Class: Lab::Vm

Inherits:

Object

• Object
• Lab::Vm

Defined in:

lib/lab/vm.rb,
lib/lab/modifier/meterpreter_modifier.rb

Instance Attribute Summary

• #arch ⇒ Object

  Returns the value of attribute arch.

• #credentials ⇒ Object

  Returns the value of attribute credentials.

• #description ⇒ Object

  Returns the value of attribute description.

• #driver ⇒ Object

  Returns the value of attribute driver.

• #framework ⇒ Object

  Returns the value of attribute framework.

• #host ⇒ Object

  Returns the value of attribute host.

• #hostname ⇒ Object

  Returns the value of attribute hostname.

• #location ⇒ Object

  Returns the value of attribute location.

• #os ⇒ Object

  Returns the value of attribute os.

• #session ⇒ Object

  Returns the value of attribute session.

• #session_input ⇒ Object

  Returns the value of attribute session_input.

• #session_output ⇒ Object

  Returns the value of attribute session_output.

• #tags ⇒ Object

  Returns the value of attribute tags.

• #tools ⇒ Object

  Returns the value of attribute tools.

• #type ⇒ Object

  Returns the value of attribute type.

• #user ⇒ Object

  Returns the value of attribute user.

• #vmid ⇒ Object

  Returns the value of attribute vmid.

Instance Method Summary

• #check_file_exists(file) ⇒ Object
• #copy_from(local, remote) ⇒ Object
• #copy_to(local, remote) ⇒ Object

  For meterpreter API compatibility def execute_file(script,options) run_script(script,options) end.

• #create_directory(directory) ⇒ Object
• #create_framework ⇒ Object
• #create_snapshot(snapshot) ⇒ Object
• #delete_snapshot(snapshot) ⇒ Object
• #initialize(config = {}) ⇒ Vm constructor

  Initialize takes a vm configuration hash of the form - vmid (unique id) hostname (unique name) description (describes the vm’s contents) driver (vm driver) location (if applicable - local system) user (if applicable - remote system) host (if applicable - remote system) pass (if applicable - remote system) # DISCOURAGED - USE KEYS! tools (true if tools are installed) type ( qa / vulnerable / etc - freeform option) credentials (of the form [ ‘admin’ => false, … ]) os (currently linux / windows / solaris / aix) - may be used in modifiers arch (currently 32 / 64) modifiers - can be anything in the modifiers directory tags - list of strings associated with this vm.

• #open_uri(uri) ⇒ Object
• #pause ⇒ Object
• #reset ⇒ Object
• #resume ⇒ Object
• #revert_and_start(snapshot) ⇒ Object
• #revert_snapshot(snapshot) ⇒ Object
• #run_command(command, timeout = 60) ⇒ Object
• #run_script(script, options) ⇒ Object

  This isn’t part of the normal API, but too good to pass up.

• #running? ⇒ Boolean
• #setup_session ⇒ Object

  perform the setup only once.

• #start ⇒ Object
• #stop ⇒ Object
• #suspend ⇒ Object
• #to_s ⇒ Object
• #to_yaml ⇒ Object

Constructor Details

#initialize(config = {}) ⇒ Vm

Initialize takes a vm configuration hash of the form

- vmid (unique id)
  hostname (unique name)
  description (describes the vm's contents)
  driver (vm driver)
  location (if applicable - local system)
  user (if applicable - remote system)
  host (if applicable - remote system)
  pass (if applicable - remote system) # DISCOURAGED - USE KEYS!
  tools (true if tools are installed)
  type ( qa / vulnerable / etc - freeform option)
  credentials (of the form [ {'user'=>"user",'pass'=>"pass", 'admin' => false}, ... ])
  os (currently linux / windows / solaris / aix) - may be used in modifiers
  arch (currently 32 / 64)
  modifiers - can be anything in the modifiers directory
  tags - list of strings associated with this vm

# File 'lib/lab/vm.rb', line 39

def initialize(config = {})  

  # TODO - This is a mess. clean up, and pass stuff down to drivers
  # and then rework the code that uses this api. 
  @vmid = config['vmid'].to_s 
  raise "Invalid VMID" unless @vmid

  # Grab the hostname if specified, otherwise use the vmid
  # VMID will be different in the case of ESX
  @hostname = config['hostname']
  if !@hostname
    @hostname = @vmid
  end

  @driver_type = filter_input(config['driver'])
  @driver_type.downcase!

