Class: Msf::RhostsWalker

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/rhosts_walker.rb

Overview

Parses the RHOSTS datastore value, and yields the possible combinations of datastore values that exist for each host

Defined Under Namespace

Classes: Error, InvalidCIDRError, InvalidSchemaError, RhostResolveError

Instance Method Summary collapse

Constructor Details

#initialize(value = '', datastore = Msf::ModuleDataStore.new(nil)) ⇒ RhostsWalker

Returns a new instance of RhostsWalker.



55
56
57
58
# File 'lib/msf/core/rhosts_walker.rb', line 55

def initialize(value = '', datastore = Msf::ModuleDataStore.new(nil))
  @value = value
  @datastore = datastore
end

Instance Method Details

#countInteger

Count the valid datastore permutations for the current rhosts value. This count will ignore any invalid values.

Returns:

  • (Integer)


80
81
82
# File 'lib/msf/core/rhosts_walker.rb', line 80

def count
  to_enum.count
end

#each {|Msf::DataStore| ... } ⇒ Object

Iterate over the valid rhosts datastores. This can be combined Calling ‘#valid?` beforehand to ensure that there are no invalid configuration values, as they will be ignored by this method.

Yields:



65
66
67
68
69
70
71
72
73
74
# File 'lib/msf/core/rhosts_walker.rb', line 65

def each(&block)
  return unless @value
  return unless block_given?

  parse(@value, @datastore).each do |result|
    block.call(result) if result.is_a?(Msf::DataStore)
  end

  nil
end

#errors {|Msf::RhostsWalker::Error| ... } ⇒ Object

Retrieve the list of errors associated with this rhosts walker

Yields:



87
88
89
90
91
92
93
94
95
96
# File 'lib/msf/core/rhosts_walker.rb', line 87

def errors(&block)
  return unless @value
  return unless block_given?

  parse(@value, @datastore).each do |result|
    block.call(result) if result.is_a?(Msf::RhostsWalker::Error)
  end

  nil
end

#parse(value, datastore) ⇒ Enumerable<Msf::DataStore|StandardError>

Parses the input rhosts string, and yields the possible combinations of datastore values.

Parameters:

  • value (String)

    the rhost string

  • datastore (Msf::Datastore)

    the datastore

Returns:

  • (Enumerable<Msf::DataStore|StandardError>)

    The calculated datastore values that can be iterated over for enumerating the given rhosts, or the error that occurred when iterating over the input



117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# File 'lib/msf/core/rhosts_walker.rb', line 117

def parse(value, datastore)
  Enumerator.new do |results|
    # extract the individual elements from the rhost string, ensuring that
    # whitespace, strings, escape characters, etc are handled correctly.
    values = Rex::Parser::Arguments.from_s(value)
    values.each do |value|
      if (value =~ %r{^file://(.*)}) || (value =~ /^file:(.*)/)
        file = Regexp.last_match(1)
        File.read(file).each_line(chomp: true) do |line|
          parse(line, datastore).each do |result|
            results << result
          end
        end
      elsif value =~ /^cidr:(.*)/
        cidr, child_value = Regexp.last_match(1).split(':', 2)
        # Validate cidr syntax matches ipv6 '%scope_id/mask_part' or ipv4 '/mask_part'
        raise InvalidCIDRError unless cidr =~ %r{^(%\w+)?/\d{1,3}$}

        # Parse the values, then apply range walker over the result
        parse(child_value, datastore).each do |result|
          host_with_cidr = result['RHOSTS'] + cidr
          Rex::Socket::RangeWalker.new(host_with_cidr).each_ip do |rhost|
            results << result.merge('RHOSTS' => rhost, 'UNPARSED_RHOSTS' => value)
          end
        end
      elsif value =~ /^(?<schema>\w+):.*/ && SUPPORTED_SCHEMAS.include?(Regexp.last_match(:schema))
        schema = Regexp.last_match(:schema)
        raise InvalidSchemaError unless SUPPORTED_SCHEMAS.include?(schema)

