lab 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/README +27 -24
- data/lib/lab/version.rb +1 -1
- data/lib/lab/vm.rb +1 -1
- metadata +4 -5
- data/lib/lab/modifier/meterpreter_modifier.rb +0 -167
data/README
CHANGED
@@ -1,14 +1,15 @@
|
|
1
1
|
This folder contains the libraries necessary to run the lab plugin, and can also be used in a standalone way to automate virtual machines.
|
2
2
|
|
3
|
-
|
3
|
+
CONCEPTS:
|
4
|
+
=========
|
4
5
|
|
5
6
|
The lab provides a clean interface to common vm functions such as start / stop / snapshot / revert and even running system commands or higher-level functions like opening a browser to a specified URL. It's designed so the different VM technologies have a similiar interface, and you can ignore the specifics of the VM tech. The majority of the functionality is implemented in the form of drivers and controllers. Drivers implement the underlying command for each vm software (such as start/stop/revert), and controllers implement the commands which apply to all vms (such as listing all running vms, or cloning a vm).
|
6
7
|
|
7
8
|
If you're interested in porting a vm software (see below), please take a look at the workstation_driver.rb and the workstation_controller.rb -- This is a simple driver / controller in the lab, and you can simply copy / modify this to implement a new driver & controller for the software.
|
8
9
|
|
9
|
-
|
10
|
-
|
11
|
-
NOTE: The lab libraries have only been tested
|
10
|
+
SUPPORTED VM TECHNOLOGIES:
|
11
|
+
==========================
|
12
|
+
NOTE: The lab libraries have only been tested with linux as a host, porting to windows is not planned at this time.
|
12
13
|
|
13
14
|
Implemented:
|
14
15
|
- workstation (Tested against 7.x)
|
@@ -25,8 +26,8 @@ Need Implementation:
|
|
25
26
|
- qemudo
|
26
27
|
- others?
|
27
28
|
|
28
|
-
|
29
|
-
|
29
|
+
PLATFORM SUPPORT:
|
30
|
+
=================
|
30
31
|
You will need to have this code running on a linux box, Currently this has only been run / tested on Ubuntu 9.04 -> 10.04, though it should run on any linux with an ssh client and the dependencies below. Remote VM Hosts will need to be linux as well, though other platforms may work (untested). If you're interested in porting it to windows, please contact me (jcran).
|
31
32
|
|
32
33
|
Platform Dependencies:
|
@@ -34,8 +35,8 @@ Platform Dependencies:
|
|
34
35
|
- net/scp - the gem (net-scp). Required to copy files to/from the devices in the case that tools are not installed. Not necessary if tools are installed.
|
35
36
|
- fog - require to use the amazon_ec2 driver
|
36
37
|
|
37
|
-
|
38
|
-
|
38
|
+
STANDALONE API:
|
39
|
+
===============
|
39
40
|
BACKGROUND:
|
40
41
|
|
41
42
|
The lab libraries add tons of useful functionality that isn't exposed through the lab plugin, such as the ability to run commands on hosts. This library can serve as an excellent base for more complex operations on a remote host as well.
|
@@ -43,7 +44,7 @@ The lab libraries add tons of useful functionality that isn't exposed through th
|
|
43
44
|
USAGE:
|
44
45
|
|
45
46
|
You must first create a yaml file which describes your vm. See data/lab/test_targets.yml for an example.
|
46
|
-
|
47
|
+
<pre>
|
47
48
|
require 'vm_controller'
|
48
49
|
vm_controller = ::Lab::Controllers::VmController.new(YAML.load_file(lab_def))
|
49
50
|
vm_controller['vm1'].start
|
@@ -52,8 +53,9 @@ You must first create a yaml file which describes your vm. See data/lab/test_tar
|
|
52
53
|
vm_controller['vm1'].open_uri("http://autopwn:8080")
|
53
54
|
vm_controller['vm1'].revert("clean")
|
54
55
|
vm_controller['vm1'].revert("clean")
|
55
|
-
|
56
|
-
|
56
|
+
</pre>
|
57
|
+
METASPLOIT MSFCONSOLE LAB PLUGIN:
|
58
|
+
=================================
|
57
59
|
|
58
60
|
BACKGROUND:
|
59
61
|
|
@@ -62,16 +64,17 @@ The lab plugin for msfconsole adds a number of commands which may be useful if y
|
|
62
64
|
USAGE:
|
63
65
|
|
64
66
|
Here's some example usage for the lab plugin.
