infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #9252, docker improvements

MS-2855/keylogger-mettle-extension
Brent Cook 2017-11-29 17:15:47 -06:00
parent 7218159179 0d38b70763
commit 0aeb245c9c
No known key found for this signature in database
GPG Key ID: 1FFAA0B24B708F96
12 changed files with 50 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.dockerignore
View File

@ -34,7 +34,7 @@ config/database.yml
# target config file for testing # target config file for testing
features/support/targets.yml features/support/targets.yml
# simplecov coverage data # simplecov coverage data
coverage coverage/
doc/ doc/
external/source/meterpreter/java/bin external/source/meterpreter/java/bin
external/source/meterpreter/java/build external/source/meterpreter/java/build

1
.gitignore vendored
View File

@ -88,6 +88,7 @@ data/meterpreter/ext_server_pivot.*.dll
# local docker compose overrides # local docker compose overrides
docker-compose.local* docker-compose.local*
.env
# Ignore python bytecode # Ignore python bytecode
*.pyc *.pyc

2
.travis.yml
View File

@ -25,7 +25,7 @@ matrix:
jobs: jobs:
# build docker image # build docker image
include: include:
- env: CMD="docker-compose -f $TRAVIS_BUILD_DIR/docker-compose.yml build" DOCKER="true" - env: CMD="docker-compose build" DOCKER="true"
# we do not need any setup # we do not need any setup
before_install: skip before_install: skip
install: skip install: skip

14
Dockerfile
View File

@ -1,14 +1,17 @@
FROM ruby:2.4.2-alpine FROM ruby:2.4.2-alpine
MAINTAINER Rapid7 LABEL maintainer="Rapid7"
ARG BUNDLER_ARGS="--jobs=8 --without development test coverage" ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
ENV APP_HOME /usr/src/metasploit-framework/ ENV APP_HOME /usr/src/metasploit-framework/
ENV MSF_USER msf ENV MSF_USER msf
ENV NMAP_PRIVILEGED="" ENV NMAP_PRIVILEGED=""
ENV BUNDLE_IGNORE_MESSAGES="true"
WORKDIR $APP_HOME WORKDIR $APP_HOME
COPY Gemfile* m* Rakefile $APP_HOME COPY Gemfile* metasploit-framework.gemspec Rakefile $APP_HOME
COPY lib $APP_HOME/lib COPY lib/metasploit/framework/version.rb $APP_HOME/lib/metasploit/framework/version.rb
COPY lib/metasploit/framework/rails_version_constraint.rb $APP_HOME/lib/metasploit/framework/rails_version_constraint.rb
COPY lib/msf/util/helper.rb $APP_HOME/lib/msf/util/helper.rb
RUN apk update && \ RUN apk update && \
apk add \ apk add \
@ -36,8 +39,7 @@ RUN apk update && \
ncurses-dev \ ncurses-dev \
git \ git \
&& echo "gem: --no-ri --no-rdoc" > /etc/gemrc \ && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
# this currently fails: https://github.com/rubygems/rubygems/issues/2064 && gem update --system \
# && gem update --system \
&& gem install bundler \ && gem install bundler \
&& bundle install --system $BUNDLER_ARGS \ && bundle install --system $BUNDLER_ARGS \
&& apk del .ruby-builddeps \ && apk del .ruby-builddeps \
@ -46,7 +48,7 @@ RUN apk update && \
RUN adduser -g msfconsole -D $MSF_USER RUN adduser -g msfconsole -D $MSF_USER
RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby) RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip /usr/bin/nmap RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which nmap)
USER $MSF_USER USER $MSF_USER

5
docker/docker-compose.development.override.yml → docker-compose.override.yml
View File

@ -1,13 +1,14 @@
version: '2' version: '3'
services: services:
ms: ms:
build: build:
context: .
dockerfile: ./Dockerfile
args: args:
BUNDLER_ARGS: --jobs=8 BUNDLER_ARGS: --jobs=8
image: metasploit:dev image: metasploit:dev
environment: environment:
DATABASE_URL: postgres://postgres@db:5432/msf_dev DATABASE_URL: postgres://postgres@db:5432/msf_dev
volumes: volumes:
- .:/usr/src/metasploit-framework - .:/usr/src/metasploit-framework

