CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/msf/core/module/target.rb
Views: 1904
# -*- coding: binary -*-12###3#4# A target for an exploit.5#6###7class Msf::Module::Target89###10#11# Target-specific brute force information, such as the addresses12# to step, the step size (if the framework default is bad), and13# other stuff.14#15###16class Bruteforce < Hash1718#19# Initializes a brute force target from the supplied brute forcing20# information.21#22def initialize(hash)23update(hash)24end2526#27# Returns a hash of addresses that should be stepped during28# exploitation and passed in to the bruteforce exploit29# routine.30#31def start_addresses32if (self['Start'] and self['Start'].kind_of?(Hash) == false)33return {'Address' => self['Start'] }34else35return self['Start']36end37end3839#40# Returns a hash of addresses that should be stopped at once41# they are reached.42#43def stop_addresses44if (self['Stop'] and self['Stop'].kind_of?(Hash) == false)45return {'Address' => self['Stop'] }46else47return self['Stop']48end49end5051#52# The step size to use, or zero if the framework should figure53# it out.54#55def step_size56self['Step'] || 057end5859#60# Returns the default step direction. -1 indicates that brute forcing61# should go toward lower addresses. 1 indicates that brute forcing62# should go toward higher addresses.63#64def default_direction65dd = self['DefaultDirection']6667if (dd and dd.to_s.match(/(-1|backward)/i))68return -169end7071return 172end7374#75# The delay to add between attempts76#77def delay78self['Delay'].to_i || 079end80end8182#83# Serialize from an array to a Target instance.84#85def self.from_a(ary)86return nil if (ary.length < 2)8788self.new(ary.shift, ary.shift)89end9091#92# Transforms the supplied source into an array of Targets.93#94def self.transform(src)95Rex::Transformer.transform(src, Array, [ self, String ], 'Target')96end9798#99# Initializes an instance of a bruteforce target from the supplied100# information. The hash of options that this constructor takes is as101# follows:102#103# Platform104#105# The platform(s) that this target is to operate against.106#107# SaveRegisters108#109# The registers that must be saved by NOP generators.110#111# Arch112#113# The architectures, if any, that this target is specific to (E.g.114# ARCH_X86).115#116# Bruteforce117#118# Settings specific to a target that supports brute forcing. See the119# BruteForce class.120#121# Ret122#123# The target-specific return address or addresses that will be used.124#125# Payload126#127# Payload-specific options, such as append, prepend, and other values that128# can be set on a per-exploit or per-target basis.129#130# DefaultOptions131#132# DefaultOptions hash to be imported into the datastore.133#134def initialize(name, opts)135opts = {} unless opts136137self.name = name138self.opts = opts139self.save_registers = opts['SaveRegisters']140self.ret = opts['Ret']141self.default_options = opts['DefaultOptions']142143if opts['Platform']144self.platform = Msf::Module::PlatformList.transform(opts['Platform'])145end146147if opts['Arch']148self.arch = Rex::Transformer.transform(opts['Arch'], Array, [String], 'Arch')149end150151# Does this target have brute force information?152if opts['Bruteforce']153self.bruteforce = Bruteforce.new(opts['Bruteforce'])154end155end156157#158# Index the options directly.159#160def [](key)161opts[key]162end163164#165# Returns whether or not this is a bruteforce target, forces boolean166# result.167#168def bruteforce?169return (bruteforce != nil)170end171172##173#174# Target-specific payload modifications175#176##177178#179# The bad characters specific to this target for the payload.180#181def payload_badchars182opts['Payload'] ? opts['Payload']['BadChars'] : nil183end184185#186# Payload prepend information for this target.187#188def payload_prepend189opts['Payload'] ? opts['Payload']['Prepend'] : nil190end191192#193# Payload append information for this target.194#195def payload_append196opts['Payload'] ? opts['Payload']['Append'] : nil197end198199#200# Payload prepend encoder information for this target.201#202def payload_prepend_encoder203opts['Payload'] ? opts['Payload']['PrependEncoder'] : nil204end205206#207# Payload append encoder information for this target.208#209def payload_append_encoder210opts['Payload'] ? opts['Payload']['AppendEncoder'] : nil211end212213#214# Payload stack adjustment information for this target.215#216def payload_stack_adjustment217opts['Payload'] ? opts['Payload']['StackAdjustment'] : nil218end219220#221# Whether NOP generation should be enabled or disabled222#223def payload_disable_nops224opts['Payload'] ? opts['Payload']['DisableNops'] : nil225end226227#228# Payload max nops information for this target.229#230def payload_max_nops231opts['Payload'] ? opts['Payload']['MaxNops'] : nil232end233234#235# Payload min nops information for this target.236#237def payload_min_nops238opts['Payload'] ? opts['Payload']['MinNops'] : nil239end240241#242# Payload space information for this target.243#244def payload_space245opts['Payload'] ? opts['Payload']['Space'] : nil246end247248#249# The payload encoder or encoders that can be used when generating the250# encoded payload (such as x86/shikata_ga_nai and so on).251#252def payload_encoder253opts['Payload'] ? opts['Payload']['Encoder'] : nil254end255256#257# The payload NOP generator or generators that can be used when generating the258# encoded payload (such as x86/opty2 and so on).259#260def payload_nop261opts['Payload'] ? opts['Payload']['Nop'] : nil262end263264#265# The payload encoder type or types that can be used when generating the266# encoded payload (such as alphanum, unicode, xor, and so on).267#268def payload_encoder_type269opts['Payload'] ? opts['Payload']['EncoderType'] : nil270end271272#273# A hash of options that be initialized in the select encoder's datastore274# that may be required as parameters for the encoding operation. This is275# particularly useful when a specific encoder type is being used (as276# specified by the EncoderType hash element).277#278def payload_encoder_options279opts['Payload'] ? opts['Payload']['EncoderOptions'] : nil280end281282#283# Returns a hash of extended options that are applicable to payloads used284# against this particular target.285#286def payload_extended_options287opts['Payload'] ? opts['Payload']['ExtendedOptions'] : nil288end289290#291# The name of the target (E.g. Windows XP SP0/SP1)292#293attr_reader :name294#295# The platforms that this target is for.296#297attr_reader :platform298#299# The architectures, if any, that the target is specific to.300#301attr_reader :arch302#303# The target-specific options, like payload settings and other stuff like304# that.305#306attr_reader :opts307#308# An alias for the target 'Ret' option.309#310attr_reader :ret311#312# The list of registers that need to be saved.313#314attr_reader :save_registers315#316# The bruteforce target information that will be non-nil if a Bruteforce317# option is passed to the constructor of the class.318#319attr_reader :bruteforce320#321# DefaultOptions hash to be imported into the datastore.322#323attr_reader :default_options324325protected326327attr_writer :name, :platform, :arch, :opts, :ret, :save_registers # :nodoc:328attr_writer :bruteforce # :nodoc:329attr_writer :default_options # :nodoc:330331end332333334