Landing rapid7#1861 - Implement check for auxiliary modules

wchen-r7 · wchen-r7 · commit cd947e207557 · 2013-05-23T22:10:54.000-05:00
[FixRM:rapid7#7975]
diff --git a/lib/msf/base/simple/auxiliary.rb b/lib/msf/base/simple/auxiliary.rb
@@ -92,6 +92,39 @@ def run_simple(opts = {}, &block)
 		Msf::Simple::Auxiliary.run_simple(self, opts, &block)
 	end
 
+	#
+	# Initiates a check, setting up the exploit to be used.  The following
+	# options can be specified:
+	#
+	# LocalInput
+	#
+	# 	The local input handle that data can be read in from.
+	#
+	# LocalOutput
+	#
+	# 	The local output through which data can be displayed.
+	#
+	def self.check_simple(mod, opts)
+		if opts['LocalInput']
+			mod.init_ui(opts['LocalInput'], opts['LocalOutput'])
+		end
+
+		# Validate the option container state so that options will
+		# be normalized
+		mod.validate
+
+		# Run check
+		mod.check
+	end
+
+	#
+	# Calls the class method.
+	#
+	def check_simple(opts)
+		Msf::Simple::Auxiliary.check_simple(self, opts)
+	end
+
+
 protected
 
 	#
diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb
@@ -415,16 +415,6 @@ def initialize(info = {})
 	#
 	##
 
-	#
-	# Checks to see if the target is vulnerable, returning unsupported if it's
-	# not supported.
-	#
-	# This method is designed to be overriden by exploit modules.
-	#
-	def check
-		CheckCode::Unsupported
-	end
-
 	#
 	# Kicks off the actual exploit.  Prior to this call, the framework will
 	# have validated the data store using the options associated with this
diff --git a/lib/msf/core/module.rb b/lib/msf/core/module.rb
@@ -355,6 +355,16 @@ def disclosure_date
 		date_str = Date.parse(module_info['DisclosureDate'].to_s) rescue nil
 	end
 
+	#
+	# Checks to see if the target is vulnerable, returning unsupported if it's
+	# not supported.
+	#
+	# This method is designed to be overriden by exploit modules.
+	#
+	def check
+		Msf::Exploit::CheckCode::Unsupported
+	end
+
 	#
 	# Returns the hash that describes this module's compatibilities.
 	#
diff --git a/lib/msf/ui/console/command_dispatcher/exploit.rb b/lib/msf/ui/console/command_dispatcher/exploit.rb
@@ -29,7 +29,6 @@ class Exploit
 	#
 	def commands
 		super.update({
-			"check"    => "Check to see if a target is vulnerable",
 			"exploit"  => "Launch an exploit attempt",
 			"rcheck"   => "Reloads the module and checks if the target is vulnerable",
 			"rexploit" => "Reloads the module and launches an exploit attempt",
@@ -46,44 +45,6 @@ def name
 		"Exploit"
 	end
 
-	#
-	# Checks to see if a target is vulnerable.
-	#
-	def cmd_check(*args)
-		defanged?
-
-		begin
-
-			code = mod.check_simple(
-				'LocalInput'  => driver.input,
-				'LocalOutput' => driver.output)
-
-			if (code and code.kind_of?(Array) and code.length > 1)
-
-				if (code == Msf::Exploit::CheckCode::Vulnerable)
-					print_good(code[1])
-				else
-					print_status(code[1])
-				end
-
-			else
-				print_error("Check failed: The state could not be determined.")
-			end
-
-		rescue ::Interrupt
-			raise $!
-		rescue ::Exception => e
-			print_error("Exploit check failed: #{e.class} #{e}")
-			if(e.class.to_s != 'Msf::OptionValidateError')
-				print_error("Call stack:")
-				e.backtrace.each do |line|
-					break if line =~ /lib.msf.base.simple/
-					print_error("  #{line}")
-				end
-			end
-		end
-	end
-
 	#
 	# Launches an exploitation attempt.
 	#
diff --git a/lib/msf/ui/console/module_command_dispatcher.rb b/lib/msf/ui/console/module_command_dispatcher.rb
@@ -17,7 +17,8 @@ module ModuleCommandDispatcher
 	def commands
 		{
 			"pry"    => "Open a Pry session on the current module",
-			"reload" => "Reload the current module from disk"
+			"reload" => "Reload the current module from disk",
+			"check"  => "Check to see if a target is vulnerable"
 		}
 	end
 
