Class: Msf::RPC::Service

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/rpc/v10/service.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(framework, options = {}) ⇒ Service

Returns a new instance of Service


28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/msf/core/rpc/v10/service.rb', line 28

def initialize(framework, options={})
  self.framework = framework
  self.handlers = {}
  self.options  = {
    :ssl  => true,
    :cert => nil,
    :uri  => "/uri",
    :host => '127.0.0.1',
    :port => 3790
  }.merge(options)

  self.str_encoding = ''.encoding.name
  self.srvhost = self.options[:host]
  self.srvport = self.options[:port]
  self.uri     = self.options[:uri]
  self.debug   = self.options[:debug]

  self.dispatcher_timeout = self.options[:dispatcher_timeout] || 7200
  self.token_timeout      = self.options[:token_timeout] || 300
  self.tokens             = self.options[:tokens] || {}
  self.users              = self.options[:users] || []

  add_handler("core",    Msf::RPC::RPC_Core.new(self))
  add_handler("auth",    Msf::RPC::RPC_Auth.new(self))
  add_handler("console", Msf::RPC::RPC_Console.new(self))
  add_handler("module",  Msf::RPC::RPC_Module.new(self))
  add_handler("session", Msf::RPC::RPC_Session.new(self))
  add_handler("plugin",  Msf::RPC::RPC_Plugin.new(self))
  add_handler("job",     Msf::RPC::RPC_Job.new(self))
  add_handler("db",      Msf::RPC::RPC_Db.new(self))
end

Instance Attribute Details

#debugObject

Returns the value of attribute debug


26
27
28
# File 'lib/msf/core/rpc/v10/service.rb', line 26

def debug
  @debug
end

#default_handlerObject

Returns the value of attribute default_handler


25
26
27
# File 'lib/msf/core/rpc/v10/service.rb', line 25

def default_handler
  @default_handler
end

#dispatcher_timeoutObject

Returns the value of attribute dispatcher_timeout


26
27
28
# File 'lib/msf/core/rpc/v10/service.rb', line 26

def dispatcher_timeout
  @dispatcher_timeout
end

#frameworkObject

Returns the value of attribute framework


25
26
27
# File 'lib/msf/core/rpc/v10/service.rb', line 25

def framework
  @framework
end

#handlersObject

Returns the value of attribute handlers


25
26
27
# File 'lib/msf/core/rpc/v10/service.rb', line 25

def handlers
  @handlers
end

#optionsObject

Returns the value of attribute options


24
25
26
# File 'lib/msf/core/rpc/v10/service.rb', line 24

def options
  @options
end

#serviceObject

Returns the value of attribute service


24
25
26
# File 'lib/msf/core/rpc/v10/service.rb', line 24

def service
  @service
end

#srvhostObject

Returns the value of attribute srvhost


24
25
26
# File 'lib/msf/core/rpc/v10/service.rb', line 24

def srvhost
  @srvhost
end

#srvportObject

Returns the value of attribute srvport


24
25
26
# File 'lib/msf/core/rpc/v10/service.rb', line 24

def srvport
  @srvport
end

#str_encodingObject

Returns the value of attribute str_encoding


26
27
28
# File 'lib/msf/core/rpc/v10/service.rb', line 26

def str_encoding
  @str_encoding
end

#token_timeoutObject

Returns the value of attribute token_timeout


26
27
28
# File 'lib/msf/core/rpc/v10/service.rb', line 26

def token_timeout
  @token_timeout
end

#tokensObject

Returns the value of attribute tokens


25
26
27
# File 'lib/msf/core/rpc/v10/service.rb', line 25

def tokens
  @tokens
end

#uriObject

Returns the value of attribute uri


24
25
26
# File 'lib/msf/core/rpc/v10/service.rb', line 24

def uri
  @uri
end

#usersObject

Returns the value of attribute users


25
26
27
# File 'lib/msf/core/rpc/v10/service.rb', line 25

def users
  @users
end

Instance Method Details

#add_handler(group, handler) ⇒ Object


99
100
101
# File 'lib/msf/core/rpc/v10/service.rb', line 99

def add_handler(group, handler)
  self.handlers[group] = handler
end

#add_token(token) ⇒ Object


180
181
182
# File 'lib/msf/core/rpc/v10/service.rb', line 180

def add_token(token)
  self.tokens[token] = [nil, nil, nil, true]
end

#add_user(user, pass) ⇒ Object


188
189
190
191
192
193
194
195
196
# File 'lib/msf/core/rpc/v10/service.rb', line 188

def add_user(user, pass)
  self.users.each do |r|
    if r[0] == user
      r[1] = pass
      return
    end
  end
  self.users << [user, pass]
end

