Module: Msf::DBManager::ExploitAttempt

Included in:: Msf::DBManager

Defined in:: lib/msf/core/db_manager/exploit_attempt.rb

Instance Method Summary collapse

#report_exploit(opts = {}) ⇒ Object

report_exploit() used to be used to track sessions and which modules opened them.
#report_exploit_attempt(host, opts) ⇒ Object
#report_exploit_failure(opts) ⇒ void

Create an ‘Mdm::ExploitAttempt` (and possibly an `Mdm::VulnAttempt`, if the `vuln` option is passed).
#report_exploit_success(opts) ⇒ void

Create an ‘Mdm::ExploitAttempt` (and possibly an `Mdm::VulnAttempt`, if the `vuln` option is passed).

Instance Method Details

#report_exploit(opts = {}) ⇒ `Object`

report_exploit() used to be used to track sessions and which modules opened them. That information is now available with the session table directly. TODO: kill this completely some day – for now just warn if some other UI is actually using it.

# File 'lib/msf/core/db_manager/exploit_attempt.rb', line 6

def report_exploit(opts={})
  wlog("Deprecated method call: report_exploit()\n" +
    "report_exploit() options: #{opts.inspect}\n" +
    "report_exploit() call stack:\n\t#{caller.join("\n\t")}"
  )
end

#report_exploit_attempt(host, opts) ⇒ `Object`

# File 'lib/msf/core/db_manager/exploit_attempt.rb', line 13

def report_exploit_attempt(host, opts)
::ApplicationRecord.connection_pool.with_connection {
  return if not host
  info = {}

  # Opts can be keyed by strings or symbols
  ::Mdm::VulnAttempt.column_names.each do |kn|
    k = kn.to_sym
    next if ['id', 'host_id'].include?(kn)
    info[k] = opts[kn] if opts[kn]
    info[k] = opts[k]  if opts[k]
  end

  host.exploit_attempts.create(info)
}
end

#report_exploit_failure(opts) ⇒ `void`

This method returns an undefined value.

Create an ‘Mdm::ExploitAttempt` (and possibly an `Mdm::VulnAttempt`, if the `vuln` option is passed).

Options Hash (opts):

:refs (Array<String>, Array<Msf::Module::Reference>)
:host (Mdm::Host)
:service (Mdm::Service)
:port (Integer) — default: nil
:proto ("tcp", "udp") — default: Msf::DBManager::DEFAULT_SERVICE_PROTO —

See ‘Mdm::Service::PROTOS`
:vuln (Mdm::Vuln) — default: nil
:timestamp (Time) — default: nil
:timestamp (Mdm::Vuln) — default: nil
:module (String) — default: nil

# File 'lib/msf/core/db_manager/exploit_attempt.rb', line 35

def report_exploit_failure(opts)
  return unless opts[:refs].present? && opts[:host].present?

  host = opts[:host]
  wspace = Msf::Util::DBManager.process_opts_workspace(opts, framework)
  opts = opts.clone()
  port = opts[:port]
  proto = opts[:proto] || Msf::DBManager::DEFAULT_SERVICE_PROTO
  svc = opts[:service]
  rids = opts.delete(:ref_ids) || []

  opts[:refs].each do |ref|
    if ref.instance_of?(Mdm::Module::Ref)
      str = ref.name
    elsif (ref.respond_to?(:ctx_id)) && (ref.respond_to?(:ctx_val))
      str = "#{ref.ctx_id}-#{ref.ctx_val}"
    elsif (ref.is_a?(Hash) && ref[:ctx_id] && ref[:ctx_val])
      str = "#{ref[:ctx_id]}-#{ref[:ctx_val]}"
    elsif ref.is_a?(String)
      str = ref
    end
    rids << find_or_create_ref(name: str) unless str.nil?
  end

  # Look up the service as appropriate
  if port && svc.nil?
    # only one result can be returned, as the +port+ field restricts potential results to a single service
    svc = services(:workspace => wspace,
                   :hosts => {address: host},
                   :proto => proto,
                   :port => port).first
  end

  # Look up the host as appropriate
  if !host || !host.kind_of?(::Mdm::Host)
    if svc&.kind_of? ::Mdm::Service
      host = svc.host
    else
      host = get_host(workspace: wspace, address: host)
    end
  end

  # Bail if we dont have a host object
  return unless host

  vuln = nil
  if rids.present?
    # Try to find an existing vulnerability with the same service & references
    # or, if svc is nil, with the same host & references
    vuln = find_vuln_by_refs(rids, host, svc, false)
  end

  opts[:service] = svc
  opts[:host] = host
  opts[:vuln] = vuln if vuln

  do_report_failure_or_success(opts)
end

#report_exploit_success(opts) ⇒ `void`

This method returns an undefined value.

Create an ‘Mdm::ExploitAttempt` (and possibly an `Mdm::VulnAttempt`, if the `vuln` option is passed).

# File 'lib/msf/core/db_manager/exploit_attempt.rb', line 98

def report_exploit_success(opts)
  return unless opts[:refs]
  host   = opts[:host] || return

  wspace = Msf::Util::DBManager.process_opts_workspace(opts, framework)
  # it is rude to modify arguments in place
  opts = opts.clone()
  port   = opts[:port]
  prot   = opts[:proto] || Msf::DBManager::DEFAULT_SERVICE_PROTO
  svc    = opts[:service]

  # Look up or generate the service as appropriate
  if port and svc.nil?
    opts[:proto] ||= Msf::DBManager::DEFAULT_SERVICE_PROTO
    opts[:service] = report_service(
      workspace: wspace, host: host, port: port, proto: prot
    )
  end

  do_report_failure_or_success(opts)
end

Module: Msf::DBManager::ExploitAttempt

Instance Method Summary collapse

Instance Method Details

#report_exploit(opts = {}) ⇒ Object

#report_exploit_attempt(host, opts) ⇒ Object

#report_exploit_failure(opts) ⇒ void

#report_exploit_success(opts) ⇒ void

#report_exploit(opts = {}) ⇒ `Object`

#report_exploit_attempt(host, opts) ⇒ `Object`

#report_exploit_failure(opts) ⇒ `void`

#report_exploit_success(opts) ⇒ `void`