Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

dialup.rb 5.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189
  1. # -*- coding: binary -*-
  2. module Msf
  3. module Exploit::Remote::Dialup
  4. def initialize(info = {})
  5. super
  6. register_options(
  7. [
  8. OptInt.new( 'BAUDRATE', [true, 'Baud Rate', 19200]),
  9. OptEnum.new( 'DATABITS', [true, 'Data Bits (4 is Windows Only)', '8', ['4', '5', '6', '7', '8'], '8']),
  10. OptString.new('DIALPREFIX', [true, 'Dial Prefix', 'ATDT *67, *70,']),
  11. OptString.new('DIALSUFFIX', [false, 'Dial Suffix', nil]),
  12. OptInt.new( 'DIALTIMEOUT', [true, 'Dial Timeout in seconds', 60]),
  13. OptBool.new( 'DISPLAYMODEM', [true, 'Displays modem commands and responses on the console', false]),
  14. OptEnum.new( 'FLOWCONTROL', [true, 'Flow Control', 'None', ['None', 'Hardware', 'Software', 'Both'], 'None']),
  15. OptString.new('INITSTRING', [true, 'Initialization String', 'AT X6 S11=80']),
  16. OptString.new('NUMBER', [true, 'Number to Dial (e.g. 1.800.950.9955, (202) 358-1234, 358.1234 etc.)', nil]),
  17. OptEnum.new( 'PARITY', [true, 'Parity (Mark & Space are Windows Only)', 'None', ['None', 'Even', 'Odd', 'Mark', 'Space'], 'None']),
  18. OptString.new('SERIALPORT', [true, 'Serial Port (e.g. 0 (COM1), 1 (COM2), /dev/ttyS0, etc.)', '/dev/ttyS0']),
  19. OptEnum.new( 'STOPBITS', [true, 'Stop Bits', '1', ['1', '2'], '1']),
  20. ], self.class)
  21. deregister_options('RHOST')
  22. begin
  23. require 'telephony'
  24. @telephony_loaded = true
  25. rescue ::Exception => e
  26. @telephony_loaded = false
  27. @telephony_error = e
  28. end
  29. end
  30. # Opens the modem connection
  31. def connect_dialup(global = true, opts={})
  32. if (not @telephony_loaded)
  33. print_status("The serialport module is not available: #{telephony_error}")
  34. raise RuntimeError, "Telephony not available"
  35. end
  36. serialport = datastore['SERIALPORT']
  37. baud = datastore['BAUDRATE'].to_i
  38. data_bits = datastore['DATABITS'].to_i
  39. stop_bits = datastore['STOPBITS'].to_i
  40. parity = case datastore['PARITY']
  41. when 'Even' ; Telephony::Modem::EVEN
  42. when 'Odd' ; Telephony::Modem::ODD
  43. when 'Mark' ; Telephony::Modem::MARK
  44. when 'Space'; Telephony::Modem::SPACE
  45. else Telephony::Modem::NONE
  46. end
  47. flowcontrol = case datastore['FLOWCONTROL']
  48. when 'Hardware' ; Telephony::Modem::HARD
  49. when 'Software' ; Telephony::Modem::SOFT
  50. when 'Both' ; Telephony::Modem::HARD | Telephony::Modem::SOFT
  51. else Telephony::Modem::NONE
  52. end
  53. initstring = datastore['INITSTRING']
  54. dialprefix = datastore['DIALPREFIX']
  55. dialsuffix = datastore['DIALSUFFIX']
  56. dialtimeout = datastore['DIALTIMEOUT'].to_i
  57. number = datastore['NUMBER'].tr(' ', '')
  58. modem = Telephony::Modem.new(serialport)
  59. modem.params = {
  60. 'baud' => baud,
  61. 'data_bits' => data_bits,
  62. 'parity' => parity,
  63. 'stop_bits' => stop_bits
  64. }
  65. modem.flow_control = flowcontrol
  66. modem.display = datastore['DISPLAYMODEM']
  67. print_status("Initializing Modem")
  68. result = modem.put_command('ATZ', 3)
  69. if result != 'OK'
  70. print_error("Error resetting modem")
  71. return
  72. end
  73. result = modem.put_command(initstring, 3)
  74. if result != 'OK'
  75. print_error("Error initializing modem")
  76. return
  77. end
  78. print_status("Dialing: #{number} (#{dialtimeout} sec. timeout)")
  79. dialstring = dialprefix + ' ' + number
  80. dialstring += (' ' + dialsuffix) if dialsuffix
  81. time = Time.now
  82. result = modem.put_command(dialstring, dialtimeout)
  83. while result =~ /RINGING/i
  84. result = modem.get_response(dialtimeout-(Time.now-time))
  85. end
  86. case result
  87. when /CONNECT/i
  88. print_status("Carrier: #{result}" )
  89. self.modem = modem if global
  90. return modem
  91. else
  92. print_error("No Carrier")
  93. disconnect_dialup(modem)
  94. return nil
  95. end
  96. end
  97. # Closes the modem connection
  98. def disconnect_dialup(nmodem = self.modem)
  99. if(nmodem)
  100. nmodem.flush
  101. nmodem.hangup
  102. nmodem.close
  103. end
  104. end
  105. # Reads until timeout looking for regexp
  106. def dialup_expect(regexp, timeout)
  107. res = {
  108. :match => false,
  109. :buffer => nil,
  110. }
  111. return res if ! self.modem
  112. res[:buffer] = ''
  113. time = Time.now
  114. while Time.now < time + timeout
  115. c = self.modem.getc
  116. res[:buffer] += c.chr if c
  117. if res[:buffer].match(regexp) != nil
  118. res[:match] = true
  119. while c
  120. c = self.modem.getc
  121. res[:buffer] += c.chr if c
  122. end
  123. return res
  124. end
  125. end
  126. return res
  127. end
  128. def dialup_getc
  129. return false if ! self.modem
  130. return self.modem.getc
  131. end
  132. def dialup_gets
  133. return false if ! self.modem
  134. buffer = ''
  135. c = self.modem.getc
  136. while c != 0x0a
  137. buffer += c
  138. c = self.modem.getc
  139. end
  140. buffer += c
  141. return buffer
  142. end
  143. def dialup_putc(c)
  144. return false if ! self.modem
  145. return self.modem.putc(c)
  146. end
  147. def dialup_puts(string)
  148. return false if ! self.modem
  149. return self.modem.puts(string)
  150. end
  151. def handler(nmodem = self.modem)
  152. # If the handler claims the modem, then we don't want it to get closed
  153. # during cleanup
  154. if ((rv = super) == Handler::Claimed)
  155. if (nmodem == self.modem)
  156. self.modem = nil
  157. end
  158. end
  159. return rv
  160. end
  161. attr_accessor :modem
  162. end
  163. end