Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Exploit command for metasploit-framework #52

Open
wants to merge 29 commits into from

2 participants

@limhoff-r7
Collaborator

This PR includes all changes required for limhoff-r7/metasploit-framework#20. It supersedes #51 which supersedes #50 which supersedes #49.

limhoff-r7 added some commits
@limhoff-r7 limhoff-r7 Eager loading
MSP-9108

Support eager loading to allow Msf::DBManager to eager load
metasploit-model and metasploit_data_models prior to threading to fix
loading errors due to threading.
e2e1790
@limhoff-r7 limhoff-r7 Mdm::Module::Instance.compatible_payloads_with
MSP-9228

Move some of the automatic payload choosing logic from
metasploit-framework into Mdm::Module::Instance to make better use of
the database cache.
f90c0e0
@limhoff-r7 limhoff-r7 Fix specs
MSP-9277
MSP-9108
1dbfc51
@limhoff-r7 limhoff-r7 Merge branch 'feature/eager_load' into feature/compatible-payloads a6726cc
@limhoff-r7 limhoff-r7 Mdm::ExploitAttempt#module_class
MSP-2969

Add Mdm::ExploitAttempt#module_class association and its inverse
Mdm::Module::Class#exploit_attempts.  This deprecates
Mdm::ExploitAttempt#module, which has ActiveSupport::Deprecation
warnings now.
63440e3
@limhoff-r7 limhoff-r7 Deprecate Mdm::ExploitAttempt#port and #proto
MSP-9283

Mdm::ExploitAttempt#service already holds the Mdm::Service#port and
Mdm::Service#proto, so there's no need for the #port and #proto on
Mdm::ExploitAttempt.  Mark them as deprecated for now and later remove
them.
6d0392b
@limhoff-r7 limhoff-r7 Fix YARD
MSP-9285

rake yard was hanging due to the stderr pipe buffer being full while
stdout was trying to be read from graphviz.  The pipe was full due to
postscript font name warnings on OS X Mavericks, which can be fixed
locally using these instructions:
voormedia/rails-erd#61 (comment).
Committed changes fix YARD warnings and undocumented objects.
9337cff
@limhoff-r7 limhoff-r7 architecture and platform association for Mdm::Session
MSP-9285

Mdm::Session#platform is removed as a String attribute in favor of
Mdm::Session#architecture and Mdm::Session#platform associations to
Mdm::Architecture and Mdm::Platform, respectively.  The associations are
validated for presence so that new sessions require them, but the
foreign key columns are null: true to support legacy sessions.
08ff522
@limhoff-r7 limhoff-r7 Remove obsolete YARD docs
MSP-9285
6c1484d
@limhoff-r7 limhoff-r7 Mdm::Session connects to Mdm::Module::Class
MSP-3090

Add Mdm::Session#exploit_class and Mdm::Session#payload_class to
deprecate Mdm::Session#via_exploit and Mdm::Session#via_payload,
respectively.  Mdm::Module::Class gets #exploit_sessions and
 #payload_sesions for the inverses.
6d42369
@limhoff-r7 limhoff-r7 Mdm::VulnAttempt#module_class association
MSP-2969

Mirror changes to Mdm::ExploitAttempt.
f3a617f
@limhoff-r7 limhoff-r7 Validations and null: false for Mdm::*Attempts
MSP-2969
MSP-9228
a55d149
@limhoff-r7 limhoff-r7 Fix payload reference names
MSP-2878
81bd261
@limhoff-r7 limhoff-r7 Scopes for compatible encoders and nops for payloads
MSP-9228
04f0cf0
@limhoff-r7 limhoff-r7 Fix specs
MSP-9228
11e8796
@limhoff-r7 limhoff-r7 Mdm::Module::Class#non_generic_payloads
MSP-9228

Allow generic payloads to find non-generic actual payloads.
18edfb7
@limhoff-r7 limhoff-r7 Mdm::Module::Instance#intersecting_architecture_abbreviations
MSP-9228

Allow scopes to use list and/or ActiveRecord::Relations of
Mdm::Architecture#abbreviations directly for looking up compatible
actual payloads when the generic payload has a list of architecture
abbreviations, but not a record with a #architecures association.
f44c66d
@limhoff-r7 limhoff-r7 Fix intersecting_architectures_with calling intersecting_architecture…
…_abbreviations

