Class: Msf::RhostsWalker

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/rhosts_walker.rb

Overview

Parses the RHOSTS datastore value, and yields the possible combinations of datastore values that exist for each host

Defined Under Namespace

Classes: Error, InvalidCIDRError, InvalidSchemaError, RhostResolveError

Instance Method Summary collapse

Constructor Details

#initialize(value = '', datastore = Msf::ModuleDataStore.new(nil)) ⇒ RhostsWalker

Returns a new instance of RhostsWalker.



53
54
55
56
# File 'lib/msf/core/rhosts_walker.rb', line 53

def initialize(value = '', datastore = Msf::ModuleDataStore.new(nil))
  @value = value
  @datastore = datastore
end

Instance Method Details

#countInteger

Count the valid datastore permutations for the current rhosts value. This count will ignore any invalid values.

Returns:

  • (Integer)


78
79
80
# File 'lib/msf/core/rhosts_walker.rb', line 78

def count
  to_enum.count
end

#each {|Msf::DataStore| ... } ⇒ Object

Iterate over the valid rhosts datastores. This can be combined Calling ‘#valid?` beforehand to ensure that there are no invalid configuration values, as they will be ignored by this method.

Yields:



63
64
65
66
67
68
69
70
71
72
# File 'lib/msf/core/rhosts_walker.rb', line 63

def each(&block)
  return unless @value
  return unless block_given?

  parse(@value, @datastore).each do |result|
    block.call(result) if result.is_a?(Msf::DataStore) || result.is_a?(Msf::DataStoreWithFallbacks)
  end

  nil
end

#errors {|Msf::RhostsWalker::Error| ... } ⇒ Object

Retrieve the list of errors associated with this rhosts walker

Yields:



85
86
87
88
89
90
91
92
93
94
# File 'lib/msf/core/rhosts_walker.rb', line 85

def errors(&block)
  return unless @value
  return unless block_given?

  parse(@value, @datastore).each do |result|
    block.call(result) if result.is_a?(Msf::RhostsWalker::Error)
  end

  nil
end

#parse(value, datastore) ⇒ Enumerable<Msf::DataStore|StandardError>

Parses the input rhosts string, and yields the possible combinations of datastore values.

Parameters:

  • value (String)

    the rhost string

  • datastore (Msf::Datastore)

    the datastore

Returns:

  • (Enumerable<Msf::DataStore|StandardError>)

    The calculated datastore values that can be iterated over for enumerating the given rhosts, or the error that occurred when iterating over the input



115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
# File 'lib/msf/core/rhosts_walker.rb', line 115

def parse(value, datastore)
  Enumerator.new do |results|
    # extract the individual elements from the rhost string, ensuring that
    # whitespace, strings, escape characters, etc are handled correctly.
    values = Rex::Parser::Arguments.from_s(value)
    values.each do |value|
      if (value =~ %r{^file://(.*)}) || (value =~ /^file:(.*)/)
        file = Regexp.last_match(1)
        File.read(file).each_line(chomp: true) do |line|
          parse(line, datastore).each do |result|
            results << result
          end
        end
      elsif value =~ /^cidr:(.*)/
        cidr, child_value = Regexp.last_match(1).split(':', 2)
        # Validate cidr syntax matches ipv6 '%scope_id/mask_part' or ipv4 '/mask_part'
        raise InvalidCIDRError unless cidr =~ %r{^(%\w+)?/\d{1,3}$}

