New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deserialize JSON into MDM Objects #9394

Closed
wants to merge 57 commits into
base: master
from
Commits
Jump to file or symbol
Failed to load files and symbols.
+5,272 −2,063
Diff settings

Always

Just for now

Copy path View file
@@ -3,6 +3,10 @@ source 'https://rubygems.org'
# spec.add_runtime_dependency '<name>', [<version requirements>]
gemspec name: 'metasploit-framework'
gem 'thin'
gem 'sinatra'
# separate from test as simplecov is not run on travis-ci
group :coverage do
# code coverage for tests
Copy path View file
@@ -113,10 +113,12 @@ GEM
coderay (1.1.2)
concurrent-ruby (1.0.5)
crass (1.0.3)
daemons (1.2.4)
diff-lcs (1.3)
dnsruby (1.60.2)
docile (1.1.5)
erubis (2.7.0)
eventmachine (1.2.3)
factory_girl (4.9.0)
activesupport (>= 3.0.0)
factory_girl_rails (4.9.0)
@@ -229,6 +231,8 @@ GEM
method_source (~> 0.9.0)
public_suffix (3.0.1)
rack (1.6.8)
rack-protection (1.5.3)
rack
rack-test (0.6.3)
rack (>= 1.0)
rails-deprecated_sanitizer (1.0.3)
@@ -341,10 +345,19 @@ GEM
json (>= 1.8, < 3)
simplecov-html (~> 0.10.0)
simplecov-html (0.10.2)
sinatra (1.4.8)
rack (~> 1.5)
rack-protection (~> 1.4)
tilt (>= 1.3, < 3)
sqlite3 (1.3.13)
sshkey (1.9.0)
thin (1.7.1)
daemons (~> 1.0, >= 1.0.9)
eventmachine (~> 1.0, >= 1.0.4)
rack (>= 1, < 3)
thor (0.20.0)
thread_safe (0.3.6)
tilt (2.0.7)
timecop (0.9.1)
ttfunk (1.5.1)
tzinfo (1.2.4)
@@ -373,6 +386,8 @@ DEPENDENCIES
rspec-rails
rspec-rerun
simplecov
sinatra
thin
timecop
yard
@@ -44,7 +44,11 @@ class Metasploit::Framework::Command::Base
#
# @return (see parsed_options)
def self.require_environment!
# TODO: Look into removing Rails.application (save ~20mb)
# return self.parsed_options if ( self.parsed_options.options.database.remote_process)
parsed_options = self.parsed_options
# RAILS_ENV must be set before requiring 'config/application.rb'
parsed_options.environment!
ARGV.replace(parsed_options.positional)
@@ -79,7 +83,9 @@ def self.parsed_options_class_name
def self.start
parsed_options = require_environment!
new(application: Rails.application, parsed_options: parsed_options).start
is_db_remote = false # parsed_options.options.database.remote_process
application = is_db_remote ? nil : Rails.application
new(application: application, parsed_options: parsed_options).start
end
#
@@ -79,6 +79,7 @@ def driver_options
driver_options['DatabaseEnv'] = options.environment
driver_options['DatabaseMigrationPaths'] = options.database.migrations_paths
driver_options['DatabaseYAML'] = options.database.config
driver_options['DatabaseRemoteProcess'] = options.database.remote_process
driver_options['DeferModuleLoads'] = options.modules.defer_loads
driver_options['DisableBanner'] = options.console.quiet
driver_options['DisableDatabase'] = options.database.disable
@@ -0,0 +1,38 @@
require 'metasploit/framework/data_service/stubs/host_data_service'
require 'metasploit/framework/data_service/stubs/vuln_data_service'
require 'metasploit/framework/data_service/stubs/event_data_service'
require 'metasploit/framework/data_service/stubs/workspace_data_service'
require 'metasploit/framework/data_service/stubs/note_data_service'
require 'metasploit/framework/data_service/stubs/web_data_service'
require 'metasploit/framework/data_service/stubs/service_data_service'
require 'metasploit/framework/data_service/stubs/session_data_service'
require 'metasploit/framework/data_service/stubs/exploit_data_service'
require 'metasploit/framework/data_service/stubs/loot_data_service'
#
# All data service implementations should include this module to ensure proper implementation
#
module Metasploit
module Framework
module DataService
include HostDataService
include EventDataService
include VulnDataService
include WorkspaceDataService
include WebDataService
include NoteDataService
include ServiceDataService
include SessionDataService
include ExploitDataService
include LootDataService
def name
raise 'DataLService#name is not implemented';
end
def active
raise 'DataLService#active is not implemented';
end
end
end
end
@@ -0,0 +1,210 @@
require 'singleton'
require 'open3'
require 'rex/ui'
require 'rex/logging'
require 'msf/core/db_manager'
require 'metasploit/framework/data_service/remote/http/core'
require 'metasploit/framework/data_service/remote/http/remote_service_endpoint'
require 'metasploit/framework/data_service/proxy/data_proxy_auto_loader'
#
# Holds references to data services (@see Metasploit::Framework::DataService)
# and forwards data to the implementation set as current.
#
module Metasploit
module Framework
module DataService
class DataProxy
include Singleton
include DataProxyAutoLoader
attr_reader :usable
#
# Returns current error state
#
def error
return @error if (@error)
return @data_service.error if @data_service
return "none"
end
def is_local?
if (@data_service)
return (@data_service.name == 'local_db_service')
end
return false
end
#
# Determines if the data service is active
#
def active
if (@data_service)
return @data_service.active
end
return false
end
#
# Initializes the data service to be used - primarily on startup
#
def init(framework, opts)
@mutex.synchronize {
if (@initialized)
return
end
begin
if (opts['DisableDatabase'])
@error = 'disabled'
return
elsif (opts['DatabaseRemoteProcess'])
run_remote_db_process(opts)
else
run_local_db_process(framework, opts)
end
@usable = true
@initialized = true
