Class: SSLScan::Socket::Parameters

Inherits:

Object

• Object
• SSLScan::Socket::Parameters

Defined in:

lib/ssl_scan/socket/parameters.rb

Overview

This class represents the set of parameters that are used to create a socket, whether it be a server or client socket.

Examples:

nsock = SSLScan::Socket::Tcp.create(
  'PeerHost'  =>  opts['RHOST'] || rhost,
  'PeerPort'  => (opts['RPORT'] || rport).to_i,
  'LocalHost' =>  opts['CHOST'] || chost || "0.0.0.0",
  'LocalPort' => (opts['CPORT'] || cport || 0).to_i,
  'SSL'       =>  dossl,
  'SSLVersion'=>  opts['SSLVersion'] || ssl_version,
  'Proxies'   => proxies,
  'Timeout'   => (opts['ConnectTimeout'] || connect_timeout || 10).to_i,
  'Context'   =>
    {
      'Msf'        => framework,
      'MsfExploit' => self,
    })

Instance Attribute Summary

• #bare ⇒ Bool

  Whether or not this is a bare (non-extended) socket instance that should be created.

• #comm ⇒ Comm

  The Comm instance that should be used to create the underlying socket.

• #context ⇒ Hash

  The context hash that was passed in to the structure.

• #localhost ⇒ String (also: #localaddr)

  The local host.

• #localport ⇒ Fixnum

  The local port.

• #peerhost ⇒ String (also: #peeraddr)

  The remote host information, equivalent to the PeerHost parameter hash key.

• #peerport ⇒ Fixnum

  The remote port.

• #proto ⇒ String

  The protocol to to use, such as TCP.

• #proxies ⇒ String

  List of proxies to use.

• #retries ⇒ Fixnum

  The number of attempts that should be made.

• #server ⇒ Bool

  Whether or not this is a server.

• #ssl ⇒ Bool

  Whether or not SSL should be used to wrap the connection.

• #ssl_cert ⇒ String

  The SSL certificate, in pem format, stored as a string.

• #ssl_cipher ⇒ String, Array

  What specific SSL Cipher(s) to use, may be a string containing the cipher name or an array of strings containing cipher names e.g.

• #ssl_compression ⇒ Bool

  Enables SSL/TLS-level compression.

• #ssl_verify_mode ⇒ Object

  The SSL context verification mechanism.

• #ssl_version ⇒ String, Symbol

  What version of SSL to use (SSL2, SSL3, SSL23, TLS1).

• #timeout ⇒ Fixnum

  The number of seconds before a connection attempt should time out.

• #v6 ⇒ Bool

  Whether we should use IPv6.

Class Method Summary

• .from_hash(hash) ⇒ Object

  Creates an instance of the Parameters class using the supplied hash.

Instance Method Summary

• #bare? ⇒ Boolean

  Returns true if the socket is a bare socket that does not inherit from any extended Rex classes.

• #client? ⇒ Boolean

  Returns true if this represents parameters for a client.

• #initialize(hash) ⇒ Parameters constructor

  Initializes the attributes from the supplied hash.

• #ip? ⇒ Boolean

  Returns true if the protocol for the parameters is IP.

• #server? ⇒ Boolean

  Returns true if this represents parameters for a server.

• #ssl? ⇒ Boolean

  Returns true if SSL has been requested.

• #tcp? ⇒ Boolean

  Returns true if the protocol for the parameters is TCP.

• #udp? ⇒ Boolean

  Returns true if the protocol for the parameters is UDP.

• #v6? ⇒ Boolean

  Returns true if IPv6 has been enabled.

Constructor Details

#initialize(hash) ⇒ Parameters

Initializes the attributes from the supplied hash. The following hash keys can be specified.