  @location = filter_input(config['location'])
  @description = config['description']
  @tools = config['tools']
  @os = config['os']
  @arch = config['arch']
  @type = filter_input(config['type']) || "unspecified"
  @credentials = config['credentials'] || []
  
  # TODO - Currently only implemented for the first set
  if @credentials.count > 0
    @vm_user = filter_input(@credentials[0]['user']) || "\'\'"
    @vm_pass = filter_input(@credentials[0]['pass']) || "\'\'"
    @vm_keyfile = filter_input(@credentials[0]['keyfile'])
  end

  # Only applicable to remote systems
  @user = filter_input(config['user']) || nil
  @host = filter_input(config['host']) || nil
  @port = filter_input(config['port']) || nil
  @pass = filter_input(config['pass']) || nil # DISCORAGED, use keys!

  # Only dynagen systems need this
  @platform = config['platform']

  # Only fog systems need this
  @fog_config = config['fog_config']

  # Process the correct driver
  if @driver_type == "workstation"
    @driver = Lab::Drivers::WorkstationDriver.new(config)
  elsif @driver_type == "remote_workstation"
    @driver = Lab::Drivers::RemoteWorkstationDriver.new(config)
  elsif @driver_type == "virtualbox"
    @driver = Lab::Drivers::VirtualBoxDriver.new(config)
  elsif @driver_type == "fog"
    @driver = Lab::Drivers::FogDriver.new(config, config['fog_config'])
  elsif @driver_type == "dynagen"
    @driver = Lab::Drivers::DynagenDriver.new(config, config['dynagen_config'])  
  elsif @driver_type == "remote_esxi"
    @driver = Lab::Drivers::RemoteEsxiDriver.new(config)
  elsif @driver_type == "vsphere"
    @driver = Lab::Drivers::VsphereDriver.new(config)
  #elsif @driver_type == "qemu"
  #  @driver = Lab::Drivers::QemuDriver.new
  #elsif @driver_type == "qemudo"
  #  @driver = Lab::Drivers::QemudoDriver.new
  else
    raise "Unknown Driver Type"
  end
      
  # Load in a list of modifiers. These provide additional methods
  # Currently it is up to the user to verify that 
  # modifiers are properly used with the correct VM image.
  #
  # If not, the results are likely to be disasterous.
  @modifiers = config['modifiers']
  
  if @modifiers  
    begin
       @modifiers.each { |modifier|  self.class.send(:include, eval("Lab::Modifier::#{modifier}"))}
    rescue Exception => e
      # modifier likely didn't exist
    end
  end
  
  #
  # Grab a tags array
  #
  @tags = config['tags']
  
end

Instance Attribute Details

#arch ⇒ Object

Returns the value of attribute arch.

# File 'lib/lab/vm.rb', line 19

def arch
  @arch
end

#credentials ⇒ Object

Returns the value of attribute credentials.

# File 'lib/lab/vm.rb', line 15

def credentials
  @credentials
end

#description ⇒ Object

Returns the value of attribute description.

# File 'lib/lab/vm.rb', line 10

def description
  @description
end

#driver ⇒ Object

Returns the value of attribute driver.

# File 'lib/lab/vm.rb', line 14

def driver
  @driver
end

#framework ⇒ Object

Returns the value of attribute framework.

# File 'lib/lab/modifier/meterpreter_modifier.rb', line 18

def framework
  @framework
end

#host ⇒ Object

Returns the value of attribute host.

# File 'lib/lab/vm.rb', line 12

def host
  @host
end

#hostname ⇒ Object

Returns the value of attribute hostname.

# File 'lib/lab/vm.rb', line 9

def hostname
  @hostname
end

#location ⇒ Object

Returns the value of attribute location.

# File 'lib/lab/vm.rb', line 13

def location
  @location
end

#os ⇒ Object

Returns the value of attribute os.

# File 'lib/lab/vm.rb', line 18

def os
  @os
end

#session ⇒ Object

Returns the value of attribute session.

