mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-11-05 14:57:30 +01:00
043d1a2d27
This is causing startup issues in some environments where not all the rex dependencies are loading. Remove it for now, removal of msfcli is close at hand anyway.
609 lines
17 KiB
Ruby
Executable File
609 lines
17 KiB
Ruby
Executable File
#!/usr/bin/env ruby
|
|
# -*- coding: binary -*-
|
|
#
|
|
# This user interface allows users to interact with the framework through a
|
|
# command line interface (CLI) rather than having to use a prompting console
|
|
# or web-based interface.
|
|
#
|
|
|
|
$stderr.puts "[!] ************************************************************************"
|
|
$stderr.puts "[!] * The utility msfcli is deprecated! *"
|
|
$stderr.puts "[!] * It will be removed on or about 2015-06-18 *"
|
|
$stderr.puts "[!] * Please use msfconsole -r or -x instead *"
|
|
$stderr.puts "[!] * Details: https://github.com/rapid7/metasploit-framework/pull/3802 *"
|
|
$stderr.puts "[!] ************************************************************************"
|
|
|
|
msfbase = __FILE__
|
|
while File.symlink?(msfbase)
|
|
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
|
|
end
|
|
|
|
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), 'lib')))
|
|
|
|
class Msfcli
|
|
#
|
|
# Attributes
|
|
#
|
|
|
|
# @attribute framework
|
|
# @return [Msf::Simple::Framework]
|
|
|
|
#
|
|
# initialize
|
|
#
|
|
|
|
def initialize(args)
|
|
@args = {}
|
|
@indent = ' '
|
|
|
|
@args[:module_name] = args.shift # First argument should be the module name
|
|
@args[:mode] = args.pop || 'h' # Last argument should be the mode
|
|
@args[:params] = args # Whatever is in the middle should be the params
|
|
|
|
if @args[:module_name] =~ /^exploit(s)*\//i
|
|
@args[:module_name] = @args[:module_name].split('/')
|
|
@args[:module_name] = @args[:module_name][1, @args[:module_name].length] * "/"
|
|
end
|
|
end
|
|
|
|
#
|
|
# Instance Methods
|
|
#
|
|
|
|
# The framework to create and list modules.
|
|
#
|
|
# @return [Msf::Simple::Framework]
|
|
def framework
|
|
@framework ||= Msf::Simple::Framework.create({'DeferModuleLoads'=>true})
|
|
end
|
|
|
|
# Sets {#framework}.
|
|
#
|
|
# @raise [ArgumentError] if {#framework} already set
|
|
def framework=(framework)
|
|
if instance_variable_defined? :@framework
|
|
fail ArgumentError.new("framework already set")
|
|
end
|
|
|
|
@framework = framework
|
|
end
|
|
|
|
#
|
|
# Returns a usage Rex table
|
|
#
|
|
def usage (str = nil, extra = nil)
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
'Header' => "Usage: #{$0} <exploit_name> <option=value> [mode]",
|
|
'Indent' => 4,
|
|
'Columns' => ['Mode', 'Description']
|
|
)
|
|
|
|
tbl << ['(H)elp', "You're looking at it baby!"]
|
|
tbl << ['(S)ummary', 'Show information about this module']
|
|
tbl << ['(O)ptions', 'Show available options for this module']
|
|
tbl << ['(M)issing', 'Show empty required options for this module']
|
|
tbl << ['(A)dvanced', 'Show available advanced options for this module']
|
|
tbl << ['(I)DS Evasion', 'Show available ids evasion options for this module']
|
|
tbl << ['(P)ayloads', 'Show available payloads for this module']
|
|
tbl << ['(T)argets', 'Show available targets for this exploit module']
|
|
tbl << ['(AC)tions', 'Show available actions for this module']
|
|
tbl << ['(C)heck', 'Run the check routine of the selected module']
|
|
tbl << ['(E)xecute', 'Execute the selected module']
|
|
|
|
tbl.to_s
|
|
|
|
$stdout.puts "Error: #{str}\n\n" if str
|
|
$stdout.puts tbl.to_s + "\n"
|
|
$stdout.puts "Examples:" + "\n"
|
|
$stdout.puts "msfcli multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E" + "\n"
|
|
$stdout.puts "msfcli auxiliary/scanner/http/http_version rhosts=IP encoder= post= nop= E" + "\n"
|
|
$stdout.puts extra + "\n" if extra
|
|
$stdout.puts
|
|
end
|
|
|
|
|
|
#
|
|
# Loads up everything in framework, and then returns the module list
|
|
#
|
|
def dump_module_list
|
|
# This is what happens if the user doesn't specify a module name:
|
|
# msfcli will end up loading EVERYTHING to memory to show you a help
|
|
# menu plus a list of modules available. Really expensive if you ask me.
|
|
$stdout.puts "[*] Please wait while we load the module tree..."
