Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Exploit command for metasploit-framework #52

Closed
wants to merge 29 commits into
from

Conversation

Projects
None yet
3 participants
Contributor

limhoff-r7 commented Feb 6, 2014

This PR includes all changes required for limhoff-r7/metasploit-framework#20. It supersedes #51 which supersedes #50 which supersedes #49.

limhoff-r7 added some commits Jan 3, 2014

@limhoff-r7 limhoff-r7 Eager loading
MSP-9108

Support eager loading to allow Msf::DBManager to eager load
metasploit-model and metasploit_data_models prior to threading to fix
loading errors due to threading.
e2e1790
@limhoff-r7 limhoff-r7 Mdm::Module::Instance.compatible_payloads_with
MSP-9228

Move some of the automatic payload choosing logic from
metasploit-framework into Mdm::Module::Instance to make better use of
the database cache.
f90c0e0
@limhoff-r7 limhoff-r7 Fix specs
MSP-9277
MSP-9108
1dbfc51
@limhoff-r7 limhoff-r7 Merge branch 'feature/eager_load' into feature/compatible-payloads a6726cc
@limhoff-r7 limhoff-r7 Mdm::ExploitAttempt#module_class
MSP-2969

Add Mdm::ExploitAttempt#module_class association and its inverse
Mdm::Module::Class#exploit_attempts.  This deprecates
Mdm::ExploitAttempt#module, which has ActiveSupport::Deprecation
warnings now.
63440e3
@limhoff-r7 limhoff-r7 Deprecate Mdm::ExploitAttempt#port and #proto
MSP-9283

Mdm::ExploitAttempt#service already holds the Mdm::Service#port and
Mdm::Service#proto, so there's no need for the #port and #proto on
Mdm::ExploitAttempt.  Mark them as deprecated for now and later remove
them.
6d0392b
@limhoff-r7 limhoff-r7 Fix YARD
MSP-9285

rake yard was hanging due to the stderr pipe buffer being full while
stdout was trying to be read from graphviz.  The pipe was full due to
postscript font name warnings on OS X Mavericks, which can be fixed
locally using these instructions:
voormedia/rails-erd#61 (comment).
Committed changes fix YARD warnings and undocumented objects.
9337cff
@limhoff-r7 limhoff-r7 architecture and platform association for Mdm::Session
MSP-9285

Mdm::Session#platform is removed as a String attribute in favor of
Mdm::Session#architecture and Mdm::Session#platform associations to
Mdm::Architecture and Mdm::Platform, respectively.  The associations are
validated for presence so that new sessions require them, but the
foreign key columns are null: true to support legacy sessions.
08ff522
@limhoff-r7 limhoff-r7 Remove obsolete YARD docs
MSP-9285
6c1484d
@limhoff-r7 limhoff-r7 Mdm::Session connects to Mdm::Module::Class
MSP-3090

Add Mdm::Session#exploit_class and Mdm::Session#payload_class to
deprecate Mdm::Session#via_exploit and Mdm::Session#via_payload,
respectively.  Mdm::Module::Class gets #exploit_sessions and
 #payload_sesions for the inverses.
6d42369
@limhoff-r7 limhoff-r7 Mdm::VulnAttempt#module_class association
MSP-2969

Mirror changes to Mdm::ExploitAttempt.
f3a617f
@limhoff-r7 limhoff-r7 Validations and null: false for Mdm::*Attempts
MSP-2969
MSP-9228
a55d149
@limhoff-r7 limhoff-r7 Fix payload reference names
MSP-2878
81bd261
@limhoff-r7 limhoff-r7 Scopes for compatible encoders and nops for payloads
MSP-9228
04f0cf0
@limhoff-r7 limhoff-r7 Fix specs
MSP-9228
11e8796
@limhoff-r7 limhoff-r7 Mdm::Module::Class#non_generic_payloads
MSP-9228

Allow generic payloads to find non-generic actual payloads.
18edfb7
@limhoff-r7 limhoff-r7 Mdm::Module::Instance#intersecting_architecture_abbreviations
MSP-9228

