Update Mdm to staging hash

Author: trevrosen

Gemfile

@@ -3,6 +3,8 @@ source 'https://rubygems.org'
 #   spec.add_runtime_dependency '<name>', [<version requirements>]
 gemspec name: 'metasploit-framework'
 
+gem 'metasploit_data_models', git: 'https://github.com/rapid7/metasploit_data_models.git', branch: 'staging/single-vuln-push'
+
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
   # code coverage for tests

Gemfile.lock

@@ -1,3 +1,9 @@
+GIT
+  remote: https://github.com/rapid7/metasploit_data_models.git
+  revision: 532eedb5f5f68396380dc16355537ebee25ffa0d
+  branch: staging/single-vuln-push
+  specs:
+
 PATH
   remote: .
   specs:
@@ -101,11 +107,11 @@ GEM
     gherkin (2.11.6)
       json (>= 1.7.6)
     hike (1.2.3)
-    i18n (0.6.11)
+    i18n (0.7.0)
     journey (1.0.4)
     jsobfu (0.2.1)
       rkelly-remix (= 0.0.6)
-    json (1.8.1)
+    json (1.8.2)
     mail (2.5.4)
       mime-types (~> 1.16)
       treetop (~> 1.4.8)
@@ -135,11 +141,11 @@ GEM
     meterpreter_bins (0.0.16)
     method_source (0.8.2)
     mime-types (1.25.1)
-    mini_portile (0.6.1)
+    mini_portile (0.6.2)
     msgpack (0.5.11)
     multi_json (1.0.4)
     network_interface (0.0.1)
-    nokogiri (1.6.5)
+    nokogiri (1.6.6.2)
       mini_portile (~> 0.6.0)
     packetfu (1.1.9)
     pcaprub (0.11.3)
@@ -154,7 +160,7 @@ GEM
       rack (>= 0.4)
     rack-ssl (1.3.4)
       rack
-    rack-test (0.6.2)
+    rack-test (0.6.3)
       rack (>= 1.0)
     rails (3.2.21)
       actionmailer (= 3.2.21)
@@ -175,7 +181,7 @@ GEM
     rb-readline-r7 (0.5.2.0)
     rdoc (3.12.2)
       json (~> 1.4)
-    recog (1.0.16)
+    recog (1.0.24)
       nokogiri
     redcarpet (3.1.2)
     rkelly-remix (0.0.6)
@@ -219,7 +225,7 @@ GEM
     treetop (1.4.15)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.42)
+    tzinfo (0.3.43)
     xpath (2.0.0)
       nokogiri (~> 1.3)
     yard (0.8.7.4)
@@ -236,6 +242,7 @@ DEPENDENCIES
   metasploit-framework!
   metasploit-framework-db!
   metasploit-framework-pcap!
+  metasploit_data_models!
   pry
   rake (>= 10.0.0)
   redcarpet

db/schema.rb

@@ -11,14 +11,55 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20150212214222) do
+ActiveRecord::Schema.define(:version => 20150312155312) do
 
   create_table "api_keys", :force => true do |t|
     t.text     "token"
     t.datetime "created_at", :null => false
     t.datetime "updated_at", :null => false
   end
 
+  create_table "automatic_exploitation_match_results", :force => true do |t|
+    t.integer  "match_id"
+    t.integer  "run_id"
+    t.string   "state",      :null => false
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
+  end
+
+  create_table "automatic_exploitation_match_sets", :force => true do |t|
+    t.integer  "workspace_id"
+    t.integer  "user_id"
+    t.datetime "created_at",   :null => false
+    t.datetime "updated_at",   :null => false
+  end
+
+  add_index "automatic_exploitation_match_sets", ["user_id"], :name => "index_automatic_exploitation_match_sets_on_user_id"
+  add_index "automatic_exploitation_match_sets", ["workspace_id"], :name => "index_automatic_exploitation_match_sets_on_workspace_id"
+
+  create_table "automatic_exploitation_matches", :force => true do |t|
+    t.integer  "module_detail_id"
+    t.string   "state"
+    t.integer  "nexpose_data_vulnerability_definition_id"
+    t.datetime "created_at",                               :null => false
+    t.datetime "updated_at",                               :null => false
+    t.integer  "match_set_id"
+    t.string   "matchable_type"
+    t.integer  "matchable_id"
+    t.text     "module_fullname"
+  end
+
+  add_index "automatic_exploitation_matches", ["module_detail_id"], :name => "index_automatic_exploitation_matches_on_ref_id"
+  add_index "automatic_exploitation_matches", ["module_fullname"], :name => "index_automatic_exploitation_matches_on_module_fullname"
+
+  create_table "automatic_exploitation_runs", :force => true do |t|
+    t.integer  "workspace_id"
+    t.integer  "user_id"
+    t.integer  "match_set_id"
+    t.datetime "created_at",   :null => false
+    t.datetime "updated_at",   :null => false
+  end
+
   create_table "clients", :force => true do |t|
     t.integer  "host_id"
     t.datetime "created_at"
@@ -102,7 +143,7 @@
 
