2016-12-21 16:23:09 -06:00
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
|
module Exploit::AutoTarget
|
|
|
|
|
|
2016-12-29 11:38:40 -06:00
|
|
|
# Checks to see if the auto-generated Automatic Targeting
|
|
|
|
|
# has been selected. If the module had an already defined
|
|
|
|
|
# Automatic target, then we let the module handle the targeting
|
|
|
|
|
# itself.
|
|
|
|
|
#
|
|
|
|
|
# @return [Boolean] whether or not to use our automatic targeting routine
|
2016-12-21 16:23:09 -06:00
|
|
|
def auto_target?
|
2018-05-03 21:42:20 -05:00
|
|
|
selected_target = targets[target_index] if target_index
|
2016-12-29 16:45:32 -06:00
|
|
|
return false if selected_target.nil?
|
2017-01-10 14:06:44 -06:00
|
|
|
if selected_target.name =~ /Automatic/ && selected_target['AutoGenerated'] == true && auto_target_host
|
2016-12-21 16:23:09 -06:00
|
|
|
true
|
|
|
|
|
else
|
|
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-12-29 11:38:40 -06:00
|
|
|
# Returns the Target Index of the automatically selected Target from
|
|
|
|
|
# our Automatic Targeting routine.
|
|
|
|
|
#
|
|
|
|
|
# @return [Integer] the index of the selected Target
|
|
|
|
|
# @return [nil] if no target could be selected
|
2021-05-14 08:45:14 -05:00
|
|
|
def auto_targeted_index(host=auto_target_host)
|
|
|
|
|
selected_target = select_target(host)
|
2016-12-29 10:58:10 -06:00
|
|
|
return nil if selected_target.nil?
|
|
|
|
|
targets.each_with_index do |target, index|
|
|
|
|
|
return index if target == selected_target
|
|
|
|
|
end
|
|
|
|
|
nil
|
|
|
|
|
end
|
|
|
|
|
|
2016-12-29 11:38:40 -06:00
|
|
|
# Chooses the best possible Target for what we know about
|
|
|
|
|
# the targeted host.
|
|
|
|
|
#
|
|
|
|
|
# @return [Msf::Module::Target] the Target that our automatic routine selected
|
2021-05-26 15:05:33 +01:00
|
|
|
def select_target(host=auto_target_host)
|
2021-05-14 08:45:14 -05:00
|
|
|
return nil if host.nil?
|
2016-12-21 16:23:09 -06:00
|
|
|
return nil unless auto_target?
|
2021-05-14 08:45:14 -05:00
|
|
|
filtered_targets = filter_by_os(host)
|
2016-12-29 10:58:10 -06:00
|
|
|
filtered_targets.first
|
2016-12-21 16:23:09 -06:00
|
|
|
end
|
|
|
|
|
|
2016-12-29 11:38:40 -06:00
|
|
|
# Finds an <Mdm::Host> for the RHOST if one exists
|
|
|
|
|
#
|
|
|
|
|
# @return [Mdm:Host] the Host record if one exists
|
|
|
|
|
# @return [nil] if no Host record is present, or the DB is not active
|
2017-01-06 12:44:37 -06:00
|
|
|
def auto_target_host
|
2021-04-02 08:47:32 -05:00
|
|
|
return nil unless self.respond_to?(:rhost) && rhost
|
2016-12-21 16:23:09 -06:00
|
|
|
return nil unless framework.db.active
|
2018-04-02 08:08:23 -05:00
|
|
|
host = framework.db.get_host({workspace: self.workspace, address: rhost})
|
|
|
|
|
return host
|
2016-12-21 16:23:09 -06:00
|
|
|
end
|
|
|
|
|
|
2016-12-29 11:38:40 -06:00
|
|
|
# Returns the best matching Targets based on the target host's
|
|
|
|
|
# OS information. It looks at the OS Family, OS Name, and OS SP.
|
|
|
|
|
#
|
|
|
|
|
# @param host_record [Mdm::Host] the target host record
|
|
|
|
|
# @return [Array<Msf::Module::Target>] an array of matching targets
|
2016-12-28 12:16:56 -06:00
|
|
|
def filter_by_os(host_record)
|
|
|
|
|
filtered_by_family = filter_by_os_family(host_record)
|
|
|
|
|
filtered_by_name = filter_by_os_name(filtered_by_family, host_record)
|
|
|
|
|
# If Filtering by name gave us no results, then we reset back to the family filter group
|
|
|
|
|
filtered_by_name = filtered_by_family if filtered_by_name.empty?