9
docker-compose.yml
View File

@ -1,10 +1,7 @@
version: '2' version: '3'
services: services:
ms: ms:
image: metasploit image: metasploitframework/metasploit-framework:latest
build:
context: .
dockerfile: ./Dockerfile
environment: environment:
DATABASE_URL: postgres://postgres@db:5432/msf DATABASE_URL: postgres://postgres@db:5432/msf
links: links:
@ -16,7 +13,7 @@ services:
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
db: db:
image: postgres:9-alpine image: postgres:10-alpine
volumes: volumes:
- pg_data:/var/lib/postgresql/data - pg_data:/var/lib/postgresql/data

48
docker/README.md
View File

@ -3,43 +3,36 @@
To run `msfconsole` To run `msfconsole`
```bash ```bash
docker-compose build
docker-compose run --rm --service-ports ms docker-compose run --rm --service-ports ms
``` ```
or
```bash
./docker/bin/msfconsole
```
To run `msfvenom` To run `msfvenom`
```bash ```bash
docker-compose run --rm ms ./msfvenom docker-compose build
docker-compose run --rm --no-deps ms ./msfvenom
``` ```
or
### I don't like typing `docker-compose --rm ...`
We have included some binstubs `./bin`, you can symlink them to your path.
Assuming you have `$HOME/bin`, and it's in your `$PATH`. You can run this from the project root:
```bash ```bash
ln -s `pwd`/docker/bin/msfconsole $HOME/bin/ ./docker/bin/msfvenom
ln -s `pwd`/docker/bin/msfvenom $HOME/bin/
``` ```
If you set the environment variable `MSF_BUILD` the container will be rebuilt. You can pass any command line arguments to the binstubs or the docker-compose command and they will be passed to `msfconsole` or `msfvenom`. If you need to rebuild an image (for example when the Gemfile changes) you need to build the docker image using `docker-compose build` or supply the `--rebuild` parameter to the binstubs.
```bash
MSF_BUILD=1 ./docker/bin/msfconsole
MSF_BUILD=1 ./docker/bin/msfconsole-dev
```
### But I want reverse shells... ### But I want reverse shells...
By default we expose port `4444`. You'll need to set `LHOST` to be a hostname/ip By default we expose port `4444`.
of your host machine.
If you want to expose more ports, or have `LHOST` prepopulated with a specific If you want to expose more ports, or have `LHOST` prepopulated with a specific
value; you'll need to setup a local docker-compose override for this. value; you'll need to setup a local docker-compose override for this.
Create `docker/docker-compose.local.override.yml` with: Create `docker-compose.local.override.yml` with:
```yml ```yml
version: '2' version: '3'
services: services:
ms: ms:
environment: environment:
@ -56,19 +49,6 @@ Now you need to set the `COMPOSE_FILE` environment variable to load your local
override. override.
```bash ```bash
echo "COMPOSE_FILE=./docker-compose.yml:./docker/docker-compose.local.override.yml" >> .env echo "COMPOSE_FILE=./docker-compose.yml:./docker-compose.override.yml:./docker-compose.local.override.yml" >> .env
``` ```
Now you should be able get reverse shells working Now you should be able get reverse shells working
## Developing
To setup you environment for development, you need to add `docker/docker-compose.development.override.yml`
to your `COMPOSE_FILE` environment variable.
If you don't have a `COMPOSE_FILE` environment variable, you can set it up with this:
```bash
echo "COMPOSE_FILE=./docker-compose.yml:./docker/docker-compose.development.override.yml" >> .env
