2008-12-02 22:09:34 +00:00
|
|
|
#!/usr/bin/env ruby
|
|
|
|
#
|
2010-05-03 17:13:09 +00:00
|
|
|
# $Id$
|
|
|
|
#
|
2008-12-02 22:09:34 +00:00
|
|
|
# This plugin provides an msf daemon interface that spawns a listener on a
|
2009-01-04 07:25:43 +00:00
|
|
|
# defined port (default 55553) and gives each connecting client its own
|
2008-12-02 22:09:34 +00:00
|
|
|
# console interface. These consoles all share the same framework instance.
|
|
|
|
# Be aware that the console instance that spawns on the port is entirely
|
|
|
|
# unauthenticated, so realize that you have been warned.
|
|
|
|
#
|
2010-05-03 17:13:09 +00:00
|
|
|
# $Revision$
|
|
|
|
#
|
2008-12-02 22:09:34 +00:00
|
|
|
|
|
|
|
require "msf/core/rpc"
|
|
|
|
require "fileutils"
|
|
|
|
|
|
|
|
module Msf
|
|
|
|
|
|
|
|
###
|
|
|
|
#
|
|
|
|
# This class implements the msfd plugin interface.
|
|
|
|
#
|
|
|
|
###
|
|
|
|
class Plugin::XMLRPC < Msf::Plugin
|
|
|
|
|
|
|
|
#
|
|
|
|
# The default local hostname that the server listens on.
|
|
|
|
#
|
|
|
|
DefaultHost = "127.0.0.1"
|
|
|
|
|
|
|
|
#
|
|
|
|
# The default local port that the server listens on.
|
|
|
|
#
|
|
|
|
DefaultPort = 55553
|
|
|
|
|
|
|
|
#
|
|
|
|
# ServerPort
|
|
|
|
#
|
2009-01-04 07:25:43 +00:00
|
|
|
# The local port to listen on for connections. The default is 55553
|
2008-12-02 22:09:34 +00:00
|
|
|
#
|
|
|
|
def initialize(framework, opts)
|
|
|
|
super
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2008-12-02 22:09:34 +00:00
|
|
|
host = opts['ServerHost'] || DefaultHost
|
|
|
|
port = opts['ServerPort'] || DefaultPort
|
|
|
|
ssl = (opts['SSL'] and opts['SSL'].to_s =~ /^[ty]/i) ? true : false
|
|
|
|
cert = opts['SSLCert']
|
|
|
|
ckey = opts['SSLKey']
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2008-12-02 22:09:34 +00:00
|
|
|
user = opts['User'] || "msf"
|
|
|
|
pass = opts['Pass'] || ::Rex::Text.rand_text_alphanumeric(8)
|
2009-12-02 00:00:11 +00:00
|
|
|
type = opts['ServerType'] || "Basic"
|
|
|
|
uri = opts['URI'] || "/RPC2"
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2010-07-21 22:37:26 +00:00
|
|
|
print_status("XMLRPC Service: #{host}:#{port} #{ssl ? " (SSL)" : ""}")
|
2008-12-02 22:09:34 +00:00
|
|
|
print_status("XMLRPC Username: #{user}")
|
|
|
|
print_status("XMLRPC Password: #{pass}")
|
2009-12-02 00:00:11 +00:00
|
|
|
print_status("XMLRPC Server Type: #{type}")
|
2008-12-02 22:09:34 +00:00
|
|
|
|
|
|
|
@users = [ [user,pass] ]
|
2011-05-20 06:14:22 +00:00
|
|
|
if(type =~ /Web/i)
|
2009-12-02 00:00:11 +00:00
|
|
|
print_status("XMLRPC Web URI: #{uri}")
|
|
|
|
self.server = ::Msf::RPC::WebService.new(port,host,uri)
|
2011-05-20 06:14:22 +00:00
|
|
|
elsif(type =~ /Basic/i)
|
2009-12-02 00:00:11 +00:00
|
|
|
self.server = ::Msf::RPC::Service.new(host,port,ssl,cert,ckey)
|
|
|
|
else
|
2011-05-20 06:14:22 +00:00
|
|
|
print_status("Invalid server type #{type}, please choose Web or Basic")
|
2009-12-02 00:00:11 +00:00
|
|
|
end
|
2008-12-02 22:09:34 +00:00
|
|
|
|
|
|
|
# If the run in foreground flag is not specified, then go ahead and fire
|
|
|
|
# it off in a worker thread.
|
|
|
|
if (opts['RunInForeground'] != true)
|
2010-07-21 22:37:26 +00:00
|
|
|
# Store a handle to the thread so we can kill it during
|
|
|
|
# cleanup when we get unloaded.
|
|
|
|
self.thread = Thread.new {
|
2008-12-02 22:09:34 +00:00
|
|
|
run
|
|
|
|
}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Returns 'xmlrpc'
|
|
|
|
#
|
|
|
|
def name
|
|
|
|
"xmlrpc"
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Returns the plugin description.
|
|
|
|
#
|
|
|
|
def desc
|
|
|
|
"Provides a XMLRPC interface over a listening TCP port."