MSP-9228

I should have speced actual behavior on intersecting_architectures_with:
AREL isn't able to visit ActiveRecord::Relations, so I needed to pass
the built AREL to intersecting_architecture_abbreviations.  Passing
ActiveRecord::Relations only works for the where(column: subselect)
syntax for ActiveRecord::Relations; it must be internally doing a
build_arel before passing it to Arel::Attribute#in.
14aa09a
@limhoff-r7 limhoff-r7 Decompose Mdm::Module::Instance#intersecting_platforms_with
MSP-9228

Mdm::Module::Instance.intersecting_platforms will handle searching
Mdm::Platforms, while intersecting_platforms_with will handle searching
module_target and use intersecting_platforms to search the
module_target.platforms in turn.
intersecting_platform_fully_qualified_names will turn those
Mdm::Platform#fully_qualified_names into Mdm::Platforms that are then
passed to intersecting_platform.
1b6eafe
@limhoff-r7 limhoff-r7 Fix scope YARD scope
MSP-9228

Mdm::Module::Instance YARD tags were missing `self.` before the method
name in the `@!method` tags, so the scopes were showing up as instance
methods instead of class methods.
0f1c6b8
@limhoff-r7 limhoff-r7 Bump version
MSP-9228
230aa55
@limhoff-r7 limhoff-r7 referenced this pull request in limhoff-r7/metasploit-framework
Closed

Exploit command #20

limhoff-r7 added some commits
@limhoff-r7 limhoff-r7 Fix compatible_privilege_with
MSP-9228

I wrote the logic as privileged exploit requires a privileged payload,
but it's actually that a privileged payload requires a privileged
exploit, so privileged should only be restricted and to false if the
module_instance (exploit) is unprivileged as it means the exploit won't
be able to give privilege to the payload.
00dd8b0
@limhoff-r7 limhoff-r7 Fix associations being defined before templat is written
MSP-9228

Mdm::Module::Instance associations were not defined prior to writing the
template because the after(:build) for metasploit-model, which wrote the
template, ran before the after(:build) for metasploit_data_models because
trait callbacks run before base callbacks.  This has been worked around
by the after(:build) in metasploit-model 0.21.1 adding a
before_write_template callback to the ignored attributes, which this
commit now uses.
63b6227
@limhoff-r7 limhoff-r7 Fix YARD docs on non_generic_payloads
MSP-9228

Wasn't documented as a class method and was missing return.
d1e115a
@limhoff-r7 limhoff-r7 Port ranked scope to Mdm::Module::Class
MSP-9228

Mdm::Module::Instance.ranked has to join to Mdm::Module::Class to rank
modules anyway, so it makes sense to also create a ranked scope to order
Mdm::Module::Classes directly.
b6055a6
@limhoff-r7 limhoff-r7 Mdm::Module::Class#with_module_instance
MSP-9228

Add scope for converting Mdm::Module::Instance scope to an
Mdm::Module::Class scope as a lot of compatibility checks need to be
performed on Mdm::Module::Instances, but then Mdm::Module::Classes are
used to actually load the code from disk into memory.
1978116
@limhoff-r7 limhoff-r7 Require real handler_types for Mdm::Module::Ancestor
MSP-9228

Mdm::Module::Ancestor#handler_type must now be one of the known handler
types in Metasploit::Model::Module::Handler::TYPES and not just present
for single and stager payloads.
5abc88f
@jvazquez-r7

Not related... but not sure why a loot has been related (belongs_to) to an Exploit Attempt.

