Class: Msf::RhostsWalker

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/rhosts_walker.rb

Overview

Parses the RHOSTS datastore value, and yields the possible combinations of datastore values that exist for each host

Defined Under Namespace

Classes: Error, InvalidCIDRError, InvalidSchemaError

Instance Method Summary collapse

Constructor Details

#initialize(value = '', datastore = Msf::ModuleDataStore.new(nil)) ⇒ RhostsWalker

Returns a new instance of RhostsWalker.



47
48
49
50
 
# File 'lib/msf/core/rhosts_walker.rb', line 47

def initialize(value = '', datastore = Msf::ModuleDataStore.new(nil))
  @value = value
  @datastore = datastore
end

Instance Method Details

#countInteger

Count the valid datastore permutations for the current rhosts value. This count will ignore any invalid values.

Returns:

  • (Integer) 


72
73
74
 
# File 'lib/msf/core/rhosts_walker.rb', line 72

def count
  to_enum.count
end

#each {|Msf::DataStore| ... } ⇒ Object

Iterate over the valid rhosts datastores. This can be combined Calling ‘#valid?` beforehand to ensure that there are no invalid configuration values, as they will be ignored by this method.

Yields:



57
58
59
60
61
62
63
64
65
66
 
# File 'lib/msf/core/rhosts_walker.rb', line 57

def each(&block)
  return unless @value
  return unless block_given?

  parse(@value, @datastore).each do |result|
    block.call(result) if result.is_a?(Msf::DataStore) || result.is_a?(Msf::DataStoreWithFallbacks)
  end

  nil
end

#errors {|Msf::RhostsWalker::Error| ... } ⇒ Object

Retrieve the list of errors associated with this rhosts walker

Yields:



79
80
81
82
83
84
85
86
87
88
 
# File 'lib/msf/core/rhosts_walker.rb', line 79

def errors(&block)
  return unless @value
  return unless block_given?

  parse(@value, @datastore).each do |result|
    block.call(result) if result.is_a?(Msf::RhostsWalker::Error)
  end

  nil
end

#parse(value, datastore) ⇒ Enumerable<Msf::DataStore|StandardError>

Parses the input rhosts string, and yields the possible combinations of datastore values.

Parameters:

  • value (String)

    the rhost string

  • datastore (Msf::Datastore)

    the datastore

Returns:

  • (Enumerable<Msf::DataStore|StandardError>)

    The calculated datastore values that can be iterated over for enumerating the given rhosts, or the error that occurred when iterating over the input



109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
 
# File 'lib/msf/core/rhosts_walker.rb', line 109

def parse(value, datastore)
  Enumerator.new do |results|
    # extract the individual elements from the rhost string, ensuring that
    # whitespace, strings, escape characters, etc are handled correctly.
    values = Rex::Parser::Arguments.from_s(value)
    values.each do |value|
      if (value =~ %r{^file://(.*)}) || (value =~ /^file:(.*)/)
        file = Regexp.last_match(1)
        File.read(file).each_line(chomp: true) do |line|
          parse(line, datastore).each do |result|
            results << result
          end
        end
      elsif value =~ /^cidr:(.*)/
        cidr, child_value = Regexp.last_match(1).split(':', 2)
        # Validate cidr syntax matches ipv6 '%scope_id/mask_part' or ipv4 '/mask_part'
        raise InvalidCIDRError unless cidr =~ %r{^(%\w+)?/\d{1,3}$}

        # Parse the values, then apply range walker over the result
        parse(child_value, datastore).each do |result|
          host_with_cidr = result['RHOSTS'] + cidr
          Rex::Socket::RangeWalker.new(host_with_cidr).each_ip do |rhost|
            results << result.merge('RHOSTS' => rhost, 'UNPARSED_RHOSTS' => value)
          end
        end
      elsif value =~ /^(?<schema>\w+):.*/ && SUPPORTED_SCHEMAS.include?(Regexp.last_match(:schema))
        schema = Regexp.last_match(:schema)
        raise InvalidSchemaError unless SUPPORTED_SCHEMAS.include?(schema)

        parse_method = "parse_#{schema}_uri"
        parsed_options = send(parse_method, value, datastore)
        Rex::Socket::RangeWalker.new(parsed_options['RHOSTS']).each_ip do |ip|
          results << datastore.merge(
            parsed_options.merge('RHOSTS' => ip, 'UNPARSED_RHOSTS' => value)
          )
        end
      else
        Rex::Socket::RangeWalker.new(value).each_host do |rhost|
          overrides = {}
          overrides['UNPARSED_RHOSTS'] = value
          overrides['RHOSTS'] = rhost[:address]
          set_hostname(datastore, overrides, rhost[:hostname])
          results << datastore.merge(overrides)
        end
      end
    rescue ::Interrupt
      raise
    rescue StandardError => e
      results << Msf::RhostsWalker::Error.new(value, cause: e)
    end
  end
end

#parse_http_uri(value, datastore) ⇒ Hash Also known as: parse_https_uri

Parses a string such as example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting http options.

