2012-06-29 00:18:28 -05:00
|
|
|
# -*- coding: binary -*-
|
2011-08-24 21:41:03 +00:00
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
|
module Ui
|
|
|
|
|
module Console
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# Module-specific command dispatcher.
|
|
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
module ModuleCommandDispatcher
|
|
|
|
|
|
|
|
|
|
include Msf::Ui::Console::CommandDispatcher
|
2021-06-21 11:51:00 +01:00
|
|
|
include Msf::Ui::Console::ModuleArgumentParsing
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2011-08-24 21:41:03 +00:00
|
|
|
def commands
|
|
|
|
|
{
|
2013-05-23 11:40:04 -05:00
|
|
|
"reload" => "Reload the current module from disk",
|
|
|
|
|
"check" => "Check to see if a target is vulnerable"
|
2011-08-24 21:41:03 +00:00
|
|
|
}
|
|
|
|
|
end
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2011-08-24 21:41:03 +00:00
|
|
|
#
|
|
|
|
|
# The active driver module, if any.
|
|
|
|
|
#
|
|
|
|
|
def mod
|
|
|
|
|
return driver.active_module
|
|
|
|
|
end
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2011-08-24 21:41:03 +00:00
|
|
|
#
|
|
|
|
|
# Sets the active driver module.
|
|
|
|
|
#
|
|
|
|
|
def mod=(m)
|
|
|
|
|
self.driver.active_module = m
|
|
|
|
|
end
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2014-01-24 23:32:29 -06:00
|
|
|
def check_progress
|
|
|
|
|
return 0 unless @range_done and @range_count
|
|
|
|
|
pct = (@range_done / @range_count.to_f) * 100
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def check_show_progress
|
|
|
|
|
pct = check_progress
|
|
|
|
|
if(pct >= (@range_percent + @show_percent))
|
|
|
|
|
@range_percent = @range_percent + @show_percent
|
|
|
|
|
tdlen = @range_count.to_s.length
|
|
|
|
|
print_status("Checked #{"%.#{tdlen}d" % @range_done} of #{@range_count} hosts (#{"%.3d" % pct.to_i}% complete)")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2021-05-22 23:15:47 +01:00
|
|
|
def check_multiple(mod)
|
|
|
|
|
rhosts_walker = Msf::RhostsWalker.new(mod.datastore['RHOSTS'], mod.datastore).to_enum
|
2021-06-21 11:51:00 +01:00
|
|
|
rhosts_walker_count = rhosts_walker.count
|
2021-05-22 23:15:47 +01:00
|
|
|
|
2021-06-21 11:51:00 +01:00
|
|
|
# Short-circuit check_multiple if it's a single host, or doesn't have any hosts set
|
|
|
|
|
if rhosts_walker_count <= 1
|
2021-05-22 23:15:47 +01:00
|
|
|
nmod = mod.replicant
|
2021-06-21 11:51:00 +01:00
|
|
|
nmod.datastore.merge!(rhosts_walker.next) if rhosts_walker_count == 1
|
2021-05-22 23:15:47 +01:00
|
|
|
check_simple(nmod)
|
|
|
|
|
return
|
|
|
|
|
end
|
|
|
|
|
|
2014-01-26 12:15:47 -06:00
|
|
|
# This part of the code is mostly from scanner.rb
|
2014-01-24 23:32:29 -06:00
|
|
|
@show_progress = framework.datastore['ShowProgress'] || mod.datastore['ShowProgress'] || false
|
|
|
|
|
@show_percent = ( framework.datastore['ShowProgressPercent'] || mod.datastore['ShowProgressPercent'] ).to_i
