2005-12-17 06:46:23 +00:00
|
|
|
#!/usr/bin/env ruby
|
2005-11-28 21:38:48 +00:00
|
|
|
#
|
|
|
|
|
# This user interface allows users to interact with the framework through a
|
|
|
|
|
# command line interface (CLI) rather than having to use a prompting console
|
|
|
|
|
# or web-based interface.
|
|
|
|
|
#
|
2005-10-02 05:47:52 +00:00
|
|
|
|
2005-12-06 03:34:58 +00:00
|
|
|
$:.unshift(File.join(File.dirname(__FILE__), 'lib'))
|
2005-10-02 05:47:52 +00:00
|
|
|
|
|
|
|
|
require 'rex'
|
|
|
|
|
require 'msf/ui'
|
|
|
|
|
require 'msf/base'
|
|
|
|
|
|
|
|
|
|
Indent = ' '
|
|
|
|
|
|
|
|
|
|
# Initialize the simplified framework instance.
|
|
|
|
|
$framework = Msf::Simple::Framework.create
|
|
|
|
|
|
2006-01-10 16:07:45 +00:00
|
|
|
def usage (str = nil, extra = nil)
|
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
|
'Header' => "Usage: #{$0} <exploit_name> <option=value> [mode]",
|
|
|
|
|
'Indent' => 4,
|
|
|
|
|
'Columns' => ['Mode', 'Description']
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
tbl << ['(H)elp', "you're looking at it baby!"]
|
|
|
|
|
tbl << ['(S)ummary', 'show information about this module']
|
|
|
|
|
tbl << ['(O)ptions', 'show available options for this module']
|
|
|
|
|
tbl << ['(A)dvanced', 'show available advanced options for this module']
|
|
|
|
|
tbl << ['(I)ds Evasion', 'show available ids evasion options for this module']
|
|
|
|
|
tbl << ['(P)ayloads', 'show available payloads for this module']
|
|
|
|
|
tbl << ['(T)argets', 'show available targets for this module']
|
|
|
|
|
tbl << ['(C)heck', 'Attempt to check if the target is vulnerable']
|
|
|
|
|
tbl << ['(E)xploit', 'Attempt to exploit the target']
|
|
|
|
|
|
|
|
|
|
$stdout.puts "Error: #{str}\n\n" if str
|
|
|
|
|
$stdout.puts tbl.to_s + "\n"
|
|
|
|
|
$stdout.puts extra + "\n" if extra
|
|
|
|
|
|
|
|
|
|
exit
|
|
|
|
|
end
|
|
|
|
|
|
2006-01-05 22:20:28 +00:00
|
|
|
if (ARGV.length < 1)
|
2005-12-15 05:07:14 +00:00
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
|
|
|
'Header' => 'Exploits',
|
|
|
|
|
'Indent' => 4,
|
|
|
|
|
'Columns' => [ 'Name', 'Description' ])
|
|
|
|
|
|
|
|
|
|
$framework.exploits.each_module { |name, mod|
|
|
|
|
|
tbl << [ name, mod.new.name ]
|
|
|
|
|
}
|
|
|
|
|
|
2006-01-10 16:07:45 +00:00
|
|
|
usage(nil, tbl.to_s)
|
2005-10-02 05:47:52 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Get the exploit name we'll be using
|
|
|
|
|
exploit_name = ARGV.shift
|
|
|
|
|
exploit = $framework.exploits.create(exploit_name)
|
|
|
|
|
|
|
|
|
|
if (exploit == nil)
|
2006-01-25 20:18:48 +00:00
|
|
|
usage("Invalid exploit: #{exploit_name}")
|
2005-10-02 05:47:52 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Initialize the user interface
|
|
|
|
|
exploit.init_ui($stdout, $stdin)
|
|
|
|
|
|