|
|
self.framework = Msf::Simple::Framework.create
|
|
ext = ''
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
'Header' => 'Exploits',
|
|
'Indent' => 4,
|
|
'Columns' => [ 'Name', 'Description' ])
|
|
|
|
framework.exploits.each_module { |name, mod|
|
|
tbl << [ 'exploit/' + name, mod.new.name ]
|
|
}
|
|
ext << tbl.to_s + "\n"
|
|
|
|
tbl = Rex::Ui::Text::Table.new(
|
|
'Header' => 'Auxiliary',
|
|
'Indent' => 4,
|
|
'Columns' => [ 'Name', 'Description' ])
|
|
|
|
framework.auxiliary.each_module { |name, mod|
|
|
tbl << [ 'auxiliary/' + name, mod.new.name ]
|
|
}
|
|
|
|
ext << tbl.to_s + "\n"
|
|
ext
|
|
end
|
|
|
|
|
|
#
|
|
# Payload naming style is kind of inconsistent, so instead of
|
|
# finding the exact path name, we provide the most educated guess (whitelist)
|
|
# based on platform/stage type/session type/payload name suffix/etc.
|
|
#
|
|
def guess_payload_name(p)
|
|
matches = []
|
|
payload = p.split('/')
|
|
platform = payload[0]
|
|
suffix = payload[-1]
|
|
stage_types = ['singles', 'stagers', 'stages']
|
|
session_types = ['meterpreter', 'shell']
|
|
arch = ''
|
|
|
|
# Rule out some possibilities
|
|
if p =~ /meterpreter/i
|
|
session_types.delete('shell')
|
|
stage_types.delete('singles')
|
|
end
|
|
if p =~ /shell\/.+$/i
|
|
session_types.delete('meterpreter')
|
|
stage_types.delete('singles')
|
|
end
|
|
|
|
if p =~ /x64/i
|
|
arch = 'x64'
|
|
elsif p =~ /x86/i
|
|
arch = 'x86'
|
|
end
|
|
|
|
# Determine if the payload is staged. If it is, then
|
|
# we need to load that staged module too.
|
|
if session_types.include?('shell') and stage_types.include?('stages')
|
|
if arch == 'x64'
|
|
matches << /stages\/#{platform}\/x64\/shell/
|
|
elsif arch == 'x86'
|
|
matches << /stages\/#{platform}\/x86\/shell/
|
|
else
|
|
matches << /stages\/#{platform}\/shell/
|
|
end
|
|
elsif session_types.include?('meterpreter') and stage_types.include?('stages')
|
|
if arch == 'x64'
|
|
matches << /stages\/#{platform}\/x64\/meterpreter/
|
|
elsif arch == 'x86'
|
|
matches << /stages\/#{platform}\/x86\/meterpreter/
|
|
else
|
|
matches << /stages\/#{platform}\/meterpreter/
|
|
end
|
|
end
|
|
|
|
# Guess the second possible match
|
|
stage_types *= "|"
|
|
session_types *= "|"
|
|
|
|
if arch == 'x64'
|
|
matches << /payloads\/(#{stage_types})\/#{platform}\/x64\/.*(#{suffix})\.rb$/
|
|
elsif arch == 'x86'
|
|
matches << /payloads\/(#{stage_types})\/#{platform}\/x86\/.*(#{suffix})\.rb$/
|
|
else
|
|
matches << /payloads\/(#{stage_types})\/#{platform}\/.*(#{suffix})\.rb$/
|
|
end
|
|
|
|
matches
|
|
end
|
|
|
|
|
|
#
|
|
# Returns a whitelist for encoder modules
|
|
#
|
|
def guess_encoder_name(e)
|
|
[/encoders\/#{e}/]
|
|
end
|
|
|
|
|
|
#
|
|
# Returns a whitelist for nop modules
|
|
#
|
|
def guess_nop_name(n)
|
|
[/nops\/#{n}/]
|
|
end
|
|
|
|
|
|
#
|
|
# Returns a whitelist for post modules
|
|
#
|
|
def guess_post_name(p)
|
|
[/post\/#{p}/]
|
|
end
|
|
|
|
|
|
#
|
|
# Returns possible patterns like exploit/aux, encoders, nops we want to
|
|
# load to the whitelist.
|
|
#
|
|
def generate_whitelist
|
|
whitelist = []
|
|
whitelist << /#{@args[:module_name]}/ # Add exploit
|
|
|
|
# nil = not set, empty = manually set to load nothing
|
|
encoder_val = nil
|
|
nops_val = nil
|
|
post_val = nil
|
|
payload_param = ''
|
|
junk_args = []
|
|
|
|
@args[:params].each { |args|
|
|
var, val = args.split('=', 2)
|
|
next if val.nil?