        found = false
        parse_method = "parse_#{schema}_uri"
        parsed_options = send(parse_method, value, datastore)
        Rex::Socket::RangeWalker.new(parsed_options['RHOSTS']).each_ip do |ip|
          results << datastore.merge(
            parsed_options.merge('RHOSTS' => ip, 'UNPARSED_RHOSTS' => value)
          )
          found = true
        end
        unless found
          raise RhostResolveError.new(value)
        end
      else
        found = false
        Rex::Socket::RangeWalker.new(value).each_host do |rhost|
          overrides = {}
          overrides['UNPARSED_RHOSTS'] = value
          overrides['RHOSTS'] = rhost[:address]
          set_hostname(datastore, overrides, rhost[:hostname])
          results << datastore.merge(overrides)
          found = true
        end
        unless found
          raise RhostResolveError.new(value)
        end
      end
    rescue ::Interrupt
      raise
    rescue StandardError => e
      results << Msf::RhostsWalker::Error.new(value, cause: e)
    end
  end
end

#parse_http_uri(value, datastore) ⇒ Hash Also known as: parse_https_uri

Parses a string such as example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting http options.

Parameters:

  • value (String)

    the http string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
# File 'lib/msf/core/rhosts_walker.rb', line 228

def parse_http_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  is_ssl = %w[ssl https].include?(uri.scheme)
  result['RPORT'] = uri.port || (is_ssl ? 443 : 80)
  result['SSL'] = is_ssl

  # Both `TARGETURI` and `URI` are used as datastore options to denote the path on a uri
  has_path_specified = !uri.path.blank? # && uri.path != '/' - Note HTTP path parsing differs to the other protocol's parsing
  if has_path_specified
    target_uri = uri.path.present? ? uri.path : '/'
    result['TARGETURI'] = target_uri if datastore.options.include?('TARGETURI')
    result['PATH'] = target_uri if datastore.options.include?('PATH')
    result['URI'] = target_uri if datastore.options.include?('URI')
  end

  result['HttpQueryString'] = uri.query if datastore.options.include?('HttpQueryString')

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_ldap_uri(value, datastore) ⇒ Hash Also known as: parse_ldaps_uri

Parses a uri string such as ldap://user:password@example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting ldap options.

Parameters:

  • value (String)

    the ldap string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value

See Also:



264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
# File 'lib/msf/core/rhosts_walker.rb', line 264

def parse_ldap_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  is_ssl = %w[ssl ldaps].include?(uri.scheme)
  result['RPORT'] = uri.port || (is_ssl ? 636 : 389)
  result['SSL'] = is_ssl

  if uri.path.present?
    base_dn = uri.path.delete_prefix('/').split('?', 2).first
    result['BASE_DN'] = base_dn if base_dn.present?
  end

  set_hostname(datastore, result, uri.hostname)

  if uri.user && uri.user.include?(';')
    domain, user = uri.user.split(';')
    result['LDAPDomain'] = domain
    set_username(datastore, result, user)
  elsif uri.user
    result['LDAPDomain'] = ''
    set_username(datastore, result, uri.user)
  end

  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_mysql_uri(value, datastore) ⇒ Hash

Parses a uri string such as mysql://user:password@example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
# File 'lib/msf/core/rhosts_walker.rb', line 301

def parse_mysql_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 3306

  has_database_specified = !uri.path.blank? && uri.path != '/'
  if datastore.options.include?('DATABASE') && has_database_specified
    result['DATABASE'] = uri.path[1..-1]
  end

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password
  result
end

#parse_postgres_uri(value, datastore) ⇒ Hash

Parses a uri string such as postgres://user:password@example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
# File 'lib/msf/core/rhosts_walker.rb', line 325

def parse_postgres_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 5432

  has_database_specified = !uri.path.blank? && uri.path != '/'
  if datastore.options.include?('DATABASE') && has_database_specified
    result['DATABASE'] = uri.path[1..-1]
  end

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_smb_uri(value, datastore) ⇒ Hash

Parses a string such as smb://domain;user:pass@domain/share_name/file.txt into a hash which can safely be merged with a [Msf::DataStore] datastore for setting smb options.