Is Mdm::Loot relaed to a loot get while post exploitation :?

limhoff-r7 added some commits
@limhoff-r7 limhoff-r7 Use updated factories
MSP-9228
68c78c8
@limhoff-r7 limhoff-r7 Merge branch 'feature/module-cache-construction' into feature/exploit
MSP-9490

Conflicts:
	Gemfile
	lib/metasploit_data_models/version.rb
	metasploit_data_models.gemspec
f41214b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 3, 2014
  1. @limhoff-r7

    Eager loading

    limhoff-r7 authored
    MSP-9108
    
    Support eager loading to allow Msf::DBManager to eager load
    metasploit-model and metasploit_data_models prior to threading to fix
    loading errors due to threading.
  2. @limhoff-r7

    Mdm::Module::Instance.compatible_payloads_with

    limhoff-r7 authored
    MSP-9228
    
    Move some of the automatic payload choosing logic from
    metasploit-framework into Mdm::Module::Instance to make better use of
    the database cache.
  3. @limhoff-r7

    Fix specs

    limhoff-r7 authored
    MSP-9277
    MSP-9108
Commits on Jan 4, 2014
  1. @limhoff-r7
Commits on Jan 6, 2014
  1. @limhoff-r7

    Mdm::ExploitAttempt#module_class

    limhoff-r7 authored
    MSP-2969
    
    Add Mdm::ExploitAttempt#module_class association and its inverse
    Mdm::Module::Class#exploit_attempts.  This deprecates
    Mdm::ExploitAttempt#module, which has ActiveSupport::Deprecation
    warnings now.
  2. @limhoff-r7

    Deprecate Mdm::ExploitAttempt#port and #proto

    limhoff-r7 authored
    MSP-9283
    
    Mdm::ExploitAttempt#service already holds the Mdm::Service#port and
    Mdm::Service#proto, so there's no need for the #port and #proto on
    Mdm::ExploitAttempt.  Mark them as deprecated for now and later remove
    them.
Commits on Jan 7, 2014
  1. @limhoff-r7

    Fix YARD

    limhoff-r7 authored
    MSP-9285
    
    rake yard was hanging due to the stderr pipe buffer being full while
    stdout was trying to be read from graphviz.  The pipe was full due to
    postscript font name warnings on OS X Mavericks, which can be fixed
    locally using these instructions:
    voormedia/rails-erd#61 (comment).
    Committed changes fix YARD warnings and undocumented objects.
  2. @limhoff-r7

    architecture and platform association for Mdm::Session

    limhoff-r7 authored
    MSP-9285
    
    Mdm::Session#platform is removed as a String attribute in favor of
    Mdm::Session#architecture and Mdm::Session#platform associations to
    Mdm::Architecture and Mdm::Platform, respectively.  The associations are
    validated for presence so that new sessions require them, but the
    foreign key columns are null: true to support legacy sessions.
  3. @limhoff-r7

    Remove obsolete YARD docs

    limhoff-r7 authored
    MSP-9285
  4. @limhoff-r7

    Mdm::Session connects to Mdm::Module::Class

    limhoff-r7 authored
    MSP-3090
    
    Add Mdm::Session#exploit_class and Mdm::Session#payload_class to
    deprecate Mdm::Session#via_exploit and Mdm::Session#via_payload,
    respectively.  Mdm::Module::Class gets #exploit_sessions and
     #payload_sesions for the inverses.
Commits on Jan 8, 2014
  1. @limhoff-r7

    Mdm::VulnAttempt#module_class association

    limhoff-r7 authored
    MSP-2969
    
    Mirror changes to Mdm::ExploitAttempt.
Commits on Jan 10, 2014
  1. @limhoff-r7

    Validations and null: false for Mdm::*Attempts

    limhoff-r7 authored
    MSP-2969
    MSP-9228
Commits on Jan 15, 2014
  1. @limhoff-r7

    Fix payload reference names

    limhoff-r7 authored
    MSP-2878
Commits on Jan 24, 2014
  1. @limhoff-r7
  2. @limhoff-r7

    Fix specs

    limhoff-r7 authored
    MSP-9228
Commits on Jan 30, 2014
  1. @limhoff-r7

    Mdm::Module::Class#non_generic_payloads

    limhoff-r7 authored
    MSP-9228
    
    Allow generic payloads to find non-generic actual payloads.
  2. @limhoff-r7

    Mdm::Module::Instance#intersecting_architecture_abbreviations

    limhoff-r7 authored
    MSP-9228
    
    Allow scopes to use list and/or ActiveRecord::Relations of
    Mdm::Architecture#abbreviations directly for looking up compatible
    actual payloads when the generic payload has a list of architecture
    abbreviations, but not a record with a #architecures association.
  3. @limhoff-r7