|
|
|
|
case var.downcase
|
|
when 'payload'
|
|
payload_param = val
|
|
if val.empty?
|
|
junk_args << args
|
|
else
|
|
whitelist.concat(guess_payload_name(val))
|
|
end
|
|
|
|
when 'encoder'
|
|
encoder_val = val
|
|
if val.empty?
|
|
junk_args << args
|
|
else
|
|
whitelist.concat(guess_encoder_name(val))
|
|
end
|
|
|
|
when 'nop'
|
|
nops_val = val
|
|
if val.empty?
|
|
junk_args << args
|
|
else
|
|
whitelist.concat(guess_nop_name(val))
|
|
end
|
|
|
|
when 'post'
|
|
post_val = val
|
|
if val.empty?
|
|
junk_args << args
|
|
else
|
|
whitelist.concat(guess_post_name(val))
|
|
end
|
|
end
|
|
}
|
|
|
|
# Cleanup empty args
|
|
junk_args.each { |args| @args[:params].delete(args) }
|
|
|
|
# If it's an exploit and no payload set, load them all.
|
|
if @args[:module_name] !~ /auxiliary\// and payload_param.empty?
|
|
whitelist << /payloads\/.+/
|
|
end
|
|
|
|
# Add post modules list if not set
|
|
if post_val.nil?
|
|
whitelist << /post\/.+/
|
|
end
|
|
|
|
# Add default encoders if not set
|
|
# This one is needed no matter what
|
|
whitelist << /encoders\/generic\/*/
|
|
if encoder_val.nil?
|
|
if payload_param =~ /^.+\.x64.+/
|
|
whitelist << /encoders\/x64\/.+/
|
|
elsif payload_param =~ /^.+\.x86.+/
|
|
whitelist << /encoders\/x86\/.+/
|
|
else
|
|
whitelist << /encoders\/.+/
|
|
end
|
|
end
|
|
|
|
# Add default NOP modules if not set
|
|
if nops_val.nil?
|
|
whitelist << /nops\/.+/
|
|
end
|
|
|
|
whitelist
|
|
end
|
|
|
|
|
|
#
|
|
# Initializes exploit/payload/encoder/nop modules.
|
|
#
|
|
def init_modules
|
|
$stdout.puts "[*] Initializing modules..."
|
|
|
|
module_name = @args[:module_name]
|
|
modules = {
|
|
:module => nil, # aux or exploit instance
|
|
:payload => nil, # payload instance
|
|
:encoder => nil, # encoder instance
|
|
:nop => nil # nop instance
|
|
}
|
|
|
|
whitelist = generate_whitelist
|
|
|
|
# Load up all the possible modules, this is where things get slow again
|
|
framework.init_module_paths({:whitelist=>whitelist})
|
|
if (framework.modules.module_load_error_by_path.length > 0)
|
|
print("Warning: The following modules could not be loaded!\n\n")
|
|
|
|
framework.modules.module_load_error_by_path.each do |path, error|
|
|
print("\t#{path}: #{error}\n\n")
|
|
end
|
|
|
|
return {}
|
|
end
|
|
|
|
# Determine what type of module it is
|
|
if module_name =~ /exploit\/(.*)/
|
|
modules[:module] = framework.exploits.create($1)
|
|
elsif module_name =~ /auxiliary\/(.*)/
|
|
modules[:module] = framework.auxiliary.create($1)
|
|
elsif module_name =~ /post\/(.*)/
|
|
modules[:module] = framework.post.create($1)
|
|
else
|
|
modules[:module] = framework.exploits.create(module_name)
|
|
if modules[:module].nil?
|
|
# Try falling back on aux modules
|
|
modules[:module] = framework.auxiliary.create(module_name)
|
|
end
|
|
end
|
|
|
|
if modules[:module].nil?
