Browse Source

more docker work

Christian Mehlmauer 1 year ago
parent
commit
50351320d7
No account linked to committer's email address

+ 1
- 1
.dockerignore View File

@@ -34,7 +34,7 @@ config/database.yml
34 34
 # target config file for testing
35 35
 features/support/targets.yml
36 36
 # simplecov coverage data
37
-coverage
37
+coverage/
38 38
 doc/
39 39
 external/source/meterpreter/java/bin
40 40
 external/source/meterpreter/java/build

+ 1
- 0
.gitignore View File

@@ -88,6 +88,7 @@ data/meterpreter/ext_server_pivot.*.dll
88 88
 
89 89
 # local docker compose overrides
90 90
 docker-compose.local*
91
+.env
91 92
 
92 93
 # Ignore python bytecode
93 94
 *.pyc

+ 8
- 6
Dockerfile View File

@@ -1,14 +1,17 @@
1 1
 FROM ruby:2.4.2-alpine
2
-MAINTAINER Rapid7
2
+LABEL maintainer="Rapid7"
3 3
 
4 4
 ARG BUNDLER_ARGS="--jobs=8 --without development test coverage"
5 5
 ENV APP_HOME /usr/src/metasploit-framework/
6 6
 ENV MSF_USER msf
7 7
 ENV NMAP_PRIVILEGED=""
8
+ENV BUNDLE_IGNORE_MESSAGES="true"
8 9
 WORKDIR $APP_HOME
9 10
 
10
-COPY Gemfile* m* Rakefile $APP_HOME
11
-COPY lib $APP_HOME/lib
11
+COPY Gemfile* metasploit-framework.gemspec Rakefile $APP_HOME
12
+COPY lib/metasploit/framework/version.rb $APP_HOME/lib/metasploit/framework/version.rb
13
+COPY lib/metasploit/framework/rails_version_constraint.rb $APP_HOME/lib/metasploit/framework/rails_version_constraint.rb
14
+COPY lib/msf/util/helper.rb $APP_HOME/lib/msf/util/helper.rb
12 15
 
13 16
 RUN apk update && \
14 17
     apk add \
@@ -36,8 +39,7 @@ RUN apk update && \
36 39
       ncurses-dev \
37 40
       git \
38 41
     && echo "gem: --no-ri --no-rdoc" > /etc/gemrc \
39
-    # this currently fails: https://github.com/rubygems/rubygems/issues/2064
40
-    # && gem update --system \
42
+    && gem update --system \
41 43
     && gem install bundler \
42 44
     && bundle install --system $BUNDLER_ARGS \
43 45
     && apk del .ruby-builddeps \
@@ -46,7 +48,7 @@ RUN apk update && \
46 48
 RUN adduser -g msfconsole -D $MSF_USER
47 49
 
48 50
 RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which ruby)
49
-RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip /usr/bin/nmap
51
+RUN /usr/sbin/setcap cap_net_raw,cap_net_bind_service=+eip $(which nmap)
50 52
 
51 53
 USER $MSF_USER
52 54
 

docker/docker-compose.development.override.yml → docker-compose.override.yml View File

@@ -1,13 +1,14 @@
1
-version: '2'
1
+version: '3'
2 2
 
3 3
 services:
4 4
   ms:
5 5
     build:
6
+      context: .
7
+      dockerfile: ./Dockerfile
6 8
       args:
7 9
         BUNDLER_ARGS: --jobs=8
8 10
     image: metasploit:dev
9 11
     environment:
10 12
       DATABASE_URL: postgres://postgres@db:5432/msf_dev
11
-
12 13
     volumes:
13 14
       - .:/usr/src/metasploit-framework

+ 3
- 6
docker-compose.yml View File

@@ -1,10 +1,7 @@
1
-version: '2'
1
+version: '3'
2 2
 services:
3 3
   ms:
4
-    image: metasploit
5
-    build:
6
-      context: .
7
-      dockerfile: ./Dockerfile
4
+    image: metasploitframework/metasploit-framework:latest
8 5
     environment:
9 6
       DATABASE_URL: postgres://postgres@db:5432/msf
10 7
     links:
@@ -16,7 +13,7 @@ services:
16 13
       - /etc/localtime:/etc/localtime:ro
17 14
 
