Mirror of metasploit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

framework.rb 12KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496
  1. # -*- coding: binary -*-
  2. #
  3. # Standard Library
  4. #
  5. require 'monitor'
  6. #
  7. # Project
  8. #
  9. require 'metasploit/framework/version'
  10. require 'msf/base/config'
  11. require 'msf/core'
  12. require 'msf/util'
  13. module Msf
  14. ###
  15. #
  16. # This class is the primary context that modules, scripts, and user
  17. # interfaces interact with. It ties everything together.
  18. #
  19. ###
  20. class Framework
  21. include MonitorMixin
  22. #
  23. # Versioning information
  24. #
  25. Major = Metasploit::Framework::Version::MAJOR
  26. Minor = Metasploit::Framework::Version::MINOR
  27. Point = Metasploit::Framework::Version::PATCH
  28. Release = "-#{Metasploit::Framework::Version::PRERELEASE}"
  29. Version = Metasploit::Framework::VERSION
  30. Revision = "$Revision$"
  31. # EICAR canary
  32. EICARCorrupted = ::Msf::Util::EXE.is_eicar_corrupted?
  33. #
  34. # Mixin meant to be included into all classes that can have instances that
  35. # should be tied to the framework, such as modules.
  36. #
  37. module Offspring
  38. #
  39. # A reference to the framework instance from which this offspring was
  40. # derived.
  41. #
  42. attr_accessor :framework
  43. end
  44. require 'msf/core/thread_manager'
  45. require 'msf/core/module_manager'
  46. require 'msf/core/session_manager'
  47. require 'msf/core/plugin_manager'
  48. require 'msf/core/db_manager'
  49. require 'msf/core/event_dispatcher'
  50. require 'rex/json_hash_file'
  51. #
  52. # Creates an instance of the framework context.
  53. #
  54. def initialize(options={})
  55. self.options = options
  56. # call super to initialize MonitorMixin. #synchronize won't work without this.
  57. super()
  58. # Allow specific module types to be loaded
  59. types = options[:module_types] || Msf::MODULE_TYPES
  60. self.events = EventDispatcher.new(self)
  61. self.modules = ModuleManager.new(self,types)
  62. self.datastore = DataStore.new
  63. self.jobs = Rex::JobContainer.new
  64. self.plugins = PluginManager.new(self)
  65. self.uuid_db = Rex::JSONHashFile.new(::File.join(Msf::Config.config_directory, "payloads.json"))
  66. self.browser_profiles = Hash.new
  67. # Configure the thread factory
  68. Rex::ThreadFactory.provider = Metasploit::Framework::ThreadFactoryProvider.new(framework: self)
  69. subscriber = FrameworkEventSubscriber.new(self)
  70. events.add_exploit_subscriber(subscriber)
  71. events.add_session_subscriber(subscriber)
  72. events.add_general_subscriber(subscriber)
  73. events.add_db_subscriber(subscriber)
  74. events.add_ui_subscriber(subscriber)
  75. end
  76. def inspect
  77. "#<Framework (#{sessions.length} sessions, #{jobs.length} jobs, #{plugins.length} plugins#{db.active ? ", #{db.driver} database active" : ""})>"
  78. end
  79. #
  80. # Returns the module set for encoders.
  81. #
  82. def encoders
  83. return modules.encoders
  84. end
  85. #
  86. # Returns the module set for exploits.
  87. #
  88. def exploits
  89. return modules.exploits
  90. end
  91. #
  92. # Returns the module set for nops
  93. #
  94. def nops
  95. return modules.nops
  96. end
  97. #
  98. # Returns the module set for payloads
  99. #
  100. def payloads
  101. return modules.payloads
  102. end
  103. #
  104. # Returns the module set for auxiliary modules
  105. #
  106. def auxiliary
  107. return modules.auxiliary
  108. end
  109. #
  110. # Returns the module set for post modules
  111. #
  112. def post
  113. return modules.post
  114. end
  115. #
  116. # Returns the framework version in Major.Minor format.
  117. #
  118. def version
  119. Version
  120. end
  121. #
  122. # Event management interface for registering event handler subscribers and
  123. # for interacting with the correlation engine.
  124. #
  125. attr_reader :events
  126. #
  127. # Module manager that contains information about all loaded modules,
  128. # regardless of type.
  129. #
  130. attr_reader :modules
  131. #
  132. # The global framework datastore that can be used by modules.
  133. #
  134. attr_reader :datastore
  135. #
  136. # The framework instance's aux manager. The aux manager is responsible
  137. # for collecting and cataloging all aux information that comes in from
  138. # aux modules.
  139. #
  140. attr_reader :auxmgr
  141. #
  142. # Background job management specific to things spawned from this instance
  143. # of the framework.
