infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/rapid7/metasploit-framework

bug/bundler_fix
jvazquez-r7 2013-07-10 14:04:46 -05:00
parent c343a59e1b 56ffa4ae2f
commit b8ce98b896
7 changed files with 544 additions and 577 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Gemfile
View File

@ -23,6 +23,7 @@ group :db do
end
group :pcap do
gem 'network_interface', '~> 0.0.1'
# For sniffer and raw socket modules
gem 'pcaprub'
end

2
Gemfile.lock
View File

@ -31,6 +31,7 @@ GEM
metaclass (~> 0.0.1)
msgpack (0.5.4)
multi_json (1.0.4)
network_interface (0.0.1)
nokogiri (1.5.9)
packetfu (1.1.8)
pcaprub (0.11.3)
@ -68,6 +69,7 @@ DEPENDENCIES
json
metasploit_data_models (~> 0.16.1)
msgpack
network_interface (~> 0.0.1)
nokogiri
packetfu (= 1.1.8)
pcaprub

164
lib/msf/core/exploit/capture.rb
View File

@ -13,8 +13,8 @@ module Msf
#
###
class Exploit
module Capture
class Exploit
module Capture
#
# Initializes an instance of an exploit module that captures traffic
@ -53,20 +53,28 @@ module Capture
@pcaprub_error = e
end
begin
require 'network_interface'
@network_interface_loaded = true
rescue ::Exception => e
@network_interface_loaded = false
@network_interface_error = e
end
end
def stats_recv(pcap=self.capture)
return(0) if not pcap
return(0) unless pcap
pcap.stats['recv']
end
def stats_drop(pcap=self.capture)
return(0) if not pcap
return(0) unless pcap
pcap.stats['drop']
end
def stats_ifdrop(pcap=self.capture)
return(0) if not pcap
return(0) unless pcap
pcap.stats['ifdrop']
end
@ -94,8 +102,8 @@ module Capture
# Look for a PCAP file
cap = datastore['PCAPFILE'] || ''
if(not cap.empty?)
if(not File.exists?(cap))
if (not cap.empty?)
if (not File.exists?(cap))
raise RuntimeError, "The PCAP file #{cap} could not be found"
end
self.capture = ::Pcap.open_offline(cap)
@ -125,7 +133,7 @@ module Capture
end
def close_pcap
return if not self.capture
return unless self.capture
self.capture = nil
self.arp_capture = nil
GC.start()
@ -139,9 +147,9 @@ module Capture
while (idx < raw.length)
len = raw[idx+1]
return set if not len
set[ raw[idx] ] ||= []
set[ raw[idx] ].push(raw[idx + 2, len])
return set unless len
set[raw[idx]] ||= []
set[raw[idx]].push(raw[idx + 2, len])
idx += len + 2
end
@ -153,7 +161,7 @@ module Capture
# signal handling of Ruby 1.9
#
def each_packet
return if not capture
return unless capture
begin
@capture_count = 0
reader = framework.threads.spawn("PcapReceiver", false) do
@ -175,7 +183,7 @@ module Capture
# Injects a packet on the wire. For all injection-related functions, it's
# on the module to open up a capture device first (this way, we don't
# needlessly spawn new capture devices).
def inject(pkt="",pcap=self.capture)
def inject(pkt="", pcap=self.capture)
check_pcaprub_loaded
if not pcap
raise RuntimeError, "Could not access the capture process (remember to open_pcap first!)"
@ -205,20 +213,20 @@ module Capture
p.payload = payload.to_s
end
end
inject p.to_s,pcap
inject p.to_s, pcap
end
def inject_pcap(pcap_file, filter=nil, delay = 0, pcap=self.capture)
check_pcaprub_loaded
if not pcap
unless pcap
