infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

WIP remote note read, update, delete

GSoC/Meterpreter_Web_Console
Matthew Kienow 2018-03-27 16:36:56 -04:00
parent 991f4e35ea
commit 0b5d3d31f9
No known key found for this signature in database
GPG Key ID: 40787F8B1EAC6E41
5 changed files with 171 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/metasploit/framework/data_service/proxy/note_data_proxy.rb
View File

@ -1,4 +1,14 @@
module NoteDataProxy
def notes(opts)
begin
data_service = self.get_data_service()
data_service.notes(opts)
rescue Exception => e
self.log_error(e, "Problem retrieving notes")
end
end
def report_note(opts)
begin
data_service = self.get_data_service()
@ -7,4 +17,22 @@ module NoteDataProxy
self.log_error(e, "Problem reporting note")
end
end
def update_note(opts)
begin
data_service = self.get_data_service()
data_service.update_note(opts)
rescue Exception => e
self.log_error(e, "Problem updating note")
end
end
def delete_note(opts)
begin
data_service = self.get_data_service()
data_service.delete_note(opts)
rescue Exception => e
self.log_error(e, "Problem deleting note")
end
end
end

21
lib/metasploit/framework/data_service/remote/http/remote_note_data_service.rb
View File

@ -4,8 +4,27 @@ module RemoteNoteDataService
include ResponseDataHelper
NOTE_API_PATH = '/api/v1/notes'
NOTE_MDM_CLASS = 'Mdm::Note'
def notes(opts)
json_to_mdm_object(self.get_data(NOTE_API_PATH, nil, opts), NOTE_MDM_CLASS, [])
end
def report_note(opts)
self.post_data_async(NOTE_API_PATH, opts)
# self.post_data_async(NOTE_API_PATH, opts)
json_to_mdm_object(self.post_data(NOTE_API_PATH, opts), NOTE_MDM_CLASS, []).first
end
def update_note(opts)
path = NOTE_API_PATH
if opts && opts[:id]
id = opts.delete(:id)
path = "#{NOTE_API_PATH}/#{id}"
end
json_to_mdm_object(self.put_data(path, opts), NOTE_MDM_CLASS, [])
end
def delete_note(opts)
json_to_mdm_object(self.delete_data(NOTE_API_PATH, opts), NOTE_MDM_CLASS, [])
end
end

12
lib/metasploit/framework/data_service/stubs/note_data_service.rb
View File

@ -1,7 +1,19 @@
module NoteDataService
def notes(opts)
raise 'NoteDataService#notes is not implemented'
end
def report_note(opts)
raise 'NoteDataService#report_note is not implemented'
end
def update_note(opts)
raise 'NoteDataService#update_note is not implemented'
end
def delete_note(opts)
raise 'NoteDataService#delete_note is not implemented'
end
end

54
lib/msf/core/db_manager/http/servlet/note_servlet.rb
View File

@ -4,18 +4,70 @@ module NoteServlet
'/api/v1/notes'
end
def self.api_path_with_id
"#{NoteServlet.api_path}/?:id?"
end
def self.registered(app)
app.get NoteServlet.api_path_with_id, &get_note
app.post NoteServlet.api_path, &report_note
app.put NoteServlet.api_path_with_id, &update_note
app.delete NoteServlet.api_path, &delete_note
end
#######
private
#######
def self.get_note
lambda {
begin
opts = parse_json_request(request, false)
data = get_db.notes(params.symbolize_keys)
includes = [:host]
set_json_response(data, includes)
rescue Exception => e
set_error_on_response(e)
end
}
end
def self.report_note
lambda {
job = lambda { |opts| get_db().report_note(opts) }
begin
job = lambda { |opts|
get_db.report_note(opts)
}
exec_report_job(request, &job)
rescue Exception => e
set_error_on_response(e)
end
}
end
def self.update_note
lambda {
begin
opts = parse_json_request(request, false)
tmp_params = params.symbolize_keys
opts[:id] = tmp_params[:id] if tmp_params[:id]
data = get_db.update_note(opts)
set_json_response(data)
rescue Exception => e
set_error_on_response(e)
end
}
end
def self.delete_note
lambda {
begin
opts = parse_json_request(request, false)
data = get_db.delete_note(opts)
set_json_response(data)
rescue Exception => e
set_error_on_response(e)
end
}
end

62
lib/msf/core/db_manager/note.rb
View File

@ -21,10 +21,22 @@ module Msf::DBManager::Note
#
# This methods returns a list of all notes in the database
#
def notes(wspace=workspace)
::ActiveRecord::Base.connection_pool.with_connection {
wspace.notes
}
def notes(opts)
wspace = opts.delete(:workspace) || opts.delete(:wspace) || workspace
if wspace.kind_of? String
wspace = find_workspace(wspace)
end
::ActiveRecord::Base.connection_pool.with_connection {
search_term = opts.delete(:search_term)
if search_term && !search_term.empty?
column_search_conditions = Msf::Util::DBManager.create_all_column_search_conditions(Mdm::Note, search_term)
wspace.notes.includes(:host).where(opts).where(column_search_conditions)
else
wspace.notes.includes(:host).where(opts)
end
}
end
#
@ -171,4 +183,46 @@ module Msf::DBManager::Note
ret[:note] = note
}
end
# Update the attributes of a note entry with the values in opts.
# The values in opts should match the attributes to update.
#
# @param opts [Hash] Hash containing the updated values. Key should match the attribute to update. Must contain :id of record to update.
# @return [Mdm::Note] The updated Mdm::Note object.
def update_note(opts)
# process workspace string for update if included in opts
wspace = opts.delete(:workspace)
if wspace.kind_of? String
wspace = find_workspace(wspace)
opts[:workspace] = wspace
end
::ActiveRecord::Base.connection_pool.with_connection {
id = opts.delete(:id)
Mdm::Note.update(id, opts)
}
end
# Deletes note entries based on the IDs passed in.
#
# @param opts[:ids] [Array] Array containing Integers corresponding to the IDs of the note entries to delete.
# @return [Array] Array containing the Mdm::Note objects that were successfully deleted.
def delete_note(opts)
raise ArgumentError.new("The following options are required: :ids") if opts[:ids].nil?
::ActiveRecord::Base.connection_pool.with_connection {
deleted = []
opts[:ids].each do |note_id|
note = Mdm::Note.find(note_id)
begin
deleted << note.destroy
rescue # refs suck
elog("Forcibly deleting #{note}")
deleted << note.delete
end
end
return deleted
}
end
end