infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add path selection for GET requests 

Also remove instances where workspace is passed for
single object lookups since it is no longer required
GSoC/Meterpreter_Web_Console
James Barnett 2018-07-30 13:56:34 -05:00
parent 4c92de0b55
commit d1f09ca81c
No known key found for this signature in database
GPG Key ID: 647983861A4EC5EA
15 changed files with 43 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb
View File

@ -15,7 +15,7 @@ module CredentialDataProxy
opts[:workspace_id] = workspace.id
opts[:private_data] = opts.delete(:password)
opts[:private_type] = :password
old_core = data_service.creds(id: opts.delete(:core_id), workspace: workspace.name).first
old_core = data_service.creds(id: opts.delete(:core_id)).first
if old_core
opts[:originating_core_id] = old_core.id
opts[:origin_type] = :cracked_password

16
lib/metasploit/framework/data_service/remote/http/core.rb
View File

@ -204,6 +204,22 @@ class RemoteHTTPDataService
return false
end
# Select the correct path for GET request based on the options parameters provided.
# If 'id' is present, the user is requesting a single record and should use
# api/<version>/<resource>/ID path.
#
# @param [Hash] opts The parameters for the request
# @param [String] path The base resource path for the endpoint
#
# @return [String] The correct path for the request.
def get_path_select(opts, path)
if opts.key?(:id)
path = "#{path}/#{opts[:id]}"
opts.delete(:id)
end
path
end
#########
protected
#########

3
lib/metasploit/framework/data_service/remote/http/remote_credential_data_service.rb
View File

@ -8,7 +8,8 @@ module RemoteCredentialDataService
CREDENTIAL_MDM_CLASS = 'Metasploit::Credential::Core'
def creds(opts = {})
data = self.get_data(CREDENTIAL_API_PATH, nil, opts)
path = get_path_select(opts, CREDENTIAL_API_PATH)
data = self.get_data(path, nil, opts)
rv = json_to_mdm_object(data, CREDENTIAL_MDM_CLASS, [])
parsed_body = JSON.parse(data.response.body, symbolize_names: true)
data = parsed_body[:data]

3
lib/metasploit/framework/data_service/remote/http/remote_host_data_service.rb
View File

@ -8,7 +8,8 @@ module RemoteHostDataService
HOST_MDM_CLASS = 'Mdm::Host'
def hosts(opts)
json_to_mdm_object(self.get_data(HOST_API_PATH, nil, opts), HOST_MDM_CLASS, [])
path = get_path_select(opts, HOST_API_PATH)
json_to_mdm_object(self.get_data(path, nil, opts), HOST_MDM_CLASS, [])
end
def get_host(opts)

3
lib/metasploit/framework/data_service/remote/http/remote_login_data_service.rb
View File

@ -8,7 +8,8 @@ module RemoteLoginDataService
LOGIN_MDM_CLASS = 'Metasploit::Credential::Login'
def logins(opts)
json_to_mdm_object(self.get_data(LOGIN_API_PATH, opts), LOGIN_MDM_CLASS, [])
path = get_path_select(opts, LOGIN_API_PATH)
json_to_mdm_object(self.get_data(path, nil, opts), LOGIN_MDM_CLASS, [])
end
def create_credential_login(opts)

3
lib/metasploit/framework/data_service/remote/http/remote_loot_data_service.rb
View File

@ -7,8 +7,9 @@ module RemoteLootDataService
LOOT_MDM_CLASS = 'Mdm::Loot'
def loot(opts = {})
path = get_path_select(opts, LOOT_API_PATH)
# TODO: Add an option to toggle whether the file data is returned or not
loots = json_to_mdm_object(self.get_data(LOOT_API_PATH, nil, opts), LOOT_MDM_CLASS, [])
loots = json_to_mdm_object(self.get_data(path, nil, opts), LOOT_MDM_CLASS, [])
# Save a local copy of the file
loots.each do |loot|
if loot.data

3
lib/metasploit/framework/data_service/remote/http/remote_note_data_service.rb
View File

@ -7,7 +7,8 @@ module RemoteNoteDataService
NOTE_MDM_CLASS = 'Mdm::Note'
def notes(opts)
json_to_mdm_object(self.get_data(NOTE_API_PATH, nil, opts), NOTE_MDM_CLASS, [])
path = get_path_select(opts, NOTE_API_PATH)
json_to_mdm_object(self.get_data(path, nil, opts), NOTE_MDM_CLASS, [])
end
def report_note(opts)

3
lib/metasploit/framework/data_service/remote/http/remote_service_data_service.rb
View File

@ -3,7 +3,8 @@ module RemoteServiceDataService
SERVICE_MDM_CLASS = 'Mdm::Service'
def services(opts)
json_to_mdm_object(self.get_data(SERVICE_API_PATH, nil, opts), SERVICE_MDM_CLASS, [])
path = get_path_select(opts, SERVICE_API_PATH)
json_to_mdm_object(self.get_data(path, nil, opts), SERVICE_MDM_CLASS, [])
end
def report_service(opts)

