Move Kademlia stuff to a more OO model, etc, per reviews

All of the work is done in rex.  The msf mixin just prevents the
desire to call rex directly from the module

Author: jhart-r7

lib/msf/core/auxiliary/kademlia.rb

@@ -1,4 +1,5 @@
 # -*- coding: binary -*-
+
 require 'rex/proto/kademlia'
 
 module Msf
@@ -10,109 +11,5 @@ module Msf
 ###
 module Auxiliary::Kademlia
   include Rex::Proto::Kademlia
-
-  # Opcode for a BOOTSTRAP request
-  BOOTSTRAP_REQ = 0x01
-  # Opcode for a BOOTSTRAP response
-  BOOTSTRAP_RES = 0x09
-  # Opcode for a PING request
-  PING = 0x60
-  # Opcode for a PING response
-  PONG = 0x61
-  # The minimum size of a peer in a KADEMLIA2_BOOTSTRAP_RES message:
-  # peer ID (16-bytes), IP (4 bytes), UDP port (2 bytes), TCP port (2 bytes)
-  # and version (1 byte)
-  BOOTSTRAP_PEER_SIZE = 25
-
-  # Builds a BOOTSTRAP request
-  #
-  # @return [String] a BOOTSTRAP request
-  def bootstrap
-    Message.new(BOOTSTRAP_REQ)
-  end
-
-  # Decodes a BOOTSTRAP response
-  #
-  # @param response [String] the response to decode
-  # @return [Array] the discovered peer ID, TCP port, version and a list of peers
-  #   if the response if valid, nil otherwise
-  def decode_bootstrap_res(response)
-    message = Message.from_data(response)
-    # abort if this isn't a valid response
-    return nil unless message.type = BOOTSTRAP_RES
-    return nil unless message.body.size >= 23
-    peer_id = decode_peer_id(message.body.slice!(0,16))
-    tcp_port, version, num_peers = message.body.slice!(0,5).unpack('vCv')
-    # protocol says there are no peers and the body confirms this, so just return with no peers
-    return [ tcp_port, version, []] if num_peers == 0 && message.body.blank?
-    peers = decode_bootstrap_peers(message.body)
-    # abort if the peer data was invalid
-    return nil unless peers
-    [ peer_id, tcp_port, version, peers ]
-  end
-
-  # Builds a PING request
-  #
-  # @return [String] a PING request
-  def ping
-    Message.new(PING)
-  end
-
-  # Decode a PING response, PONG
-  #
-  # @param response [String] the response to decode
-  # @return [Integer] the source port from the PING response if the response is valid, nil otherwise
-  def decode_pong(response)
-    message = Message.from_data(response)
-    # abort if this isn't a pong
-    return nil unless message.type == PONG
-    # abort if the response is too large/small
-    return nil unless message.body && message.body.size == 2
-    # this should always be equivalent to the source port from which the PING was received
-    message.body.unpack('v')[0]
-  end
-
-  # Decode a list of peers from a BOOTSTRAP response
-  #
-  # @param peers_data [String] the peers data from a BOOTSTRAP response
-  # @return [Array] a list of the peers and their associated metadata extracted
-  # from the response if valid, nil otherwise
-  def decode_bootstrap_peers(peers_data)
-    # sanity check total size
-    return nil unless peers_data.size % BOOTSTRAP_PEER_SIZE == 0
-    peers = []
-    until peers_data.blank?
-      peers << decode_bootstrap_peer(peers_data.slice!(0, BOOTSTRAP_PEER_SIZE))
-    end
-    peers
-  end
-
-  # Decodes a single set of peer data from a BOOTSTRAP reseponse
-  #
-  # @param peer-data [String] the peer data for one peer from a BOOSTRAP response
-  # @return [Array] the peer ID, IPv4 addresss, UDP port, TCP port and version of this peer
-  def decode_bootstrap_peer(peer_data)
-    # sanity check the size of this peer's data
-    return nil unless peer_data.size == BOOTSTRAP_PEER_SIZE
-    # TODO; interpret this properly
-    peer_id = peer_data.slice!(0, 16)
-    ip, udp_port, tcp_port, version = peer_data.unpack('VvvC')
-    [ decode_peer_id(peer_id), Rex::Socket.addr_itoa(ip), udp_port, tcp_port, version ]
-  end
-
-  # Decodes an on-the-wire representation of a Kademlia peer to its 16-character hex equivalent
-  #
-  # @param bytes [String] the on-the-wire representation of a Kademlia peer
-  # @return [String] the peer ID if valid, nil otherwise
-  def decode_peer_id(bytes)
-    peer_id = 0
-    return nil unless bytes.size == 16
-    bytes.unpack('VVVV').map { |p| peer_id <<= 32; peer_id ^= p; }
-    peer_id.to_s(16).upcase
-  end
-
-  # TODO
-  # def encode_peer_id(id)
-  # end
 end
 end

