From e49ccef747cb1d85f869f1c0c8450abf26d04801 Mon Sep 17 00:00:00 2001 From: "sussurro@happypacket.net" Date: Wed, 29 Dec 2010 21:32:49 +0000 Subject: [PATCH] Library bindings to bring in new Metasploit modules as well as handle database pieces git-svn-id: https://beef.googlecode.com/svn/trunk@646 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9 --- lib/loader.rb | 2 ++ lib/migration.rb | 23 ++++++++++++++++++++++- lib/ui/modules/modules.rb | 30 +++++++++++++++++++++++++++++- 3 files changed, 53 insertions(+), 2 deletions(-) diff --git a/lib/loader.rb b/lib/loader.rb index f71f923cb..ea8d23e69 100644 --- a/lib/loader.rb +++ b/lib/loader.rb @@ -64,6 +64,8 @@ require 'lib/server/inithandler' require 'lib/logger' require 'lib/modules/command' require 'lib/modules/requester' +require 'lib/modules/msfclient' +require 'lib/modules/msfcommand' require 'openssl' diff --git a/lib/migration.rb b/lib/migration.rb index 0f0e42cb4..1247e2a75 100644 --- a/lib/migration.rb +++ b/lib/migration.rb @@ -38,6 +38,27 @@ class Migration BeEF::Models::CommandModule.new(:path => command, :name => /.*\/(\w+)\.rb/.match(command).to_a[1]).save if not db_commands.include? command end end + + msf = BeEF::MsfClient.new() + if(msf.is_enabled) + msf.login() + sploits = msf.browser_exploits() + sploits.each do |sploit| + if not BeEF::Models::CommandModule.first(:name => sploit) + mod = BeEF::Models::CommandModule.new(:path => "Dynamic/Msf", :name => sploit) + mod.save + if mod.dynamic_command_info == nil + msfi = msf.get_exploit_info(sploit) + msfci = BeEF::Models::DynamicCommandInfo.new( + :name => msfi['name'], + :description => msfi['description']) + mod.dynamic_command_info = msfci + mod.save + end + end + end + end + end # @@ -63,4 +84,4 @@ class Migration end -end \ No newline at end of file +end diff --git a/lib/ui/modules/modules.rb b/lib/ui/modules/modules.rb index d815a20b6..8b700d41c 100644 --- a/lib/ui/modules/modules.rb +++ b/lib/ui/modules/modules.rb @@ -188,6 +188,8 @@ class Modules < BeEF::HttpController command_module_name = File.basename command_module_db_details.path, '.rb' # get the name command_module = BeEF::Modules::Commands.const_get(command_module_name.capitalize).new command_module.session_id = hook_session_id + command_module.update_info(command_module_db_details.id) if(command_module_db_details.path.match(/^Dynamic/)) + # set command module treeview display properties command_module_friendly_name = command_module.info['Name'].downcase @@ -257,6 +259,9 @@ class Modules < BeEF::HttpController command_module = BeEF::Models::CommandModule.first(:id => command_module_id) raise WEBrick::HTTPStatus::BadRequest, "Invalid command_module id" if command_module.nil? + # Dynamic modules won't have a real path + return command_module.path if (command_module.path.match(/^Dynamic/)) + # construct command_module path absolute_command_module_path = $root_dir+File::SEPARATOR+command_module.path raise WEBrick::HTTPStatus::BadRequest, "command_module file does not exist" if not File.exists?(absolute_command_module_path) @@ -275,7 +280,11 @@ class Modules < BeEF::HttpController # get the command_module path absolute_command_module_path = get_command_module_path(command_module_id) - @body = command_modules2json([absolute_command_module_path]); + if(absolute_command_module_path.match(/^Dynamic/)) + @body = dynamic_modules2json(command_module_id); + else + @body = command_modules2json([absolute_command_module_path]); + end end # Returns the list of commands for an command_module @@ -445,6 +454,25 @@ class Modules < BeEF::HttpController return {'success' => 'false'}.to_json end end + + def dynamic_modules2json(id) + command_modules_json = {} + + mod = BeEF::Models::CommandModule.first(:id => id) + + return {'success' => 'false'}.to_json if(not mod) + dynamic_type = mod.path.split("/").last + e = BeEF::Modules::Commands.const_get(dynamic_type.capitalize).new + e.update_info(mod.id) + e.update_data() + command_modules_json[1] = JSON.parse(e.to_json) + if not command_modules_json.empty? + return {'success' => 'true', 'command_modules' => command_modules_json}.to_json + else + return {'success' => 'false'}.to_json + end + end + end