Parameters:

• hash (Hash) —

  a customizable set of options

Options Hash (hash):

• 'PeerHost' (String) —

  The remote host to connect to

• 'PeerAddr' (String) — default: alias for 'PeerHost'
• 'PeerPort' (Fixnum) —

  The remote port to connect to

• 'LocalHost' (String) —

  The local host to communicate from, if any

• 'LocalPort' (String) —

  The local port to communicate from, if any

• 'Bool' (Bool) —

  Create a bare socket

• 'Server' (Bool) —

  Whether or not this should be a server

• 'SSL' (Bool) —

  Whether or not SSL should be used

• 'SSLVersion' (String) —

  Specify SSL2, SSL3, or TLS1 (SSL3 is default)

• 'SSLCert' (String) —

  A file containing an SSL certificate (for server sockets)

• 'SSLCipher' (String) —

  see #ssl_cipher

• 'SSLCompression' (Bool) —

  enable SSL-level compression where available

• 'SSLVerifyMode' (String) —

  SSL certificate verification mechanism. One of ‘NONE’ (default), ‘CLIENT_ONCE’, ‘FAIL_IF_NO_PEER_CERT ’, ‘PEER’

• 'Proxies' (String) —

  List of proxies to use.

• 'Proto' (String) —

  The underlying protocol to use.

• 'IPv6' (String) —

  Force the use of IPv6.

• 'Comm' (String) —

  The underlying Comm object to use to create the socket for this parameter set.

• 'Context' (Hash) —

  A context hash that can allow users of this parameter class instance to determine who is responsible for requesting that a socket be created.

• 'Retries' (String) —

  The number of times a connection should be retried.

• 'Timeout' (Fixnum) —

  The number of seconds before a connection should time out

# File 'lib/ssl_scan/socket/parameters.rb', line 78

def initialize(hash)
  if (hash['PeerHost'])
    self.peerhost = hash['PeerHost']
  elsif (hash['PeerAddr'])
    self.peerhost = hash['PeerAddr']
  else
    self.peerhost = nil
  end

  if (hash['LocalHost'])
    self.localhost = hash['LocalHost']
  elsif (hash['LocalAddr'])
    self.localhost = hash['LocalAddr']
  else
    self.localhost = '0.0.0.0'
  end

  if (hash['PeerPort'])
    self.peerport = hash['PeerPort'].to_i
  else
    self.peerport = 0
  end

  if (hash['LocalPort'])
    self.localport = hash['LocalPort'].to_i
  else
    self.localport = 0
  end

  if (hash['Bare'])
    self.bare = hash['Bare']
  else
    self.bare = false
  end

  if (hash['SSL'] and hash['SSL'].to_s =~ /^(t|y|1)/i)
    self.ssl = true
  else
    self.ssl = false
  end

  supported_ssl_versions = ['SSL2', 'SSL23', 'TLS1', 'SSL3', :SSLv2, :SSLv3, :SSLv23, :TLSv1]
  if (hash['SSLVersion'] and supported_ssl_versions.include? hash['SSLVersion'])
    self.ssl_version = hash['SSLVersion']
  end

  supported_ssl_verifiers = %W{CLIENT_ONCE FAIL_IF_NO_PEER_CERT NONE PEER}
  if (hash['SSLVerifyMode'] and supported_ssl_verifiers.include? hash['SSLVerifyMode'])
    self.ssl_verify_mode = hash['SSLVerifyMode']
  end

  if hash['SSLCompression']
    self.ssl_compression = hash['SSLCompression']
  end

  if (hash['SSLCipher'])
    self.ssl_cipher = hash['SSLCipher']
  end

  if (hash['SSLCert'] and ::File.file?(hash['SSLCert']))
    begin
      self.ssl_cert = ::File.read(hash['SSLCert'])
    rescue ::Exception => e
      elog("Failed to read cert: #{e.class}: #{e}", LogSource)
    end
  end

  if hash['Proxies']
    self.proxies = hash['Proxies'].split('-').map{|a| a.strip}.map{|a| a.split(':').map{|b| b.strip}}
  end

  # The protocol this socket will be using
  if (hash['Proto'])
    self.proto = hash['Proto'].downcase
  else
    self.proto = 'tcp'
  end