|
|
|
|
|
|
2021-07-06 04:02:25 +01:00
|
|
|
@range_count = rhosts_walker_count || 0
|
2014-01-24 23:32:29 -06:00
|
|
|
@range_done = 0
|
|
|
|
|
@range_percent = 0
|
|
|
|
|
|
2014-01-26 12:15:47 -06:00
|
|
|
# Set the default thread to 1. The same behavior as before.
|
2014-01-25 01:40:05 -06:00
|
|
|
threads_max = (framework.datastore['THREADS'] || mod.datastore['THREADS'] || 1).to_i
|
2014-01-24 23:32:29 -06:00
|
|
|
@tl = []
|
|
|
|
|
|
|
|
|
|
if Rex::Compat.is_windows
|
2014-01-25 01:40:05 -06:00
|
|
|
if threads_max > 16
|
2014-01-26 12:08:20 -06:00
|
|
|
print_warning("Thread count has been adjusted to 16")
|
2014-01-24 23:32:29 -06:00
|
|
|
threads_max = 16
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if Rex::Compat.is_cygwin
|
2014-01-25 01:40:05 -06:00
|
|
|
if threads_max > 200
|
2014-01-26 12:08:20 -06:00
|
|
|
print_warning("Thread count has been adjusted to 200")
|
2014-01-24 23:32:29 -06:00
|
|
|
threads_max = 200
|
|
|
|
|
end
|
|
|
|
|
end
|
2014-01-25 01:27:48 -06:00
|
|
|
|
2014-01-26 16:35:44 -06:00
|
|
|
loop do
|
2021-05-22 23:15:47 +01:00
|
|
|
while @tl.length < threads_max
|
|
|
|
|
begin
|
|
|
|
|
datastore = rhosts_walker.next
|
|
|
|
|
rescue StopIteration
|
|
|
|
|
datastore = nil
|
|
|
|
|
end
|
|
|
|
|
break unless datastore
|
2014-01-24 23:32:29 -06:00
|
|
|
|
2021-05-22 23:15:47 +01:00
|
|
|
@tl << framework.threads.spawn("CheckHost-#{datastore['RHOSTS']}", false, datastore.dup) { |thr_datastore|
|
2014-01-30 16:46:36 -06:00
|
|
|
# Make sure this is thread-safe when assigning an IP to the RHOST
|
|
|
|
|
# datastore option
|
2021-01-21 17:31:03 -05:00
|
|
|
nmod = mod.replicant
|
2021-05-22 23:15:47 +01:00
|
|
|
nmod.datastore.merge!(thr_datastore)
|
2021-08-19 13:04:26 +01:00
|
|
|
Msf::Simple::Framework.simplify_module(nmod)
|
2021-01-21 17:31:03 -05:00
|
|
|
check_simple(nmod)
|
2014-01-26 16:33:21 -06:00
|
|
|
}
|
2014-01-24 23:32:29 -06:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
break if @tl.length == 0
|
|
|
|
|
|
|
|
|
|
tla = @tl.length
|
2014-01-30 16:46:36 -06:00
|
|
|
|
|
|
|
|
# This exception handling is necessary, the first thread with errors can kill the
|
|
|
|
|
# whole check_multiple and leave the rest of the threads running in background and
|
|
|
|
|
# only accessible with the threads command (Thread.list)
|
|
|
|
|
begin
|
|
|
|
|
@tl.first.join
|
|
|
|
|
rescue ::Exception => exception
|
2014-01-30 18:57:27 -06:00
|
|
|
if exception.kind_of?(::Interrupt)
|
|
|
|
|
raise exception
|
|
|
|
|
else
|
2020-06-11 13:09:25 +01:00
|
|
|
elog('Error encountered with first Thread', error: exception)
|
2014-01-30 18:57:27 -06:00
|
|
|
end
|
2014-01-30 16:46:36 -06:00
|
|
|
end
|
|
|
|
|
|
2014-01-24 23:32:29 -06:00
|
|
|
@tl.delete_if { |t| not t.alive? }
|
|
|
|
|
tlb = @tl.length
|
|
|
|
|
|
|
|
|
|
@range_done += (tla - tlb)