|
|
# Still nil? Ok then, probably invalid
|
|
return {}
|
|
end
|
|
|
|
modules[:module].init_ui(
|
|
Rex::Ui::Text::Input::Stdio.new,
|
|
Rex::Ui::Text::Output::Stdio.new
|
|
)
|
|
|
|
# Import options
|
|
begin
|
|
modules[:module].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
|
|
rescue Rex::ArgumentParseError => e
|
|
raise e
|
|
end
|
|
|
|
# Create the payload to use
|
|
if (modules[:module].datastore['PAYLOAD'])
|
|
modules[:payload] = framework.payloads.create(modules[:module].datastore['PAYLOAD'])
|
|
if modules[:payload]
|
|
modules[:payload].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
|
|
end
|
|
end
|
|
|
|
# Create the encoder to use
|
|
if modules[:module].datastore['ENCODER']
|
|
modules[:encoder] = framework.encoders.create(modules[:module].datastore['ENCODER'])
|
|
if modules[:encoder]
|
|
modules[:encoder].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
|
|
end
|
|
end
|
|
|
|
# Create the NOP to use
|
|
if modules[:module].datastore['NOP']
|
|
modules[:nop] = framework.nops.create(modules[:module].datastore['NOP'])
|
|
if modules[:nop]
|
|
modules[:nop].datastore.import_options_from_s(@args[:params].join('_|_'), '_|_')
|
|
end
|
|
end
|
|
|
|
modules
|
|
end
|
|
|
|
|
|
def show_summary(m)
|
|
readable = Msf::Serializer::ReadableText
|
|
$stdout.puts("\n" + readable.dump_module(m[:module], @indent))
|
|
$stdout.puts("\n" + readable.dump_module(m[:payload], @indent)) if m[:payload]
|
|
$stdout.puts("\n" + readable.dump_module(m[:encoder], @indent)) if m[:encoder]
|
|
$stdout.puts("\n" + readable.dump_module(m[:nop], @indent)) if m[:nop]
|
|
end
|
|
|
|
|
|
def show_options(m)
|
|
readable = Msf::Serializer::ReadableText
|
|
$stdout.puts("\n" + readable.dump_options(m[:module], @indent))
|
|
$stdout.puts("\nPayload:\n\n" + readable.dump_options(m[:payload], @indent)) if m[:payload]
|
|
$stdout.puts("\nEncoder:\n\n" + readable.dump_options(m[:encoder], @indent)) if m[:encoder]
|
|
$stdout.puts("\nNOP\n\n" + readable.dump_options(m[:nop], @indent)) if m[:nop]
|
|
end
|
|
|
|
|
|
def show_missing(m)
|
|
readable = Msf::Serializer::ReadableText
|
|
$stdout.puts("\n" + readable.dump_options(m[:module], @indent, true))
|
|
$stdout.puts("\nPayload:\n\n" + readable.dump_options(m[:payload], @indent, true)) if m[:payload]
|
|
$stdout.puts("\nEncoder:\n\n" + readable.dump_options(m[:encoder], @indent, true)) if m[:encoder]
|
|
$stdout.puts("\nNOP\n\n" + readable.dump_options(m[:nop], @indent, true)) if m[:nop]
|
|
end
|
|
|
|
|
|
def show_advanced(m)
|
|
readable = Msf::Serializer::ReadableText
|
|
$stdout.puts("\n" + readable.dump_advanced_options(m[:module], @indent))
|
|
$stdout.puts("\nPayload:\n\n" + readable.dump_advanced_options(m[:payload], @indent)) if m[:payload]
|
|
$stdout.puts("\nEncoder:\n\n" + readable.dump_advanced_options(m[:encoder], @indent)) if m[:encoder]
|
|
$stdout.puts("\nNOP:\n\n" + readable.dump_advanced_options(m[:nop], @indent)) if m[:nop]
|
|
end
|
|
|
|
|
|
def show_ids_evasion(m)
|
|
readable = Msf::Serializer::ReadableText
|
|
$stdout.puts("\n" + readable.dump_evasion_options(m[:module], @indent))
|
|
$stdout.puts("\nPayload:\n\n" + readable.dump_evasion_options(m[:payload], @indent)) if m[:payload]
|
|
$stdout.puts("\nEncoder:\n\n" + readable.dump_evasion_options(m[:encoder], @indent)) if m[:encoder]
|
|
$stdout.puts("\nNOP:\n\n" + readable.dump_evasion_options(m[:nop], @indent)) if m[:nop]
|
|
end
|
|
|
|
|
|
def show_payloads(m)
|
|
readable = Msf::Serializer::ReadableText
|
|
txt = "Compatible payloads"
|
|
$stdout.puts("\n" + readable.dump_compatible_payloads(m[:module], @indent, txt))
|
|
end
|
|
|
|
|
|
def show_targets(m)
|
|
readable = Msf::Serializer::ReadableText
|
|
$stdout.puts("\n" + readable.dump_exploit_targets(m[:module], @indent))
|
|
end
|
|
|
|
|
|
def show_actions(m)
|
|
readable = Msf::Serializer::ReadableText
|
|
$stdout.puts("\n" + readable.dump_module_actions(m[:module], @indent))
|
|
end
|
|
|
|
|
|
def show_check(m)
|
|
begin
|
|
if (code = m[:module].check_simple(
|
|
'LocalInput' => Rex::Ui::Text::Input::Stdio.new,
|
|
'LocalOutput' => Rex::Ui::Text::Output::Stdio.new))
|
|
stat = (code == Msf::Exploit::CheckCode::Vulnerable) ? '[+]' : '[*]'
|
|
|
|
$stdout.puts("#{stat} #{code[1]}")
|
|
else
|
|
$stdout.puts("Check failed: The state could not be determined.")
