Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add OS X post module to manage Sonic Pi #12119

Merged
merged 10 commits into from Jul 29, 2019

Conversation

@wvu-r7
Copy link
Contributor

commented Jul 22, 2019

What is Sonic Pi?

From the website...

Sonic Pi is a code-based music creation and performance tool.

Simple enough for computing and music lessons.
Powerful enough for professional musicians.
Free to download with a friendly tutorial.
Diverse community of over 1.5 million live coders.

Learn to code creatively by composing or performing music in an incredible range of styles from Classical & Jazz to Grime & EDM.

tl;dr It's a music production and performance environment where you write Ruby. If you're familiar with SuperCollider, it's actually based on that.

What does this module do?

This module allows you to control an instance of Sonic Pi (assuming you have a session). You can run arbitrary Ruby code, which technically means RCE, but it's all local.

Why doesn't this module get me real RCE?

You can enable an external OSC server on UDP port 4559, but it's bound to the /osc prefix, which means you can't execute the /run-code message. Playing music might be a nice alternative. :)

How do I use it?

Here's a sample run, showing all the options available to you:

msf5 post(osx/manage/sonic_pi) > options

Module options (post/osx/manage/sonic_pi):

   Name            Current Setting                                             Required  Description
   ----            ---------------                                             --------  -----------
   FILE            /rapid7/metasploit-framework/data/post/sonic_pi_example.rb  yes       Path to Sonic Pi code
   OSC_HOST        127.0.0.1                                                   yes       OSC server host
   OSC_PORT        4557                                                        yes       OSC server port
   SESSION                                                                     yes       The session to run this module on.
   START_SONIC_PI  false                                                       yes       Start Sonic Pi


Post action:

   Name  Description
   ----  -----------
   Run   Run Sonic Pi code


msf5 post(osx/manage/sonic_pi) > advanced

Module advanced options (post/osx/manage/sonic_pi):

   Name         Current Setting                                         Required  Description
   ----         ---------------                                         --------  -----------
   RubyPath     /Applications/Sonic Pi.app/server/native/ruby/bin/ruby  yes       Path to Ruby executable
   SonicPiPath  /Applications/Sonic Pi.app/Contents/MacOS/Sonic Pi      yes       Path to Sonic Pi executable
   VERBOSE      true                                                    no        Enable detailed status messages
   WORKSPACE                                                            no        Specify the workspace for this module

msf5 post(osx/manage/sonic_pi) > show actions

Post actions:

   Name  Description
   ----  -----------
   Run   Run Sonic Pi code
   Stop  Stop all jobs


msf5 post(osx/manage/sonic_pi) > set session -1
session => -1
msf5 post(osx/manage/sonic_pi) > run

[+] Sonic Pi is running
[*] Running Sonic Pi code: /rapid7/metasploit-framework/data/post/sonic_pi_example.rb
[*] echo [snip] | base64 -D | /Applications/Sonic\ Pi.app/server/native/ruby/bin/ruby
[*] Post module execution completed
msf5 post(osx/manage/sonic_pi) > set action Stop
action => Stop
msf5 post(osx/manage/sonic_pi) > run

[+] Sonic Pi is running
[*] Stopping all jobs
[*] echo [snip] | base64 -D | /Applications/Sonic\ Pi.app/server/native/ruby/bin/ruby
[*] Post module execution completed
msf5 post(osx/manage/sonic_pi) >

If Sonic Pi isn't running, you can set START_SONIC_PI true to start it automatically.

@wvu-r7 wvu-r7 force-pushed the wvu-r7:feature/sonic-pi branch 9 times, most recently from c79f779 to 75a1d82 Jul 22, 2019

@wvu-r7 wvu-r7 changed the title [WIP] Add OS X Manage Sonic Pi post module Add OS X Manage Sonic Pi post module Jul 22, 2019

@wvu-r7 wvu-r7 removed the delayed label Jul 22, 2019

@wvu-r7 wvu-r7 marked this pull request as ready for review Jul 22, 2019

@wvu-r7 wvu-r7 force-pushed the wvu-r7:feature/sonic-pi branch from 75a1d82 to 60cb998 Jul 22, 2019

@wvu-r7 wvu-r7 force-pushed the wvu-r7:feature/sonic-pi branch from 60cb998 to 283f9d2 Jul 22, 2019

@wvu-r7 wvu-r7 removed the needs-docs label Jul 22, 2019

wvu-r7 added some commits Jul 22, 2019

@wvu-r7 wvu-r7 force-pushed the wvu-r7:feature/sonic-pi branch from 20267c1 to 3bc65b0 Jul 23, 2019

@wvu-r7 wvu-r7 changed the title Add OS X Manage Sonic Pi post module Add post module to manage the Sonic Pi music production/performance environment Jul 23, 2019

@wvu-r7 wvu-r7 changed the title Add post module to manage the Sonic Pi music production/performance environment Add OS X post module to manage Sonic Pi Jul 23, 2019

@wvu-r7 wvu-r7 force-pushed the wvu-r7:feature/sonic-pi branch from e9a48b5 to a952fc3 Jul 23, 2019

@wvu-r7 wvu-r7 requested a review from busterb Jul 23, 2019

@busterb
Copy link
Member

left a comment

Works great on macOS. I tried this on Debian Bullseye and while I could get the core program to work with examples, it didn't appear to be have the server running the same way.

@busterb

This comment has been minimized.

Copy link
Member

commented Jul 26, 2019

The only extra listener I see on Linux is a unix domain socket connected to the jack sound server:

unix 2 [ ACC ] STREAM LISTENING 41772 /dev/shm/jack_default_1000_0

Possibly means it uses that for routing rather than a direct UDP socket, probably making execution on that or the RPi more complex. So, this is good as a osx module.

data/post/sonic_pi_example.rb Outdated Show resolved Hide resolved

wvu-r7 added some commits Jul 26, 2019

Fix rhythm of melody section
Thanks for your ears, @busterb!
@wvu-r7

This comment has been minimized.

Copy link
Contributor Author

commented Jul 26, 2019

@busterb: PR is good to go. I believe this is relevant now...

Rename play_pattern_timed durations to beats
This is so I don't forget they're beats, not seconds. Also, "times"
already has special meaning in Ruby, so let's not confuse ourselves
further.

@wvu-r7 wvu-r7 force-pushed the wvu-r7:feature/sonic-pi branch from b350408 to e6e3ec4 Jul 26, 2019

@wvu-r7

This comment has been minimized.

Copy link
Contributor Author

commented Jul 26, 2019

Sorry, good to go now. Not touching it again. :)

Thanks for the help and testing! And the Jack memories.

@busterb busterb self-assigned this Jul 29, 2019

@busterb busterb merged commit e6e3ec4 into rapid7:master Jul 29, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request Jul 29, 2019

@busterb

This comment has been minimized.

Copy link
Member

commented Jul 29, 2019

Release Notes

The sonic_pi module has been added to the framework. It remotely executes code sequences within the Sonic Pi music production environment, along with a sample music sequence for an ultimate out-of-box experience.

msjenkins-r7 added a commit that referenced this pull request Jul 29, 2019

@wvu-r7 wvu-r7 deleted the wvu-r7:feature/sonic-pi branch Jul 29, 2019

@tdoan-r7 tdoan-r7 added the rn-modules label Aug 7, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.