infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/rapid7/metasploit-framework

bug/bundler_fix
jvazquez-r7 2013-06-18 09:16:11 -05:00
parent 2b46828d9c 8ae8f25d56
commit 8a770d9022
1 changed files with 1653 additions and 1658 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
lib/msf/ui/console/command_dispatcher/db.rb
View File

@ -1,5 +1,5 @@
# -*- coding: binary -*- # -*- coding: binary -*-
#
require 'rexml/document' require 'rexml/document'
require 'rex/parser/nmap_xml' require 'rex/parser/nmap_xml'
require 'msf/core/db_export' require 'msf/core/db_export'
@ -8,6 +8,7 @@ module Msf
module Ui module Ui
module Console module Console
module CommandDispatcher module CommandDispatcher
class Db class Db
require 'tempfile' require 'tempfile'
@ -286,7 +287,6 @@ class Db
end end
# If we got here, we're searching. Delete implies search # If we got here, we're searching. Delete implies search
tbl = Rex::Ui::Text::Table.new( tbl = Rex::Ui::Text::Table.new(
{ {
'Header' => "Hosts", 'Header' => "Hosts",
@ -334,16 +334,15 @@ class Db
} }
else else
print_line print_line
print_line tbl.to_s print_line(tbl.to_s)
end end
# Finally, handle the case where the user wants the resulting list # Finally, handle the case where the user wants the resulting list
# of hosts to go into RHOSTS. # of hosts to go into RHOSTS.
set_rhosts_from_addrs(rhosts.uniq) if set_rhosts set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
print_status("Deleted #{delete_count} hosts") if delete_count > 0 print_status("Deleted #{delete_count} hosts") if delete_count > 0
} }
##
##
end end
def cmd_services_help def cmd_services_help
@ -476,7 +475,6 @@ class Db
end end
# If we got here, we're searching. Delete implies search # If we got here, we're searching. Delete implies search
col_names = default_columns col_names = default_columns
if col_search if col_search
col_names = col_search col_names = col_search
@ -517,7 +515,7 @@ class Db
print_line print_line
if (output_file == nil) if (output_file == nil)
print_line tbl.to_s print_line(tbl.to_s)
else else
# create the output file # create the output file
::File.open(output_file, "wb") { |f| f.write(tbl.to_csv) } ::File.open(output_file, "wb") { |f| f.write(tbl.to_csv) }
@ -527,12 +525,12 @@ class Db
# Finally, handle the case where the user wants the resulting list # Finally, handle the case where the user wants the resulting list
# of hosts to go into RHOSTS. # of hosts to go into RHOSTS.
set_rhosts_from_addrs(rhosts.uniq) if set_rhosts set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
print_status("Deleted #{delete_count} services") if delete_count > 0 print_status("Deleted #{delete_count} services") if delete_count > 0
} }
end end
def cmd_vulns_help def cmd_vulns_help
print_line "Print all vulnerabilities in the database" print_line "Print all vulnerabilities in the database"
print_line print_line
@ -550,7 +548,6 @@ class Db
print_line print_line
end end
def cmd_vulns(*args) def cmd_vulns(*args)
return unless active? return unless active?
::ActiveRecord::Base.connection_pool.with_connection { ::ActiveRecord::Base.connection_pool.with_connection {
@ -634,7 +631,6 @@ class Db
} }
end end
def cmd_creds_help def cmd_creds_help
print_line "Usage: creds [addr range]" print_line "Usage: creds [addr range]"
print_line "Usage: creds -a <addr range> -p <port> -t <type> -u <user> -P <pass>" print_line "Usage: creds -a <addr range> -p <port> -t <type> -u <user> -P <pass>"
@ -679,6 +675,7 @@ class Db
port_ranges = [] port_ranges = []
rhosts = [] rhosts = []
svcs = [] svcs = []
delete_count = 0
search_term = nil search_term = nil
user = nil user = nil
@ -774,7 +771,6 @@ class Db
end end
# If we get here, we're searching. Delete implies search # If we get here, we're searching. Delete implies search
if user if user
user_regex = Regexp.compile(user) user_regex = Regexp.compile(user)
end end
@ -822,6 +818,7 @@ class Db
tbl << row tbl << row
if mode == :delete if mode == :delete
cred.destroy cred.destroy
delete_count += 1
end end
if set_rhosts if set_rhosts
addr = (cred.service.host.scope ? cred.service.host.address + '%' + cred.service.host.scope : cred.service.host.address ) addr = (cred.service.host.scope ? cred.service.host.address + '%' + cred.service.host.scope : cred.service.host.address )
@ -832,7 +829,7 @@ class Db
print_line print_line
if (output_file == nil) if (output_file == nil)
print_line tbl.to_s print_line(tbl.to_s)
else else
# create the output file # create the output file
::File.open(output_file, "wb") { |f| f.write(tbl.to_csv) } ::File.open(output_file, "wb") { |f| f.write(tbl.to_csv) }
@ -840,7 +837,8 @@ class Db
end end
set_rhosts_from_addrs(rhosts.uniq) if set_rhosts set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
print_status "Found #{creds_returned} credential#{creds_returned == 1 ? "" : "s"}."
