lab 0.0.3 → 0.0.4

data/lib/lab/drivers.rb

@@ -0,0 +1,8 @@
+require 'driver/workstation_driver'
+require 'driver/virtualbox_driver'
+require 'driver/fog_driver'
+require 'driver/dynagen_driver'
+require 'driver/remote_workstation_driver'
+require 'driver/remote_esx_driver'
+#require 'driver/qemu_driver'
+#require 'driver/qemudo_driver'

data/lib/lab/modifier/backtrack5_modifier.rb

@@ -0,0 +1,16 @@
+module Lab
+module Modifier
+module Backtrack5
+
+	def nmap(options)
+		run_command("nmap #{filter_input(options)}")
+	end
+	
+	def testssl(site)
+		run_command("/pentest/scanners/testssl/testssl.sh #{filter_input(site)}")
+	end
+	
+end
+end
+end
+

data/lib/lab/modifier/dos_modifier.rb

@@ -0,0 +1,14 @@
+# This assumes you're on a recent ubuntu
+# TODO - enforce this, or split it out...
+
+module Lab
+module Modifier
+module Dos
+
+	def ping(target)
+		run_command("ping #{filter_input(target)}")
+	end
+
+end
+end
+end

data/lib/lab/modifier/meterpreter_modifier.rb

@@ -0,0 +1,167 @@
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
+
+module Lab
+module Modifier
+module Meterpreter
+
+end
+end
+end
+
+
+# This allows us to override the default way of running commands
+# Currently useful for the esx controller
+
+module Lab
+class Vm
+	
+	attr_accessor :framework
+	attr_accessor :session
+	attr_accessor :session_input
+	attr_accessor :session_output
+
+	def create_framework
+		return if @framework
+		@framework    = Msf::Simple::Framework.create
+	end
+	
+	# perform the setup only once
+	def setup_session
+		return if @session
+
+		# require the framework (assumes this sits in lib/lab/modifiers)
+		require 'msf/base'
+
+		create_framework 	## TODO - this should use a single framework 
+					## for all hosts, not one-per-host
+
+		@session 		= nil
+		@session_input        	= Rex::Ui::Text::Input::Buffer.new
+		@session_output       	= Rex::Ui::Text::Output::Buffer.new
+	
+		if @os == "windows"
+			exploit_name = 'windows/smb/psexec'
+
+			# TODO - check for x86, choose the appropriate payload
+
+			payload_name = 'windows/meterpreter/bind_tcp'
+			options = {	"RHOST"		  => @hostname, 
+					        "SMBUser" 	=> @vm_user, 
+					        "SMBPass" 	=> @vm_pass}
+
+      			puts "DEBUG: using options #{options}"
+
+			# Initialize the exploit instance
+			exploit = @framework.exploits.create(exploit_name)
+
+			begin
+				# Fire it off.
+				@session = exploit.exploit_simple(
+					'Payload'     	=> payload_name,
+					'Options'     	=> options,
+					'LocalInput'  	=> @session_input,
+					'LocalOutput' 	=> @session_output)
+				@session.load_stdapi
+				
+				puts "DEBUG: Generated session: #{@session}"
+				
+			rescue  Exception => e 
+  			  puts "DEBUG: Unable to exploit"
+  			  puts e.to_s
+			end
+							
+		else
+			module_name = 'scanner/ssh/ssh_login'
+			
+			# TODO - check for x86, choose the appropriate payload
+			
+			payload_name = 'linux/x86/shell_bind_tcp'
+			options = {	"RHOSTS"		=> @hostname, 
+					"USERNAME" 		=> @vm_user, 
+					"PASSWORD" 		=> @vm_pass, 
+					"BLANK_PASSWORDS" 	=> false, 
+					"USER_AS_PASS" 		=> false, 
+					"VERBOSE" 		=> false}
+
+      			puts "DEBUG: using options #{options}"
+
+			# Initialize the module instance
+			aux = @framework.auxiliary.create(module_name)
+			
+			puts "DEBUG: created module: #{aux}"
+			
+			begin 
+				# Fire it off.
+				aux.run_simple(
+					'Payload'     => payload_name,
+					'Options'     => options,
+					'LocalInput'  => @session_input,
+					'LocalOutput' => @session_output)
+				
+				@session = @framework.sessions.first.last
+				puts "DEBUG: Generated session: #{@session}"
+			rescue Exception => e 
+			  puts "DEBUG: Unable to exploit"
+			  puts e.to_s
+			end
+		end
+		
+
+		
+	end
+
+	def run_command(command, timeout=60)
+		
+		setup_session
+		puts "Using session #{@session}"
+		
+		# TODO: pass the timeout down
+	
+		if @session
+			if @session.type == "shell"
+				puts "Running command via shell: #{command}"		
+				@session.shell_command_token(command, timeout)
+			elsif @session.type == "meterpreter" 
+				puts "Running command via meterpreter: #{command}"		
+				@session.shell_command(command) #, timeout)
+			end
+		else
+			raise "No session"
+		end
+	end
+	
+	
+	# This isn't part of the normal API, but too good to pass up. 
+	def run_script(script, options)
+		if @session.type == "meterpreter"
+			@session.execute_script(script, options)
+		else
+			raise "Unsupported on #{@session.type}"
+		end
+	end
+	
+	# For meterpreter API compatibility
+	#def execute_file(script,options)
+	#	run_script(script,options)
+	#end
+	
+	def copy_to(local,remote)
+		setup_session
+		if @session.type == "meterpreter"
+			@session.run_cmd("upload #{local} #{remote}")
+		else
+			@driver.copy_to(local,remote)
+		end
+	end
+	
+	def copy_from(local, remote)
+		setup_session
+		if @session.type == "meterpreter"
+			@session.run_cmd("download #{local} #{remote}")
+		else
+			@driver.copy_from(local,remote)
+		end
+	end
+	
+end
+end

