infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/lib/msf/core/framework.rb

534 lines
13 KiB
Ruby
Raw Normal View History

Mark all libraries as defaulting to 8-bit strings
2012-06-29 05:18:28 +00:00
# -*- coding: binary -*-
Use MonitorMixing in Msf::Framework MSP-11605 To get access to `#synchronize` for thread-safe lazy initialization.
2014-11-13 17:11:34 +00:00
#
# Standard Library
#
require 'monitor'
#
# Project
#
Gem version MSP-9653 Move version information to standard location for gems.
2014-06-02 17:54:46 +00:00
require 'metasploit/framework/version'
use and include git hash of Framework as part of the version Because we do not always update the version number, multiple releases have shown version string, which is not useful for helping debug issues, or for knowing what features are enabled. This adds the git hash or reads from a file a copy of the git hash (useful for doing packaged builds without git) so that it is clear the origin of a particular metasploit-framework version.
2015-07-02 20:30:58 +00:00
require 'msf/base/config'
mass require moving of /lib git-svn-id: file:///home/svn/incoming/trunk@2690 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-09 21:18:49 +00:00
require 'msf/core'
Parse SVN information and warns folks with out of date installations git-svn-id: file:///home/svn/framework3/trunk@7415 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-09 01:50:44 +00:00
require 'msf/util'
moved shit around again git-svn-id: file:///home/svn/incoming/trunk@2498 4d416f70-5f16-0410-b530-b9f4589650da
2005-05-21 17:57:00 +00:00
module Msf
###
#
# This class is the primary context that modules, scripts, and user
# interfaces interact with. It ties everything together.
#
###
class Framework
Use MonitorMixing in Msf::Framework MSP-11605 To get access to `#synchronize` for thread-safe lazy initialization.
2014-11-13 17:11:34 +00:00
include MonitorMixin
lots of changes, making the simple wrapper better, lots of improvements git-svn-id: file:///home/svn/incoming/trunk@2750 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-14 06:34:58 +00:00
Retab lib
2013-08-30 21:28:33 +00:00
#
# Versioning information
#
Gem version MSP-9653 Move version information to standard location for gems.
2014-06-02 17:54:46 +00:00
Major = Metasploit::Framework::Version::MAJOR
Minor = Metasploit::Framework::Version::MINOR
Point = Metasploit::Framework::Version::PATCH
Release = "-#{Metasploit::Framework::Version::PRERELEASE}"
use and include git hash of Framework as part of the version Because we do not always update the version number, multiple releases have shown version string, which is not useful for helping debug issues, or for knowing what features are enabled. This adds the git hash or reads from a file a copy of the git hash (useful for doing packaged builds without git) so that it is clear the origin of a particular metasploit-framework version.
2015-07-02 20:30:58 +00:00
Version = Metasploit::Framework::VERSION
Retab lib
2013-08-30 21:28:33 +00:00
Revision = "$Revision$"
# EICAR canary
EICARCorrupted = ::Msf::Util::EXE.is_eicar_corrupted?
#
# Mixin meant to be included into all classes that can have instances that
# should be tied to the framework, such as modules.
#
module Offspring
#
# A reference to the framework instance from which this offspring was
# derived.
#
attr_accessor :framework
end
require 'msf/core/thread_manager'
require 'msf/core/module_manager'
require 'msf/core/session_manager'
require 'msf/core/plugin_manager'
Pass 1: externalize database
2017-07-07 18:33:42 +00:00
require 'metasploit/framework/data_service/proxy/core'
Retab lib
2013-08-30 21:28:33 +00:00
require 'msf/core/event_dispatcher'
Add framework.uuid_db as a JSONHashFile
2015-05-20 05:28:32 +00:00
require 'rex/json_hash_file'
Require msf/core/cert_provider in framework.rb Add an explicit require for the new cert_provider in framework.rb in case it has not yet been loaded. This should address the Travis failure on initial PR, although the gem version in socket has not been updated, so this might take a bit to propagate. In the end, if the dependency already gives us this functionality by the time we call Rex::Socket::Ssl then this commit can safely be dropped
2017-12-29 06:35:23 +00:00
require 'msf/core/cert_provider'
Retab lib
2013-08-30 21:28:33 +00:00
#
# Creates an instance of the framework context.
#
Store Msf::Framework#initialize options MSP-11605 Store options `Hash` passed to `Msf::Framework#new` in `#options` so that lazily initialized children, such as DBManager, have access to those options.