        # Parse the values, then apply range walker over the result
        parse(child_value, datastore).each do |result|
          host_with_cidr = result['RHOSTS'] + cidr
          Rex::Socket::RangeWalker.new(host_with_cidr).each_ip do |rhost|
            results << result.merge('RHOSTS' => rhost, 'UNPARSED_RHOSTS' => value)
          end
        end
      elsif value =~ /^(?<schema>\w+):.*/ && SUPPORTED_SCHEMAS.include?(Regexp.last_match(:schema))
        schema = Regexp.last_match(:schema)
        raise InvalidSchemaError unless SUPPORTED_SCHEMAS.include?(schema)

        found = false
        parse_method = "parse_#{schema}_uri"
        parsed_options = send(parse_method, value, datastore)
        Rex::Socket::RangeWalker.new(parsed_options['RHOSTS']).each_ip do |ip|
          results << datastore.merge(
            parsed_options.merge('RHOSTS' => ip, 'UNPARSED_RHOSTS' => value)
          )
          found = true
        end
        unless found
          raise RhostResolveError.new(value)
        end
      else
        found = false
        Rex::Socket::RangeWalker.new(value).each_host do |rhost|
          overrides = {}
          overrides['UNPARSED_RHOSTS'] = value
          overrides['RHOSTS'] = rhost[:address]
          set_hostname(datastore, overrides, rhost[:hostname])
          results << datastore.merge(overrides)
          found = true
        end
        unless found
          raise RhostResolveError.new(value)
        end
      end
    rescue ::Interrupt
      raise
    rescue StandardError => e
      results << Msf::RhostsWalker::Error.new(value, cause: e)
    end
  end
end

#parse_http_uri(value, datastore) ⇒ Hash Also known as: parse_https_uri

Parses a string such as example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting http options.

Parameters:

  • value (String)

    the http string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
# File 'lib/msf/core/rhosts_walker.rb', line 226

def parse_http_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  is_ssl = %w[ssl https].include?(uri.scheme)
  result['RPORT'] = uri.port || (is_ssl ? 443 : 80)
  result['SSL'] = is_ssl

  # Both `TARGETURI` and `URI` are used as datastore options to denote the path on a uri
  has_path_specified = !uri.path.blank? # && uri.path != '/' - Note HTTP path parsing differs to the other protocol's parsing
  if has_path_specified
    target_uri = uri.path.present? ? uri.path : '/'
    result['TARGETURI'] = target_uri if datastore.options.include?('TARGETURI')
    result['PATH'] = target_uri if datastore.options.include?('PATH')
    result['URI'] = target_uri if datastore.options.include?('URI')
  end

  result['HttpQueryString'] = uri.query if datastore.options.include?('HttpQueryString')

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_mysql_uri(value, datastore) ⇒ Hash

Parses a uri string such as mysql://user:password@example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
# File 'lib/msf/core/rhosts_walker.rb', line 260

def parse_mysql_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 3306

  has_database_specified = !uri.path.blank? && uri.path != '/'
  if datastore.options.include?('DATABASE') && has_database_specified
    result['DATABASE'] = uri.path[1..-1]
  end

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password
  result
end

#parse_postgres_uri(value, datastore) ⇒ Hash

Parses a uri string such as postgres://user:password@example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
# File 'lib/msf/core/rhosts_walker.rb', line 284

def parse_postgres_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 5432

  has_database_specified = !uri.path.blank? && uri.path != '/'
  if datastore.options.include?('DATABASE') && has_database_specified
    result['DATABASE'] = uri.path[1..-1]
  end

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_smb_uri(value, datastore) ⇒ Hash

Parses a string such as smb://domain;user:pass@domain/share_name/file.txt into a hash which can safely be merged with a [Msf::DataStore] datastore for setting smb options.

Parameters:

  • value (String)

    the http string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the smb uri value



184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
# File 'lib/msf/core/rhosts_walker.rb', line 184

def parse_smb_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = (uri.port || 445) if datastore.options.include?('RPORT')

  set_hostname(datastore, result, uri.hostname)
  # Handle users in the format:
  #   user
  #   domain;user
  if uri.user && uri.user.include?(';')
    domain, user = uri.user.split(';')
    result['SMBDomain'] = domain
    result['SMBUser'] = user
    set_username(datastore, result, user)
  elsif uri.user
    set_username(datastore, result, uri.user)
  end
  set_password(datastore, result, uri.password) if uri.password