Parameters:

  • value (String)

    the http string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the smb uri value



186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# File 'lib/msf/core/rhosts_walker.rb', line 186

def parse_smb_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = (uri.port || 445) if datastore.options.include?('RPORT')

  set_hostname(datastore, result, uri.hostname)
  # Handle users in the format:
  #   user
  #   domain;user
  if uri.user && uri.user.include?(';')
    domain, user = uri.user.split(';')
    result['SMBDomain'] = domain
    result['SMBUser'] = user
    set_username(datastore, result, user)
  elsif uri.user
    set_username(datastore, result, uri.user)
  end
  set_password(datastore, result, uri.password) if uri.password

  # Handle paths of the format:
  #    /
  #    /share_name
  #    /share_name/file
  #    /share_name/dir/file
  has_path_specified = !uri.path.blank? && uri.path != '/'
  if has_path_specified
    _preceding_slash, share, *rpath = uri.path.split('/')
    result['SMBSHARE'] = share if datastore.options.include?('SMBSHARE')
    result['RPATH'] = rpath.join('/') if datastore.options.include?('RPATH')
  end

  result
end

#parse_ssh_uri(value, datastore) ⇒ Hash

Parses a uri string such as ssh://user:password@example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



350
351
352
353
354
355
356
357
358
359
360
361
362
# File 'lib/msf/core/rhosts_walker.rb', line 350

def parse_ssh_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 22

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_tcp_uri(value, datastore) ⇒ Hash

Parses a uri string such as tcp://user:password@example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
# File 'lib/msf/core/rhosts_walker.rb', line 370

def parse_tcp_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  if uri.port
    result['RPORT'] = uri.port
  end

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#set_hostname(datastore, result, hostname) ⇒ Object (protected)



388
389
390
391
392
# File 'lib/msf/core/rhosts_walker.rb', line 388

def set_hostname(datastore, result, hostname)
  hostname = Rex::Socket.is_ip_addr?(hostname) ? nil : hostname
  result['RHOSTNAME'] = hostname if datastore['RHOSTNAME'].blank?
  result['VHOST'] = hostname if datastore.options.include?('VHOST') && datastore['VHOST'].blank?
end

#set_password(datastore, result, password) ⇒ Object (protected)



413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
# File 'lib/msf/core/rhosts_walker.rb', line 413

def set_password(datastore, result, password)
  # Preference setting application specific values first
  password_set = false
  password_option_names = %w[SMBPass FtpPass LDAPPassword Password pass PASSWORD password]
  password_option_names.each do |option_name|
    if datastore.options.include?(option_name)
      result[option_name] = password
      password_set = true
    end
  end

  # Only set basic auth HttpPassword as a fallback
  if !password_set && datastore.options.include?('HttpPassword')
    result['HttpPassword'] = password
  end

  result
end

#set_username(datastore, result, username) ⇒ Object (protected)



394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
# File 'lib/msf/core/rhosts_walker.rb', line 394

def set_username(datastore, result, username)
  # Preference setting application specific values first
  username_set = false
  option_names = %w[SMBUser FtpUser LDAPUsername Username user USER USERNAME username]
  option_names.each do |option_name|
    if datastore.options.include?(option_name)
      result[option_name] = username
      username_set = true
    end
  end

  # Only set basic auth HttpUsername as a fallback
  if !username_set && datastore.options.include?('HttpUsername')
    result['HttpUsername'] = username
  end

  result
end

#valid?Boolean

Indicates that the rhosts value is valid and iterable

Returns:

  • (Boolean)

    True if all items are valid, and there are at least some items present to iterate over. False otherwise.



102
103
104
105
106
107
108
# File 'lib/msf/core/rhosts_walker.rb', line 102

def valid?
  parsed_values = parse(@value, @datastore)
  parsed_values.all? { |result| result.is_a?(Msf::DataStore) } && parsed_values.count > 0
rescue StandardError => e
  elog('rhosts walker invalid', error: e)
  false
end