HD Moore
48b59caeff
git-svn-id: file:///home/svn/incoming/trunk@2782 4d416f70-5f16-0410-b530-b9f4589650da
46 lines
1.0 KiB
Ruby
46 lines
1.0 KiB
Ruby
require 'rex/proto/dcerpc'
|
|
|
|
module Msf
|
|
|
|
###
|
|
#
|
|
# DCERPC
|
|
# ------
|
|
#
|
|
# This mixin provides utility methods for interacting with a DCERPC service on
|
|
# a remote machine. These methods may generally be useful in the context of
|
|
# exploitation. This mixin extends the Tcp exploit mixin.
|
|
#
|
|
###
|
|
module Exploit::Remote::DCERPC
|
|
include Exploit::Remote::Tcp
|
|
|
|
def initialize(info = {})
|
|
super
|
|
|
|
# OptInt.new('FragSize', [ 1, 'Set the DCERPC packet fragmentation size', 127])
|
|
# OptBool.new('MultiBind', [ 0, 'Configure multi-context bind calls', 'T' ])
|
|
register_options(
|
|
[
|
|
Opt::RHOST,
|
|
Opt::RPORT(135),
|
|
], Msf::Exploit::Remote::DCERPC)
|
|
end
|
|
|
|
# Connect to the host/port specified by datastore['RHOST'], datastore['RPORT']
|
|
# Returns the context id on success and nil on failure
|
|
def connect_bind (uuid, vers)
|
|
|
|
# 1. Create the socket and connect to the target system
|
|
|
|
# 2. Call Rex::Proto::DCERPC to generate the BIND packet(s)
|
|
|
|
# 3. Send the BIND packets and parse the response
|
|
|
|
# 4. Return the context id back to the calling function
|
|
end
|
|
|
|
end
|
|
|
|
end
|