data/lib/lab/modifier/test_modifier.rb

@@ -0,0 +1,16 @@
+# This assumes you're on a recent ubuntu
+# TODO - enforce this, or split it out...
+
+module Lab
+module Modifier
+module Test
+	def install_nmap
+		run_command("sudo apt-get install nmap")
+	end
+
+	def nmap(options)
+		run_command("nmap #{filter_input(options)}")
+	end
+end
+end
+end

data/lib/lab/modifiers.rb

@@ -0,0 +1,4 @@
+require 'modifier/test_modifier'
+require 'modifier/backtrack5_modifier'
+require 'modifier/meterpreter_modifier'
+require 'modifier/dos_modifier'	

data/lib/lab/version.rb

@@ -0,0 +1,3 @@
+module Lab
+  VERSION = "0.0.4"
+end

data/lib/lab/vm.rb

@@ -0,0 +1,253 @@
+##
+## $Id$
+##
+
+module Lab
+class Vm
+	
+	attr_accessor :vmid
+	attr_accessor :hostname
+	attr_accessor :name
+	attr_accessor :description
+	attr_accessor :location
+	attr_accessor :driver
+	attr_accessor :credentials
+	attr_accessor :tools
+	attr_accessor :type
+	attr_accessor :user
+	attr_accessor :host
+	attr_accessor :os
+	attr_accessor :arch
+
+	## Initialize takes a vm configuration hash of the form
+	##  - vmid (unique identifier)
+	##    driver (vm technology)
+	##    user (if applicable - remote system)
+	##    host (if applicable - remote system)
+	##    pass (if applicable - remote system)
+	##    location (file / uri)
+	##    credentials (of the form [ {'user'=>"user",'pass'=>"pass", 'admin' => false}, ... ])
+	##    os (currently only linux / windows)
+	##    arch (currently only 32 / 64
+	
+	def initialize(config = {})	
+
+		# TODO - This is a mess. clean up, and pass stuff down to drivers
+		# and then rework the code that uses this api. 
+		@vmid = config['vmid'].to_s 
+		raise "Invalid VMID" unless @vmid
+
+		# Grab the hostname if specified, otherwise use the vmid
+		# VMID will be different in the case of ESX
+		@hostname = config['hostname']
+		if !@hostname
+			@hostname = @vmid
+		end
+
+		@driver_type = filter_input(config['driver'])
+		@driver_type.downcase!
+
+		@location = filter_input(config['location'])
+		#@name = config['name'] || ""
+		@description = config['description'] || ""
+		@tools = config['tools'] || ""
+		@os = config['os'] || ""			
+		@arch = config['arch'] || ""
+		@type = filter_input(config['type']) || "unspecified"
+		@credentials = config['credentials'] || []
+		
+		# TODO - Currently only implemented for the first set
+		if @credentials.count > 0
+			@vm_user = filter_input(@credentials[0]['user']) || "\'\'"
+			@vm_pass = filter_input(@credentials[0]['pass']) || "\'\'"
+			@vm_keyfile = filter_input(@credentials[0]['keyfile'])
+		end
+
+		# Only applicable to remote systems
+		@user = filter_input(config['user']) || nil
+		@host = filter_input(config['host']) || nil
+		@port = filter_input(config['port']) || nil
+		@pass = filter_input(config['pass']) || nil
+
+		#Only dynagen systems need this
+		@platform = config['platform']
+
+		#Only fog systems need this
+		@fog_config = config['fog_config']
+
+		#puts "Passing driver config: #{config}"
+
+		# Process the correct driver
+		if @driver_type == "workstation"
+			@driver = Lab::Drivers::WorkstationDriver.new(config)
+		elsif @driver_type == "virtualbox"
+			@driver = Lab::Drivers::VirtualBoxDriver.new(config)
+		elsif @driver_type == "fog"
+			@driver = Lab::Drivers::FogDriver.new(config, config['fog_config'])
+		elsif @driver_type == "dynagen"
+			@driver = Lab::Drivers::DynagenDriver.new(config, config['dynagen_config'])	
