metasploit-gs/lib/msf/base/simple/exploit.rb

# -*- coding: binary -*-

module Msf
module Simple

###
#
# A simplified exploit wrapper.
#
###
module Exploit

  include Module

  #
  # Wraps the exploitation process in a simple single method.  The options
  # hash can have the following values passed in it:
  #
  # Encoder
  #
  # 	The encoder module that should be used.
  #
  # Payload
  #
  # 	The payload module name that should be used.
  #
  # Target
  #
  # 	The selected target index.
  #
  # Nop
  #
  # 	The NOP generator that should be used in preference.
  #
  # OptionStr
  #
  # 	A string of comma separated option values that should be imported into
  # 	the datastore.
  #
  # Options
  #
  # 	A hash of values to be imported directly into the datastore.
  #
  # LocalInput
  #
  # 	The local input handle that data can be read in from.
  #
  # LocalOutput
  #
  # 	The local output through which data can be displayed.
  #
  # RunAsJob
  #
  # 	Whether or not the exploit should be run in the context of a background
  # 	job.
  #
  def self.exploit_simple(oexploit, opts, &block)
    exploit = oexploit.replicant
    # Trap and print errors here (makes them UI-independent)
    begin
      # Clone the module to prevent changes to the original instance

      Msf::Simple::Framework.simplify_module(exploit)
      yield(exploit) if block_given?

      # Import options from the OptionStr or Option hash.
      exploit._import_extra_options(opts)
      opts['Payload'] ||= exploit.datastore['Payload']

      unless opts['Quiet']
        exploit.init_ui(opts['LocalInput'] || exploit.user_input, opts['LocalOutput'] || exploit.user_output)
      else
        exploit.init_ui(nil, nil)
      end

      # Make sure parameters are valid.
      if (opts['Payload'] == nil)
        raise MissingPayloadError, 'A payload has not been selected.', caller
      end

      # Verify the options
      exploit.options.validate(exploit.datastore)

      # Start it up
      driver = Msf::ExploitDriver.new(exploit.framework)

      # Keep the handler of driver running if exploiting multiple targets.
      driver.keep_handler = true if opts['multi']

      # Initialize the driver instance
      driver.exploit    = exploit
      driver.payload    = exploit.framework.payloads.create(opts['Payload'])

      # Set the force wait for session flag if the caller requested force
      # blocking.  This is so that passive exploits can be blocked on from
      # things like the cli.
      driver.force_wait_for_session = true if (opts['ForceBlocking'] == true)

      # Was the payload valid?
      if (driver.payload == nil)
        raise MissingPayloadError,
          "You specified an invalid payload: #{opts['Payload']}", caller
      end

      # Use the supplied encoder, if any.  If one was not specified, then
      # nil will be assigned causing the exploit to default to picking the
      # best encoder.
      exploit.datastore['ENCODER'] = opts['Encoder'] if opts['Encoder']

      # Use the supplied NOP generator, if any.  If one was not specified, then
      # nil will be assigned causing the exploit to default to picking a
      # compatible NOP generator.
      exploit.datastore['NOP'] = opts['Nop'] if opts['Nop']

      # Force the payload to share the exploit's datastore
      driver.payload.share_datastore(driver.exploit.datastore)

      # Verify the payload options
      driver.payload.options.validate(driver.payload.datastore)

      # Set the target and then work some magic to derive index
      exploit.datastore['TARGET'] = opts['Target'] if opts['Target']
      target_idx = exploit.target_index

      if (target_idx == nil or target_idx < 0)
        raise MissingTargetError,
          "You must select a target.", caller
      end

      driver.target_idx = target_idx

      # Set the payload and exploit's subscriber values
      unless opts['Quiet']
        driver.payload.init_ui(opts['LocalInput'] || exploit.user_input, opts['LocalOutput'] || exploit.user_output)
      else
        driver.payload.init_ui(nil, nil)
      end

      if (opts['RunAsJob'])
        driver.use_job = true
      end

      # Let's rock this party
      driver.run

      # Save the job identifier this exploit is running as
      exploit.job_id  = driver.job_id

      # Propagate this back to the caller for console mgmt
      oexploit.job_id = exploit.job_id
    rescue ::Interrupt
      exploit.error = $!
      raise $!
    rescue ::Msf::OptionValidateError => e
      exploit.error = e
      ::Msf::Ui::Formatter::OptionValidateError.print_error(exploit, e)
      return false
    rescue ::Exception => e
      exploit.error = e
      exploit.print_error("Exploit failed: #{e}")
      elog("Exploit failed (#{exploit.refname})", error: e)
    end

    return driver.session if driver
    nil
  end

  #
  # Calls the class method.
  #
  def exploit_simple(opts, &block)
    Msf::Simple::Exploit.exploit_simple(self, opts, &block)
  end

  alias run_simple exploit_simple
  #
  # Initiates a check, setting up the exploit to be used.  The following
  # options can be specified:
  #
  # LocalInput
  #
  # 	The local input handle that data can be read in from.
  #
  # LocalOutput
  #
  # 	The local output through which data can be displayed.
  #
  def self.check_simple(mod, opts, job_listener: Msf::Simple::NoopJobListener.instance)
    Msf::Simple::Framework.simplify_module(mod)
    mod._import_extra_options(opts)

    if opts['LocalInput']
      mod.init_ui(opts['LocalInput'], opts['LocalOutput'])
    end

    unless mod.has_check?
      # Bail out early if the module doesn't have check
      raise ::NotImplementedError.new(Msf::Exploit::CheckCode::Unsupported.message)
    end

    # Validate the option container state so that options will
    # be normalized
    mod.validate

    run_uuid = Rex::Text.rand_text_alphanumeric(24)
    job_listener.waiting run_uuid
    ctx = [mod, run_uuid, job_listener]

    if opts['RunAsJob']
      mod.job_id = mod.framework.jobs.start_bg_job(
        "Exploit: #{mod.refname} check",
        ctx,
        Proc.new { |ctx_| self.job_check_proc(ctx_) },
        Proc.new { |ctx_| nil }
      )
      [run_uuid, mod.job_id]
    else
      self.job_check_proc(ctx)
    end
  end

  #
  # Calls the class method.
  #
  def check_simple(opts)
    Msf::Simple::Exploit.check_simple(self, opts)
  end

  protected

  def self.job_check_proc(ctx)
    mod = ctx[0]
    run_uuid = ctx[1]
    job_listener = ctx[2]
    begin
      job_listener.start run_uuid
      mod.setup
      result = mod.check
      job_listener.completed(run_uuid, result, mod)
    rescue => e
      job_listener.failed(run_uuid, e, mod)
      mod.handle_exception e
    ensure
      mod.cleanup
    end

    return result
  end
end

end
end