void Exploit::launch(Host* host, vector<string> args) {
cout << "Running " << getName() << " version " << getVersion() << "..." << endl;
// check args
if(args.size() < 3) {
cout << "Please specify an IP and port to exploit." << endl;
return;
}
// resolve ip
string ip = args[1];
if(!host->ping(ip)) {
cout << "Destination host unreachable." << endl;
return;
}
Host *remote = host->resolve(ip);
// check level
unsigned int port = stoi(args[2]);
Service *s = remote->getService(port);
if(!s || !s->isVuln(vuln)) {
cout << "Service is not vulnerable." << endl;
return;
}
if(s->getVersion() > getVersion()) {
cout << "Version " << s->getVersion() << " of this software is not vulnerable." << endl;
return;
}
// exploit the vuln
run(host, remote, port);
}
FTPService::FTPService(unsigned int version): ShellService(Cache::queryCache("FTP"), 21, version) {
Shell* shell = getShell();
shell->add("help", [this] (vector<string> args) {
cout << "list: list all files" << endl;
cout << "upload [file] [host]: upload file to host" << endl;
cout << "delete [file]: delete a file" << endl;
cout << "cat [file]: display file contents" << endl;
}, false);
shell->add("list", [this] (vector<string> args) {
// list all files
cout << setw(width) << "Filename ";
cout << "Size" << endl;
for(File *file: files) {
cout << left << setw(width) << file->name->get();
cout << file->contents->get().length() << "b" << endl;
}
}, true);
shell->add("upload", [this] (vector<string> args) {
// upload a local file to a remote FTP server
if(args.size() < 3) {
cout << "Please specify file name and remote host." << endl;
}
string filename = args[1];
string ip = args[2];
// check file
File *file = nullptr;
for(File *f: files) {
if(f->name->get() == filename) {
file = new File{f->name, f->contents};
break;
}
}
if(!file) {
cout << "File not found." << endl;
return;
}
// check host
if(!localhost->ping(ip)) {
cout << "Destination host unreachable." << endl;
delete file;
return;
}
// find host
Host *remote = localhost->resolve(ip);
if(!remote->hasService(21)) {
cout << "Connection refused." << endl;
delete file;
return;
}
// contact server
FTPService *ftp = static_cast<FTPService*>(remote->getService(21));
ftp->upload(file);
cout << "Upload complete." << endl;
}, true);
shell->add("delete", [this] (vector<string> args) {
if(args.size() < 2) {
cout << "Please specify a file name." << endl;
}
// delete file
string name = args[1];
for(auto itr = files.begin(); itr != files.end(); itr++) {
File *file = *itr;
if(file->name->get() == name) {
files.erase(itr);
return;
}
}
cout << "File not found." << endl;
}, true);
shell->add("cat", [this] (vector<string> args) {
if(args.size() < 2) {
cout << "Please specify a file name." << endl;
return;
}
string name = args[1];
for(File *file: files) {
if(file->name->get() == name) {
cout << file->contents << endl;
return;
}
}
cout << "File not found." << endl;
}, true);
}
