Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

udp.rb 2.7KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157
  1. # -*- coding: binary -*-
  2. module Msf
  3. ###
  4. #
  5. # This module provides methods for communicating with a host over UDP
  6. #
  7. ###
  8. module Exploit::Remote::Udp
  9. #
  10. # Initializes an instance of an exploit module that exploits a
  11. # vulnerability in a UDP service
  12. #
  13. def initialize(info = {})
  14. super
  15. register_options(
  16. [
  17. Opt::RHOST,
  18. Opt::RPORT,
  19. ], Msf::Exploit::Remote::Udp)
  20. register_advanced_options(
  21. [
  22. Opt::CPORT,
  23. Opt::CHOST
  24. ], Msf::Exploit::Remote::Udp
  25. )
  26. end
  27. #
  28. # Creates a UDP socket for communicating with a remote host
  29. #
  30. def connect_udp(global = true, opts={})
  31. nsock = Rex::Socket::Udp.create(
  32. 'PeerHost' => opts['RHOST'] || rhost,
  33. 'PeerPort' => (opts['RPORT'] || rport).to_i,
  34. 'LocalHost' => opts['CHOST'] || chost || "0.0.0.0",
  35. 'LocalPort' => (opts['CPORT'] || cport || 0).to_i,
  36. 'Context' =>
  37. {
  38. 'Msf' => framework,
  39. 'MsfExploit' => self,
  40. })
  41. # Set this socket to the global socket as necessary
  42. self.udp_sock = nsock if (global)
  43. # Add this socket to the list of sockets created by this exploit
  44. add_socket(nsock)
  45. return nsock
  46. end
  47. #
  48. # Closes the UDP socket
  49. #
  50. def disconnect_udp(nsock = self.udp_sock)
  51. begin
  52. if (nsock)
  53. nsock.shutdown
  54. nsock.close
  55. end
  56. rescue IOError
  57. end
  58. if (nsock == udp_sock)
  59. self.udp_sock = nil
  60. end
  61. # Remove this socket from the list of sockets created by this exploit
  62. remove_socket(nsock)
  63. end
  64. #
  65. # Claims the UDP socket if the payload so desires.
  66. #
  67. def handler(nsock = self.udp_sock)
  68. # If the handler claims the socket, then we don't want it to get closed
  69. # during cleanup
  70. if ((rv = super) == Handler::Claimed)
  71. if (nsock == self.udp_sock)
  72. self.sock = nil
  73. end
  74. # Remove this socket from the list of sockets so that it will not be
  75. # aborted.
  76. remove_socket(nsock)
  77. end
  78. return rv
  79. end
  80. #
  81. # Performs cleanup, disconnects the socket if necessary
  82. #
  83. def cleanup
  84. super
  85. disconnect_udp
  86. end
  87. ##
  88. #
  89. # Wrappers for getters
  90. #
  91. ##
  92. #
  93. # Returns the local host for outgoing connections
  94. #
  95. def chost
  96. datastore['CHOST']
  97. end
  98. #
  99. # Returns the local port for outgoing connections
  100. #
  101. def cport
  102. datastore['CPORT']
  103. end
  104. #
  105. # Returns the local host
  106. #
  107. def lhost
  108. datastore['LHOST']
  109. end
  110. #
  111. # Returns the local port
  112. #
  113. def lport
  114. datastore['LPORT']
  115. end
  116. #
  117. # Returns the target host
  118. #
  119. def rhost
  120. datastore['RHOST']
  121. end
  122. #
  123. # Returns the remote port
  124. #
  125. def rport
  126. datastore['RPORT']
  127. end
  128. protected
  129. attr_accessor :udp_sock
  130. end
  131. end