raise RuntimeError, "Could not access the capture process (remember to open_pcap first!)"
end
if(not File.exists?(pcap_file))
if (not File.exists?(pcap_file))
raise RuntimeError, "The PCAP file #{pcap_file} could not be found"
end
if(pcap_file.empty?)
if (pcap_file.empty?)
raise RuntimeError, "The PCAP file #{pcap_file} is empty"
end
@ -226,7 +234,7 @@ module Capture
capture_file.setfilter(filter) if filter
while (pkt = capture_file.next) do
pcap.inject(pkt)
Kernel.select(nil, nil, nil, (delay * 1.0)/1000)
Rex.sleep((delay * 1.0)/1000)
end
GC.start
end
@ -239,7 +247,7 @@ module Capture
raise RuntimeError, "Could not access the capture process (remember to open_pcap first!)" unless self.capture
raise RuntimeError, "Must specify a host to sendto" unless dhost
dev ||= datastore['INTERFACE']
dst_mac,src_mac = lookup_eth(dhost,dev)
dst_mac, src_mac = lookup_eth(dhost, dev)
if dst_mac == nil and not bcast
return false
end
@ -247,7 +255,7 @@ module Capture
end
# The return value either be a PacketFu::Packet object, or nil
def inject_reply(proto=:udp,pcap=self.capture)
def inject_reply(proto=:udp, pcap=self.capture)
reply = nil
to = (datastore['TIMEOUT'] || 500).to_f / 1000.0
if not pcap
@ -257,7 +265,7 @@ module Capture
::Timeout.timeout(to) do
pcap.each do |r|
packet = PacketFu::Packet.parse(r)
next unless packet.proto.map {|x| x.downcase.to_sym}.include? proto
next unless packet.proto.map { |x| x.downcase.to_sym }.include? proto
reply = packet
break
end
@ -274,8 +282,8 @@ module Capture
# do inject and capture packets, and will always first fire off a
# UDP packet using the regular socket to learn the source host's
# and gateway's mac addresses.
def lookup_eth(addr=nil,iface=nil)
raise RuntimeError, "Could not access the capture process." if not self.arp_capture
def lookup_eth(addr=nil, iface=nil)
raise RuntimeError, "Could not access the capture process." unless self.arp_capture
self.arp_cache ||= {}
self.dst_cache ||= {}
@ -293,7 +301,7 @@ module Capture
dst_mac = self.arp_cache[:gateway]
end
self.dst_cache[addr] = [dst_mac,src_mac]
self.dst_cache[addr] = [dst_mac, src_mac]
end
def probe_gateway(addr)
@ -301,15 +309,15 @@ module Capture
dst_port = rand(30000)+1024
preamble = [datastore['UDP_SECRET']].pack("N")
secret = "#{preamble}#{Rex::Text.rand_text(rand(0xff)+1)}"
UDPSocket.open.send(secret,0,dst_host,dst_port)
UDPSocket.open.send(secret, 0, dst_host, dst_port)
begin
to = (datastore['TIMEOUT'] || 1500).to_f / 1000.0
::Timeout.timeout(to) do
while(my_packet = inject_reply(:udp,self.arp_capture))
while (my_packet = inject_reply(:udp, self.arp_capture))
if my_packet.payload == secret
dst_mac = self.arp_cache[:gateway] = my_packet.eth_daddr
src_mac = self.arp_cache[Rex::Socket.source_address(addr)] = my_packet.eth_saddr
return [dst_mac,src_mac]
return [dst_mac, src_mac]
else
next
end
@ -328,8 +336,8 @@ module Capture
return self.arp_cache[target_ip] if self.arp_cache[target_ip]
return self.arp_cache[:gateway] unless should_arp? target_ip
source_ip = Rex::Socket.source_address(target_ip)
