Class: Msf::Modules::External::Bridge

Inherits:

Object

• Object
• Msf::Modules::External::Bridge

Defined in:

lib/msf/core/modules/external/bridge.rb,
lib/msf/core/modules/external/bridge.rb

Direct Known Subclasses

GoBridge, PyBridge, RbBridge

Constant Summary

LOADERS =

[
  Msf::Modules::External::PyBridge,
  Msf::Modules::External::RbBridge,
  Msf::Modules::External::GoBridge,
  Msf::Modules::External::Bridge
]

Instance Attribute Summary

• #buf ⇒ Object protected

  Returns the value of attribute buf.

• #cmd ⇒ Object protected

  Returns the value of attribute cmd.

• #env ⇒ Object protected

  Returns the value of attribute env.

• #exit_status ⇒ Object

  Returns the value of attribute exit_status.

• #framework ⇒ Object protected

  Returns the value of attribute framework.

• #ios ⇒ Object protected

  Returns the value of attribute ios.

• #messages ⇒ Object

  Returns the value of attribute messages.

• #path ⇒ Object

  Returns the value of attribute path.

• #read_thread ⇒ Object protected

  Returns the value of attribute read_thread.

• #running ⇒ Object

  Returns the value of attribute running.

• #wait_thread ⇒ Object protected

  Returns the value of attribute wait_thread.

Class Method Summary

• .applies?(module_name) ⇒ Boolean
• .open(module_path, framework: nil) ⇒ Object

Instance Method Summary

• #cleanup ⇒ Object protected
• #close ⇒ Object
• #exec(req) ⇒ Object
• #handle_exception(e) ⇒ Object protected
• #harvest_process ⇒ Object protected
• #initialize(module_path, framework: nil) ⇒ Bridge constructor

  A new instance of Bridge.

• #next_message(timeout = 600) ⇒ Object protected
• #send(message) ⇒ Object protected

  XXX TODO non-blocking writes, check write lengths.

• #success? ⇒ Boolean
• #threadme(&block) ⇒ Object protected
• #write_message(fd, json) ⇒ Object protected

Constructor Details

#initialize(module_path, framework: nil) ⇒ Bridge

Returns a new instance of Bridge.

# File 'lib/msf/core/modules/external/bridge.rb', line 44

def initialize(module_path, framework: nil)
  self.env = {}
  self.running = false
  self.path = module_path
  self.cmd = [[self.path, self.path]]
  self.messages = Queue.new
  self.buf = ''
  self.framework = framework
end

Instance Attribute Details

#buf ⇒ Object (protected)

Returns the value of attribute buf.

# File 'lib/msf/core/modules/external/bridge.rb', line 57

def buf
  @buf
end

#cmd ⇒ Object (protected)

Returns the value of attribute cmd.

# File 'lib/msf/core/modules/external/bridge.rb', line 57

def cmd
  @cmd
end

#env ⇒ Object (protected)

Returns the value of attribute env.

# File 'lib/msf/core/modules/external/bridge.rb', line 57

def env
  @env
end

#exit_status ⇒ Object

Returns the value of attribute exit_status.

# File 'lib/msf/core/modules/external/bridge.rb', line 9

def exit_status
  @exit_status
end

#framework ⇒ Object (protected)

Returns the value of attribute framework.

# File 'lib/msf/core/modules/external/bridge.rb', line 57

def framework
  @framework
end

#ios ⇒ Object (protected)

Returns the value of attribute ios.

# File 'lib/msf/core/modules/external/bridge.rb', line 57

def ios
  @ios
end

#messages ⇒ Object

Returns the value of attribute messages.

# File 'lib/msf/core/modules/external/bridge.rb', line 9

def messages
  @messages
end

#path ⇒ Object

Returns the value of attribute path.

# File 'lib/msf/core/modules/external/bridge.rb', line 9

def path
  @path
end

#read_thread ⇒ Object (protected)

Returns the value of attribute read_thread.

# File 'lib/msf/core/modules/external/bridge.rb', line 57

def read_thread
  @read_thread
end

#running ⇒ Object

Returns the value of attribute running.

# File 'lib/msf/core/modules/external/bridge.rb', line 9

def running
  @running
end

#wait_thread ⇒ Object (protected)

Returns the value of attribute wait_thread.