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# The meat of the plugin, sets up handlers for requests
|
2010-05-03 17:13:09 +00:00
|
|
|
#
|
2008-12-02 22:09:34 +00:00
|
|
|
def run
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2008-12-02 22:09:34 +00:00
|
|
|
# Initialize the list of authenticated sessions
|
|
|
|
@tokens = {}
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2010-07-20 20:36:09 +00:00
|
|
|
args = [framework,@tokens,@users]
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2008-12-02 22:09:34 +00:00
|
|
|
# Add handlers for every class
|
2010-05-03 17:13:09 +00:00
|
|
|
self.server.add_handler(::XMLRPC::iPIMethods("auth"),
|
2008-12-02 22:09:34 +00:00
|
|
|
::Msf::RPC::Auth.new(*args)
|
|
|
|
)
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2010-07-21 22:37:26 +00:00
|
|
|
# Note the extra argument for core as compared to the other
|
|
|
|
# handlers. This allows rpc clients access to the plugin so
|
|
|
|
# they can shutdown the server.
|
|
|
|
core_args = args + [self]
|
2010-05-03 17:13:09 +00:00
|
|
|
self.server.add_handler(::XMLRPC::iPIMethods("core"),
|
2010-07-21 22:37:26 +00:00
|
|
|
::Msf::RPC::Core.new(*core_args)
|
2008-12-02 22:09:34 +00:00
|
|
|
)
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2008-12-02 22:09:34 +00:00
|
|
|
self.server.add_handler(::XMLRPC::iPIMethods("session"),
|
|
|
|
::Msf::RPC::Session.new(*args)
|
|
|
|
)
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2008-12-02 22:09:34 +00:00
|
|
|
self.server.add_handler(::XMLRPC::iPIMethods("job"),
|
|
|
|
::Msf::RPC::Job.new(*args)
|
|
|
|
)
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2008-12-02 22:09:34 +00:00
|
|
|
self.server.add_handler(::XMLRPC::iPIMethods("module"),
|
|
|
|
::Msf::RPC::Module.new(*args)
|
|
|
|
)
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2010-08-17 22:53:05 +00:00
|
|
|
self.server.add_handler(::XMLRPC::iPIMethods("console"),
|
|
|
|
::Msf::RPC::Console.new(*args)
|
|
|
|
)
|
|
|
|
|
2010-08-18 21:26:26 +00:00
|
|
|
self.server.add_handler(::XMLRPC::iPIMethods("db"),
|
|
|
|
::Msf::RPC::Db.new(*args)
|
|
|
|
)
|
2010-08-28 18:21:17 +00:00
|
|
|
|
|
|
|
self.server.add_handler(::XMLRPC::iPIMethods("plugin"),
|
|
|
|
::Msf::RPC::Plugin.new(*args)
|
|
|
|
)
|
|
|
|
|
2010-05-03 17:13:09 +00:00
|
|
|
# Set the default/catch-all handler
|
2008-12-02 22:09:34 +00:00
|
|
|
self.server.set_default_handler do |name, *args|
|
|
|
|
raise ::XMLRPC::FaultException.new(-99, "Method #{name} missing or wrong number of parameters!")
|
|
|
|
end
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2008-12-02 22:09:34 +00:00
|
|
|
# Start the actual service
|
|
|
|
self.server.start
|
2010-05-03 17:13:09 +00:00
|
|
|
|
2008-12-02 22:09:34 +00:00
|
|
|
# Wait for the service to complete
|
|
|
|
self.server.wait
|
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# Closes the listener service.
|
|
|
|
#
|
|
|
|
def cleanup
|
|
|
|
self.server.stop if self.server
|
2010-07-21 22:37:26 +00:00
|
|
|
self.thread.kill if self.thread
|
2008-12-02 22:09:34 +00:00
|
|
|
self.server = nil
|
2010-07-21 22:37:26 +00:00
|
|
|
super
|
|
|
|
end
|
|
|
|
|
|
|
|
def stop_rpc
|
|
|
|
print_line
|
|
|
|
print_status("XMLRPC Client requested server stop")
|
|
|
|
# Plugins aren't really meant to be able to unload themselves, so this
|
|
|
|
# is a bit of a corner case. Unloading ourselves ends up killing the
|
|
|
|
# thread that's doing the unloading so we need to fire off the unload
|
|
|
|
# in a seperate one.
|
|
|
|
Thread.new {
|
|
|
|
framework.plugins.unload(self)
|
|
|
|
}
|
|
|
|
nil
|
2008-12-02 22:09:34 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
#
|
|
|
|
# The XMLRPC instance.
|
|
|
|
#
|
|
|
|
attr_accessor :server
|
2010-07-21 22:37:26 +00:00
|
|
|
attr_accessor :thread
|
2011-01-10 02:21:22 +00:00
|
|
|
attr_accessor :users
|
|
|
|
attr_accessor :tokens
|
2010-07-20 20:36:09 +00:00
|
|
|
|
2008-12-02 22:09:34 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
end
|
2010-08-17 22:53:05 +00:00
|
|
|
|