raise RuntimeError, "Could not access the capture process." if not self.arp_capture
p = arp_packet(target_ip,source_ip)
raise RuntimeError, "Could not access the capture process." unless self.arp_capture
p = arp_packet(target_ip, source_ip)
inject_eth(:eth_type => 0x0806,
:payload => p,
:pcap => self.arp_capture,
@ -338,7 +346,7 @@ module Capture
begin
to = (datastore['TIMEOUT'] || 500).to_f / 1000.0
::Timeout.timeout(to) do
while(my_packet = inject_reply(:arp,self.arp_capture))
while (my_packet = inject_reply(:arp, self.arp_capture))
if my_packet.arp_saddr_ip == target_ip
self.arp_cache[target_ip] = my_packet.eth_saddr
return self.arp_cache[target_ip]
@ -352,7 +360,7 @@ module Capture
end
# Creates a full ARP packet, mainly for use with inject_eth()
def arp_packet(target_ip=nil,source_ip=nil)
def arp_packet(target_ip=nil, source_ip=nil)
p = PacketFu::ARPPacket.new
p.arp_opcode = 1
p.arp_daddr_ip = target_ip || datastore['RHOST']
@ -376,6 +384,9 @@ module Capture
if not @pcaprub_loaded
print_status("The Pcaprub module is not available: #{@pcaprub_error}")
raise RuntimeError, "Pcaprub not available"
elsif not @network_interface_loaded
print_status("The NetworkInterface module is not available: #{@network_interface_error}")
raise RuntimeError, "NetworkInterface not available"
else
true
end
@ -406,29 +417,24 @@ module Capture
#Netifaces code
# netifaces code is not available in pcaprub 0.9.2 and prior,
# which is going to be installed in a lot of places. Modules
# which want it should check explicitly for it. TODO: Bug upstream
# to release it for real in 0.9.3
def netifaces_implemented?
@pcaprub_loaded and
Pcap.respond_to?(:lookupaddrs) and
Pcap.respond_to?(:interfaces) and
Pcap.respond_to?(:addresses)
@network_interface_loaded and
NetworkInterface.respond_to?(:interfaces) and
NetworkInterface.respond_to?(:addresses)
end
def list_interfaces
check_pcaprub_loaded
Pcap.interfaces
NetworkInterface.interfaces
end
def is_interface?(dev)
check_pcaprub_loaded
if RUBY_PLATFORM == "i386-mingw32"
if dev =~ /\\Device\\NPF_\{[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12}\}/
return Pcap.interfaces.include?(dev)
return NetworkInterface.interfaces.include?(dev)
elsif dev.to_s =~ /^[0-9]{1,2}$/
if (dev.to_i <= Pcap.interfaces.length) and (dev.to_i >= 0)
if (dev.to_i <= NetworkInterface.interfaces.length) and (dev.to_i >= 0)
return true
else
return false
@ -437,7 +443,7 @@ module Capture
return false
end
else
return Pcap.interfaces.include?(dev)
return NetworkInterface.interfaces.include?(dev)
end
end
@ -447,7 +453,7 @@ module Capture
if RUBY_PLATFORM == "i386-mingw32"
if dev.to_s =~ /^[0-9]{1,2}$/
if is_interface?(dev)
Pcap.interfaces[(dev.to_i) - 1]
NetworkInterface.interfaces[(dev.to_i) - 1]
else
return dev
end
@ -462,90 +468,90 @@ module Capture
def get_mac(dev)
check_pcaprub_loaded
dev = get_interface_guid(dev)
addrs = Pcap.addresses(dev)
addrs = NetworkInterface.addresses(dev)
raise RuntimeError, "Interface #{dev} does not exist" if !addrs
raise RuntimeError, "Can not get mac address for interface #{dev}" if !addrs[Pcap::AF_LINK][0]['addr']