@@ -35,6 +36,38 @@ def mod=(m)
 		self.driver.active_module = m
 	end
 
+	#
+	# Checks to see if a target is vulnerable.
+	#
+	def cmd_check(*args)
+		defanged?
+		begin
+			code = mod.check_simple(
+				'LocalInput'  => driver.input,
+				'LocalOutput' => driver.output)
+			if (code and code.kind_of?(Array) and code.length > 1)
+				if (code == Msf::Exploit::CheckCode::Vulnerable)
+					print_good(code[1])
+				else
+					print_status(code[1])
+				end
+			else
+				print_error("Check failed: The state could not be determined.")
+			end
+		rescue ::Interrupt
+			raise $!
+		rescue ::Exception => e
+			print_error("Exploit check failed: #{e.class} #{e}")
+			if(e.class.to_s != 'Msf::OptionValidateError')
+				print_error("Call stack:")
+				e.backtrace.each do |line|
+					break if line =~ /lib.msf.base.simple/
+					print_error("  #{line}")
+				end
+			end
+		end
+	end
+
 	def cmd_pry_help
 		print_line "Usage: pry"
 		print_line
diff --git a/test/modules/auxiliary/test/check.rb b/test/modules/auxiliary/test/check.rb
@@ -0,0 +1,47 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+#   http://metasploit.com/framework/
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Auxiliary::Report
+	include Msf::Exploit::Remote::HttpClient
+
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'           => "Check Test",
+			'Description'    => %q{
+					This module ensures that 'check' actually functions for Auxiilary modules.
+			},
+			'References'     =>
+				[
+					[ 'OSVDB', '0' ]
+				],
+			'Author'         =>
+				[
+					'todb'
+				],
+			'License'        => MSF_LICENSE
+		))
+
+		register_options(
+			[
+				Opt::RPORT(80)
+			], self.class)
+	end
+
+	def check
+		print_debug "Check is successful"
+		return Msf::Exploit::CheckCode::Vulnerable
+	end
+
+	def run
+		print_debug "Run is successful."
+	end
+
+end
diff --git a/test/modules/exploits/test/check.rb b/test/modules/exploits/test/check.rb
@@ -0,0 +1,45 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+#   http://metasploit.com/framework/
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit
+
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'           => "Check Test Exploit",
+			'Description'    => %q{
+					This module ensures that 'check' actually functions for Exploit modules.
+			},
+			'References'     =>
+				[
+					[ 'OSVDB', '0' ]
+				],
+			'Author'         =>
+				[
+					'todb'
+				],
+			'License'        => MSF_LICENSE,
+			'DisclosureDate' => 'May 23 2013'
+		))
+
+		register_options(
+			[
+				Opt::RPORT(80)
+			], self.class)
+	end
+
+	def check
+		print_debug "Check is successful"
+		return Msf::Exploit::CheckCode::Vulnerable
+	end
+
+	def exploit
+		print_debug "Exploit is successful."
+	end
+
+end
diff --git a/test/scripts/test-check.rc b/test/scripts/test-check.rc
@@ -0,0 +1,10 @@
+# Usage:
+# msfconsole -qLm test/modules -r test/scripts/test-check.rc
+
+use auxiliary/test/check
+set rhost www.metasploit.com
+check
+
+use exploit/test/check
+set rhost www.metasploit.com
+check