# File 'lib/msf/core/modules/external/bridge.rb', line 57

def wait_thread
  @wait_thread
end

Class Method Details

.applies?(module_name) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/msf/core/modules/external/bridge.rb', line 11

def self.applies?(module_name)
  File::executable? module_name
end

.open(module_path, framework: nil) ⇒ Object

# File 'lib/msf/core/modules/external/bridge.rb', line 255

def self.open(module_path, framework: nil)
  LOADERS.each do |klass|
    return klass.new module_path, framework: framework if klass.applies? module_path
  end

  nil
end

Instance Method Details

#cleanup ⇒ Object (protected)

# File 'lib/msf/core/modules/external/bridge.rb', line 156

def cleanup
  self.running = false
  self.messages.close
  harvest_process
  self.ios.each {|fd| fd.close rescue nil} # Yeah, yeah. I know.
end

#close ⇒ Object

# File 'lib/msf/core/modules/external/bridge.rb', line 33

def close
  self.running = false
  self.read_thread.join

  self
end

#exec(req) ⇒ Object

# File 'lib/msf/core/modules/external/bridge.rb', line 15

def exec(req)
  unless self.running
    self.running = true
    send(req)
    self.read_thread = threadme do
      begin
        while self.running && m = next_message
          self.messages.push m
        end
      ensure
        cleanup
      end
    end

    self
  end
end

#handle_exception(e) ⇒ Object (protected)

# File 'lib/msf/core/modules/external/bridge.rb', line 79

def handle_exception(e)
  e
end

#harvest_process ⇒ Object (protected)

# File 'lib/msf/core/modules/external/bridge.rb', line 145

def harvest_process
  if self.wait_thread.join(10)
    self.exit_status = self.wait_thread.value
  elsif Process.kill('TERM', self.wait_thread.pid) && self.wait_thread.join(10)
    self.exit_status = self.wait_thread.value
  else
    Process.kill('KILL', self.wait_thread.pid)
    self.exit_status = self.wait_thread.value
  end
end

#next_message(timeout = 600) ⇒ Object (protected)

# File 'lib/msf/core/modules/external/bridge.rb', line 87

def next_message(timeout=600)
  _, out, err = self.ios
  message = ''

  # Multiple messages can come over the wire all at once, and since yajl
  # doesn't play nice with windows, we have to emulate a state machine to
  # read just enough off the wire to get one request at a time. Since
  # Windows cannot do a nonblocking read on a pipe, we are forced to do a
  # whole lot of `select` syscalls and keep a buffer ourselves :(
  begin
    loop do
      # This is so we don't end up calling JSON.parse on every char and
      # catch an exception. Windows can't do nonblock on pipes, so we
      # still have to do the select if we are not at the end of object
      # and don't have any buffer left
      parts = self.buf.split '}', 2
      if parts.length == 2 # [part, rest]
        message << parts[0] << '}'
        self.buf = parts[1]
        break
      elsif parts.length == 1 # [part]
        message << parts[0]
        self.buf = ''
      end

      # We would call Rex::Threadsafe directly, but that would require Rex for standalone use
      res = select([out, err], nil, nil, timeout)
      if res == nil
        # This is what we would have gotten without Rex and what `readpartial` can also raise
        raise EOFError.new
      else
        fds = res[0]
        # Preferentially drain and log stderr, EOF counts as activity, but
        # stdout might have some buffered data left, so carry on
        if fds.include?(err) && !err.eof?
          errbuf = err.readpartial(4096)
          if self.framework
            elog "Unexpected output running #{self.path}:\n#{errbuf}"
          else
            $stderr.puts errbuf
          end
        end
        if fds.include? out
          self.buf << out.readpartial(4096)
        end
      end
    end

    Message.from_module(JSON.parse(message))
  rescue JSON::ParserError
    # Probably an incomplete response, but no way to really tell. Keep trying
    # until EOF
    retry
  rescue EOFError => e
    self.running = false
  end
end

#send(message) ⇒ Object (protected)

XXX TODO non-blocking writes, check write lengths

# File 'lib/msf/core/modules/external/bridge.rb', line 61

def send(message)
  input, output, err, status = ::Open3.popen3(self.env, *self.cmd)
  self.ios = [input, output, err]
  self.wait_thread = status
  # We would call Rex::Threadsafe directly, but that would require rex for standalone use
  case select(nil, [input], nil, 0.1)
  when nil
    raise "Cannot run module #{self.path}"
  when [[], [input], []]
    m = message.to_json
    write_message(input, m)
  else
    raise "Error running module #{self.path}"
  end
rescue => e
  raise handle_exception(e)
end

#success? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/msf/core/modules/external/bridge.rb', line 40

def success?
  self.exit_status && self.exit_status.success?
end

#threadme(&block) ⇒ Object (protected)

# File 'lib/msf/core/modules/external/bridge.rb', line 163

def threadme(&block)
  if self.framework
    # Leak as few connections as possible
    self.framework.threads.spawn("External Module #{self.path}", false, &block)
  else
    ::Thread.new &block
  end
end

#write_message(fd, json) ⇒ Object (protected)

# File 'lib/msf/core/modules/external/bridge.rb', line 83

def write_message(fd, json)
  fd.write(json)
end