  144. #
  145. attr_reader :jobs
  146. #
  147. # The framework instance's plugin manager. The plugin manager is
  148. # responsible for exposing an interface that allows for the loading and
  149. # unloading of plugins.
  150. #
  151. attr_reader :plugins
  152. #
  153. # The framework instance's payload uuid database. The payload uuid
  154. # database is used to record and match the unique ID values embedded
  155. # into generated payloads.
  156. #
  157. attr_reader :uuid_db
  158. #
  159. # The framework instance's browser profile store. These profiles are
  160. # generated by client-side modules and need to be shared across
  161. # different contexts.
  162. #
  163. attr_reader :browser_profiles
  164. # The framework instance's db manager. The db manager
  165. # maintains the database db and handles db events
  166. #
  167. # @return [Msf::DBManager]
  168. def db
  169. synchronize {
  170. @db ||= Msf::DBManager.new(self, options)
  171. }
  172. end
  173. # Session manager that tracks sessions associated with this framework
  174. # instance over the course of their lifetime.
  175. #
  176. # @return [Msf::SessionManager]
  177. def sessions
  178. synchronize {
  179. @sessions ||= Msf::SessionManager.new(self)
  180. }
  181. end
  182. # The framework instance's thread manager. The thread manager
  183. # provides a cleaner way to manage spawned threads
  184. #
  185. # @return [Msf::ThreadManager]
  186. def threads
  187. synchronize {
  188. @threads ||= Msf::ThreadManager.new(self)
  189. }
  190. end
  191. # Whether {#threads} has been initialized
  192. #
  193. # @return [true] if {#threads} has been initialized
  194. # @return [false] otherwise
  195. def threads?
  196. synchronize {
  197. instance_variable_defined? :@threads
  198. }
  199. end
  200. protected
  201. # @!attribute options
  202. # Options passed to {#initialize}
  203. #
  204. # @return [Hash]
  205. attr_accessor :options
  206. attr_writer :events # :nodoc:
  207. attr_writer :modules # :nodoc:
  208. attr_writer :datastore # :nodoc:
  209. attr_writer :auxmgr # :nodoc:
  210. attr_writer :jobs # :nodoc:
  211. attr_writer :plugins # :nodoc:
  212. attr_writer :db # :nodoc:
  213. attr_writer :uuid_db # :nodoc:
  214. attr_writer :browser_profiles # :nodoc:
  215. end
  216. class FrameworkEventSubscriber
  217. include Framework::Offspring
  218. def initialize(framework)
  219. self.framework = framework
  220. end
  221. def report_event(data)
  222. if framework.db.active
  223. framework.db.report_event(data)
  224. end
  225. end
  226. include GeneralEventSubscriber
  227. #
  228. # Generic handler for module events
  229. #
  230. def module_event(name, instance, opts={})
  231. if framework.db.active
  232. event = {
  233. :workspace => framework.db.find_workspace(instance.workspace),
  234. :name => name,
  235. :username => instance.owner,
  236. :info => {
  237. :module_name => instance.fullname,
  238. :module_uuid => instance.uuid
  239. }.merge(opts)
  240. }
  241. report_event(event)
  242. end
  243. end
  244. ##
  245. # :category: ::Msf::GeneralEventSubscriber implementors
  246. def on_module_run(instance)
  247. opts = { :datastore => instance.datastore.to_h }
  248. module_event('module_run', instance, opts)
  249. end
  250. ##
  251. # :category: ::Msf::GeneralEventSubscriber implementors
  252. def on_module_complete(instance)
  253. module_event('module_complete', instance)
  254. end
  255. ##
  256. # :category: ::Msf::GeneralEventSubscriber implementors
  257. def on_module_error(instance, exception=nil)
  258. module_event('module_error', instance, :exception => exception.to_s)
  259. end
  260. include ::Msf::UiEventSubscriber
  261. ##
  262. # :category: ::Msf::UiEventSubscriber implementors
  263. def on_ui_command(command)
  264. if framework.db.active
  265. report_event(:name => "ui_command", :info => {:command => command})
  266. end
  267. end
  268. ##
  269. # :category: ::Msf::UiEventSubscriber implementors
  270. def on_ui_stop()
  271. if framework.db.active
  272. report_event(:name => "ui_stop")
  273. end
  274. end
  275. ##
  276. # :category: ::Msf::UiEventSubscriber implementors
  277. def on_ui_start(rev)
  278. #
  279. # The database is not active at startup time unless msfconsole was
  280. # started with a database.yml, so this event won't always be saved to
  281. # the db. Not great, but best we can do.