   create_table "hosts", :force => true do |t|
     t.datetime "created_at"
-    t.string   "address",               :limit => nil,                  :null => false
+    t.string   "address",                                               :null => false
     t.string   "mac"
     t.string   "comm"
     t.string   "name"
@@ -155,19 +196,22 @@
   end
 
   create_table "loots", :force => true do |t|
-    t.integer  "workspace_id",                 :default => 1, :null => false
+    t.integer  "workspace_id",                  :default => 1, :null => false
     t.integer  "host_id"
     t.integer  "service_id"
-    t.string   "ltype",        :limit => 512
-    t.string   "path",         :limit => 1024
+    t.string   "ltype",         :limit => 512
+    t.string   "path",          :limit => 1024
     t.text     "data"
-    t.datetime "created_at",                                  :null => false
-    t.datetime "updated_at",                                  :null => false
+    t.datetime "created_at",                                   :null => false
+    t.datetime "updated_at",                                   :null => false
     t.string   "content_type"
     t.text     "name"
     t.text     "info"
+    t.integer  "module_run_id"
   end
 
+  add_index "loots", ["module_run_id"], :name => "index_loots_on_module_run_id"
+
   create_table "macros", :force => true do |t|
     t.datetime "created_at",  :null => false
     t.datetime "updated_at",  :null => false
@@ -359,6 +403,24 @@
   add_index "module_refs", ["detail_id"], :name => "index_module_refs_on_module_detail_id"
   add_index "module_refs", ["name"], :name => "index_module_refs_on_name"
 
+  create_table "module_runs", :force => true do |t|
+    t.datetime "attempted_at"
+    t.text     "fail_detail"
+    t.string   "fail_reason"
+    t.integer  "module_detail_id"
+    t.text     "module_full_name"
+    t.integer  "port"
+    t.string   "proto"
+    t.integer  "session_id"
+    t.string   "status"
+    t.integer  "trackable_id"
+    t.string   "trackable_type"
+    t.integer  "user_id"
+    t.string   "username"
+    t.datetime "created_at",       :null => false
+    t.datetime "updated_at",       :null => false
+  end
+
   create_table "module_targets", :force => true do |t|
     t.integer "detail_id"
     t.integer "index"
@@ -481,13 +543,16 @@
     t.integer  "port"
     t.string   "platform"
     t.text     "datastore"
-    t.datetime "opened_at",    :null => false
+    t.datetime "opened_at",     :null => false
     t.datetime "closed_at"
     t.string   "close_reason"
     t.integer  "local_id"
     t.datetime "last_seen"
+    t.integer  "module_run_id"
   end
 
+  add_index "sessions", ["module_run_id"], :name => "index_sessions_on_module_run_id"
+
   create_table "tags", :force => true do |t|
     t.integer  "user_id"
     t.string   "name",           :limit => 1024
@@ -688,7 +753,7 @@
 
   create_table "wmap_requests", :force => true do |t|
     t.string   "host"
-    t.string   "address",    :limit => nil
+    t.string   "address"
     t.integer  "port"
     t.integer  "ssl"
     t.string   "meth",       :limit => 32
@@ -705,7 +770,7 @@
 
   create_table "wmap_targets", :force => true do |t|
     t.string   "host"
-    t.string   "address",    :limit => nil
+    t.string   "address"
     t.integer  "port"
     t.integer  "ssl"
     t.integer  "selected"

lib/msf/core/db_manager/exploit_attempt.rb

@@ -209,4 +209,4 @@ def report_exploit_success(opts)
     host.exploit_attempts.create(attempt_info)
   }
   end
-end
+end

lib/msf/core/db_manager/session.rb

@@ -121,7 +121,6 @@ def report_session(opts)
     else
       raise ArgumentError.new("Missing option :session or :host")
     end
-    ret = {}
 
