Class: Plugin::EvasionDB::ConsoleCommandDispatcher

Inherits:
Object
  • Object
show all
Includes:
Msf::Ui::Console::CommandDispatcher
Defined in:
lib/msf-plugins/evasiondb.rb

Instance Method Summary collapse

Instance Method Details

#cmd_assign_rules_to_attack(*args) ⇒ Object 



122
123
124
125
126
 
# File 'lib/msf-plugins/evasiondb.rb', line 122

def cmd_assign_rules_to_attack(*args)
  raise "please provide an attack module id" if args.size != 1
  a = FIDIUS::EvasionDB::Knowledge::AttackModule.find(args[0].to_i)
  FIDIUS::EvasionDB.current_rule_fetcher.fetch_rules(a)
end

#cmd_config_exploit(*args) ⇒ Object 



175
176
177
178
179
180
181
182
 
# File 'lib/msf-plugins/evasiondb.rb', line 175

def cmd_config_exploit(*args)
  raise "please provide id" if args.size != 1
  exploit = FIDIUS::EvasionDB::Knowledge.get_exploit(args[0].to_i)
  run_cmd("use #{exploit.name}")
  exploit.attack_options.each do |option|
    run_cmd("set #{option.option_key} #{option.option_value}")
  end
end

#cmd_delete_events(*args) ⇒ Object 



169
170
171
172
173
 
# File 'lib/msf-plugins/evasiondb.rb', line 169

def cmd_delete_events(*args)
  raise "please provide id" if args.size != 1
  exploit = FIDIUS::EvasionDB::Knowledge.get_exploit(args[0].to_i)
  exploit.destroy
end

#cmd_fetch_events(*args) ⇒ Object 



215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
 
# File 'lib/msf-plugins/evasiondb.rb', line 215

def cmd_fetch_events(*args)
  FIDIUS::EvasionDB.current_fetcher.local_ip = nil
  events = FIDIUS::EvasionDB.current_fetcher.fetch_events
  if events
    print_status "#{events.size} events generated"
    print_status
    events.each do |e|
      print_line "(#{e.id}) Event(#{e.text}) : #{e.payload_size} bytes payload (#{e.src_ip} -> #{e.dest_ip})"
      print_status "#{e}"
    end
  else
    print_status "0 events generated"
  end
  FIDIUS::EvasionDB.current_fetcher.begin_record
end

#cmd_import_rules(*args) ⇒ Object 



118
119
120
 
# File 'lib/msf-plugins/evasiondb.rb', line 118

def cmd_import_rules(*args)
  FIDIUS::EvasionDB.current_rule_fetcher.import_rules
end

#cmd_send_event_payload(*args) ⇒ Object 



135
136
137
138
139
 
# File 'lib/msf-plugins/evasiondb.rb', line 135

def cmd_send_event_payload(*args)
  raise "please provide packet id" if args.size != 1
  event = FIDIUS::EvasionDB::Knowledge.get_event(args[0].to_i)
  send_payload_to_host(event.payload,event.dest_ip,445)
end

#cmd_send_packet(*args) ⇒ Object 



129
130
131
132
133
 
# File 'lib/msf-plugins/evasiondb.rb', line 129

def cmd_send_packet(*args)
  raise "please provide packet id" if args.size != 1
  packet = FIDIUS::EvasionDB::Knowledge.get_packet(args[0].to_i)
  send_payload_to_host(packet.payload,packet.dest_addr,packet.dest_port)
end

#cmd_set_autologging(*args) ⇒ Object 



164
165
166
167
 
# File 'lib/msf-plugins/evasiondb.rb', line 164

def cmd_set_autologging(*args)
  raise "please use set_autologging true|false" if args.size != 1
  $auto_logging = args[0] == true
end

#cmd_show_event(*args) ⇒ Object 



192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
 
# File 'lib/msf-plugins/evasiondb.rb', line 192

def cmd_show_event(*args)
  raise "please provide event_id" if args.size != 1
  event_id = args[0].to_i
  print_line "event_id:#{event_id}"
  event = FIDIUS::EvasionDB::Knowledge.get_event(event_id)
  packet = FIDIUS::EvasionDB::Knowledge.get_packet_for_event(event_id)
  print_line "(#{event.id}) Event(#{event.text}) : #{event.payload_size} bytes payload"
  if packet
    print_line "#{packet.inspect}"
    print_line "#{packet[:packet].inspect}"
    print_line "PACKET(#{packet[:packet].id}): "
    print_line "#{packet[:packet].payload.size} bytes"
    print_line "match #{packet[:index]} - #{packet[:index]+packet[:length]-1}"
    hex = to_hex_dump(packet[:packet].payload,packet[:index],packet[:index]+packet[:length]-1)
    print_line hex
  else
    print_line "no packets available"
  end
  print_line "EVENT PAYLOAD(#{event.payload.size}) bytes:"
  hex = to_hex_dump(event.payload)
  print_line hex
end

