Class: Msf::RhostsWalker

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/rhosts_walker.rb

Overview

Parses the RHOSTS datastore value, and yields the possible combinations of datastore values that exist for each host

Defined Under Namespace

Classes: Error, InvalidCIDRError, InvalidSchemaError

Instance Method Summary collapse

Constructor Details

#initialize(value = '', datastore = Msf::ModuleDataStore.new(nil)) ⇒ RhostsWalker

Returns a new instance of RhostsWalker.


47
48
49
50
# File 'lib/msf/core/rhosts_walker.rb', line 47

def initialize(value = '', datastore = Msf::ModuleDataStore.new(nil))
  @value = value
  @datastore = datastore
end

Instance Method Details

#countInteger

Count the valid datastore permutations for the current rhosts value. This count will ignore any invalid values.

Returns:

  • (Integer)

72
73
74
# File 'lib/msf/core/rhosts_walker.rb', line 72

def count
  to_enum.count
end

#each {|Msf::DataStore| ... } ⇒ Object

Iterate over the valid rhosts datastores. This can be combined Calling `#valid?` beforehand to ensure that there are no invalid configuration values, as they will be ignored by this method.

Yields:


57
58
59
60
61
62
63
64
65
66
# File 'lib/msf/core/rhosts_walker.rb', line 57

def each(&block)
  return unless @value
  return unless block_given?

  parse(@value, @datastore).each do |result|
    block.call(result) if result.is_a?(Msf::DataStore)
  end

  nil
end

#errors {|Msf::RhostsWalker::Error| ... } ⇒ Object

Retrieve the list of errors associated with this rhosts walker

Yields:


79
80
81
82
83
84
85
86
87
88
# File 'lib/msf/core/rhosts_walker.rb', line 79

def errors(&block)
  return unless @value
  return unless block_given?

  parse(@value, @datastore).each do |result|
    block.call(result) if result.is_a?(Msf::RhostsWalker::Error)
  end

  nil
end

#parse(value, datastore) ⇒ Enumerable<Msf::DataStore|StandardError>

Parses the input rhosts string, and yields the possible combinations of datastore values.

Parameters:

  • value (String)

    the rhost string

  • datastore (Msf::Datastore)

    the datastore

Returns:

  • (Enumerable<Msf::DataStore|StandardError>)

    The calculated datastore values that can be iterated over for enumerating the given rhosts, or the error that occurred when iterating over the input


109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# File 'lib/msf/core/rhosts_walker.rb', line 109

def parse(value, datastore)
  Enumerator.new do |results|
    # extract the individual elements from the rhost string, ensuring that
    # whitespace, strings, escape characters, etc are handled correctly.
    values = Rex::Parser::Arguments.from_s(value)
    values.each do |value|
      if (value =~ %r{^file://(.*)}) || (value =~ /^file:(.*)/)
        file = Regexp.last_match(1)
        File.read(file).each_line(chomp: true) do |line|
          parse(line, datastore).each do |result|
            results << result
          end
        end
      elsif value =~ /^cidr:(.*)/
        cidr, child_value = Regexp.last_match(1).split(':', 2)
        # Validate cidr syntax matches ipv6 '%scope_id/mask_part' or ipv4 '/mask_part'
        raise InvalidCIDRError unless cidr =~ %r{^(%\w+)?/\d{1,3}$}

        # Parse the values, then apply range walker over the result
        parse(child_value, datastore).each do |result|
          host_with_cidr = result['RHOSTS'] + cidr
          Rex::Socket::RangeWalker.new(host_with_cidr).each_ip do |rhost|
            results << result.merge('RHOSTS' => rhost, 'UNPARSED_RHOSTS' => value)
          end
        end
      elsif value =~ /^(?<schema>\w+):.*/ && SUPPORTED_SCHEMAS.include?(Regexp.last_match(:schema))
        schema = Regexp.last_match(:schema)
        raise InvalidSchemaError unless SUPPORTED_SCHEMAS.include?(schema)

        parse_method = "parse_#{schema}_uri"
        parsed_options = send(parse_method, value, datastore)
        Rex::Socket::RangeWalker.new(parsed_options['RHOSTS']).each_ip do |ip|
          results << datastore.merge(
            parsed_options.merge('RHOSTS' => ip, 'UNPARSED_RHOSTS' => value)
          )
        end
      else
        Rex::Socket::RangeWalker.new(value).each_host do |rhost|
          overrides = {}
          overrides['UNPARSED_RHOSTS'] = value
          overrides['RHOSTS'] = rhost[:address]
          overrides['VHOST'] = rhost[:hostname] if datastore.options.include?('VHOST') && datastore['VHOST'].blank?
          results << datastore.merge(overrides)
        end
      end
    rescue StandardError => e
      results << Msf::RhostsWalker::Error.new(value, cause: e)
    end
  end
end

#parse_http_uri(value, datastore) ⇒ Hash Also known as: parse_https_uri

Parses a string such as example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting http options.

