Module: Msf::Exploit::Remote::Smtp

Includes:
Tcp
Defined in:
lib/msf/core/exploit/remote/smtp.rb

Overview

This module exposes methods that may be useful to exploits that deal with servers that speak the SMTP protocol.

Instance Attribute Summary collapse

Attributes included from Tcp

#sock

Instance Method Summary collapse

Methods included from Tcp

#chost, #cleanup, #connect_timeout, #cport, #disconnect, #handler, #lhost, #lport, #peer, #print_prefix, #proxies, #rhost, #rport, #set_tcp_evasions, #shutdown, #ssl, #ssl_cipher, #ssl_verify_mode, #ssl_version

Instance Attribute Details

This attribute holds the banner that was read in after a successful call to connect or connect_login.



76
77
78
# File 'lib/msf/core/exploit/remote/smtp.rb', line 76

def banner
  @banner
end

Instance Method Details

#connect(global = true) ⇒ Object

This method establishes a SMTP connection to host and port specified by the RHOST and RPORT options, respectively. After connecting, the banner message is read in and stored in the ‘banner’ attribute.



38
39
40
41
42
43
44
45
# File 'lib/msf/core/exploit/remote/smtp.rb', line 38

def connect(global = true)
  fd = super

  # Wait for a banner to arrive...
  self.banner = fd.get_once(-1, 30)
  # Return the file descriptor to the caller
  fd
end

#connect_login(global = true) ⇒ Object

Connect to the remote SMTP server, and begin a DATA transfer



50
51
52
53
54
55
56
57
58
59
# File 'lib/msf/core/exploit/remote/smtp.rb', line 50

def (global = true)
  smtpsock = connect(global)

  raw_send_recv("EHLO X\r\n")
  raw_send_recv("MAIL FROM: #{datastore['MAILFROM']}\r\n")
  raw_send_recv("RCPT TO: #{datastore['MAILTO']}\r\n")
  raw_send_recv("DATA\r\n")

  return true
end

#initialize(info = {}) ⇒ Object

Creates an instance of an SMTP exploit module.



18
19
20
21
22
23
24
25
26
27
28
29
30
31
# File 'lib/msf/core/exploit/remote/smtp.rb', line 18

def initialize(info = {})
  super

  # Register the options that all SMTP exploits may make use of.
  register_options(
    [
      Opt::RHOST,
      Opt::RPORT(25),
      OptString.new('MAILFROM', [ true, 'FROM address of the e-mail', 'sender@example.com']),
      OptString.new('MAILTO', [ true, 'TO address of the e-mail', 'target@example.com']),
    ], Msf::Exploit::Remote::Smtp)
  register_autofilter_ports([ 25, 465, 587, 2525, 25025, 25000])
  register_autofilter_services(%W{ smtp smtps})
end

#raw_send_recv(cmd, nsock = self.sock) ⇒ Object

This method transmits an IMAP command and waits for a response. If one is received, it is returned to the caller.



65
66
67
68
# File 'lib/msf/core/exploit/remote/smtp.rb', line 65

def raw_send_recv(cmd, nsock = self.sock)
  nsock.put(cmd)
  nsock.get_once
end