Parameters:

  • value (String)

    the http string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
 
# File 'lib/msf/core/rhosts_walker.rb', line 210

def parse_http_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  is_ssl = %w[ssl https].include?(uri.scheme)
  result['RPORT'] = uri.port || (is_ssl ? 443 : 80)
  result['SSL'] = is_ssl

  # Both `TARGETURI` and `URI` are used as datastore options to denote the path on a uri
  has_path_specified = !uri.path.blank? # && uri.path != '/' - Note HTTP path parsing differs to the other protocol's parsing
  if has_path_specified
    target_uri = uri.path.present? ? uri.path : '/'
    result['TARGETURI'] = target_uri if datastore.options.include?('TARGETURI')
    result['PATH'] = target_uri if datastore.options.include?('PATH')
    result['URI'] = target_uri if datastore.options.include?('URI')
  end

  result['HttpQueryString'] = uri.query if datastore.options.include?('HttpQueryString')

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_mysql_uri(value, datastore) ⇒ Hash

Parses a uri string such as mysql://user:[email protected] into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
 
# File 'lib/msf/core/rhosts_walker.rb', line 244

def parse_mysql_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 3306

  has_database_specified = !uri.path.blank? && uri.path != '/'
  if datastore.options.include?('DATABASE') && has_database_specified
    result['DATABASE'] = uri.path[1..-1]
  end

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password
  result
end

#parse_postgres_uri(value, datastore) ⇒ Hash

Parses a uri string such as postgres://user:[email protected] into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
 
# File 'lib/msf/core/rhosts_walker.rb', line 268

def parse_postgres_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 5432

  has_database_specified = !uri.path.blank? && uri.path != '/'
  if datastore.options.include?('DATABASE') && has_database_specified
    result['DATABASE'] = uri.path[1..-1]
  end

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_smb_uri(value, datastore) ⇒ Hash

Parses a string such as smb://domain;user:pass@domain/share_name/file.txt into a hash which can safely be merged with a [Msf::DataStore] datastore for setting smb options.

Parameters:

  • value (String)

    the http string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the smb uri value



168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
 
# File 'lib/msf/core/rhosts_walker.rb', line 168

def parse_smb_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = (uri.port || 445) if datastore.options.include?('RPORT')

  set_hostname(datastore, result, uri.hostname)
  # Handle users in the format:
  #   user
  #   domain;user
  if uri.user && uri.user.include?(';')
    domain, user = uri.user.split(';')
    result['SMBDomain'] = domain
    result['SMBUser'] = user
    set_username(datastore, result, user)
  elsif uri.user
    set_username(datastore, result, uri.user)
  end
  set_password(datastore, result, uri.password) if uri.password

  # Handle paths of the format:
  #    /
  #    /share_name
  #    /share_name/file
  #    /share_name/dir/file
  has_path_specified = !uri.path.blank? && uri.path != '/'
  if has_path_specified
    _preceding_slash, share, *rpath = uri.path.split('/')
    result['SMBSHARE'] = share if datastore.options.include?('SMBSHARE')
    result['RPATH'] = rpath.join('/') if datastore.options.include?('RPATH')
  end

  result
end

#parse_ssh_uri(value, datastore) ⇒ Hash

Parses a uri string such as ssh://user:[email protected] into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



293
294
295
296
297
298
299
300
301
302
303
304
305
 
# File 'lib/msf/core/rhosts_walker.rb', line 293

def parse_ssh_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 22

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_tcp_uri(value, datastore) ⇒ Hash

Parses a uri string such as tcp://user:[email protected] into a hash which can safely be merged with a [Msf::DataStore] datastore for setting options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
 
# File 'lib/msf/core/rhosts_walker.rb', line 313

def parse_tcp_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  if uri.port
    result['RPORT'] = uri.port
  end

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#set_hostname(datastore, result, hostname) ⇒ Object (protected) 



331
332
333
334
335
 
# File 'lib/msf/core/rhosts_walker.rb', line 331

def set_hostname(datastore, result, hostname)
  hostname = Rex::Socket.is_ip_addr?(hostname) ? nil : hostname
  result['RHOSTNAME'] = hostname if datastore['RHOSTNAME'].blank?
  result['VHOST'] = hostname if datastore.options.include?('VHOST') && datastore['VHOST'].blank?
end

#set_password(datastore, result, password) ⇒ Object (protected) 



356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
 
# File 'lib/msf/core/rhosts_walker.rb', line 356

def set_password(datastore, result, password)
  # Preference setting application specific values first
  password_set = false
  password_option_names = %w[SMBPass FtpPass Password pass PASSWORD password]
  password_option_names.each do |option_name|
    if datastore.options.include?(option_name)
      result[option_name] = password
      password_set = true
    end
  end

  # Only set basic auth HttpPassword as a fallback
  if !password_set && datastore.options.include?('HttpPassword')
    result['HttpPassword'] = password
  end

  result
end

#set_username(datastore, result, username) ⇒ Object (protected) 



337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
 
# File 'lib/msf/core/rhosts_walker.rb', line 337

def set_username(datastore, result, username)
  # Preference setting application specific values first
  username_set = false
  option_names = %w[SMBUser FtpUser Username user USER USERNAME username]
  option_names.each do |option_name|
    if datastore.options.include?(option_name)
      result[option_name] = username
      username_set = true
    end
  end

  # Only set basic auth HttpUsername as a fallback
  if !username_set && datastore.options.include?('HttpUsername')
    result['HttpUsername'] = username
  end

  result
end

#valid?Boolean

Indicates that the rhosts value is valid and iterable

Returns:

  • (Boolean)

    True if all items are valid, and there are at least some items present to iterate over. False otherwise.



94
95
96
97
98
99
100
 
# File 'lib/msf/core/rhosts_walker.rb', line 94

def valid?
  parsed_values = parse(@value, @datastore)
  parsed_values.all? { |result| result.is_a?(Msf::DataStore) || result.is_a?(Msf::DataStoreWithFallbacks) } && parsed_values.count > 0
rescue StandardError => e
  elog('rhosts walker invalid', error: e)
  false
end