metasploit-aggregator 0.1.0

data/README.md

@@ -0,0 +1,28 @@
+Metasploit [![Build Status](https://travis-ci.org/rapid7/metasploit-aggregator.svg?branch=master)](https://travis-ci.org/rapid7/metasploit-aggregator) [![Code Climate](https://img.shields.io/codeclimate/github/rapid7/metasploit-aggregator.svg)](https://codeclimate.com/github/rapid7/metasploit-aggregator)
+==
+The Metasploit Aggregator is released under a BSD-style license. See
+COPYING for more details.
+
+Bug tracking and development information can be found at:
+ https://github.com/rapid7/metasploit-aggregator
+
+New bugs and feature requests should be directed to:
+  http://r-7.co/MSF-BUGv1
+
+API documentation for writing modules can be found at:
+  https://rapid7.github.io/metasploit-aggregator/api
+
+Questions and suggestions can be sent to:
+  https://lists.sourceforge.net/lists/listinfo/metasploit-hackers
+
+Installing
+--
+
+Using Metasploit Aggregator
+--
+
+Contributing
+--
+[Contributing](https://github.com/rapid7/metasploit-aggregator/blob/master/CONTRIBUTING.md).
+
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/msfaggregator

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'msf/aggregator'
+require 'msf/aggregator/cable'
+require 'msf/aggregator/logger'
+
+admin_host = '127.0.0.1'
+admin_port = 2447
+listener = '127.0.0.1'
+remote_console = '127.0.0.1'
+# cert_file = './cert.pem'
+# cert_string = File.new(cert_file).read
+cert_string = nil
+
+# server = Msf::Aggregator::Server.new('127.0.0.1', 1337)
+server = Msf::Aggregator::MsgPackServer.new(admin_host, admin_port)
+server.start
+Logger.log "Starting administration service on #{admin_host}:#{admin_port}"
+
+loop do
+  command = $stdin.gets
+  if command.chomp == 'exit'
+    exit
+  elsif command.chomp == 'clear'
+    forwarder.requests = []
+    forwarder.responses = []
+  elsif command.chomp == 'pause'
+    Logger.log "paused"
+  elsif command.chomp == 'start'
+    server.start
+  elsif command.chomp == 'stop'
+    server.stop
+  elsif command.chomp == 'park'
+    client.release_session($stdin.gets.chomp)
+  end
+end