    Fix intersecting_architectures_with calling intersecting_architecture…

    limhoff-r7 authored
    …_abbreviations
    
    MSP-9228
    
    I should have speced actual behavior on intersecting_architectures_with:
    AREL isn't able to visit ActiveRecord::Relations, so I needed to pass
    the built AREL to intersecting_architecture_abbreviations.  Passing
    ActiveRecord::Relations only works for the where(column: subselect)
    syntax for ActiveRecord::Relations; it must be internally doing a
    build_arel before passing it to Arel::Attribute#in.
Commits on Jan 31, 2014
  1. @limhoff-r7

    Decompose Mdm::Module::Instance#intersecting_platforms_with

    limhoff-r7 authored
    MSP-9228
    
    Mdm::Module::Instance.intersecting_platforms will handle searching
    Mdm::Platforms, while intersecting_platforms_with will handle searching
    module_target and use intersecting_platforms to search the
    module_target.platforms in turn.
    intersecting_platform_fully_qualified_names will turn those
    Mdm::Platform#fully_qualified_names into Mdm::Platforms that are then
    passed to intersecting_platform.
  2. @limhoff-r7

    Fix scope YARD scope

    limhoff-r7 authored
    MSP-9228
    
    Mdm::Module::Instance YARD tags were missing `self.` before the method
    name in the `@!method` tags, so the scopes were showing up as instance
    methods instead of class methods.
  3. @limhoff-r7

    Bump version

    limhoff-r7 authored
    MSP-9228
Commits on Feb 6, 2014
  1. @limhoff-r7

    Fix compatible_privilege_with

    limhoff-r7 authored
    MSP-9228
    
    I wrote the logic as privileged exploit requires a privileged payload,
    but it's actually that a privileged payload requires a privileged
    exploit, so privileged should only be restricted and to false if the
    module_instance (exploit) is unprivileged as it means the exploit won't
    be able to give privilege to the payload.
Commits on Feb 10, 2014
  1. @limhoff-r7

    Fix associations being defined before templat is written

    limhoff-r7 authored
    MSP-9228
    
    Mdm::Module::Instance associations were not defined prior to writing the
    template because the after(:build) for metasploit-model, which wrote the
    template, ran before the after(:build) for metasploit_data_models because
    trait callbacks run before base callbacks.  This has been worked around
    by the after(:build) in metasploit-model 0.21.1 adding a
    before_write_template callback to the ignored attributes, which this
    commit now uses.
Commits on Feb 11, 2014
  1. @limhoff-r7

    Fix YARD docs on non_generic_payloads

    limhoff-r7 authored
    MSP-9228
    
    Wasn't documented as a class method and was missing return.
  2. @limhoff-r7

    Port ranked scope to Mdm::Module::Class

    limhoff-r7 authored
    MSP-9228
    
    Mdm::Module::Instance.ranked has to join to Mdm::Module::Class to rank
    modules anyway, so it makes sense to also create a ranked scope to order
    Mdm::Module::Classes directly.
  3. @limhoff-r7

    Mdm::Module::Class#with_module_instance

    limhoff-r7 authored
    MSP-9228
    
    Add scope for converting Mdm::Module::Instance scope to an
    Mdm::Module::Class scope as a lot of compatibility checks need to be
    performed on Mdm::Module::Instances, but then Mdm::Module::Classes are
    used to actually load the code from disk into memory.
Commits on Feb 14, 2014
  1. @limhoff-r7

    Require real handler_types for Mdm::Module::Ancestor

    limhoff-r7 authored
    MSP-9228
    
    Mdm::Module::Ancestor#handler_type must now be one of the known handler
    types in Metasploit::Model::Module::Handler::TYPES and not just present
    for single and stager payloads.
Commits on Feb 18, 2014
  1. @limhoff-r7

    Use updated factories

    limhoff-r7 authored
    MSP-9228
Commits on Mar 17, 2014
  1. @limhoff-r7

    Merge branch 'feature/module-cache-construction' into feature/exploit

    limhoff-r7 authored
    MSP-9490
    
    Conflicts:
    	Gemfile
    	lib/metasploit_data_models/version.rb
    	metasploit_data_models.gemspec
Something went wrong with that request. Please try again.