18 15
   db:
19
-    image: postgres:9-alpine
16
+    image: postgres:10-alpine
20 17
     volumes:
21 18
       - pg_data:/var/lib/postgresql/data
22 19
 

+ 14
- 34
docker/README.md View File

@@ -3,43 +3,36 @@
3 3
 
4 4
 To run `msfconsole`
5 5
 ```bash
6
+docker-compose build
6 7
 docker-compose run --rm --service-ports ms
7 8
 ```
8
-
9
-To run `msfvenom`
9
+or
10 10
 ```bash
11
-docker-compose run --rm ms ./msfvenom
11
+./docker/bin/msfconsole
12 12
 ```
13 13
 
14
-### I don't like typing `docker-compose --rm ...`
15
-
16
-We have included some binstubs `./bin`, you can symlink them to your path.
17
-
18
-Assuming you have `$HOME/bin`, and it's in your `$PATH`. You can run this from the project root:
19
-
14
+To run `msfvenom`
20 15
 ```bash
21
-ln -s `pwd`/docker/bin/msfconsole $HOME/bin/
22
-ln -s `pwd`/docker/bin/msfvenom $HOME/bin/
16
+docker-compose build
17
+docker-compose run --rm --no-deps ms ./msfvenom
23 18
 ```
24
-
25
-If you set the environment variable `MSF_BUILD` the container will be rebuilt.
26
-
19
+or
27 20
 ```bash
28
-MSF_BUILD=1 ./docker/bin/msfconsole
29
-MSF_BUILD=1 ./docker/bin/msfconsole-dev
21
+./docker/bin/msfvenom
30 22
 ```
31 23
 
24
+You can pass any command line arguments to the binstubs or the docker-compose command and they will be passed to `msfconsole` or `msfvenom`. If you need to rebuild an image (for example when the Gemfile changes) you need to build the docker image using `docker-compose build` or supply the `--rebuild` parameter to the binstubs.
25
+
32 26
 ### But I want reverse shells...
33 27
 
34
-By default we expose port `4444`. You'll need to set `LHOST` to be a hostname/ip
35
-of your host machine.
28
+By default we expose port `4444`.
36 29
 
37 30
 If you want to expose more ports, or have `LHOST` prepopulated with a specific
38 31
 value; you'll need to setup a local docker-compose override for this.
39 32
 
