Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/client/hwbridge/connect.rb
19852 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Auxiliary

7
  include Msf::Auxiliary::Report

8
  include Msf::Exploit::Remote::HttpClient

9


10
  def initialize(info = {})

11
    super(

12
      update_info(

13
        info,

14
        'Name' => 'Hardware Bridge Session Connector',

15
        'Description' => %q{

16
          The Hardware Bridge (HWBridge) is a standardized method for

17
          Metasploit to interact with Hardware Devices.  This extends

18
          the normal exploit capabilities to the non-ethernet realm and

19
          enables direct hardware and alternative bus manipulations.  You

20
          must have compatible bridging hardware attached to this machine or

21
          reachable on your network to use any HWBridge exploits.

22


23
          Use this exploit module to connect the physical HWBridge which

24
          will start an interactive hwbridge session.  You can launch a hwbridge

25
          server locally by using compliant hardware and executing the local_hwbridge

26
          module.  After that module has started, pass the HWBRIDGE_BASE_URL

27
          options to this connector module.

28
        },

29
        'License' => MSF_LICENSE,

30
        'Author' => [

31
          'Craig Smith' # hwbridge metasploit module

32
        ],

33
        'Session' => Msf::Sessions::HWBridge,

34
        'SessionTypes' => [ 'hwbridge' ],

35
        'References' => [

36
          [ 'URL', 'https://web.archive.org/web/20170206145056/http://opengarages.org/hwbridge/' ],

37
        ],

38
        'Notes' => {

39
          'Stability' => [CRASH_SAFE],

40
          'SideEffects' => [],

41
          'Reliability' => []

42
        }

43
      )

44
    )

45
    register_options(

46
      [

47
        Opt::RPORT(8080),

48
        Opt::RHOST('127.0.0.1'),

49
        OptBool.new('DEBUGJSON', [false, 'Additional debugging out for JSON requests to HW Bridge', false]),

50
        OptString.new('TARGETURI', [ true, 'The path to the hwbridge API', '/'])

51
      ]

52
    )

53
    @last_access = nil

54
  end

55


56
  #

57
  # Generic fetch json call. returns hash of json

58
  #

59
  def fetch_json(uri)

60
    tpath = normalize_uri("#{datastore['TARGETURI']}/#{uri}")

61
    res = send_request_cgi({

62
      'uri' => tpath,

63
      'method' => 'GET'

64
    })

65
    return if !res || !res.body || !res.code

66


67
    if res.code == 401

68
      print_error "Access Denied: #{res.body}"

69
      return

70
    end

71


72
    if res.code == 200

73
      print_status res.body if datastore['DEBUGJSON'] == true

74
      return JSON.parse(res.body)

75
    end

76


77
    return

78
  rescue OpenSSL::SSL::SSLError

79
    vprint_error('SSL error')

80
    return

81
  rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError

82
    vprint_error('Unable to Connect')

83
    return

84
  rescue ::Timeout::Error, ::Errno::EPIPE

85
    vprint_error('Timeout error')

86
    return

87
  end

88


89
  #

90
  # Disclaimer for legal and those without common sense...

91
  #

92
  def print_disclaimer

93
    print_warning('NOTICE:  You are about to leave the matrix.  All actions performed on this hardware bridge')

94
    print_warning('         could have real world consequences.  Use this module in a controlled testing')

95
    print_warning('         environment and with equipment you are authorized to perform testing on.')

96
  end

97


98
  #

99
  # Uses status information to automatically load proper extensions

100
  #

101
  def autoload_extensions(sess)

102
    if hw_specialty.key?('automotive') && hw_specialty['automotive'] == (true)

103
      sess.load_automotive

104
    end

105
    if hw_specialty.key?('zigbee') && hw_specialty['zigbee'] == (true)

106
      sess.load_zigbee

107
    end

108
    if hw_specialty.key?('rftransceiver') && hw_specialty['rftransceiver'] == (true)

109
      sess.load_rftransceiver

110
    end

111
    sess.api_version = api_version if api_version

112
    sess.fw_version = fw_version if fw_version

113
    sess.hw_version = hw_version if hw_version

114
    sess.device_name = device_name if device_name

115
  end

116


117
  #

118
  # If the hardware contains custom methods, create functions for those

119
  #

120
  def load_custom_methods(sess)

121
    if hw_capabilities.key?('custom_methods') && hw_capabilities['custom_methods'] == (true)

122
      sess.load_custom_methods

123
    end

124
  end

125


126
  #

127
  # Fetches the status of the hwbridge

128
  #

129
  def get_status

130
    data = fetch_json('/status')

131
    return if data.nil?

132


133
    return unless data.key?('operational')

134


135
    @last_access = Time.now

136


137
    if data.key? 'hw_specialty'

138
      self.hw_specialty = data['hw_specialty']

139
    end

140
    if data.key? 'hw_capabilities'

141
      self.hw_capabilities = data['hw_capabilities']

142
    end

143
    if data.key? 'api_version'

144
      self.api_version = data['api_version']

145
    end

146
    if data.key? 'fw_version'

147
      self.fw_version = data['fw_version']

148
    end

149
    if data.key? 'hw_version'

150
      self.hw_version = data['hw_version']

151
    end

152
    if data.key? 'device_name'

153
      self.device_name = data['device_name']

154
    end

155
  end

156


157
  def run

158
    print_status("Attempting to connect to #{datastore['RHOST']}...")

159
    get_status

160


161
    if @last_access.nil?

162
      print_error 'Could not connect to API'

163
      return

164
    end

165


166
    sess = Msf::Sessions::HWBridge.new(self)

167
    sess.set_from_exploit(self)

168


169
    framework.sessions.register(sess)

170
    print_good('HWBridge session established')

171
    autoload_extensions(sess)

172
    load_custom_methods(sess)

173
    print_status "HW Specialty: #{hw_specialty}  Capabilities: #{hw_capabilities}"

174
    print_disclaimer

175
  end

176


177
  attr_reader :hw_specialty, :hw_capabilities, :api_version, :fw_version, :hw_version, :device_name

178


179
  protected

180


181
  attr_writer :hw_specialty, :hw_capabilities, :api_version, :fw_version, :hw_version, :device_name

182
end

183


184