addrs[Pcap::AF_LINK][0]['addr']
raise RuntimeError, "Can not get mac address for interface #{dev}" if !addrs[NetworkInterface::AF_LINK][0]['addr']
addrs[NetworkInterface::AF_LINK][0]['addr']
end
def get_ipv4_addr_count(dev)
check_pcaprub_loaded
dev = get_interface_guid(dev)
addrs = Pcap.addresses(dev)
addrs = NetworkInterface.addresses(dev)
raise RuntimeError, "Interface #{dev} does not exist" if !addrs
addrs[Pcap::AF_INET].length
addrs[NetworkInterface::AF_INET].length
end
def get_ipv4_addr(dev, num=0)
check_pcaprub_loaded
dev = get_interface_guid(dev)
addrs = Pcap.addresses(dev)
addrs = NetworkInterface.addresses(dev)
raise RuntimeError, "Interface #{dev} do not exists" if !addrs
raise RuntimeError, "Interface #{dev} do not have an ipv4 address at position #{num}" if addrs[Pcap::AF_INET].length < num + 1
raise RuntimeError, "Can not get the IPv4 address for interface #{dev}" if !addrs[Pcap::AF_INET][num]['addr']
addrs[Pcap::AF_INET][num]['addr']
raise RuntimeError, "Interface #{dev} do not have an ipv4 address at position #{num}" if addrs[NetworkInterface::AF_INET].length < num + 1
raise RuntimeError, "Can not get the IPv4 address for interface #{dev}" if !addrs[NetworkInterface::AF_INET][num]['addr']
addrs[NetworkInterface::AF_INET][num]['addr']
end
def get_ipv4_netmask(dev, num=0)
check_pcaprub_loaded
dev = get_interface_guid(dev)
addrs = Pcap.addresses(dev)
addrs = NetworkInterface.addresses(dev)
raise RuntimeError, "Interface #{dev} do not exists" if !addrs
raise RuntimeError, "Interface #{dev} do not have an ipv4 address at position #{num}" if addrs[Pcap::AF_INET].length < num + 1
raise RuntimeError, "Can not get IPv4 netmask for interface #{dev}" if !addrs[Pcap::AF_INET][num]['netmask']
addrs[Pcap::AF_INET][num]['netmask']
raise RuntimeError, "Interface #{dev} do not have an ipv4 address at position #{num}" if addrs[NetworkInterface::AF_INET].length < num + 1
raise RuntimeError, "Can not get IPv4 netmask for interface #{dev}" if !addrs[NetworkInterface::AF_INET][num]['netmask']
addrs[NetworkInterface::AF_INET][num]['netmask']
end
def get_ipv4_broadcast(dev, num=0)
check_pcaprub_loaded
dev = get_interface_guid(dev)
addrs = Pcap.addresses(dev)
addrs = NetworkInterface.addresses(dev)
raise RuntimeError, "Interface #{dev} do not exists" if !addrs
raise RuntimeError, "Interface #{dev} do not have an ipv4 address at position #{num}" if addrs[Pcap::AF_INET].length < num + 1
raise RuntimeError, "Can not get IPv4 broadcast address for interface #{dev}" if !addrs[Pcap::AF_INET][num]['broadcast']
addrs[Pcap::AF_INET][num]['broadcast']
raise RuntimeError, "Interface #{dev} do not have an ipv4 address at position #{num}" if addrs[NetworkInterface::AF_INET].length < num + 1
raise RuntimeError, "Can not get IPv4 broadcast address for interface #{dev}" if !addrs[NetworkInterface::AF_INET][num]['broadcast']
addrs[NetworkInterface::AF_INET][num]['broadcast']
end
def get_ipv6_addr_count(dev)
check_pcaprub_loaded
dev = get_interface_guid(dev)
raise RuntimeError, "IPv6 information is not available on this platform" if not ::Pcap.const_defined?(:AF_INET6)