2014-11-13 19:23:17 +00:00
def initialize(options={})
self.options = options
Use MonitorMixing in Msf::Framework MSP-11605 To get access to `#synchronize` for thread-safe lazy initialization.
2014-11-13 17:11:34 +00:00
# call super to initialize MonitorMixin. #synchronize won't work without this.
super()
Retab lib
2013-08-30 21:28:33 +00:00
# Allow specific module types to be loaded
Store Msf::Framework#initialize options MSP-11605 Store options `Hash` passed to `Msf::Framework#new` in `#options` so that lazily initialized children, such as DBManager, have access to those options.
2014-11-13 19:23:17 +00:00
types = options[:module_types] || Msf::MODULE_TYPES
Retab lib
2013-08-30 21:28:33 +00:00
self.events = EventDispatcher.new(self)
self.modules = ModuleManager.new(self,types)
self.datastore = DataStore.new
self.jobs = Rex::JobContainer.new
self.plugins = PluginManager.new(self)
Add framework.uuid_db as a JSONHashFile
2015-05-20 05:28:32 +00:00
self.uuid_db = Rex::JSONHashFile.new(::File.join(Msf::Config.config_directory, "payloads.json"))
Rework browser profiles, get back to functional mode
2015-07-02 19:58:43 +00:00
self.browser_profiles = Hash.new
Retab lib
2013-08-30 21:28:33 +00:00
# Configure the thread factory
Wrap Msf::Framework#threads in Metasploit::Framework::ThreadFactoryProvider MSP-11605 `Rex::ThreadFactory.provider` needs to be set in `Msf::Framework#initialize`, but setting it directly to `Msf::Framework#threads` eliminates the laziness of `Msf::Framework#threads`. In order keep `framework.threads` lazy, `framework` is wrapped in a `Metasploit::Framework::ThreadFactoryProvider`, which responds to `spawn`, which is needed by `Rex::ThreadFactory`, by calling `framework.threads.spawn`, which lazily initialized `framework.threads` when the first thread needs to be spawned.
2014-11-13 20:08:26 +00:00
Rex::ThreadFactory.provider = Metasploit::Framework::ThreadFactoryProvider.new(framework: self)
Retab lib
2013-08-30 21:28:33 +00:00
Update TLS certificate generation routines Msf relies on Rex::Socket to create TLS certificates for services hosted in the framework and used by some payloads. These certs are flagged by NIDS - snort sid 1-34864 and such. Now that Rex::Socket can accept a @@cert_provider from the Msf namespace, a more robust generation routine can be used by all TLS socket services, provided down from Msf to Rex, using dependencies which Rex does not include. This work adds the faker gem into runtime dependencies, creates an Msf::Exploit::Remote::Ssl::CertProvider namespace, and provides API compatible method invocations with the Rex version, but able to generate higher entropy certs with more variables, options, etc. This should reduce the hit rate against NIDS on the wire, reducing pesky blue team interference until we slip up some other way. Also, with the ability to generate different cert types, we may want to look at extending this effort to probide a more comprehensive key oracle to Framework and consumers. Testing: None yet, internal tests pending. Travis should fail as this requires rex-socket #8.
