Class: Msf::Exploit::Git::SmartHttp::Request

Inherits:

Rex::Proto::Http::Request

• Object
• Rex::Proto::Http::Packet
• Rex::Proto::Http::Request
• Msf::Exploit::Git::SmartHttp::Request

Includes:

PktLine

Defined in:

lib/msf/core/exploit/git/smart_http/request.rb

Constant Summary

Constants included from PktLine

PktLine::DELIM_PKT, PktLine::FLUSH_PKT, PktLine::RESPONSE_END_PKT

Constants inherited from Rex::Proto::Http::Request

Rex::Proto::Http::Request::PostRequests

Instance Attribute Summary

• #haves ⇒ Object readonly

  Returns the value of attribute haves.

• #method ⇒ Object readonly

  Returns the value of attribute method.

• #service ⇒ Object readonly

  Returns the value of attribute service.

• #type ⇒ Object readonly

  Returns the value of attribute type.

• #uri ⇒ Object readonly

  Returns the value of attribute uri.

• #wants ⇒ Object readonly

  Returns the value of attribute wants.

Attributes inherited from Rex::Proto::Http::Request

#junk_directories, #junk_end_of_uri, #junk_param_start, #junk_params, #junk_pipeline, #junk_self_referring_directories, #junk_slashes, #proto, #raw_uri, #relative_resource, #uri_encode_mode, #uri_parts

Attributes inherited from Rex::Proto::Http::Packet

#auto_cl, #body, #body_bytes_left, #bufq, #chunk_max_size, #chunk_min_size, #compress, #error, #headers, #incomplete, #inside_chunk, #keepalive, #max_data, #state, #transfer_chunked

Class Method Summary

• .parse_raw_request(request) ⇒ Object

Instance Method Summary

• #initialize(opts = {}) ⇒ Request constructor

  A new instance of Request.

• #populate_wants_haves ⇒ Object

Methods included from PktLine

generate_data_pkt, generate_pkt_line, get_pkt_line_data, get_pkt_lines, has_pkt_line_data?, request_ends

Methods inherited from Rex::Proto::Http::Request

#body, #cmd_string, #meta_vars, #normalize!, #param_string, #parse_cgi_qstring, #qstring, #resource, #resource=, #to_s, #update_cmd_parts, #update_uri_parts, #uri=

Methods inherited from Rex::Proto::Http::Packet

#[], #[]=, #check_100, #chunk, #cmd_string, #completed?, #from_s, #output_packet, #parse, #parse_body, #parse_header, #reset, #reset_except_queue, #to_s, #to_terminal_output, #update_cmd_parts

Constructor Details

#initialize(opts = {}) ⇒ Request

Returns a new instance of Request.

# File 'lib/msf/core/exploit/git/smart_http/request.rb', line 8

def initialize(opts = {})
  @uri = opts[:uri] || '/'
  @type = opts[:type]
  @method = opts[:method]

  super(@method, @uri)
  @service = opts[:service]
  @body = opts[:body] || ''
  @wants = opts[:wants] || []
  @haves = opts[:haves] || []
end

Instance Attribute Details

#haves ⇒ Object (readonly)

Returns the value of attribute haves.

# File 'lib/msf/core/exploit/git/smart_http/request.rb', line 6

def haves
  @haves
end

#method ⇒ Object (readonly)

Returns the value of attribute method.

# File 'lib/msf/core/exploit/git/smart_http/request.rb', line 6

def method
  @method
end

#service ⇒ Object (readonly)

Returns the value of attribute service.

# File 'lib/msf/core/exploit/git/smart_http/request.rb', line 6

def service
  @service
end

#type ⇒ Object (readonly)

Returns the value of attribute type.

# File 'lib/msf/core/exploit/git/smart_http/request.rb', line 6

def type
  @type
end

#uri ⇒ Object (readonly)

Returns the value of attribute uri.

# File 'lib/msf/core/exploit/git/smart_http/request.rb', line 6

def uri
  @uri
end

#wants ⇒ Object (readonly)

Returns the value of attribute wants.

# File 'lib/msf/core/exploit/git/smart_http/request.rb', line 6

def wants
  @wants
end

Class Method Details

.parse_raw_request(request) ⇒ Object

# File 'lib/msf/core/exploit/git/smart_http/request.rb', line 34

def self.parse_raw_request(request)
  return nil unless request

  opts = {}
  opts[:uri] = request.raw_uri
  opts[:method] = request.method
  opts[:body] = request.body

  # only the ref-discovery request should have a query
  # string and no body
  service_str = request.uri_parts['QueryString']
  if service_str['service'] && !service_str['service'].empty?
    opts[:service] = service_str['service']
    opts[:type] = 'ref-discovery'
    opts[:uri] = request.raw_uri
    return Request.new(opts)
  end

  type_str = request.raw_uri.split('/').last
  if type_str =~ /git-(\w+-\w+)/
    opts[:type] = $1
  else
    opts[:type] = 'other'
  end

  Request.new(opts)
end

Instance Method Details

#populate_wants_haves ⇒ Object

# File 'lib/msf/core/exploit/git/smart_http/request.rb', line 20

def populate_wants_haves
  pkt_lines = Msf::Exploit::Git::PktLine.get_pkt_lines(@body)
  if pkt_lines.empty?
    return
  end

  pkt_lines.each do |line|
    data = Msf::Exploit::Git::PktLine.get_pkt_line_data(line)
    values = data.split
    @wants << values[1] if values[0] == 'want'
    @haves << values[1] if values[0] == 'have'
  end
end