module PWN::Plugins::Tor
def self.authors
def self.authors st.pentest@0dayinc.com>
def self.help
def self.help }.start( - IP address to listen (default: 127.0.0.1)', l - socks port to listen (default: 9050)', tional - tor control port to listen (default: 9051)', - CIDR notation to accept connections (default: 127.0.0.1/32)', ional - directory to keep tor session data (default: /tmp/tor_pwn-TIMESTAMP)' xit_node( ired - tor_obj returned from #start method', ut: 'optional - float in seconds to timeout (default: 3.0)' ired - tor_obj returned from #start method'
def self.start(opts = {})
def self.start(opts = {}) .to_i s::Sock.get_random_unused_port if port.zero? ctrl_port].to_i N::Plugins::Sock.get_random_unused_port port != port parse_net(net) ow.strftime('%Y-%m-%d_%H-%M-%S.%N%z') ata_dir] /tor_pwn-#{timestamp}" data_dir) p}:#{port}" _dir}/tor.pid" = "#{data_dir}/control_auth_cookie" "#{data_dir}/stdout-session.log" .new(session_log_path, 'w') true .fork do ', , ication', net}", tdin, pid| _file, pid) |line| puts line or => e g with errors...' data_dir) k_pid) .exist?(pid_file) dy = File.exist?(cookie_authn_file) dy && cookie_authn_ready xdump -e '32/1 "%02x"' #{cookie_authn_file}` _pid, read(pid_file).to_i, port, ir, okie_authn , SystemExit => e ss tor_obj.nil?
def self.stop(opts = {})
def self.stop(opts = {}) r_obj] ? tor_obj[:data_dir]) RM', tor_obj[:child_pid]) RM', tor_obj[:parent_pid]) => e
def self.switch_exit_node(opts = {})
def self.switch_exit_node(opts = {}) r_obj] opts[:response_timeout] , NYM', : response_timeout => e
def self.tor_control_cmd(opts = {})
def self.tor_control_cmd(opts = {}) _obj] opts[:response_timeout] = 3.0 ip] [:ctrl_port] obj[:cookie_authn] gins::Sock.connect( AUTHENTICATE #{cookie_authn}\r\n" } hash[:cmd]) _obj.wait_readable(response_timeout) bj.readline.chomp response (cmd_hash) 50 OK' d: "#{cmd}\r\n" } cmd_hash[:cmd]) sock_obj.wait_readable(response_timeout) ck_obj.readline.chomp p] = response push(cmd_hash) = '250 OK' { cmd: "QUIT\r\n" } ite(cmd_hash[:cmd]) d = sock_obj.wait_readable(response_timeout) pond = sock_obj.readline.chomp = '900 NO CMD RESPONSE' 00 NO CMD RESPONSE' = response sh(cmd_hash) O AUTHENTICATE RESPONSE' response (cmd_hash) gins::Sock.disconnect(sock_obj: sock_obj) => e bj)