class Rex::Exploitation::OpcodeDb::Client
This class implements a client interface to the Metasploit Opcode
Database. It is intended to be used as a method of locating reliable return addresses given a set of executable files and a set of usable opcodes.
Constants
- DefaultServerHost
- DefaultServerPort
- DefaultServerUri
Attributes
Retrieves the last raw XML response to be processed.
These attributes convey information about the remote server and can be changed in order to point it to a locate copy as necessary.
These attributes convey information about the remote server and can be changed in order to point it to a locate copy as necessary.
These attributes convey information about the remote server and can be changed in order to point it to a locate copy as necessary.
Public Class Methods
Returns an instance of an initialized client that will use the supplied server values.
# File lib/rex/exploitation/opcodedb.rb, line 530 def initialize(host = DefaultServerHost, port = DefaultServerPort, uri = DefaultServerUri) self.server_host = host self.server_port = port self.server_uri = uri end
Public Instance Methods
Disables response parsing.
# File lib/rex/exploitation/opcodedb.rb, line 539 def disable_parse @disable_parse = true end
Enables response parsing.
# File lib/rex/exploitation/opcodedb.rb, line 546 def enable_parse @disable_parse = false end
Returns an array of Group
instances.
# File lib/rex/exploitation/opcodedb.rb, line 560 def groups request('groups').map { |ent| Group.create(ent) } end
Returns an array of Locale
instances that are supported by the server.
# File lib/rex/exploitation/opcodedb.rb, line 641 def locales request('locales').map { |ent| Locale.create(ent) } end
Returns an array of MetaType
instances.
# File lib/rex/exploitation/opcodedb.rb, line 553 def meta_types request('meta_types').map { |ent| MetaType.create(ent) } end
Returns an array of ImageModule
instances. Image modules are version-specific, locale-specific, and operating system version specific image files. Modules have opcodes, segments, imports and exports associated with them. Optionally, a filter hash can be specified to limit the number of results returned from the database. If no filter hash is supplied, all modules will be returned.
LocaleNames (Array)
This hash element limits results to one or more specific locale by name.
PlatformNames (Array)
This hash element limits results to one or more specific platform by name.
ModuleNames (Array)
This hash element limits results to one or more specific module by name.
Segments (Bool)
If this hash element is set to true, the segments associated with each resulting module will be returned by the server.
Imports (Bool)
If this hash element is set to true, the imports associated with each resulting module will be returned by the server.
Exports (Bool)
If this hash element is set to true, the exports associated with each resulting module will be returned by the server.
# File lib/rex/exploitation/opcodedb.rb, line 634 def modules(filter = {}) request('modules', filter).map { |ent| ImageModule.create(ent) } end
Returns an array of OsVersion
instances. OS versions are associated with a particular operating system release (including service packs). Optionally, a filter hash can be passed to limit the number of results returned. If no filter hash is supplied, all results are returned.
Names (Array)
If this hash element is specified, only the operating systems that contain one or more of the names specified will be returned.
Statistics
(Bool)
If this hash element is set to true, the number of modules associated with this matched operating system versions will be returned.
# File lib/rex/exploitation/opcodedb.rb, line 594 def platforms(filter = {}) request('platforms', filter).map { |ent| OsVersion.create(ent) } end
Returns an array of Opcode
instances that match the filter limitations specified in the supplied filter hash. If no filter hash is specified, all opcodes will be returned (but are most likely going to be limited by the server). The filter hash limiters that can be specified are:
ModuleNames (Array)
This hash element limits results to one or more specific modules by name.
GroupNames (Array)
This hash element limits results to one or more specific opcode group by name.
TypeNames (Array)
This hash element limits results to one or more specific opcode type by name.
MetaTypeNames (Array)
This hash element limits results to one or more specific opcode meta type by name.
LocaleNames (Array)
Limits results to one or more specific locale by name.
PlatformNames (Array)
Limits reslts to one or more specific operating system version by name.
Addresses (Array)
Limits results to a specific set of addresses.
Portable (Bool)
If this hash element is true, opcode results will be limited to ones that span more than one operating system version.
# File lib/rex/exploitation/opcodedb.rb, line 688 def search(filter = {}) request('search', filter).map { |ent| Opcode.new(ent) } end
Returns an instance of the Statistics
class that holds information about the server's database stats.
# File lib/rex/exploitation/opcodedb.rb, line 696 def statistics Statistics.new(request('statistics')) end
Returns an array of Type
instances. Opcode
types are specific opcodes, such as a jmp esp. Optionally, a filter hash can be passed to include extra information in the results.
Statistics
(Bool)
If this hash element is set to true, the number of opcodes currently in the database of this type will be returned.
# File lib/rex/exploitation/opcodedb.rb, line 574 def types(filter = {}) request('types', filter).map { |ent| Type.create(ent) } end
Protected Instance Methods
Translate the data type from a flat string to a ruby native type.
# File lib/rex/exploitation/opcodedb.rb, line 775 def parse_response(xml) @last_xml = xml if (!@disable_parse) source = REXML::Source.new(xml) doc = REXML::Document.new REXML::Parsers::TreeParser.new(source, doc).parse translate_element(doc.root) end end
Transmits a request to the Opcode
database server and translates the response into a native general ruby datatype.
# File lib/rex/exploitation/opcodedb.rb, line 717 def request(method, opts = {}) client = Rex::Proto::Http::Client.new(server_host, server_port) begin # Create the CGI parameter list vars = { 'method' => method } opts.each_pair do |k, v| vars[k] = xlate_param(v) end client.set_config('uri_encode_mode' => 'none') # Initialize the request with the POST body. request = client.request_cgi( 'method' => 'POST', 'uri' => server_uri, 'vars_post' => vars ) # Send the request and grab the response. response = client.send_recv(request, 300) # Non-200 return code? if (response.code != 200) raise RuntimeError, "Invalid response received from server." end # Convert the return value to the native type. parse_response(response.body) rescue ::SocketError raise RuntimeError, "Could not communicate with the opcode service: #{$!.class} #{$!}" ensure client.close end end
Translate elements conveyed as data types.
# File lib/rex/exploitation/opcodedb.rb, line 791 def translate_element(element) case element.name when "Array" return element.elements.map { |child| translate_element(child) } when "Hash" hsh = {} element.each_element { |child| if (e = child.elements[1]) v = translate_element(e) else v = child.text end hsh[child.attributes['name']] = v } return hsh else return element.text end end
Translates a parameter into a flat CGI parameter string.
# File lib/rex/exploitation/opcodedb.rb, line 758 def xlate_param(v) if (v.kind_of?(Array)) v.map { |ent| xlate_param(ent) }.join(',,') elsif (v.kind_of?(Hash)) v.map { |k,v| "#{URI.escape(k)}:#{xlate_param(v)}" if (v) }.join(',,') else URI.escape(v.to_s) end end