40
-Create `docker/docker-compose.local.override.yml` with:
33
+Create `docker-compose.local.override.yml` with:
41 34
 ```yml
42
-version: '2'
35
+version: '3'
43 36
 services:
44 37
   ms:
45 38
     environment:
@@ -56,19 +49,6 @@ Now you need to set the `COMPOSE_FILE` environment variable to load your local
56 49
 override.
57 50
 
58 51
 ```bash
59
-echo "COMPOSE_FILE=./docker-compose.yml:./docker/docker-compose.local.override.yml" >> .env
52
+echo "COMPOSE_FILE=./docker-compose.yml:./docker-compose.override.yml:./docker-compose.local.override.yml" >> .env
60 53
 ```
61 54
 Now you should be able get reverse shells working
62
-
63
-## Developing
64
-
65
-To setup you environment for development, you need to add `docker/docker-compose.development.override.yml`
66
-to your `COMPOSE_FILE` environment variable.
67
-
68
-If you don't have a `COMPOSE_FILE` environment variable, you can set it up with this:
69
-
70
-```bash
71
-echo "COMPOSE_FILE=./docker-compose.yml:./docker/docker-compose.development.override.yml" >> .env
72
-```
73
-
74
-Alternatively you can also use the `msfconsole-dev` binstub.

+ 7
- 3
docker/bin/msfconsole View File

@@ -19,8 +19,12 @@ fi
19 19
 
20 20
 cd $MSF_PATH
21 21
 
22
-if [[ -n "$MSF_BUILD" ]]; then
23
-  docker-compose -f $MSF_PATH/docker-compose.yml build
22
+PARAMS="$@"
23
+
24
+if [[ $PARAMS == *"--rebuild"* ]]; then
25
+  echo "Rebuilding image"
26
+  docker-compose build
27
+  exit $?
24 28
 fi
25 29
 
26
-docker-compose run --rm --service-ports ms ./msfconsole -r docker/msfconsole.rc "$@"
30
+docker-compose run --rm --service-ports ms ./msfconsole -r docker/msfconsole.rc "$PARAMS"

+ 0
- 27
docker/bin/msfconsole-dev View File

@@ -1,27 +0,0 @@
1
-#! /bin/bash
2
-
3
-if [[ -z "$MSF_PATH" ]]; then
4
-  path=`dirname $0`
5
-
6
-  # check for ./docker/msfconsole.rc
7
-  if [[ ! -f $path/../msfconsole.rc ]] ; then
8
-
9
-    # we are not inside the project
10
-    realpath --version > /dev/null 2>&1 || { echo >&2 "I couldn't find where metasploit is. Set \$MSF_PATH or execute this from the project root"; exit 1 ;}
11
-
12
-    # determine script path
13
-    pushd $(dirname $(realpath $0)) > /dev/null
14
-    path=$(pwd)
15
-    popd > /dev/null
16
-  fi
17
-  MSF_PATH=$(dirname $(dirname $path))
18
-fi
19
-
20
-cd $MSF_PATH
21
-
22
-if [[ -n "$MSF_BUILD" ]]; then
23
-  docker-compose -f $MSF_PATH/docker-compose.yml -f $MSF_PATH/docker/docker-compose.development.override.yml build
24
-fi
25
-
26
-docker-compose -f $MSF_PATH/docker-compose.yml -f $MSF_PATH/docker/docker-compose.development.override.yml run --rm --service-ports ms ./msfconsole -r docker/msfconsole.rc "$@"
27
-

+ 10
- 4
docker/bin/msfvenom View File

@@ -17,9 +17,15 @@ if [[ -z "$MSF_PATH" ]]; then
17 17
   MSF_PATH=$(dirname $(dirname $path))
18 18
 fi
19 19
 
20
-if [[ -n "$MSF_BUILD" ]]; then
21
-  docker-compose -f $MSF_PATH/docker-compose.yml build
20
+cd $MSF_PATH
21
+
22
+PARAMS="$@"
23
+
24
+if [[ $PARAMS == *"--rebuild"* ]]; then
25
+  echo "Rebuilding image"
26
+  docker-compose build
27
+  exit $?
22 28
 fi
23 29
 
24
-cd $MSF_PATH
25
-docker-compose run --rm --service-ports ms ./msfvenom "$@"
30
+# we need no database here
31
+docker-compose run --rm --no-deps ms ./msfvenom "$PARAMS"

+ 0
- 26
docker/bin/msfvenom-dev View File

@@ -1,26 +0,0 @@
1
-#! /bin/bash
2
-
3
-if [[ -z "$MSF_PATH" ]]; then
4
-  path=`dirname $0`
5
-
6
-  # check for ./docker/msfconsole.rc
7
-  if [[ ! -f $path/../msfconsole.rc ]] ; then
8
-
9
-    # we are not inside the project
10
-    realpath --version > /dev/null 2>&1 || { echo >&2 "I couldn't find where metasploit is. Set \$MSF_PATH or execute this from the project root"; exit 1 ;}
11
-
12
-    # determine script path
13
-    pushd $(dirname $(realpath $0)) > /dev/null
14
-    path=$(pwd)
15
-    popd > /dev/null
16
-  fi
17
-  MSF_PATH=$(dirname $(dirname $path))
18
-fi
19
-
20
-cd $MSF_PATH
21
-
22
-if [[ -n "$MSF_BUILD" ]]; then
23
-  docker-compose -f $MSF_PATH/docker-compose.yml -f $MSF_PATH/docker/docker-compose.development.override.yml build
24
-fi
25
-
26
-docker-compose -f $MSF_PATH/docker-compose.yml -f $MSF_PATH/docker/docker-compose.development.override.yml run --rm --service-ports ms ./msfvenom "$@"

+ 2
- 0
lib/msf/ui/console/command_dispatcher/db.rb View File

@@ -1826,6 +1826,8 @@ class Db
1826 1826
     if (path)
1827 1827
       auth, dest = path.split('@')
1828 1828
       (dest = auth and auth = nil) if not dest
1829
+      # remove optional scheme in database url
1830
+      auth = auth.sub(/^\w+:\/\//, "") if auth
1829 1831
       res[:user],res[:pass] = auth.split(':') if auth
1830 1832
       targ,name = dest.split('/')
1831 1833
       (name = targ and targ = nil) if not name

Loading…
Cancel
Save