|
|
|
|
|
check_show_progress if @show_progress
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2013-05-23 11:40:04 -05:00
|
|
|
#
|
|
|
|
|
# Checks to see if a target is vulnerable.
|
|
|
|
|
#
|
2023-09-18 14:44:42 +01:00
|
|
|
def cmd_check(*args, opts: {})
|
|
|
|
|
if (args.include?('-r') || args.include?('--reload-libs')) && !opts[:previously_reloaded]
|
|
|
|
|
driver.run_single('reload_lib -a')
|
|
|
|
|
end
|
|
|
|
|
|
2021-06-21 11:51:00 +01:00
|
|
|
return false unless (args = parse_check_opts(args))
|
2017-03-24 11:47:36 -05:00
|
|
|
|
2021-06-21 11:51:00 +01:00
|
|
|
mod_with_opts = mod.replicant
|
|
|
|
|
mod_with_opts.datastore.import_options_from_hash(args[:datastore_options])
|
2014-01-23 00:37:32 -06:00
|
|
|
|
2021-05-22 23:15:47 +01:00
|
|
|
begin
|
2021-06-21 11:51:00 +01:00
|
|
|
mod_with_opts.validate
|
|
|
|
|
rescue ::Msf::OptionValidateError => e
|
2021-08-26 18:19:08 +01:00
|
|
|
::Msf::Ui::Formatter::OptionValidateError.print_error(mod_with_opts, e)
|
2021-06-21 11:51:00 +01:00
|
|
|
return false
|
|
|
|
|
end
|
2021-06-03 11:43:09 +01:00
|
|
|
|
2021-06-21 11:51:00 +01:00
|
|
|
begin
|
|
|
|
|
check_multiple(mod_with_opts)
|
2014-01-25 01:27:48 -06:00
|
|
|
rescue ::Interrupt
|
2014-01-26 12:15:47 -06:00
|
|
|
# When the user sends interrupt trying to quit the task, some threads will still be active.
|
|
|
|
|
# This means even though the console tells the user the task has aborted (or at least they
|
|
|
|
|
# assume so), the checks are still running. Because of this, as soon as we detect interrupt,
|
|
|
|
|
# we force the threads to die.
|
2014-01-26 02:49:16 -06:00
|
|
|
if @tl
|
|
|
|
|
@tl.each { |t| t.kill }
|
|
|
|
|
end
|
2014-01-25 01:27:48 -06:00
|
|
|
print_status("Caught interrupt from the console...")
|
|
|
|
|
return
|
2014-01-23 00:37:32 -06:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2017-03-24 11:47:36 -05:00
|
|
|
def cmd_check_help
|
2021-07-10 00:58:01 +01:00
|
|
|
print_module_run_or_check_usage(command: :check)
|
2017-03-24 11:47:36 -05:00
|
|
|
print_line('Multi-threaded checks:')
|
|
|
|
|
print_line('1. set THREADS 10')
|
|
|
|
|
print_line('2. check')
|
|
|
|
|
print_line
|
|
|
|
|
end
|
|
|
|
|
|
2015-10-29 13:22:59 -05:00
|
|
|
def report_vuln(instance)
|
|
|
|
|
framework.db.report_vuln(
|
|
|
|
|
workspace: instance.workspace,
|
|
|
|
|
host: instance.rhost,
|
|
|
|
|
name: instance.name,
|
|
|
|
|
info: "This was flagged as vulnerable by the explicit check of #{instance.fullname}.",
|
|
|
|
|
refs: instance.references
|
|
|
|
|
)
|
|
|
|
|
end
|
|
|
|
|
|
2014-01-30 16:46:36 -06:00
|
|
|
def check_simple(instance=nil)
|
|
|
|
|
unless instance
|
2016-03-28 09:02:07 -05:00
|
|
|
instance = mod
|
2014-01-30 16:46:36 -06:00
|
|
|
end
|
|
|
|
|
|
2015-04-29 15:03:02 -05:00