|
65
|
-
|
66
|
-
msf> load lab
|
67
|
-
msf> lab_load <path_to_lab_file>
|
68
|
-
msf> lab_load_dir workstation /path/to/vmx/files
|
69
|
-
msf> lab_load_running remote_esx root esx_server
|
70
|
-
msf> lab_start vm1
|
71
|
-
msf> lab_snapshot vm1 snapshot_1
|
72
|
-
msf> lab_run_command ("rm -rf /")
|
73
|
-
msf> lab_show
|
74
|
-
msf> lab_show_running
|
75
|
-
msf> lab_start vm2
|
76
|
-
msf> lab_suspend vm1
|
77
|
-
msf> lab_revert all snapshot_1
|
67
|
+
<pre>
|
68
|
+
msf> load lab // Loads the lab plugin
|
69
|
+
msf> lab_load <path_to_lab_file> // Loads from a lab configuration file. See data/lab/test_targets.yml for an example
|
70
|
+
msf> lab_load_dir workstation /path/to/vmx/files // Loads from a local directory.
|
71
|
+
msf> lab_load_running remote_esx root esx_server // Loads all running vms.
|
72
|
+
msf> lab_start vm1 // Start a vm which was loaded above
|
73
|
+
msf> lab_snapshot vm1 snapshot_1 // Snapshot a vm as 'snapshot_1'
|
74
|
+
msf> lab_run_command ("rm -rf /") // oops!
|
75
|
+
msf> lab_show // Show all vms that we're aware of
|
76
|
+
msf> lab_show_running // Show only running vms
|
77
|
+
msf> lab_start vm2 // Start another vm
|
78
|
+
msf> lab_suspend vm1 // Suspend a vm
|
79
|
+
msf> lab_revert all snapshot_1 // Revert all vms back to 'snapshot_1'
|
80
|
+
</pre>
|
data/lib/lab/version.rb
CHANGED
data/lib/lab/vm.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: lab
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,11 +9,11 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2012-03-06 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: nokogiri
|
16
|
-
requirement: &
|
16
|
+
requirement: &18669540 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,7 +21,7 @@ dependencies:
|
|
21
21
|
version: '0'
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *18669540
|
25
25
|
description: Start/Stop/Revert and do other cool stuff w/ Vmware, Virtualbox, and
|
26
26
|
ESXi vms
|
27
27
|
email:
|
@@ -56,7 +56,6 @@ files:
|
|
56
56
|
- lib/lab/drivers.rb
|
57
57
|
- lib/lab/modifier/backtrack5_modifier.rb
|
58
58
|
- lib/lab/modifier/dos_modifier.rb
|
59
|
-
- lib/lab/modifier/meterpreter_modifier.rb
|
60
59
|
- lib/lab/modifier/test_modifier.rb
|
61
60
|
- lib/lab/modifiers.rb
|
62
61
|
- lib/lab/version.rb
|
@@ -1,167 +0,0 @@
|
|
1
|
-
$:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
|
2
|
-
|
3
|
-
module Lab
|
4
|
-
module Modifier
|
5
|
-
module Meterpreter
|
6
|
-
|
7
|
-
end
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
|
12
|
-
# This allows us to override the default way of running commands
|
13
|
-
# Currently useful for the esx controller
|
14
|
-
|
15
|
-
module Lab
|
16
|
-
class Vm
|
17
|
-
|
18
|
-
attr_accessor :framework
|
19
|
-
attr_accessor :session
|
20
|
-
attr_accessor :session_input
|
21
|
-
attr_accessor :session_output
|
22
|
-
|
23
|
-
def create_framework
|
24
|
-
return if @framework
|
25
|
-
@framework = Msf::Simple::Framework.create
|
26
|
-
end
|
27
|
-
|
28
|
-
# perform the setup only once
|
29
|
-
def setup_session
|
30
|
-
return if @session
|
31
|
-
|
32
|
-
# require the framework (assumes this sits in lib/lab/modifiers)
|
33
|
-
require 'msf/base'
|
34
|
-
|
35
|
-
create_framework ## TODO - this should use a single framework
|
36
|
-
## for all hosts, not one-per-host
|
37
|
-
|
38
|
-
@session = nil
|
39
|
-
@session_input = Rex::Ui::Text::Input::Buffer.new
|
40
|
-
@session_output = Rex::Ui::Text::Output::Buffer.new
|
41
|
-
|
42
|
-
if @os == "windows"
|
43
|
-
exploit_name = 'windows/smb/psexec'
|
44
|
-
|
45
|
-
# TODO - check for x86, choose the appropriate payload
|
46
|
-
|
47
|
-
payload_name = 'windows/meterpreter/bind_tcp'
|
48
|
-
options = { "RHOST" => @hostname,
|
49
|
-
"SMBUser" => @vm_user,
|
50
|
-
"SMBPass" => @vm_pass}
|
51
|
-
|
52
|
-
puts "DEBUG: using options #{options}"
|
53
|
-
|
54
|
-
# Initialize the exploit instance
|
55
|
-
exploit = @framework.exploits.create(exploit_name)