2017-12-29 02:00:03 +00:00
# Configure the SSL certificate generator
Require msf/core/cert_provider in framework.rb Add an explicit require for the new cert_provider in framework.rb in case it has not yet been loaded. This should address the Travis failure on initial PR, although the gem version in socket has not been updated, so this might take a bit to propagate. In the end, if the dependency already gives us this functionality by the time we call Rex::Socket::Ssl then this commit can safely be dropped
2017-12-29 06:35:23 +00:00
Rex::Socket::Ssl.cert_provider = Msf::Ssl::CertProvider
Update TLS certificate generation routines Msf relies on Rex::Socket to create TLS certificates for services hosted in the framework and used by some payloads. These certs are flagged by NIDS - snort sid 1-34864 and such. Now that Rex::Socket can accept a @@cert_provider from the Msf namespace, a more robust generation routine can be used by all TLS socket services, provided down from Msf to Rex, using dependencies which Rex does not include. This work adds the faker gem into runtime dependencies, creates an Msf::Exploit::Remote::Ssl::CertProvider namespace, and provides API compatible method invocations with the Rex version, but able to generate higher entropy certs with more variables, options, etc. This should reduce the hit rate against NIDS on the wire, reducing pesky blue team interference until we slip up some other way. Also, with the ability to generate different cert types, we may want to look at extending this effort to probide a more comprehensive key oracle to Framework and consumers. Testing: None yet, internal tests pending. Travis should fail as this requires rex-socket #8.
2017-12-29 02:00:03 +00:00
Retab lib
2013-08-30 21:28:33 +00:00
subscriber = FrameworkEventSubscriber.new(self)
events.add_exploit_subscriber(subscriber)
events.add_session_subscriber(subscriber)
events.add_general_subscriber(subscriber)
events.add_db_subscriber(subscriber)
events.add_ui_subscriber(subscriber)
end
def inspect
"#<Framework (#{sessions.length} sessions, #{jobs.length} jobs, #{plugins.length} plugins#{db.active ? ", #{db.driver} database active" : ""})>"
end
#
# Returns the module set for encoders.
#
def encoders
return modules.encoders
end
#
# Returns the module set for exploits.
#
def exploits
return modules.exploits
end
#
# Returns the module set for nops
#
def nops
return modules.nops
end
#
# Returns the module set for payloads
#
def payloads
return modules.payloads
end
#
# Returns the module set for auxiliary modules
#
def auxiliary
return modules.auxiliary
end
#
# Returns the module set for post modules
#
def post
return modules.post
end
#
# Returns the framework version in Major.Minor format.
#
def version
Version
end
#
# Event management interface for registering event handler subscribers and
# for interacting with the correlation engine.
#
attr_reader :events
#
# Module manager that contains information about all loaded modules,
# regardless of type.
#
attr_reader :modules
#
# The global framework datastore that can be used by modules.
#
attr_reader :datastore
#
# The framework instance's aux manager. The aux manager is responsible
Fix grammer in comments
2015-04-13 08:21:41 +00:00
# for collecting and cataloging all aux information that comes in from
Retab lib
2013-08-30 21:28:33 +00:00
# aux modules.
#
attr_reader :auxmgr
#
# Background job management specific to things spawned from this instance
# of the framework.
#
attr_reader :jobs
#
# The framework instance's plugin manager. The plugin manager is
# responsible for exposing an interface that allows for the loading and
# unloading of plugins.
#
attr_reader :plugins
Add framework.uuid_db as a JSONHashFile
2015-05-20 05:28:32 +00:00
#
# The framework instance's payload uuid database. The payload uuid
# database is used to record and match the unique ID values embedded
# into generated payloads.
#
attr_reader :uuid_db
Rework browser profiles, get back to functional mode
2015-07-02 19:58:43 +00:00
#
# The framework instance's browser profile store. These profiles are
# generated by client-side modules and need to be shared across
# different contexts.
#
attr_reader :browser_profiles
Thread-safe lazy Msf::Framework#db MSP-11605 Switch `Msf:Framework#db` from being set in `#initialize` to a custom method that uses `||=` to lazily initialize the `Msf::DBManager` inside a `synchronize` block to make it thread safe.
2014-11-13 19:38:53 +00:00
Retab lib
2013-08-30 21:28:33 +00:00
#
Pass 1: externalize database
2017-07-07 18:33:42 +00:00
# The framework instance's data service proxy
#
# @return [Metasploit::Framework::DataService::DataProxy]
Thread-safe lazy Msf::Framework#db MSP-11605 Switch `Msf:Framework#db` from being set in `#initialize` to a custom method that uses `||=` to lazily initialize the `Msf::DBManager` inside a `synchronize` block to make it thread safe.