|
|
|
|
|
filtered_by_sp = filter_by_os_sp(filtered_by_name,host_record)
|
|
|
|
|
# If Filtering by SP was a bust, revert back one level
|
|
|
|
|
filtered_by_sp = filtered_by_name if filtered_by_sp.empty?
|
|
|
|
|
filtered_by_sp
|
|
|
|
|
end
|
|
|
|
|
|
2016-12-29 11:38:40 -06:00
|
|
|
# Returns all Targets that match the target host's OS Family
|
|
|
|
|
# e.g Windows, Linux, OS X, etc
|
|
|
|
|
#
|
|
|
|
|
# @param host_record [Mdm::Host] the target host record
|
|
|
|
|
# @return [Array<Msf::Module::Target>] an array of matching targets
|
2016-12-28 11:06:04 -06:00
|
|
|
def filter_by_os_family(host_record)
|
|
|
|
|
return [] if host_record.os_family.blank?
|
2016-12-21 16:23:09 -06:00
|
|
|
filtered_targets = targets.collect do |target|
|
2016-12-28 11:06:04 -06:00
|
|
|
if target.name =~ /#{host_record.os_family}/
|
2016-12-21 16:23:09 -06:00
|
|
|
target
|
|
|
|
|
else
|
|
|
|
|
nil
|
|
|
|
|
end
|
|
|
|
|
end
|
2016-12-22 16:24:38 -06:00
|
|
|
filtered_targets.compact
|
|
|
|
|
end
|
|
|
|
|
|
2016-12-29 11:38:40 -06:00
|
|
|
# Returns all Targets that match the target host's OS Name
|
|
|
|
|
# e.g Windows 7, Windows XP, Windows Vista, etc
|
|
|
|
|
#
|
|
|
|
|
# @param potential_targets [Array<Msf::Module::Target>] the filtered targets that we wish to filter further
|
|
|
|
|
# @param host_record [Mdm::Host] the target host record
|
|
|
|
|
# @return [Array<Msf::Module::Target>] an array of matching targets
|
2016-12-28 12:02:19 -06:00
|
|
|
def filter_by_os_name(potential_targets, host_record)
|
|
|
|
|
return [] if host_record.os_name.blank?
|
|
|
|
|
filtered_targets = []
|
|
|
|
|
potential_targets.each do |target|
|
|
|
|
|
filtered_targets << target if target.name =~ /#{host_record.os_name}/
|
|
|
|
|
end
|
|
|
|
|
filtered_targets
|
|
|
|
|
end
|
|
|
|
|
|
2016-12-29 11:38:40 -06:00
|
|
|
# Returns all Targets that match the target host's OS SP
|
|
|
|
|
#
|
|
|
|
|
# @param potential_targets [Array<Msf::Module::Target>] the filtered targets that we wish to filter further
|
|
|
|
|
# @param host_record [Mdm::Host] the target host record
|
|
|
|
|
# @return [Array<Msf::Module::Target>] an array of matching targets
|
2016-12-28 12:02:19 -06:00
|
|
|
def filter_by_os_sp(potential_targets, host_record)
|
|
|
|
|
return [] if host_record.os_sp.blank?
|
|
|
|
|
filtered_targets = []
|
|
|
|
|
potential_targets.each do |target|
|
|
|
|
|
filtered_targets << target if target.name =~ /#{host_record.os_sp}/
|
|
|
|
|
end
|
|
|
|
|
filtered_targets
|
2016-12-21 16:23:09 -06:00
|
|
|
end
|
|
|
|
|
end
|
2018-05-03 21:42:20 -05:00
|
|
|
end
|
