convert first stage to os_family

added the new os-family column to Host
so now we use that as our first stage filter
for targets

MS-2325

Gemfile

@@ -3,6 +3,7 @@ source 'https://rubygems.org'
 #   spec.add_runtime_dependency '<name>', [<version requirements>]
 gemspec name: 'metasploit-framework'
 
+gem 'metasploit_data_models', path: '/Users/dmaloney/rapid7/metasploit_data_models'
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
   # code coverage for tests

Gemfile.lock

@@ -60,6 +60,20 @@ PATH
       tzinfo-data
       windows_error
 
+PATH
+  remote: /Users/dmaloney/rapid7/metasploit_data_models
+  specs:
+    metasploit_data_models (2.0.11)
+      activerecord (~> 4.2.6)
+      activesupport (~> 4.2.6)
+      arel-helpers
+      metasploit-concern
+      metasploit-model
+      pg
+      postgres_ext
+      railties (~> 4.2.6)
+      recog (~> 2.0)
+
 GEM
   remote: https://rubygems.org/
   specs:
@@ -169,17 +183,7 @@ GEM
       activemodel (~> 4.2.6)
       activesupport (~> 4.2.6)
       railties (~> 4.2.6)
-    metasploit-payloads (1.2.6)
-    metasploit_data_models (2.0.10)
-      activerecord (~> 4.2.6)
-      activesupport (~> 4.2.6)
-      arel-helpers
-      metasploit-concern
-      metasploit-model
-      pg
-      postgres_ext
-      railties (~> 4.2.6)
-      recog (~> 2.0)
+    metasploit-payloads (1.2.4)
     metasploit_payloads-mettle (0.1.4)
     method_source (0.8.2)
     mime-types (3.1)
@@ -337,6 +341,7 @@ DEPENDENCIES
   factory_girl_rails
   fivemat
   metasploit-framework!
+  metasploit_data_models!
   octokit (~> 4.0)
   pry
   rake

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20161107203710) do
+ActiveRecord::Schema.define(version: 20161227212223) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -177,6 +177,7 @@ ActiveRecord::Schema.define(version: 20161107203710) do
     t.integer  "exploit_attempt_count",               default: 0
     t.integer  "cred_count",                          default: 0
     t.string   "detected_arch"
+    t.string   "os_family"
   end
 
   add_index "hosts", ["name"], name: "index_hosts_on_name", using: :btree

lib/msf/core/db_manager/host.rb

@@ -181,6 +181,16 @@ module Msf::DBManager::Host
       opts[:name] = opts[:name][0,255]
     end
 
+    if opts[:os_name]
+      os_name, os_flavor = split_windows_os_name(opts[:os_name])
+      opts[:os_name] = os_name if os_name.present?
+      if opts[:os_flavor].present?
+        opts[:os_flavor] = os_flavor + opts[:os_flavor]
+      else
+        opts[:os_flavor] = os_flavor
+      end
+    end
+
     opts.each { |k,v|
       if (host.attribute_names.include?(k.to_s))
         unless host.attribute_locked?(k.to_s)
@@ -213,6 +223,13 @@ module Msf::DBManager::Host
   }
   end
 
+  def split_windows_os_name(os_name)
+    return [] if os_name.nil?
+    flavor_match = os_name.match(/Windows\s+(.*)/)
+    return [] if flavor_match.nil?
+    ["Windows", flavor_match.captures.first]
+  end
+
   #
   # Update a host's attributes via semi-standardized sysinfo hash (Meterpreter)
   #
@@ -273,7 +290,8 @@ module Msf::DBManager::Host
     end
 
     if info['OS'] =~ /^Windows\s*([^\(]+)\(([^\)]+)\)/i
-      res[:os_name]   = "Windows #{$1.strip}"
+      res[:os_name]   = "Windows"
+      res[:os_flavor] = $1.strip
       build = $2.strip
 
       if build =~ /Service Pack (\d+)/

lib/msf/core/exploit/auto_target.rb

@@ -26,10 +26,10 @@ module Msf
       current_workspace.hosts.where(address: rhost).first
     end
 
-    def filter_by_os_name(host_record)
-      return [] if host_record.os_name.blank?
+    def filter_by_os_family(host_record)
+      return [] if host_record.os_family.blank?
       filtered_targets = targets.collect do |target|
-        if target.name =~ /#{host_record.os_name}/
+        if target.name =~ /#{host_record.os_family}/
           target
         else
           nil

spec/lib/msf/core/exploit/auto_target_spec.rb

@@ -61,20 +61,20 @@ RSpec.describe Msf::Exploit::AutoTarget do
     end
   end
 
-  context 'filtering by OS name' do
-    let(:windows_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_name: 'Windows' ) }
-    let(:unknown_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_name: nil ) }
+  context 'filtering by OS family' do
+    let(:windows_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_family: 'Windows' ) }
+    let(:unknown_host) { FactoryGirl.create(:mdm_host, address: '192.168.172.150', os_family: nil ) }
 
     it 'should return an array of all matching targets' do
-      expect(windows_exploit.filter_by_os_name(windows_host).count).to eq 4
+      expect(windows_exploit.filter_by_os_family(windows_host).count).to eq 4
     end
 
     it 'should return an empty array if there are no matches' do
-      expect(linux_exploit.filter_by_os_name(windows_host).count).to eq 0
+      expect(linux_exploit.filter_by_os_family(windows_host).count).to eq 0
     end
 
     it 'should return nil if the os is unkown on the host' do
-      expect(windows_exploit.filter_by_os_name(unknown_host).count).to eq 0
+      expect(windows_exploit.filter_by_os_family(unknown_host).count).to eq 0
     end
   end