print_status("Deleted #{delete_count} credentials") if delete_count > 0
} }
end end
@ -932,9 +930,11 @@ class Db
note_list = [] note_list = []
delete_count = 0 delete_count = 0
if host_ranges.empty? # No host specified - collect all notes # No host specified - collect all notes
if host_ranges.empty?
note_list = framework.db.notes.dup note_list = framework.db.notes.dup
else # Collect notes of specified hosts # Collect notes of specified hosts
else
each_host_range_chunk(host_ranges) do |host_search| each_host_range_chunk(host_ranges) do |host_search|
framework.db.hosts(framework.db.workspace, false, host_search).each do |host| framework.db.hosts(framework.db.workspace, false, host_search).each do |host|
note_list.concat(host.notes) note_list.concat(host.notes)
@ -1011,7 +1011,7 @@ class Db
# of hosts to go into RHOSTS. # of hosts to go into RHOSTS.
set_rhosts_from_addrs(rhosts.uniq) if set_rhosts set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
print_status("Deleted #{delete_count} note#{delete_count == 1 ? "" : "s"}") if delete_count > 0 print_status("Deleted #{delete_count} notes") if delete_count > 0
} }
end end
@ -1129,7 +1129,7 @@ class Db
file = File.open(filename, "rb") file = File.open(filename, "rb")
contents = file.read contents = file.read
lootfile = framework.db.find_or_create_loot(:type => type, :host => host,:info => info, :data => contents,:path => filename,:name => name) lootfile = framework.db.find_or_create_loot(:type => type, :host => host,:info => info, :data => contents,:path => filename,:name => name)
print_status "Added loot #{host}" print_status("Added loot #{host}")
end end
end end
return return
@ -1189,8 +1189,8 @@ class Db
end end
print_line print_line
print_line tbl.to_s print_line(tbl.to_s)
print_status "Deleted #{delete_count} loots" if delete_count > 0 print_status("Deleted #{delete_count} loots") if delete_count > 0
} }
end end
@ -1218,6 +1218,7 @@ class Db
# :category: Deprecated Commands # :category: Deprecated Commands
def cmd_db_autopwn(*args); deprecated_cmd; end def cmd_db_autopwn(*args); deprecated_cmd; end
#
# :category: Deprecated Commands # :category: Deprecated Commands
# #
# This one deserves a little more explanation than standard deprecation # This one deserves a little more explanation than standard deprecation
@ -1314,11 +1315,11 @@ class Db
when :record_count when :record_count
print_status("Import: #{data[1]} records processed") print_status("Import: #{data[1]} records processed")
when :warning when :warning
print_error("") print_error
data.split("\n").each do |line| data.split("\n").each do |line|
print_error(line) print_error(line)
end end
print_error("") print_error
warnings += 1 warnings += 1
end end
end end
@ -1334,7 +1335,7 @@ class Db
next next
rescue REXML::ParseException => e rescue REXML::ParseException => e
print_error("Failed to import #{filename} due to malformed XML:") print_error("Failed to import #{filename} due to malformed XML:")
print_error "#{$!.class}: #{$!}" print_error("#{$!.class}: #{$!}")
elog("Failed to import #{filename}: #{$!.class}: #{$!}") elog("Failed to import #{filename}: #{$!.class}: #{$!}")
dlog("Call stack: #{$@.join("\n")}", LEV_3) dlog("Call stack: #{$@.join("\n")}", LEV_3)
next next
@ -1364,9 +1365,9 @@ class Db
while (arg = args.shift) while (arg = args.shift)
case arg case arg
when '-h','--help' when '-h','--help'
print_line("Usage:") print_line "Usage:"
print_line(" db_export -f <format> [-a] [filename]") print_line " db_export -f <format> [-a] [filename]"
print_line(" Format can be one of: #{export_formats.join(", ")}") print_line " Format can be one of: #{export_formats.join(", ")}"
when '-f','--format' when '-f','--format'
format = args.shift.to_s.downcase format = args.shift.to_s.downcase
else else
@ -1452,14 +1453,14 @@ class Db
temp_nmap_threads << framework.threads.spawn("db_nmap-Stdout", false, nmap_pipe[1]) do |np_1| temp_nmap_threads << framework.threads.spawn("db_nmap-Stdout", false, nmap_pipe[1]) do |np_1|
np_1.each_line do |nmap_out| np_1.each_line do |nmap_out|
next if nmap_out.strip.empty? next if nmap_out.strip.empty?