  282. #
  283. info = { :revision => rev }
  284. report_event(:name => "ui_start", :info => info)
  285. end
  286. require 'msf/core/session'
  287. include ::Msf::SessionEvent
  288. #
  289. # Generic handler for session events
  290. #
  291. def session_event(name, session, opts={})
  292. address = session.session_host
  293. if not (address and address.length > 0)
  294. elog("Session with no session_host/target_host/tunnel_peer")
  295. dlog("#{session.inspect}", LEV_3)
  296. return
  297. end
  298. if framework.db.active
  299. ws = framework.db.find_workspace(session.workspace)
  300. event = {
  301. :workspace => ws,
  302. :username => session.username,
  303. :name => name,
  304. :host => address,
  305. :info => {
  306. :session_id => session.sid,
  307. :session_info => session.info,
  308. :session_uuid => session.uuid,
  309. :session_type => session.type,
  310. :username => session.username,
  311. :target_host => address,
  312. :via_exploit => session.via_exploit,
  313. :via_payload => session.via_payload,
  314. :tunnel_peer => session.tunnel_peer,
  315. :exploit_uuid => session.exploit_uuid
  316. }.merge(opts)
  317. }
  318. report_event(event)
  319. end
  320. end
  321. ##
  322. # :category: ::Msf::SessionEvent implementors
  323. def on_session_open(session)
  324. opts = { :datastore => session.exploit_datastore.to_h, :critical => true }
  325. session_event('session_open', session, opts)
  326. framework.db.report_session(:session => session)
  327. end
  328. ##
  329. # :category: ::Msf::SessionEvent implementors
  330. def on_session_upload(session, lpath, rpath)
  331. session_event('session_upload', session, :local_path => lpath, :remote_path => rpath)
  332. framework.db.report_session_event({
  333. :etype => 'upload',
  334. :session => session,
  335. :local_path => lpath,
  336. :remote_path => rpath
  337. })
  338. end
  339. ##
  340. # :category: ::Msf::SessionEvent implementors
  341. def on_session_download(session, rpath, lpath)
  342. session_event('session_download', session, :local_path => lpath, :remote_path => rpath)
  343. framework.db.report_session_event({
  344. :etype => 'download',
  345. :session => session,
  346. :local_path => lpath,
  347. :remote_path => rpath
  348. })
  349. end
  350. ##
  351. # :category: ::Msf::SessionEvent implementors
  352. def on_session_close(session, reason='')
  353. session_event('session_close', session)
  354. if session.db_record
  355. # Don't bother saving here, the session's cleanup method will take
  356. # care of that later.
  357. session.db_record.close_reason = reason
  358. session.db_record.closed_at = Time.now.utc
  359. end
  360. end
  361. #def on_session_interact(session)
  362. # $stdout.puts('session_interact', session.inspect)
  363. #end
  364. ##
  365. # :category: ::Msf::SessionEvent implementors
  366. def on_session_command(session, command)
  367. session_event('session_command', session, :command => command)
  368. framework.db.report_session_event({
  369. :etype => 'command',
  370. :session => session,
  371. :command => command
  372. })
  373. end
  374. ##
  375. # :category: ::Msf::SessionEvent implementors
  376. def on_session_output(session, output)
  377. # Break up the output into chunks that will fit into the database.
  378. buff = output.dup
  379. chunks = []
  380. if buff.length > 1024
  381. while buff.length > 0
  382. chunks << buff.slice!(0,1024)
  383. end
  384. else
  385. chunks << buff
  386. end
  387. chunks.each { |chunk|
  388. session_event('session_output', session, :output => chunk)
  389. framework.db.report_session_event({
  390. :etype => 'output',
  391. :session => session,
  392. :output => chunk
  393. })
  394. }
  395. end
  396. ##
  397. # :category: ::Msf::SessionEvent implementors
  398. def on_session_route(session, route)
  399. framework.db.report_session_route(session, route)
  400. end
  401. ##
  402. # :category: ::Msf::SessionEvent implementors
  403. def on_session_route_remove(session, route)
  404. framework.db.report_session_route_remove(session, route)
  405. end
  406. ##
  407. # :category: ::Msf::SessionEvent implementors
  408. def on_session_script_run(session, script)
  409. framework.db.report_session_event({
  410. :etype => 'script_run',
  411. :session => session,
  412. :local_path => script
  413. })
  414. end
  415. ##
  416. # :category: ::Msf::SessionEvent implementors
  417. def on_session_module_run(session, mod)
  418. framework.db.report_session_event({
  419. :etype => 'module_run',
  420. :session => session,
  421. :local_path => mod.fullname
  422. })
  423. end
  424. #
  425. # This is covered by on_module_run and on_session_open, so don't bother
  426. #
  427. #require 'msf/core/exploit'
  428. #include ExploitEvent
  429. #def on_exploit_success(exploit, session)
  430. #end
  431. end
  432. end