Module execution functionality is now decoupled from the admin_ui. See BeEF::Module.execute(). Added Hooked Browser Manager skeleton.

git-svn-id: https://beef.googlecode.com/svn/trunk@1196 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
2011-08-17 02:17:19 +00:00
parent 4e4bfe5483
commit 8fe714881a
5 changed files with 93 additions and 27 deletions
--- a/core/hbmanager.rb
+++ b/core/hbmanager.rb
@@ -0,0 +1,30 @@
+#
+#   Copyright 2011 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+module BeEF
+module HBManager
+    
+    # Get hooked browser by session id
+    def self.get_by_session(sid)
+        BeEF::Core::Models::HookedBrowser.first(:session => sid)
+    end
+
+    # Get hooked browser by id
+    def self.get_by_id(id)
+        BeEF::Core::Models::HookedBrowser.first(:id => id)
+    end
+
+end
+end
--- a/core/loader.rb
+++ b/core/loader.rb
@@ -54,3 +54,4 @@ require 'core/module'
 require 'core/modules'
 require 'core/extension'
 require 'core/extensions'
+require 'core/hbmanager'
--- a/core/main/command.rb
+++ b/core/main/command.rb
@@ -69,7 +69,7 @@ module Core
      @output = ''
      @path = config.get("beef.module.#{key}.path")
      @default_command_url = config.get("beef.module.#{key}.mount")
-      @id = config.get("beef.module.#{key}.id")
+      @id = config.get("beef.module.#{key}.db.id")
      @auto_update_zombie = false
      @results = {}
      @beefjs_components = {}
@@ -158,22 +158,19 @@ module Core
    def output
        f = @path+'command.js'
        raise WEBrick::HTTPStatus::BadRequest, "#{f} file does not exist" if not File.exists? f
+
+        command = BeEF::Core::Models::Command.first(:id => @command_id)
        
        @eruby = Erubis::FastEruby.new(File.read(f)) 
-        
-        if @datastore
-          @datastore['command_url'] = BeEF::Core::Server.instance.get_command_url(@default_command_url)
-          @datastore['command_id'] = @command_id
-          
-          command_context = BeEF::Core::CommandContext.new
-          @datastore.each{|k,v| 
-            command_context[k] = v
-          }
-          
-          @output = @eruby.evaluate(command_context)
-        else
-          @ouput = @eruby.result()
-        end
+
+        data = BeEF::Core::Configuration.instance.get("beef.module.#{@key}")
+        cc = BeEF::Core::CommandContext.new
+        cc['command_url'] = @default_command_url
+        cc['command_id'] = @command_id
+        JSON.parse(command['data']).each{|v|
+            cc[v['name']] = v['value']
+        }
+        @output = @eruby.evaluate(cc)
      
      @output
    end
--- a/core/module.rb
+++ b/core/module.rb
@@ -335,6 +335,48 @@ module Module
        return os
    end

+    # Executes module 
+    def self.execute(mod, hbsession, opts=[])
+        if not (self.is_present(mod) and self.is_enabled(mod))
+            print_error "Module not found '#{mod}'. Failed to execute module."
+            return false
+        end
+        hb = BeEF::HBManager.get_by_session(hbsession)        
+        if not hb
+            print_error "Could not find hooked browser when attempting to execute module '#{mod}'"
+            return false
+        end
+        c = BeEF::Core::Models::Command.new(:data => self.merge_options(mod, opts).to_json,
+            :hooked_browser_id => hb.id,
+            :command_module_id => BeEF::Core::Configuration.instance.get("beef.module.#{mod}.db.id"),
+            :creationdate => Time.new.to_i
+          ).save
+        return true
+    end
+
+    # Merges default module options with array of custom options
+    def self.merge_options(mod, h)
+        if self.is_present(mod)
+            self.check_hard_load(mod)
+            merged = []
+            defaults = self.get_options(mod)
+            h.each{|v|
+                if v.has_key?('name')
+                    match = false
+                    defaults.each{|o|
+                        if o.has_key?('name') and v['name'] == o['name']
+                            match = true
+                            merged.push(o.deep_merge(v))
+                        end
+                    }
+                    merged.push(v) if not match
+                end
+            }
+            return merged
+        end
+        return nil
+    end
+
 end
 end

--- a/extensions/admin_ui/controllers/modules/modules.rb
+++ b/extensions/admin_ui/controllers/modules/modules.rb
@@ -560,18 +560,14 @@ class Modules < BeEF::Extension::AdminUI::HttpController
 	    oc.save
    }

-    zombie = Z.first(:session => zombie_session)
-    raise WEBrick::HTTPStatus::BadRequest, "Zombie is nil" if zombie.nil?
-    zombie_id = zombie.id
-    raise WEBrick::HTTPStatus::BadRequest, "Zombie id is nil" if zombie_id.nil?
-    
-    C.new(  :data => definition.to_json,
-            :hooked_browser_id => zombie_id,
-            :command_module_id => command_module_id,
-            :creationdate => Time.new.to_i
-          ).save
-    
-    @body = '{success : true}'
+    mod_key = BeEF::Module.get_key_by_database_id(command_module_id)
+    # Hack to rework the old option system into the new option system
+    def2 = []
+    definition.each{|k,v|
+        def2.push({'name' => k, 'value' => v})
+    }
+    # End hack
+    @body = (BeEF::Module.execute(mod_key, zombie_session, def2)) ? '{success: true}' : '{success: false}'
  end
  
  # Re-execute an command_module to a zombie.