#authenticate(token) ⇒ Object


202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
# File 'lib/msf/core/rpc/v10/service.rb', line 202

def authenticate(token)
  stale = []


  if not (token and token.kind_of?(::String))
    return false
  end

  # Force the encoding to ASCII-8BIT
  token = token.unpack("C*").pack("C*")

  self.tokens.each_key do |t|
    user,ctime,mtime,perm = self.tokens[t]
    if ! perm and mtime + self.token_timeout < Time.now.to_i
      stale << t
    end
  end

  stale.each { |t| self.tokens.delete(t) }

  if not self.tokens[token]

    begin
      if framework.db.active and ::Mdm::ApiKey.find_by_token(token)
        return true
      end
    rescue ::Exception => e
    end

    return false
  end

  self.tokens[token][2] = Time.now.to_i
  true
end

#on_request_uri(cli, req) ⇒ Object


85
86
87
88
89
90
91
92
93
94
95
96
97
# File 'lib/msf/core/rpc/v10/service.rb', line 85

def on_request_uri(cli, req)
  res = Rex::Proto::Http::Response.new()
  res["Content-Type"] = "binary/message-pack"

  begin
    res.body = process(req).to_msgpack
  rescue Msf::RPC::Exception => e
    elog("RPC Exception: #{e.class} #{e} #{e.backtrace} #{cli.inspect} #{req.inspect}")
    res.body = process_exception(e).to_msgpack
    res.code = e.code
  end
  cli.send_response(res)
end

#process(req) ⇒ Object


103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
# File 'lib/msf/core/rpc/v10/service.rb', line 103

def process(req)
  msg  = nil

  begin
    if req.method != "POST"
      if req && req.method
        raise ArgumentError, "Invalid Request Verb: '#{req.method.inspect}'"
      else
        raise ArgumentError, "Invalid Request: '#{req.inspect}'"
      end
    end

    if not (req.headers["Content-Type"] and req.headers["Content-Type"] == "binary/message-pack")
      raise ArgumentError, "Invalid Content Type"
    end

    msg = MessagePack.unpack(req.body)

    if not (msg and msg.kind_of?(::Array) and msg.length > 0)
      raise ArgumentError, "Invalid Message Format"
    end

    msg.map { |a| a.respond_to?(:force_encoding) ? a.force_encoding(self.str_encoding) : a }

    group, funct = msg.shift.split(".", 2)

    if not self.handlers[group]
      raise ArgumentError, "Unknown API Group: '#{group.inspect}'"
    end

    doauth = true
    mname  = 'rpc_' + funct

    if self.handlers[group].respond_to?(mname + '_noauth')
      doauth = false
      mname << '_noauth'
    end

    if not self.handlers[group].respond_to?(mname)
      raise ArgumentError, "Unknown API Call: '#{mname.inspect}'"
    end

    if doauth
      token = msg.shift
      if not authenticate(token)
        raise ::Msf::RPC::Exception.new(401, "Invalid Authentication Token")
      end
    end

    ::Timeout.timeout(self.dispatcher_timeout) { self.handlers[group].send(mname, *msg) }

  rescue ::Exception => e
    elog("RPC Exception: #{e.class} #{e.to_s} #{e.backtrace} #{msg.inspect} #{req.inspect}")
    process_exception(e)
  end
end

#process_exception(e) ⇒ Object


160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# File 'lib/msf/core/rpc/v10/service.rb', line 160

def process_exception(e)
  r = {
    :error           => true,
    :error_class     => e.class.to_s,
    :error_string    => e.to_s,
    :error_backtrace => e.backtrace.map{|x| x.sub(/^.*lib\//, 'lib/') } # Dont expose the install path
  }

  if e.respond_to?(:message)
    r[:error_message] = e.message
  end

  if e.respond_to?(:code)
    r[:error_code] = e.code
  end

  r
end

#remove_tokenObject


184
185
186
# File 'lib/msf/core/rpc/v10/service.rb', line 184

def remove_token
  self.tokens.delete(token)
end

#remove_user(user) ⇒ Object


198
199
200
# File 'lib/msf/core/rpc/v10/service.rb', line 198

def remove_user(user)
  self.users = self.users.select{|r| r[0] != user }
end

#startObject


60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# File 'lib/msf/core/rpc/v10/service.rb', line 60

def start
  self.service = Rex::ServiceManager.start(
    Rex::Proto::Http::Server,
    self.srvport,
    self.srvhost,
    self.options[:ssl],
    self.options[:context],
    self.options[:comm],
    self.options[:cert]
  )

  self.service.add_resource(self.uri, {
    'Proc' => Proc.new { |cli, req| on_request_uri(cli, req) },
    'Path' => self.uri
  })
end

#stopObject


77
78
79
# File 'lib/msf/core/rpc/v10/service.rb', line 77

def stop
  self.service.stop
end

#waitObject


81
82
83
# File 'lib/msf/core/rpc/v10/service.rb', line 81

def wait
  self.service.wait
end