# File 'lib/lab/modifier/meterpreter_modifier.rb', line 19

def session
  @session
end

#session_input ⇒ Object

Returns the value of attribute session_input.

# File 'lib/lab/modifier/meterpreter_modifier.rb', line 20

def session_input
  @session_input
end

#session_output ⇒ Object

Returns the value of attribute session_output.

# File 'lib/lab/modifier/meterpreter_modifier.rb', line 21

def session_output
  @session_output
end

#tags ⇒ Object

Returns the value of attribute tags.

# File 'lib/lab/vm.rb', line 20

def tags
  @tags
end

#tools ⇒ Object

Returns the value of attribute tools.

# File 'lib/lab/vm.rb', line 16

def tools
  @tools
end

#type ⇒ Object

Returns the value of attribute type.

# File 'lib/lab/vm.rb', line 17

def type
  @type
end

#user ⇒ Object

Returns the value of attribute user.

# File 'lib/lab/vm.rb', line 11

def user
  @user
end

#vmid ⇒ Object

Returns the value of attribute vmid.

# File 'lib/lab/vm.rb', line 8

def vmid
  @vmid
end

Instance Method Details

#check_file_exists(file) ⇒ Object

# File 'lib/lab/vm.rb', line 189

def check_file_exists(file)
  @driver.check_file_exists(file)
end

#copy_from(local, remote) ⇒ Object

# File 'lib/lab/vm.rb', line 181

def copy_from(from,to)
  @driver.copy_from(from,to)
end

#copy_to(local, remote) ⇒ Object

For meterpreter API compatibility def execute_file(script,options) run_script(script,options) end

# File 'lib/lab/modifier/meterpreter_modifier.rb', line 148

def copy_to(from,to)
  @driver.copy_to(from,to)
end

#create_directory(directory) ⇒ Object

# File 'lib/lab/vm.rb', line 193

def create_directory(directory)
  @driver.create_directory(directory)
end

#create_framework ⇒ Object

# File 'lib/lab/modifier/meterpreter_modifier.rb', line 23

def create_framework
	return if @framework
	@framework    = Msf::Simple::Framework.create
end

#create_snapshot(snapshot) ⇒ Object

# File 'lib/lab/vm.rb', line 160

def create_snapshot(snapshot)
  @driver.create_snapshot(snapshot)
end

#delete_snapshot(snapshot) ⇒ Object

# File 'lib/lab/vm.rb', line 168

def delete_snapshot(snapshot)
  @driver.delete_snapshot(snapshot)
end

#open_uri(uri) ⇒ Object

# File 'lib/lab/vm.rb', line 197

def open_uri(uri)
  # we don't filter the uri, as it's getting tossed into a script 
  # by the driver
  if @os == "windows"
    command = "\"C:\\program files\\internet explorer\\iexplore.exe\" #{uri}"
  else
    command = "firefox #{uri}"
  end

  @driver.run_command(command)
end

#pause ⇒ Object

# File 'lib/lab/vm.rb', line 144

def pause
  @driver.pause
end

#reset ⇒ Object

# File 'lib/lab/vm.rb', line 152

def reset
  @driver.reset
end

#resume ⇒ Object

# File 'lib/lab/vm.rb', line 156

def resume
  @driver.resume
end

#revert_and_start(snapshot) ⇒ Object

# File 'lib/lab/vm.rb', line 172

def revert_and_start(snapshot)
  @driver.revert_snapshot(snapshot)
  @driver.start
end

#revert_snapshot(snapshot) ⇒ Object

# File 'lib/lab/vm.rb', line 164

def revert_snapshot(snapshot)
  @driver.revert_snapshot(snapshot)
end

#run_command(command, timeout = 60) ⇒ Object

# File 'lib/lab/vm.rb', line 185

def run_command(command)
  @driver.run_command(command)
end

#run_script(script, options) ⇒ Object

This isn’t part of the normal API, but too good to pass up.