|
|
|
rhost = instance.datastore['RHOST']
|
2017-11-30 10:51:21 -06:00
|
|
|
rport = instance.datastore['RPORT']
|
2014-04-07 11:48:28 -05:00
|
|
|
peer = rhost
|
2017-11-30 10:51:21 -06:00
|
|
|
if rport
|
|
|
|
|
rport = instance.rport if instance.respond_to?(:rport)
|
2014-04-07 11:48:28 -05:00
|
|
|
peer = "#{rhost}:#{rport}"
|
|
|
|
|
end
|
2018-11-16 03:30:52 -06:00
|
|
|
peer_msg = peer ? "#{peer} - " : ''
|
2014-01-23 00:37:32 -06:00
|
|
|
|
2013-05-23 11:40:04 -05:00
|
|
|
begin
|
2018-04-09 13:27:13 -05:00
|
|
|
if instance.respond_to?(:check_simple)
|
|
|
|
|
code = instance.check_simple(
|
|
|
|
|
'LocalInput' => driver.input,
|
|
|
|
|
'LocalOutput' => driver.output
|
|
|
|
|
)
|
|
|
|
|
else
|
|
|
|
|
msg = "Check failed: #{instance.type.capitalize} modules do not support check."
|
|
|
|
|
raise NotImplementedError, msg
|
|
|
|
|
end
|
|
|
|
|
|
2019-10-08 16:21:40 -05:00
|
|
|
if (code && code.kind_of?(Msf::Exploit::CheckCode))
|
2013-05-23 11:40:04 -05:00
|
|
|
if (code == Msf::Exploit::CheckCode::Vulnerable)
|
2018-11-16 02:48:41 -06:00
|
|
|
print_good("#{peer_msg}#{code[1]}")
|
2017-02-06 00:58:21 -06:00
|
|
|
# Restore RHOST for report_vuln
|
|
|
|
|
instance.datastore['RHOST'] ||= rhost
|
2015-10-29 13:22:59 -05:00
|
|
|
report_vuln(instance)
|
2013-05-23 11:40:04 -05:00
|
|
|
else
|
2018-11-16 02:48:41 -06:00
|
|
|
print_status("#{peer_msg}#{code[1]}")
|
2013-05-23 11:40:04 -05:00
|
|
|
end
|
|
|
|
|
else
|
2018-11-16 02:48:41 -06:00
|
|
|
msg = "#{peer_msg}Check failed: The state could not be determined."
|
2014-10-10 01:06:37 -05:00
|
|
|
print_error(msg)
|
|
|
|
|
elog("#{msg}\n#{caller.join("\n")}")
|
2013-05-23 11:40:04 -05:00
|
|
|
end
|
2014-10-10 01:06:37 -05:00
|
|
|
rescue ::Rex::ConnectionError, ::Rex::ConnectionProxyError, ::Errno::ECONNRESET, ::Errno::EINTR, ::Rex::TimeoutError, ::Timeout::Error => e
|
2014-01-26 12:15:47 -06:00
|
|
|
# Connection issues while running check should be handled by the module
|
2018-07-25 21:11:10 -05:00
|
|
|
print_error("Check failed: #{e.class} #{e}")
|
2020-06-11 13:09:25 +01:00
|
|
|
elog('Check Failed', error: e)
|
2018-07-25 21:11:10 -05:00
|
|
|
rescue ::Msf::Exploit::Failed => e
|
|
|
|
|
# Handle fail_with and other designated exploit failures
|
|
|
|
|
print_error("Check failed: #{e.class} #{e}")
|
2020-06-11 13:09:25 +01:00
|
|
|
elog('Check Failed', error: e)
|
2014-10-10 01:06:37 -05:00
|
|
|
rescue ::RuntimeError => e
|
2014-01-26 12:15:47 -06:00
|
|
|
# Some modules raise RuntimeError but we don't necessarily care about those when we run check()
|
2020-06-11 13:09:25 +01:00
|
|
|
elog('Check Failed', error: e)
|
2018-04-09 13:27:13 -05:00
|
|
|
rescue ::NotImplementedError => e
|
|
|
|
|
print_error(e.message)
|
2020-06-11 13:09:25 +01:00
