Class: Metasploit::Credential::Importer::Zip

Inherits:

Object

• Object
• Metasploit::Credential::Importer::Zip

Includes:

Base

Defined in:

lib/metasploit/credential/importer/zip.rb

Overview

Implements importation of a zip file containing credentials. Each well-formed zip should contain one CSV file and a subdirectory holding a collection of files, each containing one SSH private key.

Constant Summary

KEYS_SUBDIRECTORY_NAME =

The name of the directory in the zip file’s root directory that contains SSH keys

"keys"

MANIFEST_FILE_NAME =

The name of the file in the zip which is opened and passed as a ‘File` to an instance of CSV::Core

"manifest.csv"

ZIP_HEADER_BYTE_LENGTH =

Zip file identifying header length in bytes (ZIP_HEADER_IDENTIFIER length)

4

ZIP_HEADER_IDENTIFIER =

Standard 4-byte binary header for all zips - www.fileformat.info/format/zip/corion.htm

"PK\x03\x04"

Constants included from Base

Base::LONG_FORM_ALLOWED_PRIVATE_TYPE_NAMES, Base::SHORT_FORM_ALLOWED_PRIVATE_TYPE_NAMES

Instance Attribute Summary

• #extracted_zip_directory ⇒ String

  Returns the path to the directory where the zip was extracted.

• #manifest_importer ⇒ Metasploit::Credential::Importer::CSV::Manifest

  The importer for the zip’s manifest file.

Instance Method Summary

• #import! ⇒ void

  Extract the zip file and pass the CSV file contained therein to a CSV::Core, which is in charge of creating new Core objects, creating new Public objects or linking existing ones, and associating them with extracted SSHKey objects read from the files indicated in the manifest.

• #input_is_well_formed ⇒ void

  Validates that the zip file contains a CSV file and that it can be handled with the Zip::File::open method.

Methods included from Base

#initialize

Instance Attribute Details

#extracted_zip_directory ⇒ String

Returns the path to the directory where the zip was extracted.

Returns:

• (String)

# File 'lib/metasploit/credential/importer/zip.rb', line 38

def extracted_zip_directory
  @extracted_zip_directory
end

#manifest_importer ⇒ Metasploit::Credential::Importer::CSV::Manifest

The importer for the zip’s manifest file

Returns:

• (Metasploit::Credential::Importer::CSV::Manifest)

# File 'lib/metasploit/credential/importer/zip.rb', line 32

def manifest_importer
  @manifest_importer
end

Instance Method Details

#import! ⇒ void

This method returns an undefined value.

Extract the zip file and pass the CSV file contained therein to a CSV::Core, which is in charge of creating new Core objects, creating new Public objects or linking existing ones, and associating them with extracted SSHKey objects read from the files indicated in the manifest.

# File 'lib/metasploit/credential/importer/zip.rb', line 57

def import!
  ::Zip::File.open(input.path) do |zip_file|
    zip_file.each do |entry|
      entry.extract(File.join(extracted_zip_directory, entry.name))
    end
  end

  csv_path = Dir.glob(File.join(extracted_zip_directory,'**', MANIFEST_FILE_NAME)).first
  csv_input = File.open(csv_path)
  Metasploit::Credential::Importer::Core.new(input: csv_input, origin: origin, workspace: workspace).import!
end

#input_is_well_formed ⇒ void

This method returns an undefined value.

Validates that the zip file contains a CSV file and that it can be handled with the Zip::File::open method.

# File 'lib/metasploit/credential/importer/zip.rb', line 81

def input_is_well_formed
  begin
    Zip::File.open input.path do |archive|
      glob_check  = archive.glob("**#{File::SEPARATOR}#{MANIFEST_FILE_NAME}")
      if glob_check.present?
        true
      else
        errors.add(:input, :missing_manifest)
      end
    end
  rescue ::Zip::Error
    errors.add(:input, :malformed_archive)
  end
end