class Rex::Exploitation::OpcodeDb::Client

This class implements a client interface to the Metasploit Opcode Database. It is intended to be used as a method of locating reliable return addresses given a set of executable files and a set of usable opcodes.

Constants

DefaultServerHost
DefaultServerPort
DefaultServerUri

Attributes

last_xml[R]

Retrieves the last raw XML response to be processed.

server_host[RW]

These attributes convey information about the remote server and can be changed in order to point it to a locate copy as necessary.

server_port[RW]

These attributes convey information about the remote server and can be changed in order to point it to a locate copy as necessary.

server_uri[RW]

These attributes convey information about the remote server and can be changed in order to point it to a locate copy as necessary.

Public Class Methods

new(host = DefaultServerHost, port = DefaultServerPort, uri = DefaultServerUri) click to toggle source

Returns an instance of an initialized client that will use the supplied server values.

# File lib/rex/exploitation/opcodedb.rb, line 530
def initialize(host = DefaultServerHost, port = DefaultServerPort, uri = DefaultServerUri)
  self.server_host = host
  self.server_port = port
  self.server_uri  = uri
end

Public Instance Methods

disable_parse() click to toggle source

Disables response parsing.

# File lib/rex/exploitation/opcodedb.rb, line 539
def disable_parse
  @disable_parse = true
end
enable_parse() click to toggle source

Enables response parsing.

# File lib/rex/exploitation/opcodedb.rb, line 546
def enable_parse
  @disable_parse = false
end
groups() click to toggle source

Returns an array of Group instances.

# File lib/rex/exploitation/opcodedb.rb, line 560
def groups
  request('groups').map { |ent| Group.create(ent) }
end
locales() click to toggle source

Returns an array of Locale instances that are supported by the server.

# File lib/rex/exploitation/opcodedb.rb, line 641
def locales
  request('locales').map { |ent| Locale.create(ent) }
end
meta_types() click to toggle source

Returns an array of MetaType instances.

# File lib/rex/exploitation/opcodedb.rb, line 553
def meta_types
  request('meta_types').map { |ent| MetaType.create(ent) }
end
modules(filter = {}) click to toggle source

Returns an array of ImageModule instances. Image modules are version-specific, locale-specific, and operating system version specific image files. Modules have opcodes, segments, imports and exports associated with them. Optionally, a filter hash can be specified to limit the number of results returned from the database. If no filter hash is supplied, all modules will be returned.

LocaleNames (Array)

This hash element limits results to one or more specific locale by name.

PlatformNames (Array)

This hash element limits results to one or more specific platform by
name.

ModuleNames (Array)

This hash element limits results to one or more specific module by name.

Segments (Bool)

If this hash element is set to true, the segments associated with each
resulting module will be returned by the server.

Imports (Bool)

If this hash element is set to true, the imports associated with each
resulting module will be returned by the server.

Exports (Bool)

If this hash element is set to true, the exports associated with each
resulting module will be returned by the server.
# File lib/rex/exploitation/opcodedb.rb, line 634
def modules(filter = {})
  request('modules', filter).map { |ent| ImageModule.create(ent) }
end
platforms(filter = {}) click to toggle source

Returns an array of OsVersion instances. OS versions are associated with a particular operating system release (including service packs). Optionally, a filter hash can be passed to limit the number of results returned. If no filter hash is supplied, all results are returned.

Names (Array)

If this hash element is specified, only the operating systems that
contain one or more of the names specified will be returned.

Statistics (Bool)

If this hash element is set to true, the number of modules associated
with this matched operating system versions will be returned.
# File lib/rex/exploitation/opcodedb.rb, line 594
def platforms(filter = {})
  request('platforms', filter).map { |ent| OsVersion.create(ent) }
end
statistics() click to toggle source

Returns an instance of the Statistics class that holds information about the server's database stats.

# File lib/rex/exploitation/opcodedb.rb, line 696
def statistics
  Statistics.new(request('statistics'))
end
types(filter = {}) click to toggle source

Returns an array of Type instances. Opcode types are specific opcodes, such as a jmp esp. Optionally, a filter hash can be passed to include extra information in the results.

Statistics (Bool)

If this hash element is set to true, the number of opcodes currently in
the database of this type will be returned.
# File lib/rex/exploitation/opcodedb.rb, line 574
def types(filter = {})
  request('types', filter).map { |ent| Type.create(ent) }
end

Protected Instance Methods

parse_response(xml) click to toggle source

Translate the data type from a flat string to a ruby native type.

# File lib/rex/exploitation/opcodedb.rb, line 775
def parse_response(xml)
  @last_xml = xml

  if (!@disable_parse)
    source = REXML::Source.new(xml)
    doc    = REXML::Document.new

    REXML::Parsers::TreeParser.new(source, doc).parse

    translate_element(doc.root)
  end
end
request(method, opts = {}) click to toggle source

Transmits a request to the Opcode database server and translates the response into a native general ruby datatype.

# File lib/rex/exploitation/opcodedb.rb, line 717
def request(method, opts = {})
  client  = Rex::Proto::Http::Client.new(server_host, server_port)

  begin

    # Create the CGI parameter list
    vars = { 'method' => method }

    opts.each_pair do |k, v|
      vars[k] = xlate_param(v)
    end

    client.set_config('uri_encode_mode' => 'none')

    # Initialize the request with the POST body.
    request = client.request_cgi(
      'method'    => 'POST',
      'uri'       => server_uri,
      'vars_post' => vars
    )

    # Send the request and grab the response.
    response = client.send_recv(request, 300)

    # Non-200 return code?
    if (response.code != 200)
      raise RuntimeError, "Invalid response received from server."
    end

    # Convert the return value to the native type.
    parse_response(response.body)
  rescue ::SocketError
    raise RuntimeError, "Could not communicate with the opcode service: #{$!.class} #{$!}"
  ensure
    client.close
  end
end
translate_element(element) click to toggle source

Translate elements conveyed as data types.

# File lib/rex/exploitation/opcodedb.rb, line 791
def translate_element(element)
  case element.name
    when "Array"
      return element.elements.map { |child| translate_element(child) }
    when "Hash"
      hsh = {}

      element.each_element { |child|
        if (e = child.elements[1])
          v = translate_element(e)
        else
          v = child.text
        end

        hsh[child.attributes['name']] = v
      }

      return hsh
    else
      return element.text
  end
end
xlate_param(v) click to toggle source

Translates a parameter into a flat CGI parameter string.

# File lib/rex/exploitation/opcodedb.rb, line 758
def xlate_param(v)
  if (v.kind_of?(Array))
    v.map { |ent|
      xlate_param(ent)
    }.join(',,')
  elsif (v.kind_of?(Hash))
    v.map { |k,v|
      "#{URI.escape(k)}:#{xlate_param(v)}" if (v)
    }.join(',,')
  else
    URI.escape(v.to_s)
  end
end