# File 'lib/lab/modifier/meterpreter_modifier.rb', line 135

def run_script(script, options)
	if @session.type == "meterpreter"
		@session.execute_script(script, options)
	else
		raise "Unsupported on #{@session.type}"
	end
end

#running? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/lab/vm.rb', line 128

def running?
  @driver.running?
end

#setup_session ⇒ Object

perform the setup only once

# File 'lib/lab/modifier/meterpreter_modifier.rb', line 29

def setup_session
	return if @session

	# require the framework (assumes this sits in lib/lab/modifiers)
	require 'msf/base'

	create_framework 	## TODO - this should use a single framework 
				## for all hosts, not one-per-host

	@session 		= nil
	@session_input        	= Rex::Ui::Text::Input::Buffer.new
	@session_output       	= Rex::Ui::Text::Output::Buffer.new

	if @os == "windows"
		exploit_name = 'windows/smb/psexec'

		# TODO - check for x86, choose the appropriate payload

		payload_name = 'windows/meterpreter/bind_tcp'
		options = {	"RHOST"		  => @hostname, 
				        "SMBUser" 	=> @vm_user, 
				        "SMBPass" 	=> @vm_pass}

     			puts "DEBUG: using options #{options}"

		# Initialize the exploit instance
		exploit = @framework.exploits.create(exploit_name)

		begin
			# Fire it off.
			@session = exploit.exploit_simple(
				'Payload'     	=> payload_name,
				'Options'     	=> options,
				'LocalInput'  	=> @session_input,
				'LocalOutput' 	=> @session_output)
			@session.load_stdapi
			
			puts "DEBUG: Generated session: #{@session}"
			
		rescue  Exception => e 
 			  puts "DEBUG: Unable to exploit"
 			  puts e.to_s
		end
						
	else
		module_name = 'scanner/ssh/ssh_login'
		
		# TODO - check for x86, choose the appropriate payload
		
		payload_name = 'linux/x86/shell_bind_tcp'
		options = {	"RHOSTS"		=> @hostname, 
				"USERNAME" 		=> @vm_user, 
				"PASSWORD" 		=> @vm_pass, 
				"BLANK_PASSWORDS" 	=> false, 
				"USER_AS_PASS" 		=> false, 
				"VERBOSE" 		=> false}

     			puts "DEBUG: using options #{options}"

		# Initialize the module instance
		aux = @framework.auxiliary.create(module_name)
		
		puts "DEBUG: created module: #{aux}"
		
		begin 
			# Fire it off.
			aux.run_simple(
				'Payload'     => payload_name,
				'Options'     => options,
				'LocalInput'  => @session_input,
				'LocalOutput' => @session_output)
			
			@session = @framework.sessions.first.last
			puts "DEBUG: Generated session: #{@session}"
		rescue Exception => e 
		  puts "DEBUG: Unable to exploit"
		  puts e.to_s
		end
	end
	

	
end

#start ⇒ Object

# File 'lib/lab/vm.rb', line 136

def start
  @driver.start
end

#stop ⇒ Object

# File 'lib/lab/vm.rb', line 140

def stop
  @driver.stop
end

#suspend ⇒ Object

# File 'lib/lab/vm.rb', line 148

def suspend
  @driver.suspend
end

#to_s ⇒ Object

# File 'lib/lab/vm.rb', line 209

def to_s
  return "#{@hostname}"
end

#to_yaml ⇒ Object

# File 'lib/lab/vm.rb', line 213

def to_yaml
  
  # TODO - push this down to the drivers.
  
  # Standard configuration options
  out =  " - vmid: #{@vmid}\n"
  out += "   hostname: #{@hostname}\n"
  out += "   driver: #{@driver_type}\n"
  out += "   description: |\n #{@description}\n"
  out += "   location: #{@location}\n"
  out += "   type: #{@type}\n"
  out += "   tools: #{@tools}\n"
  out += "   os: #{@os}\n"
  out += "   arch: #{@arch}\n"
  
  if @user or @host # Remote vm/drivers only
    out += "   user: #{@user}\n"
    out += "   host: #{@host}\n"
    out += "   port: #{@port}\n"
    out += "   pass: #{@pass}\n"
  end

  if @platform
    out += "   platform: #{@platform}\n"
  end

  if @fog_config
    out += @fog_config.to_yaml
  end

  if @dynagen_config
    out += @dynagen_config.to_yaml
  end

  out += "   credentials:\n"
  @credentials.each do |credential|    
    out += "     - user: #{credential['user']}\n"
    out += "       pass: #{credential['pass']}\n"
  end

   return out
end