lib/rex/proto/kademlia.rb

@@ -1,3 +1,8 @@
 # -*- coding: binary -*-
 
+require 'rex/proto/kademlia/bootstrap_request'
+require 'rex/proto/kademlia/bootstrap_response'
 require 'rex/proto/kademlia/message'
+require 'rex/proto/kademlia/ping'
+require 'rex/proto/kademlia/pong'
+require 'rex/proto/kademlia/util'

lib/rex/proto/kademlia/bootstrap_request.rb

@@ -0,0 +1,19 @@
+# -*- coding: binary -*-
+
+require 'rex/proto/kademlia/message'
+
+module Rex
+module Proto
+module Kademlia
+  # Opcode for a BOOTSTRAP request
+  BOOTSTRAP_REQUEST = 0x01
+
+  # A Kademlia bootstrap request message
+  class BootstrapRequest < Message
+    def initialize
+      super(BOOTSTRAP_REQUEST)
+    end
+  end
+end
+end
+end

lib/rex/proto/kademlia/bootstrap_response.rb

@@ -0,0 +1,70 @@
+# -*- coding: binary -*-
+
+require 'rex/proto/kademlia/message'
+require 'rex/proto/kademlia/util'
+
+module Rex
+module Proto
+module Kademlia
+  # Opcode for a bootstrap response
+  BOOTSTRAP_RESPONSE = 0x09
+
+  # A Kademlia bootstrap response message
+  class BootstrapResponse < Message
+    attr_reader :peer_id
+    attr_reader :tcp_port
+    attr_reader :version
+    # An array of hashes containing the peer ID, IP address, UDP and TCP ports as well as the type/version
+    attr_reader :peers
+
+    def initialize(peer_id, tcp_port, version, peers)
+      @peer_id = peer_id
+      @tcp_port = tcp_port
+      @version = version
+      @peers = peers
+    end
+
+    # The minimum size of a peer in a KADEMLIA2_BOOTSTRAP_RES message:
+    # peer ID (16-bytes), IP (4 bytes), UDP port (2 bytes), TCP port (2 bytes)
+    # and version (1 byte)
+    BOOTSTRAP_PEER_SIZE = 25
+
+    # Builds a bootstrap response from given data
+    #
+    # @param data [String] the data to decode
+    # @return [BootstrapResponse] the bootstrap response if the data is valid, nil otherwise
+    def self.from_data(data)
+      message = Message.from_data(data)
+      # abort if this isn't a valid response
+      return unless message
+      return unless message.type == BOOTSTRAP_RESPONSE
+      return unless message.body.size >= 23
+      bootstrap_peer_id = Rex::Proto::Kademlia.decode_peer_id(message.body.slice!(0, 16))
+      bootstrap_tcp_port, bootstrap_version, num_peers = message.body.slice!(0, 5).unpack('vCv')
+      # protocol says there are no peers and the body confirms this, so just return with no peers
+      if num_peers == 0 && message.body.blank?
+        peers = []
+      else
+        peers_data = message.body
+        # peers data is too long/short, abort
+        return if peers_data.size % BOOTSTRAP_PEER_SIZE != 0
+        peers = []
+        until peers_data.blank?
+          peer_data = peers_data.slice!(0, BOOTSTRAP_PEER_SIZE)
+          peer_id = Rex::Proto::Kademlia.decode_peer_id(peer_data.slice!(0, 16))
+          ip, udp_port, tcp_port, version = peer_data.unpack('VvvC')
+          peers << {
+            id: peer_id,
+            ip: Rex::Socket.addr_itoa(ip),
+            tcp_port: tcp_port,
+            udp_port: udp_port,
+            version: version
+          }
+        end
+      end
+      BootstrapResponse.new(bootstrap_peer_id, bootstrap_tcp_port, bootstrap_version, peers)
+    end
+  end
+end
+end
+end

lib/rex/proto/kademlia/message.rb

@@ -17,12 +17,12 @@ module Proto
 #
 ##
 module Kademlia
-  # The header that non-compressed Kad messages use
-  STANDARD_PACKET = 0xE4
-  # The header that compressed Kad messages use, which is currently unsupported
-  COMPRESSED_PACKET = 0xE5
-
   class Message
+    # The header that non-compressed Kad messages use
+    STANDARD_PACKET = 0xE4
+    # The header that compressed Kad messages use, which is currently unsupported
+    COMPRESSED_PACKET = 0xE5
+
     attr_accessor :type, :body
 