2014-11-13 19:38:53 +00:00
def db
synchronize {
Fix all failing rspec for goliath
2018-01-19 21:16:19 +00:00
@db ||= get_db
Thread-safe lazy Msf::Framework#db MSP-11605 Switch `Msf:Framework#db` from being set in `#initialize` to a custom method that uses `||=` to lazily initialize the `Msf::DBManager` inside a `synchronize` block to make it thread safe.
2014-11-13 19:38:53 +00:00
}
end
Thread-safe lazy Msf::Framework#threads MSP-11605 Switch Msf::Framework#threads to a custom method that uses `||=` to lazily initialize the `Msf::ThreadManager` inside a `synchronize` block to make it thread safe.
2014-11-13 17:12:43 +00:00
Thread-safe lazy Msf::Framework#sessions MSP-11605 Switch `Msf::Framework#sessions` from being set in `#initialize` to a custom method that uses `||=` to lazily initialize the `Msf::SessionManager` inside a `synchronize` block to make it thread safe.
2014-11-13 19:17:57 +00:00
# Session manager that tracks sessions associated with this framework
# instance over the course of their lifetime.
#
# @return [Msf::SessionManager]
def sessions
synchronize {
@sessions ||= Msf::SessionManager.new(self)
}
end
Retab lib
2013-08-30 21:28:33 +00:00
# The framework instance's thread manager. The thread manager
# provides a cleaner way to manage spawned threads
#
Thread-safe lazy Msf::Framework#threads MSP-11605 Switch Msf::Framework#threads to a custom method that uses `||=` to lazily initialize the `Msf::ThreadManager` inside a `synchronize` block to make it thread safe.
2014-11-13 17:12:43 +00:00
# @return [Msf::ThreadManager]
def threads
synchronize {
@threads ||= Msf::ThreadManager.new(self)
}
end
big commit for converting meterpreter scripts to modules, see #3377. also fixes payload tab-completion and 'show payloads' after TARGET has changed git-svn-id: file:///home/svn/framework3/trunk@11421 4d416f70-5f16-0410-b530-b9f4589650da
2010-12-27 17:46:42 +00:00
Msf::Framework#threads? MSP-11605 `Msf::Framework#threads?` returns whether `Msf::Framework#threads` was ever initialized. If `Msf::Framework#threads?` is true, then threads need to be cleaned up, while if it is false then no threads need to be cleaned up from the current framework.
2014-11-13 20:21:35 +00:00
# Whether {#threads} has been initialized
#
# @return [true] if {#threads} has been initialized
# @return [false] otherwise
def threads?
synchronize {
instance_variable_defined? :@threads
}
end
Clean up metadata store logic
2017-11-17 18:42:19 +00:00
# TODO: Anything still using this should be ported to use metadata::cache search
pass loggger conditionally to common search function
2017-07-03 21:22:47 +00:00
def search(match, logger: nil)
add a framework-wide search method
2017-06-24 20:09:32 +00:00
# Do an in-place search
matches = []
export module.search command
2017-06-24 20:50:37 +00:00
[ self.exploits, self.auxiliary, self.post, self.payloads, self.nops, self.encoders ].each do |mset|
add a framework-wide search method
2017-06-24 20:09:32 +00:00
mset.each do |m|
begin
o = mset.create(m[0])
if o && !o.search_filter(match)
matches << o
end
rescue
end
end
end
matches
end
moved shit around again git-svn-id: file:///home/svn/incoming/trunk@2498 4d416f70-5f16-0410-b530-b9f4589650da
2005-05-21 17:57:00 +00:00
protected
Store Msf::Framework#initialize options MSP-11605 Store options `Hash` passed to `Msf::Framework#new` in `#options` so that lazily initialized children, such as DBManager, have access to those options.