#cmd_show_events(*args) ⇒ Object 



141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
 
# File 'lib/msf-plugins/evasiondb.rb', line 141

def cmd_show_events(*args)
  exploits = FIDIUS::EvasionDB::Knowledge.get_exploits
  exploits.each do |exploit|
    events = exploit.idmef_events
    print_line "-"*60
    print_line "(#{exploit.id})#{exploit.name} with #{exploit.attack_options.size} options"
    print_line "-"*60
    print_line "#{events.size} idmef-events fetched"
    print_line "-"*60

    if exploit.enabled_rules
      print_line "-"*60
      all = exploit.enabled_rules.count(:all)
      active = exploit.enabled_rules.count(:active)
      print_line "Rules: #{active}/#{all}"
      print_line "-"*60
    end
    events.each do |event|
      print_line "(#{event.id})#{event.text} with #{event.payload_size} bytes payload"
    end
  end
end

#cmd_show_packet(*args) ⇒ Object 



184
185
186
187
188
189
190
 
# File 'lib/msf-plugins/evasiondb.rb', line 184

def cmd_show_packet(*args)
  raise "please provide packet_id" if args.size != 1
  packet = FIDIUS::EvasionDB::Knowledge::Packet.find(args[0].to_i)

  hex = to_hex_dump(packet.payload)
  print_line hex
end

#commandsObject 



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/msf-plugins/evasiondb.rb', line 27

def commands
  {
    "fetch_events" => "fetch events which were created in the meanwhile",
    "show_events" => "shows all fetched idmef-events",
    "show_event" => "shows information about an idmef-event",
    "show_packet" => "shows information about a packet",
    "send_packet" => "send a given packet to generate false positive",
    "send_event_payload" => "send a given payload of an idmef-event to generate false positive",
    "config_exploit" => "configures an exploit with the options of a previous runtime",
    "delete_events" => "deletes events from knowledge",
    "set_autologging" => "true|false automatically log all executed modules",
    "import_rules" => "import rules based on your config (this could take some time)",
    "assign_rules_to_attack" => "assigns bitvector of activated rules to the given attack"
  }
end

#explain_db_connectionObject 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/msf-plugins/evasiondb.rb', line 10

def explain_db_connection
  print_status("Usage: ")
  print_status("evasion_db_connect path/to/database.yml")
  print_status()
  print_status("database.yml must have evasion_db entry which points to prelude db")
  print_status()
  print_status("example:")
  print_status("evasion_db:")
  print_status("  adapter: mysql")
  print_status("  host: localhost")
  print_status("  port: 3306")
  print_status("  encoding: utf8")
  print_status("  database: msf")
  print_status("  username: root")
  print_status("  password:")
end

#nameObject 



6
7
8
 
# File 'lib/msf-plugins/evasiondb.rb', line 6

def name
  "FIDIUS-EvasionDB"
end

#run_cmd(cmd) ⇒ Object 



43
44
45
 
# File 'lib/msf-plugins/evasiondb.rb', line 43

def run_cmd(cmd)
  $console.run_single(cmd)
end

#send_payload_to_host(payload, host, port) ⇒ Object 



108
109
110
111
112
113
114
115
116
 
# File 'lib/msf-plugins/evasiondb.rb', line 108

def send_payload_to_host(payload,host,port)
  begin
    c = Rex::Socket.create_tcp('PeerHost'=>host,'PeerPort' => port)
    c.write(payload)
    c.close
  rescue
    print_error "#{$!} in #{$!.backtrace}"
  end
end

#to_hex_dump(str, from = -1,, to = -1)) ⇒ Object 



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
 
# File 'lib/msf-plugins/evasiondb.rb', line 47

def to_hex_dump(str, from=-1, to=-1)
   width=16
	buf = ''
	idx = 0
	cnt = 0
	snl = false
	lst = 0
   rclosed = true
	while (idx < str.length)
		chunk = str[idx, width]
		line  = chunk.unpack("H*")[0].scan(/../).join(" ")
     if from >= idx && from < idx+width
       line[(idx-from).abs*3] = "%bld%red#{line[(idx-from).abs*3]}"
     end
     if to >= idx && to < idx+width
       offset = 0
       offset = "%bld%red".length if line["%bld%red"]
       begin
         line[(idx-to).abs*3+offset+1] = "#{line[(idx-to).abs*3+offset+1]}%clr"
       rescue
         # rescue if the index is out of range, than end mark
         line[line.length-1] = "#{line[line.length-1]}%clr"
       end
     end
		buf << line

     line_length = line.gsub("%bld%red","").gsub("%clr","").length
		if (lst == 0)
			lst = line_length
			buf << " " * 4
		else
			buf << " " * ((lst - line_length) + 4).abs
		end

     index = 0
		chunk.unpack("C*").each do |c|
       if from >= idx && from < idx+width && (idx-from).abs == index || !rclosed
         buf << "%bld%red"
         rclosed = false
       end

			if (c >	0x1f and c < 0x7f)
				buf << c.chr
			else
				buf << "."
			end
       if to >= idx && to < idx+width && (idx-to).abs == index
         buf << "%clr"
         rclosed = true
       end

       index = index+1
		end
		buf << "\n"

		idx += width
	end
   buf << "%clr" unless rclosed
	buf << "\n"
end