Allow scopes to use list and/or ActiveRecord::Relations of
Mdm::Architecture#abbreviations directly for looking up compatible
actual payloads when the generic payload has a list of architecture
abbreviations, but not a record with a #architecures association.
f44c66d
@limhoff-r7 limhoff-r7 Fix intersecting_architectures_with calling intersecting_architecture…
…_abbreviations

MSP-9228

I should have speced actual behavior on intersecting_architectures_with:
AREL isn't able to visit ActiveRecord::Relations, so I needed to pass
the built AREL to intersecting_architecture_abbreviations.  Passing
ActiveRecord::Relations only works for the where(column: subselect)
syntax for ActiveRecord::Relations; it must be internally doing a
build_arel before passing it to Arel::Attribute#in.
14aa09a
@limhoff-r7 limhoff-r7 Decompose Mdm::Module::Instance#intersecting_platforms_with
MSP-9228

Mdm::Module::Instance.intersecting_platforms will handle searching
Mdm::Platforms, while intersecting_platforms_with will handle searching
module_target and use intersecting_platforms to search the
module_target.platforms in turn.
intersecting_platform_fully_qualified_names will turn those
Mdm::Platform#fully_qualified_names into Mdm::Platforms that are then
passed to intersecting_platform.
1b6eafe
@limhoff-r7 limhoff-r7 Fix scope YARD scope
MSP-9228

Mdm::Module::Instance YARD tags were missing `self.` before the method
name in the `@!method` tags, so the scopes were showing up as instance
methods instead of class methods.
0f1c6b8
@limhoff-r7 limhoff-r7 Bump version
MSP-9228
230aa55

@limhoff-r7 limhoff-r7 referenced this pull request in limhoff-r7/metasploit-framework Feb 6, 2014

Closed

Exploit command #20

limhoff-r7 added some commits Feb 6, 2014

@limhoff-r7 limhoff-r7 Fix compatible_privilege_with
MSP-9228

I wrote the logic as privileged exploit requires a privileged payload,
but it's actually that a privileged payload requires a privileged
exploit, so privileged should only be restricted and to false if the
module_instance (exploit) is unprivileged as it means the exploit won't
be able to give privilege to the payload.
00dd8b0
@limhoff-r7 limhoff-r7 Fix associations being defined before templat is written
MSP-9228

Mdm::Module::Instance associations were not defined prior to writing the
template because the after(:build) for metasploit-model, which wrote the
template, ran before the after(:build) for metasploit_data_models because
trait callbacks run before base callbacks.  This has been worked around
by the after(:build) in metasploit-model 0.21.1 adding a
before_write_template callback to the ignored attributes, which this
commit now uses.
63b6227
@limhoff-r7 limhoff-r7 Fix YARD docs on non_generic_payloads
MSP-9228

Wasn't documented as a class method and was missing return.
d1e115a
@limhoff-r7 limhoff-r7 Port ranked scope to Mdm::Module::Class
MSP-9228

Mdm::Module::Instance.ranked has to join to Mdm::Module::Class to rank
modules anyway, so it makes sense to also create a ranked scope to order
Mdm::Module::Classes directly.
b6055a6
@limhoff-r7 limhoff-r7 Mdm::Module::Class#with_module_instance
MSP-9228

Add scope for converting Mdm::Module::Instance scope to an
Mdm::Module::Class scope as a lot of compatibility checks need to be
performed on Mdm::Module::Instances, but then Mdm::Module::Classes are
used to actually load the code from disk into memory.
1978116
@limhoff-r7 limhoff-r7 Require real handler_types for Mdm::Module::Ancestor
MSP-9228

Mdm::Module::Ancestor#handler_type must now be one of the known handler
types in Metasploit::Model::Module::Handler::TYPES and not just present
for single and stager payloads.
5abc88f

Not related... but not sure why a loot has been related (belongs_to) to an Exploit Attempt.

Is Mdm::Loot relaed to a loot get while post exploitation :?

limhoff-r7 added some commits Feb 18, 2014

@limhoff-r7 limhoff-r7 Use updated factories
MSP-9228
68c78c8
@limhoff-r7 limhoff-r7 Merge branch 'feature/module-cache-construction' into feature/exploit
MSP-9490

Conflicts:
	Gemfile
	lib/metasploit_data_models/version.rb
	metasploit_data_models.gemspec
f41214b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment