Class: Msf::RPC::Service

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/rpc/v10/service.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(framework, options = {}) ⇒ Service

Returns a new instance of Service.


29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/msf/core/rpc/v10/service.rb', line 29

def initialize(framework, options={})
  self.framework = framework
  self.handlers = {}
  self.options  = {
    :ssl  => true,
    :cert => nil,
    :uri  => "/uri",
    :host => '127.0.0.1',
    :port => 3790
  }.merge(options)

  self.str_encoding = ''.encoding.name
  self.srvhost = self.options[:host]
  self.srvport = self.options[:port]
  self.uri     = self.options[:uri]
  self.debug   = self.options[:debug]

  self.dispatcher_timeout = self.options[:dispatcher_timeout] || 7200
  self.token_timeout      = self.options[:token_timeout] || 300
  self.tokens             = self.options[:tokens] || {}
  self.users              = self.options[:users] || []
  self.job_status_tracker = Msf::RPC::RpcJobStatusTracker.new

  add_handler("core",    Msf::RPC::RPC_Core.new(self))
  add_handler("auth",    Msf::RPC::RPC_Auth.new(self))
  add_handler("console", Msf::RPC::RPC_Console.new(self))
  add_handler("module",  Msf::RPC::RPC_Module.new(self))
  add_handler("session", Msf::RPC::RPC_Session.new(self))
  add_handler("plugin",  Msf::RPC::RPC_Plugin.new(self))
  add_handler("job",     Msf::RPC::RPC_Job.new(self))
  add_handler("db",      Msf::RPC::RPC_Db.new(self))
end

Instance Attribute Details

#debugObject

Returns the value of attribute debug


26
27
28
# File 'lib/msf/core/rpc/v10/service.rb', line 26

def debug
  @debug
end

#default_handlerObject

Returns the value of attribute default_handler


25
26
27
# File 'lib/msf/core/rpc/v10/service.rb', line 25

def default_handler
  @default_handler
end

#dispatcher_timeoutObject

Returns the value of attribute dispatcher_timeout


26
27
28
# File 'lib/msf/core/rpc/v10/service.rb', line 26

def dispatcher_timeout
  @dispatcher_timeout
end

#frameworkObject

Returns the value of attribute framework


25
26
27
# File 'lib/msf/core/rpc/v10/service.rb', line 25

def framework
  @framework
end

#handlersObject

Returns the value of attribute handlers


25
26
27
# File 'lib/msf/core/rpc/v10/service.rb', line 25

def handlers
  @handlers
end

#job_status_trackerObject

Returns the value of attribute job_status_tracker


27
28
29
# File 'lib/msf/core/rpc/v10/service.rb', line 27

def job_status_tracker
  @job_status_tracker
end

#optionsObject

Returns the value of attribute options


24
25
26
# File 'lib/msf/core/rpc/v10/service.rb', line 24

def options
  @options
end

#serviceObject

Returns the value of attribute service


24
25
26
# File 'lib/msf/core/rpc/v10/service.rb', line 24

def service
  @service
end

#srvhostObject

Returns the value of attribute srvhost


24
25
26
# File 'lib/msf/core/rpc/v10/service.rb', line 24

def srvhost
  @srvhost
end

#srvportObject

Returns the value of attribute srvport


24
25
26
# File 'lib/msf/core/rpc/v10/service.rb', line 24

def srvport
  @srvport
end

#str_encodingObject

Returns the value of attribute str_encoding


26
27
28
# File 'lib/msf/core/rpc/v10/service.rb', line 26

def str_encoding
  @str_encoding
end

#token_timeoutObject

Returns the value of attribute token_timeout


26
27
28
# File 'lib/msf/core/rpc/v10/service.rb', line 26

def token_timeout
  @token_timeout
end

#tokensObject

Returns the value of attribute tokens


25
26
27
# File 'lib/msf/core/rpc/v10/service.rb', line 25

def tokens
  @tokens
end

#uriObject

Returns the value of attribute uri


24
25
26
# File 'lib/msf/core/rpc/v10/service.rb', line 24

def uri
  @uri
end

#usersObject

Returns the value of attribute users


25
26
27
# File 'lib/msf/core/rpc/v10/service.rb', line 25

def users
  @users
end

Instance Method Details

#add_handler(group, handler) ⇒ Object


102
103
104
# File 'lib/msf/core/rpc/v10/service.rb', line 102

def add_handler(group, handler)
  self.handlers[group] = handler
end

#add_token(token) ⇒ Object


183
184
185
# File 'lib/msf/core/rpc/v10/service.rb', line 183

def add_token(token)
  self.tokens[token] = [nil, nil, nil, true]
end

#add_user(user, pass) ⇒ Object


191
192
193
194
195
196
197
198
199
# File 'lib/msf/core/rpc/v10/service.rb', line 191

def add_user(user, pass)
  self.users.each do |r|
    if r[0] == user
      r[1] = pass
      return
    end
  end
  self.users << [user, pass]
end