2014-11-13 19:23:17 +00:00
# @!attribute options
# Options passed to {#initialize}
#
# @return [Hash]
attr_accessor :options
Retab lib
2013-08-30 21:28:33 +00:00
attr_writer :events # :nodoc:
attr_writer :modules # :nodoc:
attr_writer :datastore # :nodoc:
attr_writer :auxmgr # :nodoc:
attr_writer :jobs # :nodoc:
attr_writer :plugins # :nodoc:
attr_writer :db # :nodoc:
Add framework.uuid_db as a JSONHashFile
2015-05-20 05:28:32 +00:00
attr_writer :uuid_db # :nodoc:
Rework browser profiles, get back to functional mode
2015-07-02 19:58:43 +00:00
attr_writer :browser_profiles # :nodoc:
Fix all failing rspec for goliath
2018-01-19 21:16:19 +00:00
private
def get_db
Fix DB initialization with no database YAML
2018-04-10 22:31:02 +00:00
unless options['DisableDatabase']
Fix all failing rspec for goliath
2018-01-19 21:16:19 +00:00
db_manager = Msf::DBManager.new(self)
options[:db_manager] = db_manager
Fix DB initialization with no database YAML
2018-04-10 22:31:02 +00:00
unless options['SkipDatabaseInit']
db_manager.init_db(options)
end
Fix all failing rspec for goliath
2018-01-19 21:16:19 +00:00
end
Metasploit::Framework::DataService::DataProxy.new(options)
end
moved shit around again git-svn-id: file:///home/svn/incoming/trunk@2498 4d416f70-5f16-0410-b530-b9f4589650da
2005-05-21 17:57:00 +00:00
end
save events to the database. fixes 618 git-svn-id: file:///home/svn/framework3/trunk@8126 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 00:32:48 +00:00
class FrameworkEventSubscriber
Retab lib
2013-08-30 21:28:33 +00:00
include Framework::Offspring
def initialize(framework)
self.framework = framework
end
def report_event(data)
if framework.db.active
framework.db.report_event(data)
end
end
include GeneralEventSubscriber
#
# Generic handler for module events
#
def module_event(name, instance, opts={})
if framework.db.active
event = {
:workspace => framework.db.find_workspace(instance.workspace),
:name => name,
:username => instance.owner,
:info => {
:module_name => instance.fullname,
:module_uuid => instance.uuid
}.merge(opts)
}
report_event(event)
end
end
##
# :category: ::Msf::GeneralEventSubscriber implementors
def on_module_run(instance)
opts = { :datastore => instance.datastore.to_h }
module_event('module_run', instance, opts)
end
##
# :category: ::Msf::GeneralEventSubscriber implementors
def on_module_complete(instance)
module_event('module_complete', instance)
end
##
# :category: ::Msf::GeneralEventSubscriber implementors
def on_module_error(instance, exception=nil)
module_event('module_error', instance, :exception => exception.to_s)
end
include ::Msf::UiEventSubscriber
##
More general cleanup including is_local db check
2017-10-16 22:07:26 +00:00
# :category: ::Msf::UiEventSubscriber implementors
Retab lib
2013-08-30 21:28:33 +00:00
def on_ui_command(command)
More general cleanup including is_local db check
2017-10-16 22:07:26 +00:00
if (framework.db and framework.db.active)
report_event(:name => "ui_command", :info => {:command => command})
end
Retab lib
2013-08-30 21:28:33 +00:00
end
##
# :category: ::Msf::UiEventSubscriber implementors
def on_ui_stop()
More general cleanup including is_local db check
2017-10-16 22:07:26 +00:00
if (framework.db and framework.db.active)
report_event(:name => "ui_stop")
end
Retab lib
2013-08-30 21:28:33 +00:00
end
##
# :category: ::Msf::UiEventSubscriber implementors
def on_ui_start(rev)