addrs = Pcap.addresses(dev)
raise RuntimeError, "IPv6 information is not available on this platform" unless ::NetworkInterface.const_defined?(:AF_INET6)
addrs = NetworkInterface.addresses(dev)
raise RuntimeError, "Interface #{dev} do not exists" if !addrs
addrs[Pcap::AF_INET6].length
addrs[NetworkInterface::AF_INET6].length
end
# NOTE: IPv6 is not implemented on Windows
def get_ipv6_addr(dev, num=0)
check_pcaprub_loaded
dev = get_interface_guid(dev)
raise RuntimeError, "IPv6 information is not available on this platform" if not ::Pcap.const_defined?(:AF_INET6)
addrs = Pcap.addresses(dev)
raise RuntimeError, "IPv6 information is not available on this platform" unless ::NetworkInterface.const_defined?(:AF_INET6)
addrs = NetworkInterface.addresses(dev)
raise RuntimeError, "Interface #{dev} do not exists" if !addrs
raise RuntimeError, "Interface #{dev} do not have an ipv6 address at position #{num}" if addrs[Pcap::AF_INET6].length < num + 1
raise RuntimeError, "Can not get ipv6 address for interface #{dev}" if !addrs[Pcap::AF_INET6][num]['addr']
addrs[Pcap::AF_INET6][num]['addr'].gsub(/%(.)*$/,'')
raise RuntimeError, "Interface #{dev} do not have an ipv6 address at position #{num}" if addrs[NetworkInterface::AF_INET6].length < num + 1
raise RuntimeError, "Can not get ipv6 address for interface #{dev}" if !addrs[NetworkInterface::AF_INET6][num]['addr']
addrs[NetworkInterface::AF_INET6][num]['addr'].gsub(/%(.)*$/, '')
end
def get_ipv6_netmask(dev, num=0)
check_pcaprub_loaded
dev = get_interface_guid(dev)
raise RuntimeError, "IPv6 information is not available on this platform" if not ::Pcap.const_defined?(:AF_INET6)
addrs = Pcap.addresses(dev)
raise RuntimeError, "IPv6 information is not available on this platform" unless ::NetworkInterface.const_defined?(:AF_INET6)
addrs = NetworkInterface.addresses(dev)
raise RuntimeError, "Interface #{dev} do not exists" if !addrs
raise RuntimeError, "Interface #{dev} do not have an ipv6 address at position #{num}" if addrs[Pcap::AF_INET6].length < num + 1
raise RuntimeError, "Can not get ipv6 netmask address for interface #{dev}" if !addrs[Pcap::AF_INET6][num]['netmask']
addrs[Pcap::AF_INET6][num]['netmask']
raise RuntimeError, "Interface #{dev} do not have an ipv6 address at position #{num}" if addrs[NetworkInterface::AF_INET6].length < num + 1
raise RuntimeError, "Can not get ipv6 netmask address for interface #{dev}" if !addrs[NetworkInterface::AF_INET6][num]['netmask']
addrs[NetworkInterface::AF_INET6][num]['netmask']
end
# Protocol-specific encoding/decoding methods until more
# application protos get into PacketFu proper
# Intended to be used as the payload to an ICMP echo request's payload
def capture_icmp_echo_pack(id=nil,seq=nil,payload=nil)
def capture_icmp_echo_pack(id=nil, seq=nil, payload=nil)
id ||= rand(0x10000)
seq ||= rand(0x10000)
[id,seq,payload.to_s].pack("nna*")
[id, seq, payload.to_s].pack("nna*")
end
# Decodes and ICMP echo request or response.
@ -553,8 +559,8 @@ module Capture
data.unpack("nna*")
end
end
end
end
end
end

