defanged mode

git-svn-id: file:///home/svn/framework3/trunk@4303 4d416f70-5f16-0410-b530-b9f4589650da
jduck · Jan 30, 2007 · 279c0e3 · 279c0e3
1 parent 114050e
commit 279c0e3
Show file tree

Hide file tree

Showing 9 changed files with 59 additions and 4 deletions.
diff --git a/lib/msf/core/framework.rb b/lib/msf/core/framework.rb
@@ -132,7 +132,7 @@ def version
 	# maintains the database db and handles db events
 	#
 	attr_reader   :db
-	
+
 protected
 
 	attr_writer   :events # :nodoc:

diff --git a/lib/msf/ui/console/command_dispatcher.rb b/lib/msf/ui/console/command_dispatcher.rb
@@ -43,6 +43,13 @@ def active_module=(mod)
 		driver.active_module = mod
 	end
 
+	#
+	# Checks to see if the driver is defanged.
+	#
+	def defanged?
+		driver.defanged?
+	end
+
 	#
 	# Logs an error message to the screen and the log file.  The callstack is
 	# also printed.

diff --git a/lib/msf/ui/console/command_dispatcher/auxiliary.rb b/lib/msf/ui/console/command_dispatcher/auxiliary.rb
@@ -99,6 +99,7 @@ def cmd_exploit(*args)
 	# Executes an auxiliary module
 	#
 	def cmd_run(*args)
+		defanged?
 
 		opt_str = nil
 		action  = mod.datastore['ACTION']

diff --git a/lib/msf/ui/console/command_dispatcher/core.rb b/lib/msf/ui/console/command_dispatcher/core.rb
@@ -194,6 +194,8 @@ def cmd_info_tabs(str, words)
 	# Goes into IRB scripting mode
 	#
 	def cmd_irb(*args)
+		defanged?
+
 		print_status("Starting IRB shell...\n")
 
 		begin
@@ -254,6 +256,8 @@ def cmd_jobs_tabs(str, words)
 	# the framework root plugin directory is used.
 	#
 	def cmd_load(*args)
+		defanged?
+
 		if (args.length == 0)
 			print_line(
 				"Usage: load <path> [var=val var=val ...]\n\n" +
@@ -311,6 +315,8 @@ def cmd_load_tabs(str, words)
 	# storage medium, such as a flatfile.
 	#
 	def cmd_persist(*args)
+		defanged?
+
 		if (args.length == 0)
 			args.unshift("-h")
 		end
@@ -499,6 +505,8 @@ def cmd_route_tabs(str, words)
 	# restarts of the console.
 	#
 	def cmd_save(*args)
+		defanged?
+
 		# Save the console config
 		driver.save_config
 
@@ -521,6 +529,8 @@ def cmd_save(*args)
 	# Adds one or more search paths.
 	#
 	def cmd_loadpath(*args)
+		defanged?
+
 		if (args.length == 0)
 			print_error("No search paths were provided.")
 			return true

diff --git a/lib/msf/ui/console/command_dispatcher/exploit.rb b/lib/msf/ui/console/command_dispatcher/exploit.rb
@@ -45,7 +45,10 @@ def name
 	# Checks to see if a target is vulnerable.
 	#
 	def cmd_check(*args)
+		defanged?
+
 		begin
+
 			mod.init_ui(
 				driver.input,
 				driver.output)
@@ -75,6 +78,8 @@ def cmd_check(*args)
 	# Launches an exploitation attempt.
 	#
 	def cmd_exploit(*args)
+		defanged?
+
 		opt_str = nil
 		payload = mod.datastore['PAYLOAD']
 		encoder = mod.datastore['ENCODER']

diff --git a/lib/msf/ui/console/driver.rb b/lib/msf/ui/console/driver.rb
@@ -95,6 +95,14 @@ def initialize(prompt = DefaultPrompt, prompt_char = DefaultPromptChar, opts = {
 
 		# Whether or not command passthru should be allowed
 		self.command_passthru = (opts['AllowCommandPassthru'] == false) ? false : true
+
+		# Disables "dangerous" functionality of the console
+		@defanged = opts['Defanged'] == true
+
+		# If we're defanged, then command passthru should be disabled
+		if @defanged
+			self.command_passthru = false
+		end
 	end
 
 	#
@@ -259,6 +267,17 @@ def on_variable_unset(glob, var)
 	#
 	attr_accessor :active_module
 
+	#
+	# If defanged is true, dangerous functionality, such as exploitation, irb,
+	# and command shell passthru is disabled.  In this case, an exception is 
+	# raised.
+	#
+	def defanged?
+		if @defanged
+			raise DefangedException
+		end
+	end
+
 protected
 
 	attr_writer   :framework # :nodoc:
@@ -330,6 +349,16 @@ def handle_loglevel(val)
 
 end
 
+#
+# This exception is used to indicate that functionality is disabled due to
+# defanged being true
+#
+class DefangedException < ::Exception
+	def to_s
+		"This functionality is currently disabled (defanged mode)"
+	end
+end
+
 end
 end
 end
diff --git a/lib/rex/proto/http/client.rb b/lib/rex/proto/http/client.rb
@@ -121,7 +121,7 @@ def request_cgi(opts={})
 			pstr << '='
 			pstr << set_encode_uri(val)
 		end
-				
+
 		req = ''
 		req += set_method(c_meth)
 		req += set_method_uri_spacer()

diff --git a/lib/rex/services/local_relay.rb b/lib/rex/services/local_relay.rb
@@ -180,11 +180,11 @@ def start_tcp_relay(lport, opts = {})
 		if ((opts['PeerHost'] == nil or opts['PeerPort'] == nil) and (opts['Stream'] != true))
 			raise ArgumentError, "Missing peer host or peer port.", caller
 		end
-	
+
 		listener = Rex::Socket.create_tcp_server(
 			'LocalHost' => opts['LocalHost'],
 			'LocalPort' => lport)
-
+	
 		opts['LocalPort']   = lport
 		opts['__RelayType'] = 'tcp'
 

diff --git a/msfconsole b/msfconsole
@@ -24,6 +24,9 @@ class OptsConsole
 			opts.separator ""
 			opts.separator "Specific options:"
 
+			opts.on("-d", "-d", "Execute the console as defanged") do
+				options['Defanged'] = true
+			end
 
 			opts.on("-r", "-r <filename>", "Execute the specified resource file") do |r|
 				options['Resource'] = r