Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
require 'rexml/document'
4

5
module Msf
6
module Ui
7
module Console
8
module CommandDispatcher
9

10
  # These are functions that are used in two or more command dispatchers.
11

12
module Common
13

14
  # Parse +arg+ into a {Rex::Socket::RangeWalker} and append the result into +host_ranges+
15
  #
16
  # @note This modifies +host_ranges+ in place
17
  #
18
  # @param arg [String] The thing to turn into a RangeWalker
19
  # @param host_ranges [Array] The array of ranges to append
20
  # @param required [Boolean] Whether an empty +arg+ should be an error
21
  # @return [Boolean] true if parsing was successful or false otherwise
22
  def arg_host_range(arg, host_ranges, required=false)
23
    if (!arg and required)
24
      print_error("Missing required host argument")
25
      return false
26
    end
27
    begin
28
      rw = Rex::Socket::RangeWalker.new(arg)
29
    rescue
30
      print_error("Invalid host parameter, #{arg}.")
31
      return false
32
    end
33

34
    if rw.valid?
35
      host_ranges << rw
36
    else
37
      print_error("Invalid host parameter, #{arg}.")
38
      return false
39
    end
40
    return true
41
  end
42

43
  #
44
  # Parse +arg+ into an array of ports and append the result into +port_ranges+
45
  #
46
  # Returns true if parsing was successful or nil otherwise.
47
  #
48
  # NOTE: This modifies +port_ranges+
49
  #
50
  def arg_port_range(arg, port_ranges, required=false)
51
    if (!arg and required)
52
      print_error("Argument required for -p")
53
      return
54
    end
55
    begin
56
      port_ranges << Rex::Socket.portspec_to_portlist(arg)
57
    rescue
58
      print_error("Invalid port parameter, #{arg}.")
59
      return
60
    end
61
    return true
62
  end
63

64
  #
65
  # Set RHOSTS in the +active_module+'s (or global if none) datastore from an array of addresses
66
  #
67
  # This stores all the addresses to a temporary file and utilizes the
68
  # <pre>file:/tmp/filename</pre> syntax to confer the addrs.  +rhosts+
69
  # should be an Array.  NOTE: the temporary file is *not* deleted
70
  # automatically.
71
  #
72
  def set_rhosts_from_addrs(rhosts)
73
    if rhosts.empty?
74
      print_status("The list is empty, cowardly refusing to set RHOSTS")
75
      return
76
    end
77
    if active_module
78
      mydatastore = active_module.datastore
79
    else
80
      # if there is no module in use set the list to the global variable
81
      mydatastore = self.framework.datastore
82
    end
83

84
    if rhosts.length > 5
85
      # Lots of hosts makes 'show options' wrap which is difficult to
86
      # read, store to a temp file
87
      rhosts_file = Rex::Quickfile.new("msf-db-rhosts-")
88
      mydatastore['RHOSTS'] = 'file:'+rhosts_file.path
89
      # create the output file and assign it to the RHOSTS variable
90
      rhosts_file.write(rhosts.join("\n")+"\n")
91
      rhosts_file.close
92
    else
93
      # For short lists, just set it directly
94
      mydatastore['RHOSTS'] = rhosts.join(" ")
95
    end
96

97
    print_line "RHOSTS => #{mydatastore['RHOSTS']}"
98
    print_line
99
  end
100

101
  def show_options(mod) # :nodoc:
102
    mod_opt = Serializer::ReadableText.dump_options(mod, '   ')
103
    print("\nModule options (#{mod.fullname}):\n\n#{mod_opt}\n") if (mod_opt and mod_opt.length > 0)
104

105
    # If it's an exploit and a payload is defined, create it and
106
    # display the payload's options
107
    if ((mod.exploit? or mod.evasion? ) and mod.datastore['PAYLOAD'])
108
      p = framework.payloads.create(mod.datastore['PAYLOAD'])
109

110
      if (!p)
111
        print_error("Invalid payload defined: #{mod.datastore['PAYLOAD']}\n")
112
        return
113
      end
114

115
      p.share_datastore(mod.datastore)
116

117
      if (p)
118
        p_opt = Serializer::ReadableText.dump_options(p, '   ')
119
        print("\nPayload options (#{mod.datastore['PAYLOAD']}):\n\n#{p_opt}\n") if (p_opt and p_opt.length > 0)
120
        print("   **DisablePayloadHandler: True   (no handler will be created!)**\n\n") if mod.datastore['DisablePayloadHandler'].to_s == 'true'
121
      end
122
    end
123

124
    # Print the selected target
125
    if (mod.exploit? and mod.target)
126
      mod_targ = Serializer::ReadableText.dump_exploit_target(mod, '   ')
127
      print("\nExploit target:\n\n#{mod_targ}\n") if (mod_targ and mod_targ.length > 0)
128
    elsif mod.evasion? and mod.target
129
      mod_targ = Serializer::ReadableText.dump_evasion_target(mod, '   ')
130
      print("\nEvasion target:\n\n#{mod_targ}\n") if (mod_targ and mod_targ.length > 0)
131
    end
132

133
    # Print the selected action
134
    if mod.kind_of?(Msf::Module::HasActions) && mod.action
135
      mod_action = Serializer::ReadableText.dump_module_action(mod, '   ')
136
      print("\n#{mod.type.capitalize} action:\n\n#{mod_action}\n") if (mod_action and mod_action.length > 0)
137
    end
138

139
    print("\nView the full module info with the #{Msf::Ui::Tip.highlight('info')}, or #{Msf::Ui::Tip.highlight('info -d')} command.\n\n")
140

141
    # Uncomment this line if u want target like msf2 format
142
    #print("\nTarget: #{mod.target.name}\n\n")
143
  end
144

145
  # This is for the "use" and "set" commands
146
  def index_from_list(list, index, &block)
147
    return unless list.kind_of?(Array) && index
148

149
    begin
150
      idx = Integer(index)
151
    rescue ArgumentError
152
      return
153
    end
154

155
    # Don't support negative indices
156
    return if idx < 0
157

158
    yield list[idx]
159
  end
160

161
  # Trims starting `.`, `./` `/`, `+path_head+/`, & `/+path_head+/` from +path+. Also trims trailing `.+extension+`
162
  # from +path+, and any possible combination of misspellings of +extension+.
163
  #
164
  # @param path [String] The path to be trimmed
165
  # @param path_head [String] The top-level directory that should be removed from the path
166
  # @param extensions [Array] File extensions to be trimmed from +path+. `.` is automatically included. Defaults to ['rb', 'py', 'go'].
167
  # @return [String] Altered +path+. Will return unaltered +path+ if regex constructed with +path_head+ & +path+ is not detected
168
  def trim_path(path, path_head, extensions: ['rb', 'py', 'go'])
169
    #Builds capture groups for all supported file extensions
170
    regex_extension = ''
171
    extensions.each do |ext|
172
      regex_extension << "([#{ext}])+|"
173
    end
174
    regex_extension.delete_suffix!('|')
175

176
    regexp = %r{
177
        (
178
          ^\.?                      # Dot at beginning of path
179
          /?                        # Slash at beginning of path
180
          (#{path_head}/)?          # top level directory (slash prepending directory name is optional)
181
        )
182

183
        |                           # OR
184

185
        (
186
          \.(#{regex_extension})$   # any possible file extension at end of path
187
        )
188

189
        |                           # OR
190

191
        (
192
          \.$                       # trailing dot
193
        )
194
    }ix
195

196
    path.gsub(regexp, '')
197
  end
198

199
end
200

201
end
202
end
203
end
204
end
205

206