  # Whether or not the socket should be a server
  self.server    = hash['Server'] || false

  # The communication subsystem to use to create the socket
  self.comm      = hash['Comm']

  # The context that was passed in, if any.
  self.context   = hash['Context'] || {}

  # If no comm was supplied, try to use the comm that is best fit to
  # handle the provided host based on the current routing table.
  if( self.server )
    if (self.comm == nil and self.localhost)
      self.comm  = SSLScan::Socket::SwitchBoard.best_comm(self.localhost)
    end
  else
    if (self.comm == nil and self.peerhost)
      self.comm  = SSLScan::Socket::SwitchBoard.best_comm(self.peerhost)
    end
  end

  # If we still haven't found a comm, we default to the local comm.
  self.comm      = SSLScan::Socket::Comm::Local if (self.comm == nil)

  # If we are a UDP server, turn off the server flag as it was only set when
  # creating the UDP socket in order to avail of the switch board above.
  if( self.server and self.proto == 'udp' )
    self.server = false
  end

  # The number of connection retries to make (client only)
  if hash['Retries']
    self.retries = hash['Retries'].to_i
  else
    self.retries = 0
  end

  # The number of seconds before a connect attempt times out (client only)
  if hash['Timeout']
    self.timeout = hash['Timeout'].to_i
  else
    self.timeout = 5
  end

  # Whether to force IPv6 addressing
  self.v6        = hash['IPv6'] || false
end

Instance Attribute Details

#bare ⇒ Bool

Whether or not this is a bare (non-extended) socket instance that should be created.

Returns:

• (Bool)

# File 'lib/ssl_scan/socket/parameters.rb', line 320

def bare
  @bare
end

#comm ⇒ Comm

The Comm instance that should be used to create the underlying socket.

Returns:

• (Comm)

# File 'lib/ssl_scan/socket/parameters.rb', line 303

def comm
  @comm
end

#context ⇒ Hash

The context hash that was passed in to the structure. (default: {})

Returns:

• (Hash)

# File 'lib/ssl_scan/socket/parameters.rb', line 307

def context
  @context
end

#localhost ⇒ String Also known as: localaddr

The local host. Equivalent to the LocalHost parameter hash key.

Returns:

• (String)

# File 'lib/ssl_scan/socket/parameters.rb', line 285

def localhost
  @localhost
end

#localport ⇒ Fixnum

The local port. Equivalent to the LocalPort parameter hash key.

Returns:

• (Fixnum)

# File 'lib/ssl_scan/socket/parameters.rb', line 289

def localport
  @localport
end

#peerhost ⇒ String Also known as: peeraddr

The remote host information, equivalent to the PeerHost parameter hash key.

Returns:

• (String)

# File 'lib/ssl_scan/socket/parameters.rb', line 277

def peerhost
  @peerhost
end

#peerport ⇒ Fixnum

The remote port. Equivalent to the PeerPort parameter hash key.

Returns:

• (Fixnum)

# File 'lib/ssl_scan/socket/parameters.rb', line 281

def peerport
  @peerport
end

#proto ⇒ String

The protocol to to use, such as TCP. Equivalent to the Proto parameter hash key.

Returns:

• (String)

# File 'lib/ssl_scan/socket/parameters.rb', line 294

def proto
  @proto
end

#proxies ⇒ String

List of proxies to use

Returns:

• (String)

# File 'lib/ssl_scan/socket/parameters.rb', line 358

def proxies
  @proxies
end

#retries ⇒ Fixnum

The number of attempts that should be made.

Returns:

• (Fixnum)

# File 'lib/ssl_scan/socket/parameters.rb', line 311

def retries
  @retries
end

#server ⇒ Bool

Whether or not this is a server. Equivalent to the Server parameter hash key.

Returns:

• (Bool)

# File 'lib/ssl_scan/socket/parameters.rb', line 299

def server
  @server
end

#ssl ⇒ Bool

Whether or not SSL should be used to wrap the connection.