|
|
|
elog('Check Failed', error: e)
|
2013-05-23 11:40:04 -05:00
|
|
|
rescue ::Exception => e
|
2016-01-28 13:58:24 -06:00
|
|
|
print_error("Check failed: #{e.class} #{e}")
|
2020-06-11 13:09:25 +01:00
|
|
|
elog('Check Failed', error: e)
|
2013-05-23 11:40:04 -05:00
|
|
|
end
|
|
|
|
|
end
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2011-08-24 21:41:03 +00:00
|
|
|
#
|
|
|
|
|
# Reloads the active module
|
|
|
|
|
#
|
|
|
|
|
def cmd_reload(*args)
|
2023-09-18 14:44:42 +01:00
|
|
|
if args.include?('-r') || args.include?('--reload-libs')
|
|
|
|
|
driver.run_single('reload_lib -a')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
return cmd_reload_help if args.include?('-h') || args.include?('--help')
|
|
|
|
|
|
2011-08-24 21:41:03 +00:00
|
|
|
begin
|
|
|
|
|
reload
|
|
|
|
|
rescue
|
|
|
|
|
log_error("Failed to reload: #{$!}")
|
|
|
|
|
end
|
|
|
|
|
end
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2011-08-24 21:41:03 +00:00
|
|
|
@@reload_opts = Rex::Parser::Arguments.new(
|
|
|
|
|
'-k' => [ false, 'Stop the current job before reloading.' ],
|
|
|
|
|
'-h' => [ false, 'Help banner.' ])
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2011-08-24 21:41:03 +00:00
|
|
|
def cmd_reload_help
|
|
|
|
|
print_line "Usage: reload [-k]"
|
|
|
|
|
print_line
|
|
|
|
|
print_line "Reloads the current module."
|
|
|
|
|
print @@reload_opts.usage
|
|
|
|
|
end
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2011-08-24 21:41:03 +00:00
|
|
|
#
|
|
|
|
|
# Reload the current module, optionally stopping existing job
|
|
|
|
|
#
|
|
|
|
|
def reload(should_stop_job=false)
|
|
|
|
|
if should_stop_job and mod.job_id
|
|
|
|
|
print_status('Stopping existing job...')
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2011-08-24 21:41:03 +00:00
|
|
|
framework.jobs.stop_job(mod.job_id)
|
|
|
|
|
mod.job_id = nil
|
|
|
|
|
end
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2011-08-24 21:41:03 +00:00
|
|
|
print_status('Reloading module...')
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2012-10-04 16:32:12 -05:00
|
|
|
original_mod = self.mod
|
|
|
|
|
reloaded_mod = framework.modules.reload_module(original_mod)
|
2013-08-30 16:28:33 -05:00
|
|
|
|
2012-10-04 16:32:12 -05:00
|
|
|
unless reloaded_mod
|
|
|
|
|
error = framework.modules.module_load_error_by_path[original_mod.file_path]
|
|
|
|
|
|
|
|
|
|
print_error("Failed to reload module: #{error}")
|
|
|
|
|
|
|
|
|
|
self.mod = original_mod
|
|
|
|
|
else
|
|
|
|
|
self.mod = reloaded_mod
|
|
|
|
|
|
|
|
|
|
self.mod.init_ui(driver.input, driver.output)
|
|
|
|
|
end
|
2011-08-24 21:41:03 +00:00
|
|
|
|
2012-10-04 16:32:12 -05:00
|
|
|
reloaded_mod
|
2011-08-24 21:41:03 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
end end end
|
|
|
|
|
|