print_status "Nmap: #{nmap_out.strip}" print_status("Nmap: #{nmap_out.strip}")
end end
end end
temp_nmap_threads << framework.threads.spawn("db_nmap-Stderr", false, nmap_pipe[2]) do |np_2| temp_nmap_threads << framework.threads.spawn("db_nmap-Stderr", false, nmap_pipe[2]) do |np_2|
np_2.each_line do |nmap_err| np_2.each_line do |nmap_err|
next if nmap_err.strip.empty? next if nmap_err.strip.empty?
print_status "Nmap: '#{nmap_err.strip}'" print_status("Nmap: '#{nmap_err.strip}'")
end end
end end
@ -1474,23 +1475,22 @@ class Db
if save if save
fd.rewind fd.rewind
saved_path = report_store_local("nmap.scan.xml", "text/xml", fd.read, "nmap_#{Time.now.utc.to_i}") saved_path = report_store_local("nmap.scan.xml", "text/xml", fd.read, "nmap_#{Time.now.utc.to_i}")
print_status "Saved NMAP XML results to #{saved_path}" print_status("Saved NMAP XML results to #{saved_path}")
end end
fd.close(true) fd.close(true)
} }
end end
#
# Store some locally-generated data as a file, similiar to store_loot. # Store some locally-generated data as a file, similiar to store_loot.
#
def report_store_local(ltype=nil, ctype=nil, data=nil, filename=nil) def report_store_local(ltype=nil, ctype=nil, data=nil, filename=nil)
store_local(ltype,ctype,data,filename) store_local(ltype,ctype,data,filename)
end end
# #
# Database management # Database management
# #
def db_check_driver def db_check_driver
if(not framework.db.driver) if(not framework.db.driver)
print_error("No database driver installed. Try 'gem install pg'") print_error("No database driver installed. Try 'gem install pg'")
@ -1578,7 +1578,6 @@ class Db
end end
end end
def cmd_db_rebuild_cache def cmd_db_rebuild_cache
unless framework.db.active unless framework.db.active
print_error("The database is not connected") print_error("The database is not connected")
@ -1609,7 +1608,7 @@ class Db
# #
def set_rhosts_from_addrs(rhosts) def set_rhosts_from_addrs(rhosts)
if rhosts.empty? if rhosts.empty?
print_status "The list is empty, cowardly refusing to set RHOSTS" print_status("The list is empty, cowardly refusing to set RHOSTS")
return return
end end
if active_module if active_module
@ -1636,7 +1635,6 @@ class Db
print_line print_line
end end
def db_find_tools(tools) def db_find_tools(tools)
found = true found = true
missed = [] missed = []
@ -1726,10 +1724,9 @@ class Db
res res
end end
#
##
# Miscellaneous option helpers # Miscellaneous option helpers
## #
# #
# Parse +arg+ into a RangeWalker and append the result into +host_ranges+ # Parse +arg+ into a RangeWalker and append the result into +host_ranges+
@ -1746,7 +1743,7 @@ class Db
begin begin
host_ranges << Rex::Socket::RangeWalker.new(arg) host_ranges << Rex::Socket::RangeWalker.new(arg)
rescue rescue
print_error "Invalid host parameter, #{arg}." print_error("Invalid host parameter, #{arg}.")
return return
end end
return true return true
@ -1767,7 +1764,7 @@ class Db
begin begin
port_ranges << Rex::Socket.portspec_to_portlist(arg) port_ranges << Rex::Socket.portspec_to_portlist(arg)
rescue rescue
print_error "Invalid port parameter, #{arg}." print_error("Invalid port parameter, #{arg}.")
return return
end end
return true return true
@ -1811,7 +1808,5 @@ class Db
end end
end end
end
end end end end end
end
end