rescue Exception => e
puts "Unable to initialize a dataservice #{e.message}"
return
end
}
end
#
# Registers a data service with the proxy and immediately
# set as primary if online
#
def register_data_service(data_service, online=false)
validate(data_service)
puts "Registering data service: #{data_service.name}"
data_service_id = @data_service_id += 1
@data_services[data_service_id] = data_service
set_data_service(data_service_id, online)
end
#
# Set the data service to be used
#
def set_data_service(data_service_id, online=false)
data_service = @data_services[data_service_id.to_i]
if (data_service.nil?)
puts "Data service with id: #{data_service_id} does not exist"
return nil
end
if (!online && !data_service.active)
puts "Data service not online: #{data_service.name}, not setting as active"
return nil
end
puts "Setting active data service: #{data_service.name}"
@data_service = data_service
end
#
# Prints out a list of the current data services
#
def print_data_services()
@data_services.each_key {|key|
out = "id: #{key}, description: #{@data_services[key].name}"
if (!@data_service.nil? && @data_services[key].name == @data_service.name)
out += " [active]"
end
puts out #hahaha
}
end
#
# Used to bridge the local db
#
def method_missing(method, *args, &block)
#puts "Attempting to delegate method: #{method}"
unless @data_service.nil?
@data_service.send(method, *args, &block)
end
end
#
# Attempt to shutdown the local db process if it exists
#
def exit_called
if @pid
puts 'Killing db process'
begin
Process.kill("TERM", @pid)
rescue Exception => e
puts "Unable to kill db process: #{e.message}"
end
end
end
#########
protected
#########
def get_data_service
raise 'No registered data_service' unless @data_service
return @data_service
end
#######
private
#######
def initialize
@data_services = {}
@data_service_id = 0
@usable = false
@initialized = false
@mutex = Mutex.new()
end
def validate(data_service)
raise "Invalid data_service: #{data_service.class}, not of type Metasploit::Framework::DataService" unless data_service.is_a? (Metasploit::Framework::DataService)
raise 'Cannot register null data service data_service' unless data_service
raise 'Data Service already exists' if data_service_exist?(data_service)
end
def data_service_exist?(data_service)
@data_services.each_value{|value|
if (value.name == data_service.name)
return true
end
}
return false
end
def run_local_db_process(framework, opts)
puts 'Initializing local db process'
db_manager = Msf::DBManager.new(framework)
if (db_manager.usable and not opts['SkipDatabaseInit'])
register_data_service(db_manager, true)
db_manager.init_db(opts)
end
end
def run_remote_db_process(opts)
# started with no signal to prevent ctrl-c from taking out db
db_script = File.join( Msf::Config.install_root, "msfdb -ns")
wait_t = Open3.pipeline_start(db_script)
@pid = wait_t[0].pid
puts "Started process with pid #{@pid}"
endpoint = Metasploit::Framework::DataService::RemoteServiceEndpoint.new('localhost', 8080)
remote_host_data_service = Metasploit::Framework::DataService::RemoteHTTPDataService.new(endpoint)
register_data_service(remote_host_data_service, true)
end
end
end
end
end
@@ -0,0 +1,21 @@
module CredentialDataProxy
def create_credential(opts)
begin
data_service = self.get_data_service()
data_service.create_credential(opts)
rescue Exception => e
puts "Call to #{data_service.class}#create_credential threw exception: #{e.message}"
end
end
def creds(opts = {})
begin
data_service = self.get_data_service
data_service.creds(opts)
rescue Exception => e
puts "Call to #{data_service.class}#credentials threw exception: #{e.message}"
e.backtrace.each { |line| puts "#{line}\n" }
end
end
end
@@ -0,0 +1,32 @@
#
# Autoloads specific data proxies
#
module DataProxyAutoLoader
autoload :HostDataProxy, 'metasploit/framework/data_service/proxy/host_data_proxy'
autoload :VulnDataProxy, 'metasploit/framework/data_service/proxy/vuln_data_proxy'
autoload :EventDataProxy, 'metasploit/framework/data_service/proxy/event_data_proxy'
autoload :WorkspaceDataProxy, 'metasploit/framework/data_service/proxy/workspace_data_proxy'
autoload :NoteDataProxy, 'metasploit/framework/data_service/proxy/note_data_proxy'
autoload :WebDataProxy, 'metasploit/framework/data_service/proxy/web_data_proxy'
autoload :WebDataProxy, 'metasploit/framework/data_service/proxy/web_data_proxy'
autoload :ServiceDataProxy, 'metasploit/framework/data_service/proxy/service_data_proxy'
autoload :SessionDataProxy, 'metasploit/framework/data_service/proxy/session_data_proxy'
autoload :ExploitDataProxy, 'metasploit/framework/data_service/proxy/exploit_data_proxy'
autoload :LootDataProxy, 'metasploit/framework/data_service/proxy/loot_data_proxy'
autoload :SessionEventDataProxy, 'metasploit/framework/data_service/proxy/session_event_data_proxy'
autoload :CredentialDataProxy, 'metasploit/framework/data_service/proxy/credential_data_proxy'
autoload :NmapDataProxy, 'metasploit/framework/data_service/proxy/nmap_data_proxy'
include ServiceDataProxy
include HostDataProxy
include VulnDataProxy
include EventDataProxy
include WorkspaceDataProxy
include NoteDataProxy
include WebDataProxy
include SessionDataProxy
include ExploitDataProxy
include LootDataProxy
include SessionEventDataProxy
include CredentialDataProxy
include NmapDataProxy
end
Oops, something went wrong.
ProTip! Use n and p to navigate between commits in a pull request.