Module: Msf::Exploit::Remote::Dialup

Defined in:
lib/msf/core/exploit/remote/dialup.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#modemObject

Returns the value of attribute modem.



186
187
188
 
# File 'lib/msf/core/exploit/remote/dialup.rb', line 186

def modem
  @modem
end

Instance Method Details

#connect_dialup(global = true, opts = {}) ⇒ Object

Opens the modem connection



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'lib/msf/core/exploit/remote/dialup.rb', line 37

def connect_dialup(global = true, opts={})

  if (not @telephony_loaded)
    print_status("The serialport module is not available: #{telephony_error}")
    raise RuntimeError, "Telephony not available"
  end

  serialport = datastore['SERIALPORT']
  baud       = datastore['BAUDRATE'].to_i
  data_bits  = datastore['DATABITS'].to_i
  stop_bits  = datastore['STOPBITS'].to_i
  parity     = case datastore['PARITY']
    when 'Even' ; Telephony::Modem::EVEN
    when 'Odd'  ; Telephony::Modem::ODD
    when 'Mark' ; Telephony::Modem::MARK
    when 'Space'; Telephony::Modem::SPACE
    else          Telephony::Modem::NONE
  end
  flowcontrol  = case datastore['FLOWCONTROL']
    when 'Hardware' ; Telephony::Modem::HARD
    when 'Software' ; Telephony::Modem::SOFT
    when 'Both'     ; Telephony::Modem::HARD | Telephony::Modem::SOFT
    else              Telephony::Modem::NONE
  end

  initstring   = datastore['INITSTRING']
  dialprefix   = datastore['DIALPREFIX']
  dialsuffix   = datastore['DIALSUFFIX']
  dialtimeout  = datastore['DIALTIMEOUT'].to_i
  number       = datastore['NUMBER'].tr(' ', '')

  modem = Telephony::Modem.new(serialport)
  modem.params = {
    'baud'      => baud,
    'data_bits' => data_bits,
    'parity'    => parity,
    'stop_bits' => stop_bits
  }
  modem.flow_control = flowcontrol
  modem.display = datastore['DISPLAYMODEM']

  print_status("Initializing Modem")
  result = modem.put_command('ATZ', 3)
  if result != 'OK'
    print_error("Error resetting modem")
    return
  end
  result = modem.put_command(initstring, 3)
  if result != 'OK'
    print_error("Error initializing modem")
    return
  end

  print_status("Dialing: #{number} (#{dialtimeout} sec. timeout)")
  dialstring = dialprefix + ' ' + number
  dialstring += (' ' + dialsuffix) if dialsuffix

  time = Time.now
  result = modem.put_command(dialstring, dialtimeout)
  while result =~ /RINGING/i
    result = modem.get_response(dialtimeout-(Time.now-time))
  end

  case result
    when /CONNECT/i
      print_status("Carrier: #{result}" )
      self.modem = modem if global
      return modem
    else
      print_error("No Carrier")
      disconnect_dialup(modem)
      return nil
  end
end

#dialup_expect(regexp, timeout) ⇒ Object

Reads until timeout looking for regexp



122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'lib/msf/core/exploit/remote/dialup.rb', line 122

def dialup_expect(regexp, timeout)
  res = {
    :match  => false,
    :buffer => nil,
  }
  return res if ! self.modem

  res[:buffer] = ''

  time = Time.now
  while Time.now < time + timeout
    c = self.modem.getc
    res[:buffer] += c.chr if c
    if res[:buffer].match(regexp) != nil
      res[:match] = true
      while c
        c = self.modem.getc
        res[:buffer] += c.chr if c
      end
      return res
    end
  end
  return res
end

#dialup_getcObject 



147
148
149
150
 
# File 'lib/msf/core/exploit/remote/dialup.rb', line 147

def dialup_getc
  return false if ! self.modem
  return self.modem.getc
end

#dialup_getsObject 



152
153
154
155
156
157
158
159
160
161
162
 
# File 'lib/msf/core/exploit/remote/dialup.rb', line 152

def dialup_gets
  return false if ! self.modem
  buffer = ''
  c = self.modem.getc
  while c != 0x0a
    buffer += c
    c = self.modem.getc
  end
  buffer += c
  return buffer
end

#dialup_putc(c) ⇒ Object 



164
165
166
167
 
# File 'lib/msf/core/exploit/remote/dialup.rb', line 164

def dialup_putc(c)
  return false if ! self.modem
  return self.modem.putc(c)
end

#dialup_puts(string) ⇒ Object 



169
170
171
172
 
# File 'lib/msf/core/exploit/remote/dialup.rb', line 169

def dialup_puts(string)
  return false if ! self.modem
  return self.modem.puts(string)
end

#disconnect_dialup(nmodem = self.modem) ⇒ Object

Closes the modem connection



113
114
115
116
117
118
119
 
# File 'lib/msf/core/exploit/remote/dialup.rb', line 113

def disconnect_dialup(nmodem = self.modem)
  if(nmodem)
    nmodem.flush
    nmodem.hangup
    nmodem.close
  end
end

#handler(nmodem = self.modem) ⇒ Object 



174
175
176
177
178
179
180
181
182
183
184
 
# File 'lib/msf/core/exploit/remote/dialup.rb', line 174

def handler(nmodem = self.modem)
  # If the handler claims the modem, then we don't want it to get closed
  # during cleanup
  if ((rv = super) == Handler::Claimed)
    if (nmodem == self.modem)
      self.modem = nil
    end
  end

  return rv
end

#initialize(info = {}) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/msf/core/exploit/remote/dialup.rb', line 6

def initialize(info = {})
  super

  register_options(
    [
      OptInt.new(   'BAUDRATE',     [true, 'Baud Rate', 19200]),
      OptEnum.new(  'DATABITS',     [true, 'Data Bits (4 is Windows Only)', '8', ['4', '5', '6', '7', '8'], '8']),
      OptString.new('DIALPREFIX',   [true, 'Dial Prefix', 'ATDT *67, *70,']),
      OptString.new('DIALSUFFIX',   [false, 'Dial Suffix', nil]),
      OptInt.new(   'DIALTIMEOUT',  [true, 'Dial Timeout in seconds', 60]),
      OptBool.new(  'DISPLAYMODEM', [true, 'Displays modem commands and responses on the console', false]),
      OptEnum.new(  'FLOWCONTROL',  [true, 'Flow Control', 'None', ['None', 'Hardware', 'Software', 'Both'], 'None']),
      OptString.new('INITSTRING',   [true, 'Initialization String', 'AT X6 S11=80']),
      OptString.new('NUMBER',       [true, 'Number to Dial (e.g. 1.800.950.9955, (202) 358-1234, 358.1234 etc.)', nil]),
      OptEnum.new(  'PARITY',       [true, 'Parity (Mark & Space are Windows Only)', 'None', ['None', 'Even', 'Odd', 'Mark', 'Space'], 'None']),
      OptString.new('SERIALPORT',   [true, 'Serial Port (e.g. 0 (COM1), 1 (COM2), /dev/ttyS0, etc.)', '/dev/ttyS0']),
      OptEnum.new(  'STOPBITS',     [true, 'Stop Bits', '1', ['1', '2'], '1']),
    ], self.class)

  deregister_options('RHOST')

  begin
    require 'telephony'
    @telephony_loaded = true
  rescue ::Exception => e
    @telephony_loaded = false
    @telephony_error  = e
  end
end