Implement "set PAYLOAD" by index

lib/msf/core/evasion.rb

@@ -286,7 +286,7 @@ def target_index
       target_idx =
         begin
           Integer(datastore['TARGET'])
-        rescue ArgumentError, TypeError
+        rescue TypeError, ArgumentError
           datastore['TARGET']
         end
 

lib/msf/core/exploit.rb

@@ -321,7 +321,7 @@ def initialize(info = {})
     end
 
     # Initialize exploit datastore with target information
-    import_target_datastore
+    import_target_defaults
 
     # All exploits can increase the delay when waiting for a session.
     # However, this only applies to aggressive exploits.
@@ -686,7 +686,7 @@ def target_index
     target_idx =
       begin
         Integer(datastore['TARGET'])
-      rescue ArgumentError, TypeError
+      rescue TypeError, ArgumentError
         datastore['TARGET']
       end
 
@@ -701,14 +701,6 @@ def target_index
     return (target_idx) ? target_idx.to_i : nil
   end
 
-  #
-  # Import the target's DefaultOptions hash into the datastore.
-  #
-  def import_target_datastore
-    return unless target && target.default_options
-    datastore.import_options_from_hash(target.default_options)
-  end
-
   #
   # Returns the target's platform, or the one assigned to the module itself.
   #

lib/msf/core/module/data_store.rb

@@ -25,6 +25,15 @@ def import_defaults(clear_datastore = true)
     end
   end
 
+  #
+  # Import the target's DefaultOptions hash into the datastore.
+  #
+  def import_target_defaults
+    return unless target && target.default_options
+
+    datastore.import_options_from_hash(target.default_options, true, 'self')
+  end
+
   #
   # Overrides the class' own datastore with the one supplied.  This is used
   # to allow modules to share datastores, such as a payload sharing an
@@ -38,4 +47,4 @@ def share_datastore(ds)
   protected
 
   attr_writer :datastore
-end
+end

lib/msf/ui/console/command_dispatcher/common.rb

@@ -142,6 +142,21 @@ def show_options(mod) # :nodoc:
     #print("\nTarget: #{mod.target.name}\n\n")
   end
 
+  # This is for the "use" and "set" commands
+  def module_index(list, index, &block)
+    return unless list.kind_of?(Array) && index
+
+    begin
+      idx = Integer(index)
+    rescue ArgumentError
+      return
+    end
+
+    # Don't support negative indices
+    return if idx < 0
+
+    yield list[idx]
+  end
 
 end
 

lib/msf/ui/console/command_dispatcher/core.rb

@@ -39,6 +39,7 @@ module CommandDispatcher
 class Core
 
   include Msf::Ui::Console::CommandDispatcher
+  include Msf::Ui::Console::CommandDispatcher::Common
 
   # Session command options
   @@sessions_opts = Rex::Parser::Arguments.new(
@@ -1574,6 +1575,16 @@ def cmd_set(*args)
     name  = args[0]
     value = args[1, args.length-1].join(' ')
 
+    # Set PAYLOAD by index
+    if name.upcase == 'PAYLOAD' && active_module && (active_module.exploit? || active_module.evasion?)
+      module_index(payload_show_results, value) do |mod|
+        return false unless mod && mod.respond_to?(:first)
+
+        # [name, class] from payload_show_results
+        value = mod.first
+      end
+    end
+
     # If the driver indicates that the value is not valid, bust out.
     if (driver.on_variable_set(global, name, value) == false)
       print_error("The value specified for #{name} is not valid.")
@@ -1592,13 +1603,17 @@ def cmd_set(*args)
     end
 
     # Set PAYLOAD from TARGET
-    if name.upcase == 'TARGET' && active_module && active_module.exploit?
-      active_module.import_target_datastore
+    if name.upcase == 'TARGET' && active_module && (active_module.exploit? || active_module.evasion?)
+      active_module.import_target_defaults
     end
 
     print_line("#{name} => #{datastore[name]}")
   end
 
+  def payload_show_results
+    Msf::Ui::Console::CommandDispatcher::Modules.class_variable_get(:@@payload_show_results)
+  end
+
   #
   # Tab completion for the set command
   #

lib/msf/ui/console/command_dispatcher/modules.rb

@@ -49,6 +49,7 @@ def initialize(driver)
             @previous_module = nil
             @module_name_stack = []
             @module_search_results = []
+            @@payload_show_results = []
             @dangerzone_map = nil
           end
 
@@ -641,18 +642,12 @@ def cmd_use(*args)
             # Try to create an instance of the supplied module name
             mod_name = args[0]
 
-            # Try to create an integer out of a supplied module name
-            mod_index =
-              begin
-                Integer(mod_name)
-              rescue ArgumentError, TypeError
-                nil
-              end
-
             # Use a module by search index
-            if mod_index
-              return if mod_index < 0 || @module_search_results[mod_index].nil?
-              mod_name = @module_search_results[mod_index].fullname
+            module_index(@module_search_results, mod_name) do |mod|
+              return false unless mod && mod.respond_to?(:fullname)
+
+              # Module cache object from @module_search_results
+              mod_name = mod.fullname
             end
 
             # See if the supplied module name has already been resolved
@@ -1039,10 +1034,12 @@ def show_exploits(regex = nil, minrank = nil, opts = nil) # :nodoc:
           def show_payloads(regex = nil, minrank = nil, opts = nil) # :nodoc:
             # If an active module has been selected and it's an exploit, get the
             # list of compatible payloads and display them
-            if (active_module and (active_module.exploit? == true or active_module.evasion?))
-              show_module_set("Compatible Payloads", active_module.compatible_payloads, regex, minrank, opts)
+            if active_module && (active_module.exploit? || active_module.evasion?)
+              @@payload_show_results = active_module.compatible_payloads
+
+              show_module_set('Compatible Payloads', @@payload_show_results, regex, minrank, opts)
             else
-              show_module_set("Payloads", framework.payloads, regex, minrank, opts)
+              show_module_set('Payloads', framework.payloads, regex, minrank, opts)
             end
           end
 

lib/msf/ui/console/driver.rb

@@ -404,22 +404,14 @@ def on_startup(opts = {})
   #
   def on_variable_set(glob, var, val)
     case var.downcase
-    when 'payload'
-      if framework && !framework.payloads.valid?(val)
-        return false
-      elsif active_module && active_module.type == 'exploit' && !active_module.is_payload_compatible?(val)
-        return false
-      elsif active_module
-        active_module.datastore.clear_non_user_defined
-      elsif framework
-        framework.datastore.clear_non_user_defined
-      end
     when 'sessionlogging'
       handle_session_logging(val) if glob
     when 'consolelogging'
       handle_console_logging(val) if glob
     when 'loglevel'
       handle_loglevel(val) if glob
+    when 'payload'
+      handle_payload(val)
     when 'ssh_ident'
       handle_ssh_ident(val)
     end
@@ -572,6 +564,23 @@ def handle_loglevel(val)
     set_log_level(Msf::LogSource, val)
   end
 
+  #
+  # This method handles setting a desired payload
+  #
+  # TODO: Move this out of the console driver!
+  #
+  def handle_payload(val)
+    if framework && !framework.payloads.valid?(val)
+      return false
+    elsif active_module && (active_module.exploit? || active_module.evasion?)
+      return false unless active_module.is_payload_compatible?(val)
+    elsif active_module
+      active_module.datastore.clear_non_user_defined
+    elsif framework
+      framework.datastore.clear_non_user_defined
+    end
+  end
+
   #
   # This method monkeypatches Net::SSH's client identification string
   #