+		elsif @driver_type == "remote_esx"
+			@driver = Lab::Drivers::RemoteEsxDriver.new(config)
+		elsif @driver_type == "remote_workstation"
+			@driver = Lab::Drivers::RemoteWorkstationDriver.new(config)
+		#elsif @driver_type == "qemu"
+		#	@driver = Lab::Drivers::QemuDriver.new	
+		#elsif @driver_type == "qemudo"
+		#	@driver = Lab::Drivers::QemudoDriver.new	
+		else
+			raise "Unknown Driver Type"
+		end
+				
+		# Load in a list of modifiers. These provide additional methods
+		# Currently it is up to the user to verify that 
+		# modifiers are properly used with the correct VM image.
+		#
+		# If not, the results are likely to be disasterous.
+		@modifiers = config['modifiers']
+		
+		if @modifiers	
+			begin
+	 			@modifiers.each { |modifier|  self.class.send(:include, eval("Lab::Modifier::#{modifier}"))}
+			rescue Exception => e
+				# modifier likely didn't exist
+			end 		
+		end
+	end
+	
+	def running?
+		@driver.running?
+	end
+
+	def location
+		@driver.location
+	end
+
+	def start
+		@driver.start
+	end
+
+	def stop
+		@driver.stop
+	end
+
+	def pause
+		@driver.pause
+	end
+
+	def suspend
+		@driver.suspend
+	end
+	
+	def reset
+		@driver.reset
+	end
+	
+	def resume
+		@driver.resume
+	end
+
+	def create_snapshot(snapshot)
+		@driver.create_snapshot(snapshot)
+	end
+
+	def revert_snapshot(snapshot)
+		@driver.revert_snapshot(snapshot)
+	end
+
+	def delete_snapshot(snapshot)
+		@driver.delete_snapshot(snapshot)
+	end
+
+	def revert_and_start(snapshot)
+		@driver.revert_snapshot(snapshot)
+		@driver.start
+	end
+
+	def copy_to(from,to)
+		@driver.copy_to(from,to)
+	end
+	
+	def copy_from(from,to)
+		@driver.copy_from(from,to)
+	end
+	
+	def run_command(command)
+		@driver.run_command(command)
+	end
+
+	def check_file_exists(file)
+		@driver.check_file_exists(file)
+	end
+	
+	def create_directory(directory)
+		@driver.create_directory(directory)
+	end
+
+	def open_uri(uri)
+		# we don't filter the uri, as it's getting tossed into a script 
+		# by the driver
+		if @os == "windows"
+			command = "\"C:\\program files\\internet explorer\\iexplore.exe\" #{uri}"
+		else
+			command = "firefox #{uri}"
+		end
+
+		@driver.run_command(command)
+	end
+
+	def to_s
+		return "#{@vmid}"
+	end
+
+	def to_yaml
+		
+		# TODO - push this down to the drivers.
+		
+		# Standard configuration options
+		out =  " - vmid: #{@vmid}\n"
+		out += "   driver: #{@driver_type}\n"
+		out += "   location: #{@location}\n"
+		out += "   type: #{@type}\n"
+		out += "   tools: #{@tools}\n"
+		out += "   os: #{@os}\n"
+		out += "   arch: #{@arch}\n"
+		
+		if @user or @host # Remote vm/drivers only
+			out += "   user: #{@user}\n"
+			out += "   host: #{@host}\n"
+		end
+
+		if @platform
+			out += "   platform: #{@platform}\n"
+		end
+
+		if @fog_config
+			out += @fog_config.to_yaml
+		end
+
+		if @dynagen_config
+			out += @dynagen_config.to_yaml
+		end
+
+		out += "   credentials:\n"
+		@credentials.each do |credential|		
+			out += "     - user: #{credential['user']}\n"
+			out += "       pass: #{credential['pass']}\n"
+		end
+	
+	 	return out
+	end
+private
+
+	def filter_input(string)
+		return "" unless string # nil becomes empty string
+		return unless string.class == String # Allow other types
+					
+		unless /^[(!)\d*\w*\s*\[\]\{\}\/\\\.\-\"\(\)]*$/.match string
+			raise "WARNING! Invalid character in: #{string}"
+		end
+
+		string
+	end
+end
+end