2006-01-05 22:20:28 +00:00
|
|
|
# Evalulate the command (default to "help")
|
|
|
|
|
mode = ARGV.pop || 'h'
|
2005-10-02 05:47:52 +00:00
|
|
|
|
|
|
|
|
# Import options
|
2005-11-15 21:59:37 +00:00
|
|
|
exploit.datastore.import_options_from_s(ARGV.join(' '))
|
2005-10-02 05:47:52 +00:00
|
|
|
|
|
|
|
|
case mode.downcase
|
2006-01-10 16:07:45 +00:00
|
|
|
when 'h'
|
|
|
|
|
usage
|
2005-10-02 05:47:52 +00:00
|
|
|
when "s"
|
|
|
|
|
$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_module(exploit, Indent))
|
|
|
|
|
when "o"
|
|
|
|
|
$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_options(exploit, Indent))
|
|
|
|
|
when "a"
|
|
|
|
|
$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_advanced_options(exploit, Indent))
|
2006-01-05 03:57:12 +00:00
|
|
|
when "i"
|
|
|
|
|
$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_evasion_options(exploit, Indent))
|
2005-10-02 05:47:52 +00:00
|
|
|
when "p"
|
|
|
|
|
$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_compatible_payloads(
|
|
|
|
|
exploit, Indent, "Compatible payloads"))
|
|
|
|
|
when "t"
|
|
|
|
|
$stdout.puts("\n" + Msf::Serializer::ReadableText.dump_exploit_targets(exploit, Indent))
|
|
|
|
|
when "c"
|
|
|
|
|
begin
|
|
|
|
|
if (code = exploit.check)
|
|
|
|
|
stat = (code == Msf::Exploit::CheckCode::Vulnerable) ? '[+]' : '[*]'
|
|
|
|
|
|
|
|
|
|
$stdout.puts("#{stat} #{code[1]}")
|
|
|
|
|
else
|
|
|
|
|
$stderr.puts("Check failed: The state could not be determined.")
|
|
|
|
|
end
|
|
|
|
|
rescue
|
|
|
|
|
$stderr.puts("Check failed: #{$!}")
|
|
|
|
|
end
|
|
|
|
|
when "e"
|
|
|
|
|
begin
|
|
|
|
|
session = exploit.exploit_simple(
|
|
|
|
|
'Encoder' => exploit.datastore['ENCODER'],
|
|
|
|
|
'Target' => exploit.datastore['TARGET'],
|
|
|
|
|
'Payload' => exploit.datastore['PAYLOAD'],
|
|
|
|
|
'Nop' => exploit.datastore['NOP'],
|
|
|
|
|
'LocalInput' => Rex::Ui::Text::Input::Stdio.new,
|
|
|
|
|
'LocalOutput' => Rex::Ui::Text::Output::Stdio.new,
|
|
|
|
|
'ForceBlocking' => true)
|
|
|
|
|
|
|
|
|
|
if (session)
|
2005-10-02 05:49:29 +00:00
|
|
|
$stdout.puts("[*] #{session.desc} session #{session.name} opened (#{session.tunnel_to_s})\n\n")
|
2005-10-02 05:47:52 +00:00
|
|
|
|
|
|
|
|
session.init_ui(
|
|
|
|
|
Rex::Ui::Text::Input::Stdio.new,
|
|
|
|
|
Rex::Ui::Text::Output::Stdio.new)
|
|
|
|
|
|
|
|
|
|
session.interact
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
rescue
|
|
|
|
|
$stderr.puts("Exploit failed: #{$!}")
|
2005-11-15 23:02:17 +00:00
|
|
|
$stderr.puts("Backtrace:")
|
|
|
|
|
$stderr.puts($!.backtrace.join("\n"))
|
2005-10-02 05:47:52 +00:00
|
|
|
end
|
2006-01-10 16:07:45 +00:00
|
|
|
else
|
|
|
|
|
usage("Invalid mode #{mode}")
|
2005-10-02 05:47:52 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
$stdout.puts
|