  # Handle paths of the format:
  #    /
  #    /share_name
  #    /share_name/file
  #    /share_name/dir/file
  has_path_specified = !uri.path.blank? && uri.path != '/'
  if has_path_specified
    _preceding_slash, share, *rpath = uri.path.split('/')
    result['SMBSHARE'] = share if datastore.options.include?('SMBSHARE')
    result['RPATH'] = rpath.join('/') if datastore.options.include?('RPATH')
  end

  result
end

#parse_ssh_uri(value, datastore) ⇒ Hash

Parses a uri string such as ssh://user:password@example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



309
310
311
312
313
314
315
316
317
318
319
320
321
# File 'lib/msf/core/rhosts_walker.rb', line 309

def parse_ssh_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  result['RPORT'] = uri.port || 22

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#parse_tcp_uri(value, datastore) ⇒ Hash

Parses a uri string such as tcp://user:password@example.com into a hash which can safely be merged with a [Msf::DataStore] datastore for setting options.

Parameters:

  • value (String)

    the uri string

Returns:

  • (Hash)

    A hash where keys match the required datastore options associated with the uri value



329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
# File 'lib/msf/core/rhosts_walker.rb', line 329

def parse_tcp_uri(value, datastore)
  uri = ::Addressable::URI.parse(value)
  result = {}

  result['RHOSTS'] = uri.hostname
  if uri.port
    result['RPORT'] = uri.port
  end

  set_hostname(datastore, result, uri.hostname)
  set_username(datastore, result, uri.user) if uri.user
  set_password(datastore, result, uri.password) if uri.password

  result
end

#set_hostname(datastore, result, hostname) ⇒ Object (protected)



347
348
349
350
351
# File 'lib/msf/core/rhosts_walker.rb', line 347

def set_hostname(datastore, result, hostname)
  hostname = Rex::Socket.is_ip_addr?(hostname) ? nil : hostname
  result['RHOSTNAME'] = hostname if datastore['RHOSTNAME'].blank?
  result['VHOST'] = hostname if datastore.options.include?('VHOST') && datastore['VHOST'].blank?
end

#set_password(datastore, result, password) ⇒ Object (protected)



372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
# File 'lib/msf/core/rhosts_walker.rb', line 372

def set_password(datastore, result, password)
  # Preference setting application specific values first
  password_set = false
  password_option_names = %w[SMBPass FtpPass Password pass PASSWORD password]
  password_option_names.each do |option_name|
    if datastore.options.include?(option_name)
      result[option_name] = password
      password_set = true
    end
  end

  # Only set basic auth HttpPassword as a fallback
  if !password_set && datastore.options.include?('HttpPassword')
    result['HttpPassword'] = password
  end

  result
end

#set_username(datastore, result, username) ⇒ Object (protected)



353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
# File 'lib/msf/core/rhosts_walker.rb', line 353

def set_username(datastore, result, username)
  # Preference setting application specific values first
  username_set = false
  option_names = %w[SMBUser FtpUser Username user USER USERNAME username]
  option_names.each do |option_name|
    if datastore.options.include?(option_name)
      result[option_name] = username
      username_set = true
    end
  end

  # Only set basic auth HttpUsername as a fallback
  if !username_set && datastore.options.include?('HttpUsername')
    result['HttpUsername'] = username
  end

  result
end

#valid?Boolean

Indicates that the rhosts value is valid and iterable

Returns:

  • (Boolean)

    True if all items are valid, and there are at least some items present to iterate over. False otherwise.



100
101
102
103
104
105
106
# File 'lib/msf/core/rhosts_walker.rb', line 100

def valid?
  parsed_values = parse(@value, @datastore)
  parsed_values.all? { |result| result.is_a?(Msf::DataStore) || result.is_a?(Msf::DataStoreWithFallbacks) } && parsed_values.count > 0
rescue StandardError => e
  elog('rhosts walker invalid', error: e)
  false
end