data/lib/msf/aggregator.rb

@@ -0,0 +1,256 @@
+require 'socket'
+require 'openssl'
+require 'thread'
+require 'msgpack'
+require 'msgpack/rpc'
+
+require 'msf/aggregator/version'
+require 'msf/aggregator/cable'
+require 'msf/aggregator/connection_manager'
+require 'msf/aggregator/https_forwarder'
+require 'msf/aggregator/logger'
+
+module Msf
+  module Aggregator
+
+    class Service
+      # return availability status of the service
+      def available?
+        # index for impl
+      end
+
+      # returns map of sessions available from the service
+      def sessions
+        # index for impl
+      end
+
+      def cables
+        # index for impl
+      end
+
+      # sets forwarding for a specific session to promote
+      # that session for local use, obtained sessions are
+      # not reported in getSessions
+      def obtain_session(payload, lhost, lport)
+        # index for impl
+      end
+
+      # parks a session and makes it available in the getSessions
+      def release_session(payload)
+        # index for impl
+      end
+
+      # start a listening port maintained on the service
+      # connections are forwarded to any registered default
+      # TODO: may want to require a type here for future proof of api
+      def add_cable(type, host, port, certificate = nil)
+        # index for impl
+      end
+
+      def remove_cable(host, port)
+        # index for impl
+      end
+
+      def register_default(lhost, lport, payload_list)
+        # index for impl
+      end
+
+      # returns list of IP addressed available to the service
+      # TODO: consider also reporting "used" ports (may not be needed)
+      def available_addresses
+        # index for impl
+      end
+    end
+
+    class ServerProxy < Service
+      @host = @port = @socket = nil
+      @response_queue = []
+
+      def initialize(host, port)
+        @host = host
+        @port = port
+        @client = MessagePack::RPC::Client.new(@host, @port)
+      end
+
+      def available?
+        @client.call(:available?)
+      rescue MessagePack::RPC::ConnectionTimeoutError => e
+        false
+      end
+
+      def sessions
+        @client.call(:sessions)
+      rescue MessagePack::RPC::TimeoutError => e
+        Logger.log(e.to_s)
+      end
+
+      def cables
+        @client.call(:cables)
+      rescue MessagePack::RPC::TimeoutError => e
+        Logger.log(e.to_s)
+      end
+
+
+      def obtain_session(payload, lhost, lport)
+        @client.call(:obtain_session, payload, lhost, lport)
+      rescue MessagePack::RPC::TimeoutError => e
+        Logger.log(e.to_s)
+      end
+
+      def release_session(payload)
+        @client.call(:release_session, payload)
+      rescue MessagePack::RPC::TimeoutError => e
+        Logger.log(e.to_s)
+      end
+
+      def add_cable(type, host, port, certificate = nil)
+        @client.call(:add_cable, type, host, port, certificate)
+      rescue MessagePack::RPC::TimeoutError => e
+        Logger.log(e.to_s)
+      end
+
+      def remove_cable(host, port)
+        @client.call(:remove_cable, host, port)
+      rescue MessagePack::RPC::TimeoutError => e
+        Logger.log(e.to_s)
+      end
+
+      def register_default(lhost, lport, payload_list)
+        @client.call(:register_default, lhost, lport, payload_list)
+      rescue MessagePack::RPC::TimeoutError => e
+        Logger.log(e.to_s)
+      end
+
+      def available_addresses
+        @client.call(:available_addresses)
+      rescue MessagePack::RPC::TimeoutError => e
+        Logger.log(e.to_s)
+      end
+
+      def stop
+        @client.close
+      end
+    end # ServerProxy
+
+    class Server < Service
+      # include Metasploit::Aggregator::ConnectionManager
+
+      def initialize
+        @manager = nil
+      end
+
+      def start
+        @manager = Msf::Aggregator::ConnectionManager.new
+        true
+      end
+
+      def available?
+        !@manager.nil?
+      end
+
+      def sessions
+        @manager.connections
+      end
+
+      def cables
+        @manager.cables
+      end
+
+      def obtain_session(payload, rhost, rport)
+        # return session object details or UUID/uri
+        # forwarding will cause new session creation on the console
+        # TODO: check and set lock on payload requested see note below in register_default
+        @manager.register_forward(rhost, rport, [ payload ])
+        true # update later to return if lock obtained
+      end
+
+      def release_session(payload)
+        @manager.park(payload)
+        true # return always return success for now
+      end
+
+      def add_cable(type, host, port, certificate = nil)
+        unless @manager.nil?
+          case type
+            when Cable::HTTPS
+              # TODO: check if already listening on that port
+              @manager.add_cable_https(host, port, certificate)
+            when Cable::HTTP
+              @manager.add_cable_http(host, port)
+            else
+              Logger.log("#{type} cables are not supported.")
+          end
+        end
+        true
+      end
+
+      def remove_cable(host, port)
+        unless @manager.nil?
+          @manager.remove_cable(host, port)
+        end
+      end
+
+      def register_default(lhost, lport, payload_list)
+        # add this payload list to each forwarder for this remote console
+        # TODO: consider adding boolean param to ConnectionManager.register_forward to 'lock'
+        @manager.register_forward(lhost, lport, payload_list)
+        true
+      end
+
+      def available_addresses
+        addr_list = Socket.ip_address_list
+        addresses = []
+        addr_list.each do |addr|
+          addresses << addr.ip_address
+        end
+        addresses
+      end
+
+      def stop
+        unless @manager.nil?
+          @manager.stop
+        end
+        @manager = nil
+        true
+      end
+
+      def release_session(host)
+        @manager.park(host)
+      end
+    end # class Server
+
+    class MsgPackServer
+
+      def initialize(host, port)
+        @host = host
+        @port = port
+
+        # server = TCPServer.new(@host, @port)
+        # sslContext = OpenSSL::SSL::SSLContext.new
+        # sslContext.key, sslContext.cert = Msf::Aggregator::ConnectionManager.ssl_generate_certificate
+        # sslServer = OpenSSL::SSL::SSLServer.new(server, sslContext)
+        #
+        @svr = MessagePack::RPC::Server.new # need to initialize this as ssl server
+        # @svr.listen(sslServer, Server.new)
+        @svr.listen(@host, @port, Server.new)
+
+        Thread.new { @svr.run }
+      end
+
+      def start
+        c = MessagePack::RPC::Client.new(@host,@port)
+        c.call(:start)
+        c.close
+      rescue MessagePack::RPC::TimeoutError => e
+        Logger.log(e.to_s)
+      end
+
+      def stop
+        c = MessagePack::RPC::Client.new(@host,@port)
+        c.call(:stop)
+        c.close
+        @svr.close
+      end
+    end
+  end
+end

data/lib/msf/aggregator/cable.rb

@@ -0,0 +1,18 @@
+module Msf
+  module Aggregator
+    class Cable
+      HTTPS = 'https'
+      HTTP = 'http'
+
+      attr_reader :forwarder
+      attr_reader :server
+      attr_reader :thread
+
+      def initialize(thread, server, forwarder)
+        @thread = thread
+        @forwarder = forwarder
+        @server = server
+      end
+    end
+  end
+end