     # Truncate the session data if necessary
     if sess_data[:desc]
@@ -145,61 +144,80 @@ def report_session(opts)
       end
     end
 
-
     if opts[:session]
       session.db_record = s
+      if session.assoc_exploit.user_data_is_match?
+        # do some shit with the match
+        MetasploitDataModels::AutomaticExploitation::MatchResult.create!(
+          match: session.assoc_exploit.user_data[:match],
+          match_set: session.assoc_exploit.user_data[:match_set],
+          run: session.assoc_exploit.user_data[:run],
+          state: 'succeeded',
+        )
+      elsif session.via_exploit
+        # This is a live session, we know the host is vulnerable to something.
+        infer_vuln_from_session(session, wspace)
+      end
     end
 
-    # If this is a live session, we know the host is vulnerable to something.
-    if opts[:session] and session.via_exploit
-      mod = framework.modules.create(session.via_exploit)
+    s
+  }
+  end
+
+  protected
 
-      if session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']
-        mod_fullname = sess_data[:datastore]['ParentModule']
-        mod_name = ::Mdm::Module::Detail.find_by_fullname(mod_fullname).name
-      else
-        mod_name = mod.name
-        mod_fullname = mod.fullname
-      end
+  # @param session [Msf::Session] A session with a {db_record Msf::Session#db_record}
+  # @param wspace [Mdm::Workspace]
+  # @return [void]
+  def infer_vuln_from_session(session, wspace)
+    s = session.db_record
+    host = session.db_record.host
 
-      vuln_info = {
-        :host => host.address,
-        :name => mod_name,
-        :refs => mod.references,
-        :workspace => wspace,
-        :exploited_at => Time.now.utc,
-        :info => "Exploited by #{mod_fullname} to create Session #{s.id}"
-      }
+    mod = framework.modules.create(session.via_exploit)
 
-      port    = session.exploit_datastore["RPORT"]
-      service = (port ? host.services.find_by_port(port.to_i) : nil)
+    if session.via_exploit == "exploit/multi/handler" and session.exploit_datastore['ParentModule']
+      mod_fullname = session.exploit_datastore['ParentModule']
+      mod_name = ::Mdm::Module::Detail.find_by_fullname(mod_fullname).name
+    else
+      mod_name = mod.name
+      mod_fullname = mod.fullname
+    end
 
-      vuln_info[:service] = service if service
+    vuln_info = {
+      :host => host.address,
+      :name => mod_name,
+      :refs => mod.references,
+      :workspace => wspace,
+      :exploited_at => Time.now.utc,
+      :info => "Exploited by #{mod_fullname} to create Session #{s.id}"
+    }
 
-      vuln = framework.db.report_vuln(vuln_info)
+    port    = session.exploit_datastore["RPORT"]
+    service = (port ? host.services.find_by_port(port.to_i) : nil)
 
-      if session.via_exploit == "exploit/multi/handler" and sess_data[:datastore]['ParentModule']
-        via_exploit = sess_data[:datastore]['ParentModule']
-      else
-        via_exploit = session.via_exploit
-      end
-      attempt_info = {
-        :timestamp   => Time.now.utc,
-        :workspace   => wspace,
-        :module      => via_exploit,
-        :username    => session.username,
-        :refs        => mod.references,
-        :session_id  => s.id,
-        :host        => host,
-        :service     => service,
-        :vuln        => vuln
-      }
+    vuln_info[:service] = service if service
 
-      framework.db.report_exploit_success(attempt_info)
+    vuln = framework.db.report_vuln(vuln_info)
 
+    if session.via_exploit == "exploit/multi/handler" and session.exploit_datastore['ParentModule']
+      via_exploit = session.exploit_datastore['ParentModule']
+    else
+      via_exploit = session.via_exploit
     end
+    attempt_info = {
+      :timestamp   => Time.now.utc,
+      :workspace   => wspace,
+      :module      => via_exploit,
+      :username    => session.username,
+      :refs        => mod.references,
+      :session_id  => s.id,
+      :host        => host,
+      :service     => service,
+      :vuln        => vuln
+    }
+
+    framework.db.report_exploit_success(attempt_info)
 
-    s
-  }
   end
-end
+
+end