From 2238363e4d241a2277e194ed8780ec1e4576d107 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Thu, 17 May 2012 13:50:44 -0500 Subject: [PATCH 1/4] Fixes the normalize mem leak in host.rb MDM model This should not be pushed up though, because we really need to fix in MDM proper. --- .../metasploit_data_models/active_record_models/host.rb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb index 9d27ac30b0..d92218f40c 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb @@ -98,10 +98,10 @@ module MetasploitDataModels::ActiveRecordModels::Host # Note that we're already restricting the query to this host by using # host.notes instead of Note, so don't need a host_id in the # conditions. - fingers = host.notes.find(:all, + fingerprintable_notes = self.notes.find(:all, :conditions => [ "ntype like '%%fingerprint'" ] ) - fingers.each do |fp| + fingerprintable_notes.each do |fp| next if not validate_fingerprint_data(fp) norm = normalize_scanner_fp(fp) wvers[norm[:os_sp]] = wvers[norm[:os_sp]].to_i + (100 * norm[:certainty]) @@ -124,8 +124,9 @@ module MetasploitDataModels::ActiveRecordModels::Host # has an opinion and which doesn't. It would also be nice to # identify "impossible" combinations of services and alert that # something funny is going on. - host.services.each do |s| - next if not s.info + # XXX: This hack solves the memory leak generated by self.services.each {} + fingerprintable_services = self.services.find(:all, :conditions => [ "name is not null and name != ''" ]) + fingerprinatable_services.each do |s| points = 0 case s.name when 'smb' From 4a5064a21e7ac2d299a0b921fd4fd0f93f190d15 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Thu, 17 May 2012 13:58:22 -0500 Subject: [PATCH 2/4] Typo on fingerprintable --- .../lib/metasploit_data_models/active_record_models/host.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb index d92218f40c..507702b01c 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb @@ -126,7 +126,7 @@ module MetasploitDataModels::ActiveRecordModels::Host # something funny is going on. # XXX: This hack solves the memory leak generated by self.services.each {} fingerprintable_services = self.services.find(:all, :conditions => [ "name is not null and name != ''" ]) - fingerprinatable_services.each do |s| + fingerprintable_services.each do |s| points = 0 case s.name when 'smb' From c6d91481f7088aedcf263894490505015800c28d Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Thu, 17 May 2012 14:15:13 -0500 Subject: [PATCH 3/4] Updating to skip blank/nil service infos too --- .../lib/metasploit_data_models/active_record_models/host.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb index 507702b01c..1f74262a09 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb @@ -125,7 +125,7 @@ module MetasploitDataModels::ActiveRecordModels::Host # identify "impossible" combinations of services and alert that # something funny is going on. # XXX: This hack solves the memory leak generated by self.services.each {} - fingerprintable_services = self.services.find(:all, :conditions => [ "name is not null and name != ''" ]) + fingerprintable_services = self.services.find(:all, :conditions => [ "name is not null and name != '' and info is not null and info != ''" ]) fingerprintable_services.each do |s| points = 0 case s.name From 373c174af306f359a78eb8c76c83bea60169d518 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Fri, 18 May 2012 12:04:33 -0500 Subject: [PATCH 4/4] Updates MDM from upstream. This pulls in a few recent changes to MDM. --- .../metasploit_data_models/active_record_models/host.rb | 6 ++---- .../metasploit_data_models/active_record_models/loot.rb | 9 +++++++++ .../metasploit_data_models/active_record_models/note.rb | 7 +++++++ .../active_record_models/service.rb | 3 ++- .../active_record_models/session.rb | 7 +++++++ .../metasploit_data_models/active_record_models/vuln.rb | 7 +++++++ .../metasploit_data_models-0.0.2.43DEV.gemspec | 4 ++-- 7 files changed, 36 insertions(+), 7 deletions(-) diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb index 1f74262a09..3af07ebeec 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/host.rb @@ -98,9 +98,7 @@ module MetasploitDataModels::ActiveRecordModels::Host # Note that we're already restricting the query to this host by using # host.notes instead of Note, so don't need a host_id in the # conditions. - fingerprintable_notes = self.notes.find(:all, - :conditions => [ "ntype like '%%fingerprint'" ] - ) + fingerprintable_notes = self.notes.where("ntype like '%%fingerprint'") fingerprintable_notes.each do |fp| next if not validate_fingerprint_data(fp) norm = normalize_scanner_fp(fp) @@ -125,7 +123,7 @@ module MetasploitDataModels::ActiveRecordModels::Host # identify "impossible" combinations of services and alert that # something funny is going on. # XXX: This hack solves the memory leak generated by self.services.each {} - fingerprintable_services = self.services.find(:all, :conditions => [ "name is not null and name != '' and info is not null and info != ''" ]) + fingerprintable_services = self.services.where("name is not null and name != '' and info is not null and info != ''") fingerprintable_services.each do |s| points = 0 case s.name diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/loot.