Returns:

• (Bool)

# File 'lib/ssl_scan/socket/parameters.rb', line 324

def ssl
  @ssl
end

#ssl_cert ⇒ String

The SSL certificate, in pem format, stored as a string. See SslTcpServer#makessl

Returns:

• (String)

# File 'lib/ssl_scan/socket/parameters.rb', line 339

def ssl_cert
  @ssl_cert
end

#ssl_cipher ⇒ String, Array

What specific SSL Cipher(s) to use, may be a string containing the cipher name or an array of strings containing cipher names e.g.

“DHE-RSA-AES256-SHA”, “DHE-DSS-AES256-SHA”

Returns:

• (String, Array)

# File 'lib/ssl_scan/socket/parameters.rb', line 334

def ssl_cipher
  @ssl_cipher
end

#ssl_compression ⇒ Bool

Enables SSL/TLS-level compression

Returns:

• (Bool)

# File 'lib/ssl_scan/socket/parameters.rb', line 343

def ssl_compression
  @ssl_compression
end

#ssl_verify_mode ⇒ Object

The SSL context verification mechanism

# File 'lib/ssl_scan/socket/parameters.rb', line 348

def ssl_verify_mode
  @ssl_verify_mode
end

#ssl_version ⇒ String, Symbol

What version of SSL to use (SSL2, SSL3, SSL23, TLS1)

Returns:

• (String, Symbol)

# File 'lib/ssl_scan/socket/parameters.rb', line 328

def ssl_version
  @ssl_version
end

#timeout ⇒ Fixnum

The number of seconds before a connection attempt should time out.

Returns:

• (Fixnum)

# File 'lib/ssl_scan/socket/parameters.rb', line 315

def timeout
  @timeout
end

#v6 ⇒ Bool

Whether we should use IPv6

Returns:

• (Bool)

# File 'lib/ssl_scan/socket/parameters.rb', line 353

def v6
  @v6
end

Class Method Details

.from_hash(hash) ⇒ Object

Creates an instance of the Parameters class using the supplied hash.

# File 'lib/ssl_scan/socket/parameters.rb', line 36

def self.from_hash(hash)
  return self.new(hash)
end

Instance Method Details

#bare? ⇒ Boolean

Returns true if the socket is a bare socket that does not inherit from any extended Rex classes.

Returns:

• (Boolean)

# File 'lib/ssl_scan/socket/parameters.rb', line 249

def bare?
  return (bare == true)
end

#client? ⇒ Boolean

Returns true if this represents parameters for a client.

Returns:

• (Boolean)

# File 'lib/ssl_scan/socket/parameters.rb', line 220

def client?
  return (server == false)
end

#ip? ⇒ Boolean

Returns true if the protocol for the parameters is IP.

Returns:

• (Boolean)

# File 'lib/ssl_scan/socket/parameters.rb', line 241

def ip?
  return (proto == 'ip')
end

#server? ⇒ Boolean

Returns true if this represents parameters for a server.

Returns:

• (Boolean)

# File 'lib/ssl_scan/socket/parameters.rb', line 213

def server?
  return (server == true)
end

#ssl? ⇒ Boolean

Returns true if SSL has been requested.

Returns:

• (Boolean)

# File 'lib/ssl_scan/socket/parameters.rb', line 256

def ssl?
  return ssl
end

#tcp? ⇒ Boolean

Returns true if the protocol for the parameters is TCP.

Returns:

• (Boolean)

# File 'lib/ssl_scan/socket/parameters.rb', line 227

def tcp?
  return (proto == 'tcp')
end

#udp? ⇒ Boolean

Returns true if the protocol for the parameters is UDP.

Returns:

• (Boolean)

# File 'lib/ssl_scan/socket/parameters.rb', line 234

def udp?
  return (proto == 'udp')
end

#v6? ⇒ Boolean

Returns true if IPv6 has been enabled

Returns:

• (Boolean)

# File 'lib/ssl_scan/socket/parameters.rb', line 263

def v6?
  return v6
end