Module: Msf::Exploit::Remote::Smtp

Includes:

Tcp

Defined in:

lib/msf/core/exploit/remote/smtp.rb

Overview

This module exposes methods that may be useful to exploits that deal with servers that speak the SMTP protocol.

Instance Attribute Summary

• #banner ⇒ Object protected

  This attribute holds the banner that was read in after a successful call to connect or connect_login.

Attributes included from Tcp

#sock

Instance Method Summary

• #connect(global = true) ⇒ Object

  This method establishes a SMTP connection to host and port specified by the RHOST and RPORT options, respectively.

• #connect_login(global = true) ⇒ Object

  Connect to the remote SMTP server, and begin a DATA transfer.

• #initialize(info = {}) ⇒ Object

  Creates an instance of an SMTP exploit module.

• #raw_send_recv(cmd, nsock = self.sock) ⇒ Object

  This method transmits an IMAP command and waits for a response.

Methods included from Tcp

#chost, #cleanup, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #peer, #print_prefix, #proxies, #replicant, #rhost, #rport, #set_tcp_evasions, #shutdown, #ssl, #ssl_cipher, #ssl_verify_mode, #ssl_version

Instance Attribute Details

#banner ⇒ Object (protected)

This attribute holds the banner that was read in after a successful call to connect or connect_login.

# File 'lib/msf/core/exploit/remote/smtp.rb', line 76

def banner
  @banner
end

Instance Method Details

#connect(global = true) ⇒ Object

This method establishes a SMTP connection to host and port specified by the RHOST and RPORT options, respectively. After connecting, the banner message is read in and stored in the ‘banner’ attribute.

# File 'lib/msf/core/exploit/remote/smtp.rb', line 38

def connect(global = true)
  fd = super

  # Wait for a banner to arrive...
  self.banner = fd.get_once(-1, 30)
  # Return the file descriptor to the caller
  fd
end

#connect_login(global = true) ⇒ Object

Connect to the remote SMTP server, and begin a DATA transfer

# File 'lib/msf/core/exploit/remote/smtp.rb', line 50

def connect_login(global = true)
  smtpsock = connect(global)

  raw_send_recv("EHLO X\r\n")
  raw_send_recv("MAIL FROM: #{datastore['MAILFROM']}\r\n")
  raw_send_recv("RCPT TO: #{datastore['MAILTO']}\r\n")
  raw_send_recv("DATA\r\n")

  return true
end

#initialize(info = {}) ⇒ Object

Creates an instance of an SMTP exploit module.

# File 'lib/msf/core/exploit/remote/smtp.rb', line 18

def initialize(info = {})
  super

  # Register the options that all SMTP exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(25),
      OptString.new('MAILFROM', [ true, 'FROM address of the e-mail', 'sender@example.com']),
      OptString.new('MAILTO', [ true, 'TO address of the e-mail', 'target@example.com']),
    ], Msf::Exploit::Remote::Smtp)
  register_autofilter_ports([ 25, 465, 587, 2525, 25025, 25000])
  register_autofilter_services(%W{ smtp smtps})
end

#raw_send_recv(cmd, nsock = self.sock) ⇒ Object

This method transmits an IMAP command and waits for a response. If one is received, it is returned to the caller.

# File 'lib/msf/core/exploit/remote/smtp.rb', line 65

def raw_send_recv(cmd, nsock = self.sock)
  nsock.put(cmd)
  nsock.get_once
end