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/loot.rb index 6409f9ae9f..ec0ae2e0b1 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/loot.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/loot.rb @@ -10,6 +10,15 @@ module MetasploitDataModels::ActiveRecordModels::Loot before_destroy :delete_file + scope :search, lambda { |*args| + where(["loots.ltype ILIKE ? OR " + + "loots.name ILIKE ? OR " + + "loots.info ILIKE ? OR " + + "loots.data ILIKE ?", + "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%" + ]) + } + private def delete_file diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/note.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/note.rb index a00387a9c3..cf07710728 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/note.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/note.rb @@ -10,6 +10,13 @@ module MetasploitDataModels::ActiveRecordModels::Note scope :flagged, where('critical = true AND seen = false') scope :visible, where(notes[:ntype].not_in(['web.form', 'web.url', 'web.vuln'])) + scope :search, lambda { |*args| + where(["(data NOT ILIKE 'BAh7%' AND data LIKE ?)" + + "OR (data ILIKE 'BAh7%' AND decode(data, 'base64') LIKE ?)" + + "OR ntype ILIKE ?", + "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%" + ]) + } after_save :normalize diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/service.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/service.rb index 867655aee1..26258a77f4 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/service.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/service.rb @@ -23,8 +23,9 @@ module MetasploitDataModels::ActiveRecordModels::Service where([ "services.name ILIKE ? OR " + "services.info ILIKE ? OR " + + "services.proto ILIKE ? OR " + "services.port = ? ", - "%#{args[0]}%", "%#{args[0]}%", (args[0].to_i > 0) ? args[0].to_i : 99999 + "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%", (args[0].to_i > 0) ? args[0].to_i : 99999 ]) } diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/session.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/session.rb index 3cf219fab7..1fa49e9778 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/session.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/session.rb @@ -10,10 +10,16 @@ module MetasploitDataModels::ActiveRecordModels::Session scope :alive, where("closed_at IS NULL") scope :dead, where("closed_at IS NOT NULL") + scope :upgradeable, where("closed_at IS NULL AND stype = 'shell' and platform ILIKE '%win%'") serialize :datastore, ::MetasploitDataModels::Base64Serializer.new before_destroy :stop + + def upgradeable? + (self.platform =~ /win/ and self.stype == 'shell') + end + private @@ -21,6 +27,7 @@ module MetasploitDataModels::ActiveRecordModels::Session c = Pro::Client.get rescue nil c.session_stop(self.local_id) rescue nil # ignore exceptions (XXX - ideally, stopped an already-stopped session wouldn't throw XMLRPCException) end + } end end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln.rb index 943baf6bfa..3de7ea1cda 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.0.2.43DEV/lib/metasploit_data_models/active_record_models/vuln.rb @@ -10,6 +10,13 @@ module MetasploitDataModels::ActiveRecordModels::Vuln after_update :save_refs + scope :search, lambda { |*args| + where(["(vulns.name ILIKE ? or vulns.info ILIKE ? or refs.name ILIKE ?)", + "%#{args[0]}%", "%#{args[0]}%", "%#{args[0]}%" + ]). + joins("LEFT OUTER JOIN vulns_refs ON vulns_refs.vuln_id=vulns.id LEFT OUTER JOIN refs ON refs.id=vulns_refs.ref_id") + } + private def save_refs diff --git a/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.0.2.43DEV.gemspec b/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.0.2.43DEV.gemspec index 11d047ef05..d860fcba2a 100644 --- a/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.0.2.43DEV.gemspec +++ b/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.0.2.43DEV.gemspec @@ -6,14 +6,14 @@ Gem::Specification.new do |s| s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version= s.authors = ["Trevor Rosen"] - s.date = "2012-04-24" + s.date = "2012-05-18" s.description = "Implements minimal ActiveRecord models and database helper code used in both the Metasploit Framework (MSF) and Metasploit commercial editions." s.email = ["trevor_rosen@rapid7.com"] s.executables = ["mdm_console"] s.files = ["bin/mdm_console"] s.homepage = "" s.require_paths = ["lib"] - s.rubygems_version = "1.8.21" + s.rubygems_version = "1.8.15" s.summary = "Database code for MSF and Metasploit Pro" if s.respond_to? :specification_version then