|
56
|
-
|
57
|
-
begin
|
58
|
-
# Fire it off.
|
59
|
-
@session = exploit.exploit_simple(
|
60
|
-
'Payload' => payload_name,
|
61
|
-
'Options' => options,
|
62
|
-
'LocalInput' => @session_input,
|
63
|
-
'LocalOutput' => @session_output)
|
64
|
-
@session.load_stdapi
|
65
|
-
|
66
|
-
puts "DEBUG: Generated session: #{@session}"
|
67
|
-
|
68
|
-
rescue Exception => e
|
69
|
-
puts "DEBUG: Unable to exploit"
|
70
|
-
puts e.to_s
|
71
|
-
end
|
72
|
-
|
73
|
-
else
|
74
|
-
module_name = 'scanner/ssh/ssh_login'
|
75
|
-
|
76
|
-
# TODO - check for x86, choose the appropriate payload
|
77
|
-
|
78
|
-
payload_name = 'linux/x86/shell_bind_tcp'
|
79
|
-
options = { "RHOSTS" => @hostname,
|
80
|
-
"USERNAME" => @vm_user,
|
81
|
-
"PASSWORD" => @vm_pass,
|
82
|
-
"BLANK_PASSWORDS" => false,
|
83
|
-
"USER_AS_PASS" => false,
|
84
|
-
"VERBOSE" => false}
|
85
|
-
|
86
|
-
puts "DEBUG: using options #{options}"
|
87
|
-
|
88
|
-
# Initialize the module instance
|
89
|
-
aux = @framework.auxiliary.create(module_name)
|
90
|
-
|
91
|
-
puts "DEBUG: created module: #{aux}"
|
92
|
-
|
93
|
-
begin
|
94
|
-
# Fire it off.
|
95
|
-
aux.run_simple(
|
96
|
-
'Payload' => payload_name,
|
97
|
-
'Options' => options,
|
98
|
-
'LocalInput' => @session_input,
|
99
|
-
'LocalOutput' => @session_output)
|
100
|
-
|
101
|
-
@session = @framework.sessions.first.last
|
102
|
-
puts "DEBUG: Generated session: #{@session}"
|
103
|
-
rescue Exception => e
|
104
|
-
puts "DEBUG: Unable to exploit"
|
105
|
-
puts e.to_s
|
106
|
-
end
|
107
|
-
end
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
end
|
112
|
-
|
113
|
-
def run_command(command, timeout=60)
|
114
|
-
|
115
|
-
setup_session
|
116
|
-
puts "Using session #{@session}"
|
117
|
-
|
118
|
-
# TODO: pass the timeout down
|
119
|
-
|
120
|
-
if @session
|
121
|
-
if @session.type == "shell"
|
122
|
-
puts "Running command via shell: #{command}"
|
123
|
-
@session.shell_command_token(command, timeout)
|
124
|
-
elsif @session.type == "meterpreter"
|
125
|
-
puts "Running command via meterpreter: #{command}"
|
126
|
-
@session.shell_command(command) #, timeout)
|
127
|
-
end
|
128
|
-
else
|
129
|
-
raise "No session"
|
130
|
-
end
|
131
|
-
end
|
132
|
-
|
133
|
-
|
134
|
-
# This isn't part of the normal API, but too good to pass up.
|
135
|
-
def run_script(script, options)
|
136
|
-
if @session.type == "meterpreter"
|
137
|
-
@session.execute_script(script, options)
|
138
|
-
else
|
139
|
-
raise "Unsupported on #{@session.type}"
|
140
|
-
end
|
141
|
-
end
|
142
|
-
|
143
|
-
# For meterpreter API compatibility
|
144
|
-
#def execute_file(script,options)
|
145
|
-
# run_script(script,options)
|
146
|
-
#end
|
147
|
-
|
148
|
-
def copy_to(local,remote)
|
149
|
-
setup_session
|
150
|
-
if @session.type == "meterpreter"
|
151
|
-
@session.run_cmd("upload #{local} #{remote}")
|
152
|
-
else
|
153
|
-
@driver.copy_to(local,remote)
|
154
|
-
end
|
155
|
-
end
|
156
|
-
|
157
|
-
def copy_from(local, remote)
|
158
|
-
setup_session
|
159
|
-
if @session.type == "meterpreter"
|
160
|
-
@session.run_cmd("download #{local} #{remote}")
|
161
|
-
else
|
162
|
-
@driver.copy_from(local,remote)
|
163
|
-
end
|
164
|
-
end
|
165
|
-
|
166
|
-
end
|
167
|
-
end
|