16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
# File 'db/migrate/20110317144932_add_session_table.rb', line 16
def self.up
create_table :sessions do |t|
t.integer :host_id
t.string :stype t.string :via_exploit t.string :via_payload t.string :desc t.integer :port
t.string :platform t.string :routes
t.text :datastore
t.timestamp :opened_at, :null => false
t.timestamp :closed_at
t.string :close_reason
end
create_table :session_events do |t|
t.integer :session_id
t.string :etype t.binary :command
t.binary :output
t.string :remote_path
t.string :local_path
t.timestamp :created_at
end
close_events = Event.find_all_by_name("session_close")
open_events = Event.find_all_by_name("session_open")
command_events = Event.find_all_by_name("session_command")
output_events = Event.find_all_by_name("session_output")
upload_events = Event.find_all_by_name("session_upload")
download_events = Event.find_all_by_name("session_download")
open_events.each do |o|
c = close_events.find { |e| e.info[:session_uuid] == o.info[:session_uuid] }
s = Session.new(
:host_id => o.host_id,
:stype => o.info[:session_type],
:via_exploit => o.info[:via_exploit],
:via_payload => o.info[:via_payload],
:datastore => o.info[:datastore],
:opened_at => o.created_at
)
if c
s.closed_at = c.created_at
s.desc = c.info[:session_info]
else
s.closed_at = s.opened_at
s.desc = "?"
end
uuid = o.info[:session_uuid]
command_events.select { |e| e.info[:session_uuid] == uuid }.each do |e|
s.events.build(:created_at => e.created_at, :etype => "command", :command => e.info[:command] )
end
output_events.select { |e| e.info[:session_uuid] == uuid }.each do |e|
s.events.build(:created_at => e.created_at, :etype => "output", :output => e.info[:output] )
end
upload_events.select { |e| e.info[:session_uuid] == uuid }.each do |e|
s.events.build(:created_at => e.created_at, :etype => "upload", :local_path => e.info[:local_path], :remote_path => e.info[:remote_path] )
end
download_events.select { |e| e.info[:session_uuid] == uuid }.each do |e|
s.events.build(:created_at => e.created_at, :etype => "download", :local_path => e.info[:local_path], :remote_path => e.info[:remote_path] )
end
s.events.sort_by(&:created_at)
s.save!
end
end
|