43
lib/rex/text.rb
View File

@ -793,49 +793,6 @@ module Text
buf << "\n"
end
#
# Converts a string a nicely formatted and addressed ex dump
#
def self.to_addr_hex_dump(str, start_addr=0, width=16)
buf = ''
idx = 0
cnt = 0
snl = false
lst = 0
addr = start_addr
while (idx < str.length)
buf << "%08x" % addr
buf << " " * 4
chunk = str[idx, width]
line = chunk.unpack("H*")[0].scan(/../).join(" ")
buf << line
if (lst == 0)
lst = line.length
buf << " " * 4
else
buf << " " * ((lst - line.length) + 4).abs
end
chunk.unpack("C*").each do |c|
if (c > 0x1f and c < 0x7f)
buf << c.chr
else
buf << "."
end
end
buf << "\n"
idx += width
addr += width
end
buf << "\n"
end
#
# Converts a hex string to a raw string
#

2
modules/auxiliary/gather/apache_rave_creds.rb
View File

@ -184,7 +184,7 @@ class Metasploit3 < Msf::Auxiliary
print_status("#{rhost}:#{rport} - Recovering Hashes...")
json_info["result"]["resultSet"].each { |result|
vprint_good("#{rhost}:#{rport} - Found cred: #{result["username"]}:#{result["password"]}")
print_good("#{rhost}:#{rport} - Found cred: #{result["username"]}:#{result["password"]}")
report_auth_info(
:host => rhost,
:port => rport,

2
modules/auxiliary/scanner/discovery/arp_sweep.rb
View File

@ -44,7 +44,7 @@ class Metasploit3 < Msf::Auxiliary
@netifaces = true
if not netifaces_implemented?
print_error("WARNING : Pcaprub is not uptodate, some functionality will not be available")
print_error("WARNING : NetworkInterface is not up-to-date, some functionality will not be available")
@netifaces = false
end

37
tools/list_interfaces.rb
View File

@ -23,37 +23,40 @@ $:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
if RUBY_PLATFORM == "i386-mingw32"
begin
require 'pcaprub'
require 'network_interface'
rescue ::Exception => e
$stderr.puts "Error: pcaprub is not installed..."
$stderr.puts "Error: NetworkInterface is not installed..."
exit
end
unless (Pcap.respond_to?(:lookupaddrs) and
Pcap.respond_to?(:interfaces) and
Pcap.respond_to?(:addresses))
$stderr.puts "Error: Looks like you are not running the latest version of pcaprub"
unless (
NetworkInterface.respond_to?(:interfaces) and
NetworkInterface.respond_to?(:addresses) and
NetworkInterface.respond_to?(:interface_info)
)
$stderr.puts "Error: Looks like you are not running the latest version of NetworkInterface"
exit
end
found = false
Pcap.interfaces.each_with_index do |iface, i|
NetworkInterface.interfaces.each_with_index do |iface, i|
found = true
detail = Pcap.interface_info(iface)
addr = Pcap.addresses(iface)
detail = NetworkInterface.interface_info(iface)
addr = NetworkInterface.addresses(iface)
puts "#" * 70
puts ""
puts "INDEX : " + (i + 1).to_s
puts "NAME : " + detail["name"]
puts "DESCRIPTION : " + detail["description"]
puts "GUID : " + detail["guid"]
if addr[Pcap::AF_LINK][0]['addr']
puts "MAC ADDRESSE : #{addr[Pcap::AF_LINK][0]['addr']}"
if addr[NetworkInterface::AF_LINK][0]['addr']
puts "MAC ADDRESS : #{addr[NetworkInterface::AF_LINK][0]['addr']}"
else
puts "MAC ADDRESSE : NONE"
puts "MAC ADDRESS : NONE"
end
if addr[Pcap::AF_INET][0]['addr'] and addr[Pcap::AF_INET][0]['netmask']
puts "IP ADDRESSE : #{addr[Pcap::AF_INET][0]['addr']}/#{addr[Pcap::AF_INET][0]['netmask']}"
if addr[NetworkInterface::AF_INET][0]['addr'] and addr[NetworkInterface::AF_INET][0]['netmask']
puts "IP ADDRESS : #{addr[NetworkInterface::AF_INET][0]['addr']}/#{addr[NetworkInterface::AF_INET][0]['netmask']}"
else
puts "IP ADDRESSE : NONE"
puts "IP ADDRESS : NONE"
end
puts ""
end
@ -63,8 +66,6 @@ if RUBY_PLATFORM == "i386-mingw32"
$stderr.puts "Error, no network interfaces have been detected"
end
else
$stderr.puts "Error: This script is usefull only on Windows, under other OS just use the built-in commands (ifconfig, ip link show, ...)"
$stderr.puts "Error: This script is useful only on Windows, under other OS just use the built-in commands (ifconfig, ip link show, ...)"
exit
end