3
lib/metasploit/framework/data_service/remote/http/remote_session_data_service.rb
View File

@ -7,7 +7,8 @@ module RemoteSessionDataService
SESSION_MDM_CLASS = 'Mdm::Session'
def sessions(opts)
json_to_mdm_object(self.get_data(SESSION_API_PATH, nil, opts), SESSION_MDM_CLASS, [])
path = get_path_select(opts, SESSION_API_PATH)
json_to_mdm_object(self.get_data(path, nil, opts), SESSION_MDM_CLASS, [])
end
def report_session(opts)

3
lib/metasploit/framework/data_service/remote/http/remote_session_event_data_service.rb
View File

@ -7,7 +7,8 @@ module RemoteSessionEventDataService
SESSION_EVENT_MDM_CLASS = 'Mdm::SessionEvent'
def session_events(opts = {})
json_to_mdm_object(self.get_data(SESSION_EVENT_API_PATH, nil, opts), SESSION_EVENT_MDM_CLASS, [])
path = get_path_select(opts, SESSION_EVENT_API_PATH)
json_to_mdm_object(self.get_data(path, nil, opts), SESSION_EVENT_MDM_CLASS, [])
end
def report_session_event(opts)

3
lib/metasploit/framework/data_service/remote/http/remote_vuln_attempt_data_service.rb
View File

@ -7,7 +7,8 @@ module RemoteVulnAttemptDataService
VULN_ATTEMPT_MDM_CLASS = 'Mdm::VulnAttempt'
def vuln_attempts(opts)
json_to_mdm_object(self.get_data(VULN_ATTEMPT_API_PATH, nil, opts), VULN_ATTEMPT_MDM_CLASS, [])
path = get_path_select(opts, VULN_ATTEMPT_API_PATH)
json_to_mdm_object(self.get_data(path, nil, opts), VULN_ATTEMPT_MDM_CLASS, [])
end
def report_vuln_attempt(vuln, opts)

3
lib/metasploit/framework/data_service/remote/http/remote_vuln_data_service.rb
View File

@ -7,7 +7,8 @@ module RemoteVulnDataService
VULN_MDM_CLASS = 'Mdm::Vuln'
def vulns(opts)
json_to_mdm_object(self.get_data(VULN_API_PATH, nil, opts), VULN_MDM_CLASS, [])
path = get_path_select(opts, VULN_API_PATH)
json_to_mdm_object(self.get_data(path, nil, opts), VULN_MDM_CLASS, [])
end
def report_vuln(opts)

3
lib/metasploit/framework/data_service/remote/http/remote_workspace_data_service.rb
View File

@ -30,7 +30,8 @@ module RemoteWorkspaceDataService
end
def workspaces(opts)
json_to_mdm_object(self.get_data(WORKSPACE_API_PATH, nil, opts), WORKSPACE_MDM_CLASS, [])
path = get_path_select(opts, WORKSPACE_API_PATH)
json_to_mdm_object(self.get_data(path, nil, opts), WORKSPACE_MDM_CLASS, [])
end
def delete_workspaces(opts)

2
lib/msf/core/db_manager/http/servlet/vuln_attempt_servlet.rb
View File

@ -37,7 +37,7 @@ module VulnAttemptServlet
job = lambda { |opts|
vuln_id = opts.delete(:vuln_id)
wspace = opts.delete(:workspace)
vuln = get_db.vulns(id: vuln_id, workspace: wspace).first
vuln = get_db.vulns(id: vuln_id).first
get_db.report_vuln_attempt(vuln, opts)
}
exec_report_job(request, &job)

7
lib/msf/ui/console/command_dispatcher/creds.rb
View File

@ -412,10 +412,10 @@ class Creds
origin = ''
if core.origin.kind_of?(Metasploit::Credential::Origin::Service)
service = framework.db.services(id: core.origin.service_id, workspace: framework.db.workspace).first
service = framework.db.services(id: core.origin.service_id).first
origin = service.host.address
elsif core.origin.kind_of?(Metasploit::Credential::Origin::Session)
session = framework.db.sessions(id: core.origin.session_id, workspace: framework.db.workspace).first
session = framework.db.sessions(id: core.origin.session_id).first
origin = session.host.address
end
@ -443,8 +443,7 @@ class Creds
]
else
core.logins.each do |login|
service = framework.db.services(id: login.service_id, workspace: framework.db.workspace).first
service = framework.db.services(id: login.service_id).first
# If none of this Core's associated Logins is for a host within
# the user-supplied RangeWalker, then we don't have any reason to
# print it out. However, we treat the absence of ranges as meaning