#
# The database is not active at startup time unless msfconsole was
# started with a database.yml, so this event won't always be saved to
# the db. Not great, but best we can do.
#
info = { :revision => rev }
report_event(:name => "ui_start", :info => info)
end
require 'msf/core/session'
include ::Msf::SessionEvent
#
# Generic handler for session events
#
def session_event(name, session, opts={})
address = session.session_host
if not (address and address.length > 0)
elog("Session with no session_host/target_host/tunnel_peer")
dlog("#{session.inspect}", LEV_3)
return
end
if framework.db.active
ws = framework.db.find_workspace(session.workspace)
event = {
:workspace => ws,
:username => session.username,
:name => name,
:host => address,
:info => {
:session_id => session.sid,
:session_info => session.info,
:session_uuid => session.uuid,
:session_type => session.type,
:username => session.username,
:target_host => address,
:via_exploit => session.via_exploit,
:via_payload => session.via_payload,
:tunnel_peer => session.tunnel_peer,
:exploit_uuid => session.exploit_uuid
}.merge(opts)
}
report_event(event)
end
end
##
# :category: ::Msf::SessionEvent implementors
def on_session_open(session)
opts = { :datastore => session.exploit_datastore.to_h, :critical => true }
session_event('session_open', session, opts)
framework.db.report_session(:session => session)
end
##
# :category: ::Msf::SessionEvent implementors
def on_session_upload(session, lpath, rpath)
session_event('session_upload', session, :local_path => lpath, :remote_path => rpath)
framework.db.report_session_event({
:etype => 'upload',
:session => session,
:local_path => lpath,
:remote_path => rpath
})
end
##
# :category: ::Msf::SessionEvent implementors
def on_session_download(session, rpath, lpath)
session_event('session_download', session, :local_path => lpath, :remote_path => rpath)
framework.db.report_session_event({
:etype => 'download',
:session => session,
:local_path => lpath,
:remote_path => rpath
})
end
##
# :category: ::Msf::SessionEvent implementors
def on_session_close(session, reason='')
session_event('session_close', session)
if session.db_record
# Don't bother saving here, the session's cleanup method will take
# care of that later.
session.db_record.close_reason = reason
session.db_record.closed_at = Time.now.utc
end
end
#def on_session_interact(session)
# $stdout.puts('session_interact', session.inspect)
#end
##
# :category: ::Msf::SessionEvent implementors
def on_session_command(session, command)
session_event('session_command', session, :command => command)
framework.db.report_session_event({
:etype => 'command',
:session => session,
:command => command
})
end
##
# :category: ::Msf::SessionEvent implementors
def on_session_output(session, output)
# Break up the output into chunks that will fit into the database.
buff = output.dup
chunks = []
if buff.length > 1024
while buff.length > 0
chunks << buff.slice!(0,1024)
end
else
chunks << buff
end
chunks.each { |chunk|
session_event('session_output', session, :output => chunk)
framework.db.report_session_event({
:etype => 'output',
:session => session,
:output => chunk
})
}
end
##
# :category: ::Msf::SessionEvent implementors
def on_session_route(session, route)
framework.db.report_session_route(session, route)
end
##
# :category: ::Msf::SessionEvent implementors
def on_session_route_remove(session, route)
framework.db.report_session_route_remove(session, route)
end
##
# :category: ::Msf::SessionEvent implementors
def on_session_script_run(session, script)
framework.db.report_session_event({
:etype => 'script_run',
:session => session,
:local_path => script
})
end
##
# :category: ::Msf::SessionEvent implementors
def on_session_module_run(session, mod)
framework.db.report_session_event({
:etype => 'module_run',
:session => session,
:local_path => mod.fullname
})
end
#
# This is covered by on_module_run and on_session_open, so don't bother
#
#require 'msf/core/exploit'
#include ExploitEvent
#def on_exploit_success(exploit, session)
#end
save events to the database. fixes 618 git-svn-id: file:///home/svn/framework3/trunk@8126 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-15 00:32:48 +00:00
end
All bugs closed git-svn-id: file:///home/svn/framework3/trunk@5874 4d416f70-5f16-0410-b530-b9f4589650da
2008-11-10 22:15:23 +00:00
end
Parse SVN information and warns folks with out of date installations git-svn-id: file:///home/svn/framework3/trunk@7415 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-09 01:50:44 +00:00