```
Alternatively you can also use the `msfconsole-dev` binstub.

10
docker/bin/msfconsole
View File

@ -19,8 +19,12 @@ fi
cd $MSF_PATH cd $MSF_PATH
if [[ -n "$MSF_BUILD" ]]; then PARAMS="$@"
docker-compose -f $MSF_PATH/docker-compose.yml build
if [[ $PARAMS == *"--rebuild"* ]]; then
echo "Rebuilding image"
docker-compose build
exit $?
fi fi
docker-compose run --rm --service-ports ms ./msfconsole -r docker/msfconsole.rc "$@" docker-compose run --rm --service-ports ms ./msfconsole -r docker/msfconsole.rc "$PARAMS"

27
docker/bin/msfconsole-dev
View File

@ -1,27 +0,0 @@
#! /bin/bash
if [[ -z "$MSF_PATH" ]]; then
path=`dirname $0`
# check for ./docker/msfconsole.rc
if [[ ! -f $path/../msfconsole.rc ]] ; then
# we are not inside the project
realpath --version > /dev/null 2>&1 || { echo >&2 "I couldn't find where metasploit is. Set \$MSF_PATH or execute this from the project root"; exit 1 ;}
# determine script path
pushd $(dirname $(realpath $0)) > /dev/null
path=$(pwd)
popd > /dev/null
fi
MSF_PATH=$(dirname $(dirname $path))
fi
cd $MSF_PATH
if [[ -n "$MSF_BUILD" ]]; then
docker-compose -f $MSF_PATH/docker-compose.yml -f $MSF_PATH/docker/docker-compose.development.override.yml build
fi
docker-compose -f $MSF_PATH/docker-compose.yml -f $MSF_PATH/docker/docker-compose.development.override.yml run --rm --service-ports ms ./msfconsole -r docker/msfconsole.rc "$@"

14
docker/bin/msfvenom
View File

@ -17,9 +17,15 @@ if [[ -z "$MSF_PATH" ]]; then
MSF_PATH=$(dirname $(dirname $path)) MSF_PATH=$(dirname $(dirname $path))
fi fi
if [[ -n "$MSF_BUILD" ]]; then cd $MSF_PATH
docker-compose -f $MSF_PATH/docker-compose.yml build
PARAMS="$@"
if [[ $PARAMS == *"--rebuild"* ]]; then
echo "Rebuilding image"
docker-compose build
exit $?
fi fi
cd $MSF_PATH # we need no database here
docker-compose run --rm --service-ports ms ./msfvenom "$@" docker-compose run --rm --no-deps ms ./msfvenom "$PARAMS"

26
docker/bin/msfvenom-dev
View File

@ -1,26 +0,0 @@
#! /bin/bash
if [[ -z "$MSF_PATH" ]]; then
path=`dirname $0`
# check for ./docker/msfconsole.rc
if [[ ! -f $path/../msfconsole.rc ]] ; then
# we are not inside the project
realpath --version > /dev/null 2>&1 || { echo >&2 "I couldn't find where metasploit is. Set \$MSF_PATH or execute this from the project root"; exit 1 ;}
# determine script path
pushd $(dirname $(realpath $0)) > /dev/null
path=$(pwd)
popd > /dev/null
fi
MSF_PATH=$(dirname $(dirname $path))
fi
cd $MSF_PATH
if [[ -n "$MSF_BUILD" ]]; then
docker-compose -f $MSF_PATH/docker-compose.yml -f $MSF_PATH/docker/docker-compose.development.override.yml build
fi
docker-compose -f $MSF_PATH/docker-compose.yml -f $MSF_PATH/docker/docker-compose.development.override.yml run --rm --service-ports ms ./msfvenom "$@"

2
lib/msf/ui/console/command_dispatcher/db.rb
View File

@ -1826,6 +1826,8 @@ class Db
if (path) if (path)
auth, dest = path.split('@') auth, dest = path.split('@')
(dest = auth and auth = nil) if not dest (dest = auth and auth = nil) if not dest
# remove optional scheme in database url
auth = auth.sub(/^\w+:\/\//, "") if auth
res[:user],res[:pass] = auth.split(':') if auth res[:user],res[:pass] = auth.split(':') if auth
targ,name = dest.split('/') targ,name = dest.split('/')
(name = targ and targ = nil) if not name (name = targ and targ = nil) if not name