     # @param type [String] the message type
@@ -36,7 +36,7 @@ def self.from_data(data)
       return if data.length < 2
       header, type = data.unpack('CC')
       if header == COMPRESSED_PACKET
-        fail NotImplementedError, "Unable to handle #{message.length}-byte compressed Kademlia message"
+        fail NotImplementedError, "Unable to handle #{data.length}-byte compressed Kademlia message"
       end
       return if header != STANDARD_PACKET
       Message.new(type, data[2, data.length])
@@ -45,6 +45,10 @@ def self.from_data(data)
     def to_str
       [STANDARD_PACKET, @type].pack('CC') + @body
     end
+
+    def ==(other)
+      type == other.type && body == other.body
+    end
   end
 end
 end

lib/rex/proto/kademlia/ping.rb

@@ -0,0 +1,19 @@
+# -*- coding: binary -*-
+
+require 'rex/proto/kademlia/message'
+
+module Rex
+module Proto
+module Kademlia
+  # Opcode for a PING request
+  PING = 0x60
+
+  # A Kademlia ping message.
+  class Ping < Message
+    def initialize
+      super(PING)
+    end
+  end
+end
+end
+end

lib/rex/proto/kademlia/pong.rb

@@ -0,0 +1,34 @@
+# -*- coding: binary -*-
+
+require 'rex/proto/kademlia/message'
+
+module Rex
+module Proto
+module Kademlia
+  # Opcode for a PING response
+  PONG = 0x61
+
+  # A Kademlia pong message.
+  class Pong < Message
+    # the source port from which the PING was received
+    attr_reader :port
+
+    def initialize(port = nil)
+      super(PONG)
+      @port = port
+    end
+
+    def self.from_data(data)
+      message = super(data)
+      return if message.type != PONG
+      return if message.body.size != 2
+      Pong.new(message.body.unpack('v')[0])
+    end
+
+    def to_str
+      super + [@port].pack('v')
+    end
+  end
+end
+end
+end

lib/rex/proto/kademlia/util.rb

@@ -0,0 +1,22 @@
+# -*- coding: binary -*-
+
+module Rex
+module Proto
+module Kademlia
+  # Decodes an on-the-wire representation of a Kademlia peer to its 16-character hex equivalent
+  #
+  # @param bytes [String] the on-the-wire representation of a Kademlia peer
+  # @return [String] the peer ID if valid, nil otherwise
+  def self.decode_peer_id(bytes)
+    peer_id = 0
+    return nil unless bytes.size == 16
+    bytes.unpack('VVVV').map { |p| peer_id = ((peer_id << 32) ^ p) }
+    peer_id.to_s(16).upcase
+  end
+
+  # TODO
+  # def encode_peer_id(id)
+  # end
+end
+end
+end

modules/auxiliary/scanner/kademlia/server_info.rb

@@ -46,9 +46,9 @@ def initialize(info = {})
   def build_probe
     @probe ||= case action.name
                when 'BOOTSTRAP'
-                 bootstrap
+                 BootstrapRequest.new
                when 'PING'
-                 ping
+                 Ping.new
                end
   end
 
@@ -58,22 +58,22 @@ def scanner_process(response, src_host, src_port)
 
     case action.name
     when 'BOOTSTRAP'
-      peer_id, tcp_port, version, peers = decode_bootstrap_res(response)
-      info = {
-        peer_id: peer_id,
-        tcp_port: tcp_port,
-        version: version,
-        peers: peers
-      }
-      if datastore['VERBOSE']
-      else
-        print_good("#{peer} ID #{peer_id}, TCP port #{tcp_port}, version #{version}, #{peers.size} peers")
+      if bootstrap_res = BootstrapResponse.from_data(response)
+        info = {
+          peer_id: bootstrap_res.peer_id,
+          tcp_port: bootstrap_res.tcp_port,
+          version: bootstrap_res.version,
+          peers: bootstrap_res.peers
+        }
+        print_good("#{peer} ID #{bootstrap_res.peer_id}, TCP port #{bootstrap_res.tcp_port}," +
+                   " version #{bootstrap_res.version}, #{bootstrap_res.peers.size} peers")
       end
     when 'PING'
-      udp_port = decode_pong(response)
-      print_good("#{peer} PONG")
-      # udp_port should match the port we contacted it from.  TODO: validate this?
-      info = { udp_port: udp_port }
+      if pong = Pong.from_data(response)
+        print_good("#{peer} PONG port #{pong.port}")
+        # port should match the port we contacted it from.  TODO: validate this?
+        info = { udp_port: pong.port }
+      end
     end
 
     return unless info