data/lib/msf/aggregator/connection_manager.rb

@@ -0,0 +1,184 @@
+require 'openssl'
+require 'socket'
+
+require 'msf/aggregator/logger'
+require 'msf/aggregator/http_forwarder'
+require 'msf/aggregator/https_forwarder'
+require 'msf/aggregator/cable'
+
+module Msf
+  module Aggregator
+
+    class ConnectionManager
+
+      def initialize
+        @cables = []
+        @manager_mutex = Mutex.new
+        @default_route = []
+        @router = Router.instance
+      end
+
+      def self.ssl_generate_certificate
+        yr   = 24*3600*365
+        vf   = Time.at(Time.now.to_i - rand(yr * 3) - yr)
+        vt   = Time.at(vf.to_i + (10 * yr))
+        cn   = 'localhost'
+        key  = OpenSSL::PKey::RSA.new(2048){ }
+        cert = OpenSSL::X509::Certificate.new
+        cert.version    = 2
+        cert.serial     = (rand(0xFFFFFFFF) << 32) + rand(0xFFFFFFFF)
+        cert.subject    = OpenSSL::X509::Name.new([["CN", cn]])
+        cert.issuer     = OpenSSL::X509::Name.new([["CN", cn]])
+        cert.not_before = vf
+        cert.not_after  = vt
+        cert.public_key = key.public_key
+
+        ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
+        cert.extensions = [
+            ef.create_extension("basicConstraints","CA:FALSE")
+        ]
+        ef.issuer_certificate = cert
+
+        cert.sign(key, OpenSSL::Digest::SHA256.new)
+
+        [key, cert, nil]
+      end
+
+      def ssl_parse_certificate(certificate)
+        key, cert, chain = nil
+        unless certificate.nil?
+          begin
+            # parse the cert
+            key = OpenSSL::PKey::RSA.new(certificate, "")
+            cert = OpenSSL::X509::Certificate.new(certificate)
+            # TODO: ensure this parses all certificate in object provided
+          rescue OpenSSL::PKey::RSAError => e
+            Logger.log(e.message)
+          end
+        end
+        return key, cert, chain
+      end
+
+      def add_cable_https(host, port, certificate)
+        @manager_mutex.synchronize do
+          forwarder = Msf::Aggregator::HttpsForwarder.new
+          forwarder.log_messages = true
+          server = TCPServer.new(host, port)
+          ssl_context = OpenSSL::SSL::SSLContext.new
+          unless certificate.nil?
+            ssl_context.key, ssl_context.cert = ssl_parse_certificate(certificate)
+          else
+            ssl_context.key, ssl_context.cert = Msf::Aggregator::ConnectionManager.ssl_generate_certificate
+          end
+          ssl_server = OpenSSL::SSL::SSLServer.new(server, ssl_context)
+
+          handler = connect_cable(ssl_server, host, port, forwarder)
+          @cables << Cable.new(handler, server, forwarder)
+          handler
+        end
+      end
+
+      def add_cable_http(host, port)
+        @manager_mutex.synchronize do
+          forwarder = Msf::Aggregator::HttpForwarder.new
+          forwarder.log_messages = true
+          server = TCPServer.new(host, port)
+
+          handler = connect_cable(server, host, port, forwarder)
+          @cables << Cable.new(handler, server, forwarder)
+        end
+      end
+
+      def register_forward(rhost, rport, payload_list = nil)
+        @cables.each do |cable|
+          addr = cable.server.local_address
+          if addr.ip_address == rhost && addr.ip_port == rport.to_i
+            raise ArgumentError.new("#{rhost}:#{rport} is not a valid forward")
+          end
+        end
+        if payload_list.nil?
+          # add the this host and port as the new default route
+          @default_route = [rhost, rport]
+          @router.add_route(rhost, rport, nil)
+        else
+          payload_list.each do |payload|
+            @router.add_route(rhost, rport, payload)
+          end
+        end
+      end
+
+      def connections
+        connections = {}
+        @cables.each do |cable|
+          connections = connections.merge cable.forwarder.connections
+        end
+        connections
+      end
+
+      def cables
+        local_cables = []
+        @cables.each do |cable|
+          addr = cable.server.local_address
+          local_cables << addr.ip_address + ':' + addr.ip_port.to_s
+        end
+        local_cables
+      end
+
+      def connect_cable(server, host, port, forwarder)
+        Logger.log "Listening on port #{host}:#{port}"
+
+        handler = Thread.new do
+          begin
+            loop do
+              Logger.log "waiting for connection on #{host}:#{port}"
+              connection = server.accept
+              Logger.log "got connection on #{host}:#{port}"
+              Thread.new do
+                begin
+                  forwarder.forward(connection)
+                rescue
+                  Logger.log $!
+                end
+                Logger.log "completed connection on #{host}:#{port}"
+              end
+            end
+          end
+        end
+        handler
+      end
+
+      def remove_cable(host, port)
+        @manager_mutex.synchronize do
+          closed_servers = []
+          @cables.each do |cable|
+            addr = cable.server.local_address
+            if addr.ip_address == host && addr.ip_port == port.to_i
+              cable.server.close
+              cable.thread.exit
+              closed_servers << cable
+            end
+          end
+          @cables -= closed_servers
+        end
+        return true
+      end
+
+
+      def stop
+        @manager_mutex.synchronize do
+          @cables.each do |listener|
+            listener.server.close
+            listener.thread.exit
+          end
+        end
+      end
+
+      def park(payload)
+        @router.add_route(nil, nil, payload)
+        Logger.log "parking #{payload}"
+      end
+
+      private :ssl_parse_certificate
+    end
+  end
+end