Parameters:

  • value (String)

    the http string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value


207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
# File 'lib/msf/core/rhosts_walker.rb', line 207

def parse_http_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}
  # nil VHOST for now, this value will be calculated and overridden later
  result['VHOST'] = nil

  result['RHOSTS'] = uri.hostname
  is_ssl = %w[ssl https].include?(uri.scheme)
  result['RPORT'] = uri.port || (is_ssl ? 443 : 80)
  result['SSL'] = is_ssl

  # Both `TARGETURI` and `URI` are used as datastore options to denote the path on a uri
  has_path_specified = !uri.path.blank? # && uri.path != '/' - Note HTTP path parsing differs to the other protocol's parsing
  if has_path_specified
    target_uri = uri.path.present? ? uri.path : '/'
    result['TARGETURI'] = target_uri if datastore.options.include?('TARGETURI')
    result['PATH'] = target_uri if datastore.options.include?('PATH')
    result['URI'] = target_uri if datastore.options.include?('URI')
  end

  result['VHOST'] = uri.hostname unless Rex::Socket.is_ip_addr?(uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_mysql_uri(value, datastore) ⇒ Hash

Parses a uri string such as mysql://user:[email protected] into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value


241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
# File 'lib/msf/core/rhosts_walker.rb', line 241

def parse_mysql_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 3306

  has_database_specified = !uri.path.blank? && uri.path != '/'
  if datastore.options.include?('DATABASE') && has_database_specified
    result['DATABASE'] = uri.path[1..-1]
  end

  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password
  result
end

#parse_postgres_uri(value, datastore) ⇒ Hash

Parses a uri string such as postgres://user:[email protected] into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value


264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
# File 'lib/msf/core/rhosts_walker.rb', line 264

def parse_postgres_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 5432

  has_database_specified = !uri.path.blank? && uri.path != '/'
  if datastore.options.include?('DATABASE') && has_database_specified
    result['DATABASE'] = uri.path[1..-1]
  end
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_smb_uri(value, datastore) ⇒ Hash

Parses a string such as smb://domain;user:[email protected]/share_name/file.txt into a hash which can safely be merged with a [Msf::DataStore] datastore for setting smb options.

Parameters:

  • value (String)

    the http string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the smb uri value


166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
# File 'lib/msf/core/rhosts_walker.rb', line 166

def parse_smb_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = (uri.port || 445) if datastore.options.include?('RPORT')

  # Handle users in the format:
  #   user
  #   domain;user
  if uri.user && uri.user.include?(';')
    domain, user = uri.user.split(';')
    result['SMBDomain'] = domain
    result['SMBUser'] = user
    set_username(datastore, result, user)
  elsif uri.user
    set_username(datastore, result, uri.user)
  end
  set_password(datastore, result, uri.password) if uri.password

  # Handle paths of the format:
  #    /
  #    /share_name
  #    /share_name/file
  #    /share_name/dir/file
  has_path_specified = !uri.path.blank? && uri.path != '/'
  if has_path_specified
    _preceding_slash, share, *rpath = uri.path.split('/')
    result['SMBSHARE'] = share if datastore.options.include?('SMBSHARE')
    result['RPATH'] = rpath.join('/') if datastore.options.include?('RPATH')
  end

  result
end

#parse_ssh_uri(value, datastore) ⇒ Hash

Parses a uri string such as ssh://user:[email protected] into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value


287
288
289
290
291
292
293
294
295
296
297
298
# File 'lib/msf/core/rhosts_walker.rb', line 287

def parse_ssh_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 22

  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_tcp_uri(value, datastore) ⇒ Hash

Parses a uri string such as tcp://user:[email protected] into a hash which can safely be merged with a [Msf::DataStore] datastore for setting options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value


306
307
308
309
310
311
312
313
314
315
316
317
318
319
# File 'lib/msf/core/rhosts_walker.rb', line 306

def parse_tcp_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  if uri.port
    result['RPORT'] = uri.port
  end

  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#set_password(datastore, result, password) ⇒ Object (protected)


342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
# File 'lib/msf/core/rhosts_walker.rb', line 342

def set_password(datastore, result, password)
  # Preference setting application specific values first
  password_set = false
  password_option_names = %w[SMBPass FtpPass Password pass PASSWORD password]
  password_option_names.each do |option_name|
    if datastore.options.include?(option_name)
      result[option_name] = password
      password_set = true
    end
  end

  # Only set basic auth HttpPassword as a fallback
  if !password_set && datastore.options.include?('HttpPassword')
    result['HttpPassword'] = password
  end

  result
end

#set_username(datastore, result, username) ⇒ Object (protected)


323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
# File 'lib/msf/core/rhosts_walker.rb', line 323

def set_username(datastore, result, username)
  # Preference setting application specific values first
  username_set = false
  option_names = %w[SMBUser FtpUser Username user USERNAME username]
  option_names.each do |option_name|
    if datastore.options.include?(option_name)
      result[option_name] = username
      username_set = true
    end
  end

  # Only set basic auth HttpUsername as a fallback
  if !username_set && datastore.options.include?('HttpUsername')
    result['HttpUsername'] = username
  end

  result
end

#valid?Boolean

Indicates that the rhosts value is valid and iterable

Returns:

  • (Boolean)

    True if all items are valid, and there are at least some items present to iterate over. False otherwise.


94
95
96
97
98
99
100
# File 'lib/msf/core/rhosts_walker.rb', line 94

def valid?
  parsed_values = parse(@value, @datastore)
  parsed_values.all? { |result| result.is_a?(Msf::DataStore) } && parsed_values.count > 0
rescue StandardError => e
  elog('rhosts walker invalid', error: e)
  false
end