CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/modules/auxiliary/client/hwbridge/connect.rb
Views: 1904
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##456class MetasploitModule < Msf::Auxiliary7include Msf::Auxiliary::Report8include Msf::Exploit::Remote::HttpClient91011def initialize(info={})12super( update_info( info, {13'Name' => 'Hardware Bridge Session Connector',14'Description' => %q{15The Hardware Bridge (HWBridge) is a standardized method for16Metasploit to interact with Hardware Devices. This extends17the normal exploit capabilities to the non-ethernet realm and18enables direct hardware and alternative bus manipulations. You19must have compatible bridging hardware attached to this machine or20reachable on your network to use any HWBridge exploits.2122Use this exploit module to connect the physical HWBridge which23will start an interactive hwbridge session. You can launch a hwbridge24server locally by using compliant hardware and executing the local_hwbridge25module. After that module has started, pass the HWBRIDGE_BASE_URL26options to this connector module.27},28'License' => MSF_LICENSE,29'Author' =>30[31'Craig Smith' # hwbridge metaspliot module32],33'Session' => Msf::Sessions::HWBridge,34'SessionTypes' => [ 'hwbridge' ],35'References' =>36[37[ 'URL', 'http://opengarages.org/hwbridge' ] # TODO38]39}40))41register_options(42[43Opt::RPORT(8080),44Opt::RHOST('127.0.0.1'),45OptBool.new('DEBUGJSON', [false, "Additional debugging out for JSON requests to HW Bridge", false]),46OptString.new('TARGETURI', [ true, "The path to the hwbridge API", '/'])47],48self.class49)50@last_access = nil51end5253#54# Generic fetch json call. returns hash of json55#56def fetch_json(uri)57tpath = normalize_uri("#{datastore['TARGETURI']}/#{uri}")58res = send_request_cgi({59'uri' => tpath,60'method' => 'GET'61})62return nil if !res || !res.body || !res.code63if res.code == 20064print_status res.body if datastore['DEBUGJSON'] == true65return JSON.parse(res.body)66elsif res.code == 40167print_error "Access Denied: #{res.body}"68end69return nil7071rescue OpenSSL::SSL::SSLError72vprint_error("SSL error")73return nil74rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError75vprint_error("Unable to Connect")76return nil77rescue ::Timeout::Error, ::Errno::EPIPE78vprint_error("Timeout error")79return nil8081end8283#84# Disclaimer for legal and those without common sense...85#86def print_disclaimer87print_warning("NOTICE: You are about to leave the matrix. All actions performed on this hardware bridge")88print_warning(" could have real world consequences. Use this module in a controlled testing")89print_warning(" environment and with equipment you are authorized to perform testing on.")90end9192#93# Uses status information to automatically load proper extensions94#95def autoload_extensions(sess)96if self.hw_specialty.key? 'automotive'97sess.load_automotive if self.hw_specialty['automotive'] == true98end99if self.hw_specialty.has_key? 'zigbee'100sess.load_zigbee if self.hw_specialty['zigbee'] == true101end102if self.hw_specialty.has_key? 'rftransceiver'103sess.load_rftransceiver if self.hw_specialty['rftransceiver'] == true104end105sess.api_version = self.api_version if self.api_version106sess.fw_version = self.fw_version if self.fw_version107sess.hw_version = self.hw_version if self.hw_version108sess.device_name = self.device_name if self.device_name109end110111#112# If the hardware contains custom methods, create functions for those113#114def load_custom_methods(sess)115if self.hw_capabilities.key? 'custom_methods'116sess.load_custom_methods if self.hw_capabilities['custom_methods'] == true117end118end119120#121# Fetches the status of the hwbridge122#123def get_status124data = fetch_json("/status")125unless data.nil?126if data.key? 'operational'127@last_access = Time.now128if data.key? 'hw_specialty'129self.hw_specialty = data['hw_specialty']130end131if data.key? 'hw_capabilities'132self.hw_capabilities = data['hw_capabilities']133end134if data.key? 'api_version'135self.api_version = data['api_version']136end137if data.key? 'fw_version'138self.fw_version = data['fw_version']139end140if data.key? 'hw_vesrion'141self.hw_version = data['hw_version']142end143if data.key? 'device_name'144self.device_name = data['device_name']145end146end147end148end149150def run151print_status "Attempting to connect to #{datastore['RHOST']}..."152self.get_status()153unless @last_access.nil?154sess = Msf::Sessions::HWBridge.new(self)155sess.set_from_exploit(self)156157framework.sessions.register(sess)158print_good "HWBridge session established"159autoload_extensions(sess)160load_custom_methods(sess)161print_status "HW Specialty: #{self.hw_specialty} Capabilities: #{self.hw_capabilities}"162print_disclaimer163else164print_error "Could not connect to API"165end166end167168attr_reader :hw_specialty169attr_reader :hw_capabilities170attr_reader :api_version171attr_reader :fw_version172attr_reader :hw_version173attr_reader :device_name174175protected176177attr_writer :hw_specialty178attr_writer :hw_capabilities179attr_writer :api_version180attr_writer :fw_version181attr_writer :hw_version182attr_writer :device_name183end184185186