Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
#
2
# This plugin provides an msf daemon interface that spawns a listener on a
3
# defined port (default 55552) and gives each connecting client its own
4
# console interface.  These consoles all share the same framework instance.
5
# Be aware that the console instance that spawns on the port is entirely
6
# unauthenticated, so realize that you have been warned.
7
#
8

9
require 'msf/core/rpc/v10/service'
10
require 'fileutils'
11

12
module Msf
13
  ###
14
  #
15
  # This class implements the msfd plugin interface.
16
  #
17
  ###
18
  class Plugin::MSGRPC < Msf::Plugin
19

20
    #
21
    # The default local hostname that the server listens on.
22
    #
23
    DefaultHost = '127.0.0.1'.freeze
24

25
    #
26
    # The default local port that the server listens on.
27
    #
28
    DefaultPort = 55552
29

30
    #
31
    # ServerPort
32
    #
33
    # 	The local port to listen on for connections.  The default is 55552
34
    #
35
    def initialize(framework, opts)
36
      super
37

38
      host = opts['ServerHost'] || DefaultHost
39
      port = opts['ServerPort'] || DefaultPort
40
      ssl = (opts['SSL'] && opts['SSL'].to_s =~ /^[ty]/i) ? true : false
41
      cert = opts['SSLCert']
42

43
      user = opts['User'] || 'msf'
44
      pass = opts['Pass'] || ::Rex::Text.rand_text_alphanumeric(8)
45
      uri = opts['URI'] || '/api'
46
      timeout = opts['TokenTimeout'] || 300
47

48
      print_status("MSGRPC Service:  #{host}:#{port} #{ssl ? ' (SSL)' : ''}")
49
      print_status("MSGRPC Username: #{user}")
50
      print_status("MSGRPC Password: #{pass}")
51

52
      self.server	= ::Msf::RPC::Service.new(framework, {
53
        host: host,
54
        port: port,
55
        ssl: ssl,
56
        cert: cert,
57
        uri: uri,
58
        tokens: {},
59
        token_timeout: timeout
60
      })
61

62
      server.add_user(user, pass)
63

64
      # If the run in foreground flag is not specified, then go ahead and fire
65
      # it off in a worker thread.
66
      unless opts['RunInForeground'] == true
67
        # Store a handle to the thread so we can kill it during
68
        # cleanup when we get unloaded.
69
        self.thread = Thread.new { run }
70
        framework.threads.register(thread, 'MetasploitRPCServer', true)
71
      end
72
    end
73

74
    #
75
    # Returns 'msgrpc'
76
    #
77
    def name
78
      'msgrpc'
79
    end
80

81
    #
82
    # Returns the plugin description.
83
    #
84
    def desc
85
      'Provides a MessagePack interface over HTTP'
86
    end
87

88
    #
89
    # The meat of the plugin, sets up handlers for requests
90
    #
91
    def run
92
      # Start the actual service
93
      server.start
94

95
      # Register
96
      framework.threads.register(Thread.current, 'MetasploitRPCServer', true)
97

98
      # Wait for the service to complete
99
      server.wait
100
    end
101

102
    #
103
    # Closes the listener service.
104
    #
105
    def cleanup
106
      server.stop if server
107
      thread.kill if thread
108
      self.server = nil
109
      super
110
    end
111

112
    #
113
    # The MSGRPC instance.
114
    #
115
    attr_accessor :server
116
    attr_accessor :thread, :users, :tokens
117

118
  end
119
end
120

121