#authenticate(token) ⇒ Object


205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# File 'lib/msf/core/rpc/v10/service.rb', line 205

def authenticate(token)
  stale = []


  unless (token && token.kind_of?(::String))
    return false
  end

  # Force the encoding to ASCII-8BIT
  token = token.unpack("C*").pack("C*")

  self.tokens.each_key do |t|
    user,ctime,mtime,perm = self.tokens[t]
    if !perm && mtime + self.token_timeout < Time.now.to_i
      stale << t
    end
  end

  stale.each { |t| self.tokens.delete(t) }

  unless self.tokens[token]

    begin
      if framework.db.active && ::Mdm::ApiKey.find_by_token(token)
        return true
      end
    rescue ::Exception => e
    end

    return false
  end

  self.tokens[token][2] = Time.now.to_i
  true
end

#on_request_uri(cli, req) ⇒ Object


88
89
90
91
92
93
94
95
96
97
98
99
100
# File 'lib/msf/core/rpc/v10/service.rb', line 88

def on_request_uri(cli, req)
  res = Rex::Proto::Http::Response.new()
  res["Content-Type"] = "binary/message-pack"

  begin
    res.body = process(req).to_msgpack
  rescue Msf::RPC::Exception => e
    elog('RPC Exception', error: e)
    res.body = process_exception(e).to_msgpack
    res.code = e.code
  end
  cli.send_response(res)
end

#process(req) ⇒ Object


106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
# File 'lib/msf/core/rpc/v10/service.rb', line 106

def process(req)
  msg  = nil

  begin
    if req.method != "POST"
      if req && req.method
        raise ArgumentError, "Invalid Request Verb: '#{req.method.inspect}'"
      else
        raise ArgumentError, "Invalid Request: '#{req.inspect}'"
      end
    end

    unless (req.headers["Content-Type"] && req.headers["Content-Type"] == "binary/message-pack")
      raise ArgumentError, "Invalid Content Type"
    end

    msg = MessagePack.unpack(req.body)

    unless (msg && msg.kind_of?(::Array) && msg.length > 0)
      raise ArgumentError, "Invalid Message Format"
    end

    msg.map { |a| a.respond_to?(:force_encoding) ? a.force_encoding(self.str_encoding) : a }

    group, funct = msg.shift.split(".", 2)

    unless self.handlers[group]
      raise ArgumentError, "Unknown API Group: '#{group.inspect}'"
    end

    doauth = true
    mname  = 'rpc_' + funct

    if self.handlers[group].respond_to?(mname + '_noauth')
      doauth = false
      mname << '_noauth'
    end

    unless self.handlers[group].respond_to?(mname)
      raise ArgumentError, "Unknown API Call: '#{mname.inspect}'"
    end

    if doauth
      token = msg.shift
      unless authenticate(token)
        raise ::Msf::RPC::Exception.new(401, "Invalid Authentication Token")
      end
    end

    ::Timeout.timeout(self.dispatcher_timeout) { self.handlers[group].send(mname, *msg) }

  rescue ::Exception => e
    elog('RPC Exception', error: e)
    process_exception(e)
  end
end

#process_exception(e) ⇒ Object


163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
# File 'lib/msf/core/rpc/v10/service.rb', line 163

def process_exception(e)
  r = {
    :error           => true,
    :error_class     => e.class.to_s,
    :error_string    => e.to_s,
    :error_backtrace => e.backtrace.map{|x| x.sub(/^.*lib\//, 'lib/') } # Dont expose the install path
  }

  if e.respond_to?(:message)
    r[:error_message] = e.message
  end

  if e.respond_to?(:code)
    r[:error_code] = e.code
  end

  r
end

#remove_tokenObject


187
188
189
# File 'lib/msf/core/rpc/v10/service.rb', line 187

def remove_token
  self.tokens.delete(token)
end

#remove_user(user) ⇒ Object


201
202
203
# File 'lib/msf/core/rpc/v10/service.rb', line 201

def remove_user(user)
  self.users = self.users.select{|r| r[0] != user }
end

#startObject


62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
# File 'lib/msf/core/rpc/v10/service.rb', line 62

def start
  self.service = Rex::ServiceManager.start(
    Rex::Proto::Http::Server,
    self.srvport,
    self.srvhost,
    self.options[:ssl],
    self.options[:context],
    self.options[:comm],
    self.options[:cert]
  )

  self.service.add_resource(self.uri, {
    'Proc' => Proc.new { |cli, req| on_request_uri(cli, req) },
    'Path' => self.uri
  })
end

#stopObject


79
80
81
82
# File 'lib/msf/core/rpc/v10/service.rb', line 79

def stop
  self.service.stop
  self.service.deref
end

#waitObject


84
85
86
# File 'lib/msf/core/rpc/v10/service.rb', line 84

def wait
  self.service.wait
end