|
|
end
|
|
rescue
|
|
$stdout.puts("Check failed: #{$!}")
|
|
end
|
|
end
|
|
|
|
|
|
def execute_module(m)
|
|
con = Msf::Ui::Console::Driver.new(
|
|
Msf::Ui::Console::Driver::DefaultPrompt,
|
|
Msf::Ui::Console::Driver::DefaultPromptChar,
|
|
{
|
|
'Framework' => framework,
|
|
# When I use msfcli, chances are I want speed, so ASCII art fanciness
|
|
# probably isn't much of a big deal for me.
|
|
'DisableBanner' => true
|
|
})
|
|
|
|
module_class = (m[:module].fullname =~ /^auxiliary/ ? 'auxiliary' : 'exploit')
|
|
|
|
con.run_single("use #{module_class}/#{m[:module].refname}")
|
|
|
|
# Assign console parameters
|
|
@args[:params].each do |arg|
|
|
k,v = arg.split("=", 2)
|
|
con.run_single("set #{k} #{v}")
|
|
end
|
|
|
|
# Run the exploit
|
|
con.run_single("exploit")
|
|
|
|
# If we have sessions or jobs, keep running
|
|
if framework.sessions.length > 0 or framework.jobs.length > 0
|
|
con.run
|
|
else
|
|
con.run_single("quit")
|
|
end
|
|
end
|
|
|
|
|
|
#
|
|
# Selects a mode chosen by the user and run it
|
|
#
|
|
def engage_mode(modules)
|
|
case @args[:mode].downcase
|
|
when 'h'
|
|
usage
|
|
when "s"
|
|
show_summary(modules)
|
|
when "o"
|
|
show_options(modules)
|
|
when "m"
|
|
show_missing(modules)
|
|
when "a"
|
|
show_advanced(modules)
|
|
when "i"
|
|
show_ids_evasion(modules)
|
|
when "p"
|
|
if modules[:module].file_path =~ /auxiliary\//i
|
|
$stdout.puts("\nError: This type of module does not support payloads")
|
|
else
|
|
show_payloads(modules)
|
|
end
|
|
when "t"
|
|
puts
|
|
if modules[:module].file_path =~ /auxiliary\//i
|
|
$stdout.puts("\nError: This type of module does not support targets")
|
|
else
|
|
show_targets(modules)
|
|
end
|
|
when "ac"
|
|
if modules[:module].kind_of?(Msf::Module::HasActions)
|
|
show_actions(modules)
|
|
else
|
|
$stdout.puts("\nError: This type of module does not support actions")
|
|
end
|
|
when "c"
|
|
show_check(modules)
|
|
when "e"
|
|
execute_module(modules)
|
|
else
|
|
usage("Invalid mode #{@args[:mode]}")
|
|
end
|
|
end
|
|
|
|
|
|
def run!
|
|
if @args[:module_name] == "-h"
|
|
usage()
|
|
exit
|
|
end
|
|
|
|
$:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
|
|
require 'msfenv'
|
|
require 'msf/ui'
|
|
require 'msf/base'
|
|
|
|
if @args[:module_name].nil?
|
|
ext = dump_module_list
|
|
usage(nil, ext)
|
|
exit
|
|
end
|
|
|
|
begin
|
|
modules = init_modules
|
|
rescue Rex::ArgumentParseError => e
|
|
puts "[!] Error: #{e.message}\n\n"
|
|
exit
|
|
end
|
|
|
|
if modules[:module].nil?
|
|
usage("Invalid module: #{@args[:module_name]}")
|
|
exit
|
|
end
|
|
|
|
# Process special var/val pairs...
|
|
Msf::Ui::Common.process_cli_arguments(framework, @args[:params])
|
|
|
|
engage_mode(modules)
|
|
$stdout.puts
|
|
end
|
|
end
|
|
|
|
|
|
if __FILE__ == $PROGRAM_NAME
|
|
cli = Msfcli.new(ARGV)
|
|
cli.run!
|
|
end
|