metasploit-framework/lib/msf/core/rpc/module.rb

325 lines
6.3 KiB
Ruby

##
# $Id$
##
module Msf
module RPC
class Module < Base
def exploits(token)
authenticate(token)
{ "modules" => @framework.exploits.keys }
end
def auxiliary(token)
authenticate(token)
{ "modules" => @framework.auxiliary.keys }
end
def payloads(token)
authenticate(token)
{ "modules" => @framework.payloads.keys }
end
def encoders(token)
authenticate(token)
{ "modules" => @framework.encoders.keys }
end
def nops(token)
authenticate(token)
{ "modules" => @framework.nops.keys }
end
def post(token)
authenticate(token)
{ "modules" => @framework.post.keys }
end
def info(token, mtype, mname)
authenticate(token)
m = _find_module(mtype,mname)
res = {}
res['name'] = m.name
res['description'] = m.description
res['license'] = m.license
res['filepath'] = m.file_path
res['version'] = m.version
res['rank'] = m.rank.to_i
res['references'] = []
m.references.each do |r|
res['references'] << [r.ctx_id, r.ctx_val]
end
res['authors'] = []
m.each_author do |a|
res['authors'] << a.to_s
end
if(m.type == "exploit")
res['targets'] = {}
m.targets.each_index do |i|
res['targets'][i] = m.targets[i].name
end
if (m.default_target)
res['default_target'] = m.default_target
end
end
if(m.type == "auxiliary")
res['actions'] = {}
m.actions.each_index do |i|
res['actions'][i] = m.actions[i].name
end
if (m.default_action)
res['default_action'] = m.default_action
end
end
res
end
def compatible_payloads(token, mname)
authenticate(token)
m = _find_module('exploit',mname)
if(not m)
raise ::XMLRPC::FaultException.new(404, "unknown module")
end
res = {}
res['payloads'] = []
m.compatible_payloads.each do |k|
res['payloads'] << k[0]
end
res
end
def compatible_sessions(token, mname)
authenticate(token)
m = _find_module('post',mname)
if(not m)
raise ::XMLRPC::FaultException.new(404, "unknown module")
end
res = {}
res['sessions'] = m.compatible_sessions
res
end
def target_compatible_payloads(token, mname, target)
authenticate(token)
m = _find_module('exploit',mname)
if(not m)
raise ::XMLRPC::FaultException.new(404, "unknown module")
end
res = {}
res['payloads'] = []
m.datastore['TARGET'] = target.to_i
m.compatible_payloads.each do |k|
res['payloads'] << k[0]
end
res
end
def options(token, mtype, mname)
authenticate(token)
m = _find_module(mtype,mname)
res = {}
m.options.each_key do |k|
o = m.options[k]
res[k] = {
'type' => o.type,
'required' => o.required,
'advanced' => o.advanced,
'evasion' => o.evasion,
'desc' => o.desc
}
if(not o.default.nil?)
res[k]['default'] = o.default
end
if(o.enums.length > 1)
res[k]['enums'] = o.enums
end
end
res
end
def execute(token, mtype, mname, opts)
authenticate(token)
mod = _find_module(mtype,mname)
case mtype
when 'exploit'
_run_exploit(mod, opts)
when 'auxiliary'
_run_auxiliary(mod, opts)
when 'payload'
_run_payload(mod, opts)
when 'post'
_run_post(mod, opts)
end
end
def encode(token, data, encoder, options)
authenticate(token)
buf = Rex::Text.decode_base64(data)
# Load supported formats
supported_formats = Msf::Simple::Buffer.transform_formats + Msf::Util::EXE.to_executable_fmt_formats
if (fmt = options['format'])
if not supported_formats.include?(fmt)
raise ::XMLRPC::FaultException.new(500, "failed to generate: invalid format: #{fmt}")
end
end
badchars = ''
if options['badchars']
badchars = Rex::Text.hex_to_raw(options['badchars'])
end
plat = nil
if options['plat']
plat = Msf::Module::PlatformList.transform(val)
end
arch = nil
if options['arch']
arch = options['arch']
end
ecount = 1
if options['ecount']
ecount = options['ecount'].to_i
end
exeopts = {
:inject => options['inject'],
:template => options['altexe'],
:template_path => options['exedir']
}
enc = $framework.encoders.create(encoder)
begin
# Imports options
enc.datastore.update(options)
eout = buf.dup
raw = nil
1.upto(ecount) do |iteration|
# Encode it up
raw = enc.encode(eout, badchars, nil, plat)
end
output = Msf::Util::EXE.to_executable_fmt($framework, arch, plat, raw, fmt, exeopts)
if not output
fmt ||= "ruby"
output = Msf::Simple::Buffer.transform(raw, fmt)
end
# How to warn?
#if exeopts[:fellback]
# $stderr.puts(OutError + "Warning: Falling back to default template: #{exeopts[:fellback]}")
#end
{"encoded" => Rex::Text.encode_base64(output.to_s)}
rescue => e
raise ::XMLRPC::FaultException.new(500, "#{enc.refname} failed: #{e} #{e.backtrace}")
end
end
private
def _find_module(mtype,mname)
mod = @framework.modules.create(mname)
if(not mod)
raise ::XMLRPC::FaultException.new(404, "unknown module")
end
mod
end
def _run_exploit(mod, opts)
s = Msf::Simple::Exploit.exploit_simple(mod, {
'Payload' => opts['PAYLOAD'],
'Target' => opts['TARGET'],
'RunAsJob' => true,
'Options' => opts
})
{"result" => "success"}
end
def _run_auxiliary(mod, opts)
Msf::Simple::Auxiliary.run_simple(mod, {
'Action' => opts['ACTION'],
'RunAsJob' => true,
'Options' => opts
})
{"result" => "success"}
end
def _run_payload(mod, opts)
badchars = [opts['BadChars'] || ''].pack("H*")
fmt = opts['Format'] || 'raw'
force = opts['ForceEncode'] || false
template = opts['Template'] || nil
plat = opts['Platform'] || nil
keep = opts['KeepTemplateWorking'] || false
force = opts['ForceEncode'] || false
sled_size = opts['NopSledSize'].to_i || 0
iter = opts['Iterations'].to_i || 0
begin
res = Msf::Simple::Payload.generate_simple(mod, {
'BadChars' => badchars,
'Encoder' => opts['Encoder'],
'Format' => fmt,
'NoComment' => true,
'NopSledSize' => sled_size,
'Options' => opts,
'ForceEncode' => force,
'Template' => template,
'Platform' => plat,
'KeepTemplateWorking' => keep,
'Iterations' => iter
})
{"result" => "success", "payload" => res.unpack("H*")[0]}
rescue ::Exception => e
raise ::XMLRPC::FaultException.new(500, "failed to generate: #{e.message}")
end
end
def _run_post(mod, opts)
Msf::Simple::Post.run_simple(mod, {
'RunAsJob' => true,
'Options' => opts
})
{"result" => "success"}
end
end
end
end