      # things like the cli.

98
      driver.force_wait_for_session = true if (opts['ForceBlocking'] == true)

99


100
      # Was the payload valid?

101
      if (driver.payload == nil)

102
        raise MissingPayloadError,

103
          "You specified an invalid payload: #{opts['Payload']}", caller

104
      end

105


106
      # Use the supplied encoder, if any.  If one was not specified, then

107
      # nil will be assigned causing the exploit to default to picking the

108
      # best encoder.

109
      exploit.datastore['ENCODER'] = opts['Encoder'] if opts['Encoder']

110


111
      # Use the supplied NOP generator, if any.  If one was not specified, then

112
      # nil will be assigned causing the exploit to default to picking a

113
      # compatible NOP generator.

114
      exploit.datastore['NOP'] = opts['Nop'] if opts['Nop']

115


116
      # Force the payload to share the exploit's datastore

117
      driver.payload.share_datastore(driver.exploit.datastore)

118


119
      # Verify the payload options

120
      driver.payload.options.validate(driver.payload.datastore)

121


122
      # Set the target and then work some magic to derive index

123
      exploit.datastore['TARGET'] = opts['Target'] if opts['Target']

124
      target_idx = exploit.target_index

125


126
      if (target_idx == nil or target_idx < 0)

127
        raise MissingTargetError,

128
          "You must select a target.", caller

129
      end

130


131
      driver.target_idx = target_idx

132


133
      # Set the payload and exploit's subscriber values

134
      unless opts['Quiet']

135
        driver.payload.init_ui(opts['LocalInput'] || exploit.user_input, opts['LocalOutput'] || exploit.user_output)

136
      else

137
        driver.payload.init_ui(nil, nil)

138
      end

139


140
      if (opts['RunAsJob'])

141
        driver.use_job = true

142
      end

143


144
      # Let's rock this party

145
      driver.run

146


147
      # Save the job identifier this exploit is running as

148
      exploit.job_id  = driver.job_id

149


150
      # Propagate this back to the caller for console mgmt

151
      oexploit.job_id = exploit.job_id

152
    rescue ::Interrupt

153
      exploit.error = $!

154
      raise $!

155
    rescue ::Msf::OptionValidateError => e

156
      exploit.error = e

157
      ::Msf::Ui::Formatter::OptionValidateError.print_error(exploit, e)

158
      return false

159
    rescue ::Exception => e

160
      exploit.error = e

161
      exploit.print_error("Exploit failed: #{e}")

162
      elog("Exploit failed (#{exploit.refname})", error: e)

163
    end

164


165
    return driver.session if driver

166
    nil

167
  end

168


169
  #

170
  # Calls the class method.

171
  #

172
  def exploit_simple(opts, &block)

173
    Msf::Simple::Exploit.exploit_simple(self, opts, &block)

174
  end

175


176
  alias run_simple exploit_simple

177
  #

178
  # Initiates a check, setting up the exploit to be used.  The following

179
  # options can be specified:

180
  #

181
  # LocalInput

182
  #

183
  # 	The local input handle that data can be read in from.

184
  #

185
  # LocalOutput

186
  #

187
  # 	The local output through which data can be displayed.

188
  #

189
  def self.check_simple(mod, opts, job_listener: Msf::Simple::NoopJobListener.instance)

190
    Msf::Simple::Framework.simplify_module(mod)

191
    mod._import_extra_options(opts)

192


193
    if opts['LocalInput']

194
      mod.init_ui(opts['LocalInput'], opts['LocalOutput'])

195
    end

196


197
    unless mod.has_check?

198
      # Bail out early if the module doesn't have check

199
      raise ::NotImplementedError.new(Msf::Exploit::CheckCode::Unsupported.message)

200
    end

201


202
    # Validate the option container state so that options will

203
    # be normalized

204
    mod.validate

205


206
    run_uuid = Rex::Text.rand_text_alphanumeric(24)

207
    job_listener.waiting run_uuid

208
    ctx = [mod, run_uuid, job_listener]

209


210
    if opts['RunAsJob']

211
      mod.job_id = mod.framework.jobs.start_bg_job(

212
        "Exploit: #{mod.refname} check",

213
        ctx,

214
        Proc.new { |ctx_| self.job_check_proc(ctx_) },

215
        Proc.new { |ctx_| nil }

216
      )

217
      [run_uuid, mod.job_id]

218
    else

219
      self.job_check_proc(ctx)

220
    end

221
  end

222


223
  #

224
  # Calls the class method.

225
  #

226
  def check_simple(opts = {})

227
    Msf::Simple::Exploit.check_simple(self, opts)

228
  end

229


230
  protected

231


232
  def self.job_check_proc(ctx)

233
    mod = ctx[0]

234
    run_uuid = ctx[1]

235
    job_listener = ctx[2]

236
    begin

237
      job_listener.start run_uuid

238
      mod.setup

239
      result = mod.check

240
      job_listener.completed(run_uuid, result, mod)

241
    rescue => e

242
      job_listener.failed(run_uuid, e, mod)

243
      mod.handle_exception e

244
    ensure

245
      mod.cleanup

246
    end

247


248
    return result

249
  end

250
end

251


252
end

253
end

254


255