Returns an array of all of the exploit mixins. Lame algorithm right now. We search the Msf::Exploit namespace for all modules that do not have any constants in them. In the future we can replace this with a better algorithm. It‘s just important that it returns an array of all of the mixin modules.

Creates an instance of the exploit module. Mad skillz.

Returns MODULE_EXPLOIT to indicate that this is an exploit module.

Allows the payload handler to spawn a new monitor

Returns true if the exploit has an aggressive stance.

Performs last-minute sanity checking of exploit parameters. This method is called during automated exploitation attempts and allows an exploit to filter bad targets, obtain more information, and choose better targets based on the available data. Returning anything that evaluates to "false" will cause this specific exploit attempt to be skipped. This method can and will change datastore values and may interact with the backend database.

Returns a hash of the capabilities this exploit module has support for, such as whether or not it supports check and exploit.

Checks to see if the target is vulnerable, returning unsupported if it‘s not supported.

This method is designed to be overriden by exploit modules.

Performs any cleanup that may be necessary, such as disconnecting connections and any other such fun things. If a payload is active then its handler cleanup routines are called as well.

Returns a list of compatible encoders based on architecture

Returns a list of compatible payloads based on platform, architecture, and size requirements.

Called prior to encoding a payload.

Called after an encoded payload has been generated. This gives exploits or mixins a chance to alter the encoded payload.

Kicks off the actual exploit. Prior to this call, the framework will have validated the data store using the options associated with this exploit module. It will also pre-generate the desired payload, though exploits can re-generate the payload if necessary.

This method is designed to be overriden by exploit modules.

If we don‘t know the exploit type, then I guess it‘s omnipresent!

Generates the encoded version of the supplied payload using the payload requirements specific to this exploit. The encoded instance is returned to the caller. This method is exposed in the manner that it is such that passive exploits and re-generate an encoded payload on the fly rather than having to use the pre-generated one.

The return value is an EncodedPayload instance.

This method generates a non-cached payload which is typically useful for passive exploits that will have more than one client.

Passes the connection to the associated payload handler to see if the exploit succeeded and a connection has been established. The return value can be one of the Handler::constants.

Generates a nop sled of a supplied length and returns it to the caller.

Returns the first compatible NOP generator for this exploit‘s payload instance.

Returns the list of registers that the NOP generator should save, if any. It will use the current target‘s save registers in precedence over those defined globally for the exploit module.

If there are no save registers, nil is returned.

This is called by the payload when a new session is created

Returns if the exploit has a passive stance.

Generate a non-repeating static random string

Return any text that should be appended to the payload. The payload module is passed so that the exploit can take a guess at architecture and platform if it‘s a multi exploit.

Returns the bad characters that cannot be in any payload used by this exploit.

Returns the payload encoder option hash that is used to initialize the datastore of the encoder that is selected when generating an encoded payload.

Returns the payload encoder type that is associated with either the current target of the exploit in general.

Returns the payload extended options hash which is used to provide a location to store extended information that may be useful to a particular type of payload or mixin.

Maximum number of nops to use as a hint to the framework. Nil signifies that the framework should decide.

Minimum number of nops to use as a hint to the framework. Nil snigifies that the framework should decide.

Return any text that should be prepended to the payload. The payload module is passed so that the exploit can take a guess at architecture and platform if it‘s a multi exploit. This automatically takes into account any require stack adjustments.

Return any text that should be prepended to the encoder of the payload. The payload module is passed so that the exploit can take a guess at architecture and platform if it‘s a multi exploit.

Returns the maximum amount of room the exploit has for a payload.

Generate a random character avoiding the exploit‘s bad characters.

Generate random text characters avoiding the exploit‘s bad characters.

Generate random alpha characters avoiding the exploit‘s bad characters.

Generate random alphan lower characters avoiding the exploit‘s bad characters.

Generate random alpha upper characters avoiding the exploit‘s bad characters.

Generate random alphanumeric characters avoiding the exploit‘s bad characters.

Generate random english-like avoiding the exploit‘s bad characters.

Generate random numeric characters avoiding the exploit‘s bad characters.

Re-generates an encoded payload, typically called after something in the datastore has changed. An optional platform and architecture can be supplied as well.

Reset the session counter to zero (which occurs during set up of the exploit prior to calling exploit).

A boolean for whether a session has been created yet

Prepares the module for exploitation, initializes any state, and starts the payload handler.

This method returns the number of bytes that should be adjusted to the stack pointer prior to executing any code. The number of bytes to adjust is indicated to the routine through the payload ‘StackAdjustment’ attribute or through a target‘s payload ‘StackAdjustment’ attribute.

Generally, all exploits take an aggressive stance.

Returns true if the exploit module supports the check method.

Returns true if the exploit module supports the exploit method.

Returns the active target for this exploit. If not target has been defined, nil is returned. If no target was defined but there is a default target, that one will be automatically used.

Returns the target‘s architecture, or the one assigned to the module itself.

The target index that has been selected.

Returns the target‘s platform, or the one assigned to the module itself.

Returns MODULE_EXPLOIT to indicate that this is an exploit module.

The default "wait for session" delay is zero for all exploits.

Gets the memory map file and other context information that is required when wanting to support context keyed encoding

Overrides the base class method and serves to initialize default compatibilities for exploits