Armitage 02.12.13 - Distributed Operations

This update adds the ability to manage multiple team server instances
through one Armitage client. This update also adds nickname completion
to the event log. Several bug fixes are included too.

Author: rsmudge

data/armitage/armitage.jar

@@ -1,6 +1,29 @@
 Armitage Changelog
 ==================
 
+12 Feb 13 (tested against msf 16438)
+---------
+- Fixed a corner case preventing the display of removed host labels 
+  when connected to a team server.
+- Fixed RPC call cache corruption in team server mode. This bug could 
+  lead to some exploits defaulting to a shell payload when meterpreter 
+  was a possibility.
+- Slight optimization to some DB queries. I no longer pull unused
+  fields making the query marginally faster. Team server is more
+  efficient too as changes to unused fields won't force data (re)sync.
+- Hosts -> Clear Database now clears host labels too.
+- Added the ability to manage multiple team server instances through
+  Armitage. Go to Armitage -> New Connection to connect to another
+  server. A button bar will appear that allows you to switch active
+  Armitage connections.
+	- Credentials available across instances are pooled when using
+ 	  the [host] -> Login menu and the credential helper.
+- Rewrote the event log management code in the team server
+- Added nickname tab completion to event log. I feel like I'm writing
+  an IRC client again.
+- Hosts -> Clear Database now asks you to confirm the action.
+- Hosts -> Import Hosts announces successful import to event log again.
+
 23 Jan 13 (tested against msf 16351)
 ---------
 - Added helpers to set EXE::Custom and EXE::Template options.

data/armitage/cortana.jar

@@ -3,7 +3,7 @@
 		<center><h1>Armitage 1.45</h1></center>
 
 		<p>An attack management tool for Metasploit&reg;
-		<br />Release: 23 Jan 13</p>
+		<br />Release: 12 Feb 13</p>
 		<br />
 		<p>Developed by:</p>
 

data/armitage/whatsnew.txt

@@ -9,6 +9,9 @@ import msf.*;
 
 # setg("varname", "value")
 sub setg {
+	if ($1 eq "LHOST") {
+		call_async("armitage.set_ip", $2);
+	}
 	cmd_safe("setg $1 $2");
 }
 

external/source/armitage/resources/about.html

@@ -15,7 +15,7 @@ import graph.*;
 
 import java.awt.image.*;
 
-global('$frame $tabs $menubar $msfrpc_handle $REMOTE $cortana $MY_ADDRESS');
+global('$frame $tabs $menubar $msfrpc_handle $REMOTE $cortana $MY_ADDRESS $DESCRIBE @CLOSEME');
 
 sub describeHost {
 	local('$desc');
@@ -165,13 +165,19 @@ sub _connectToMetasploit {
 				$aclient = [new RpcAsync: $client];
 				$mclient = $client;
 				initConsolePool();
+				$DESCRIBE = "localhost";
 			}
 			# we have a team server... connect and authenticate to it.
 			else {
 				$client = c_client($1, $2);
 				setField(^msf.MeterpreterSession, DEFAULT_WAIT => 20000L);
 				$mclient = setup_collaboration($3, $4, $1, $2);
 				$aclient = $mclient;
+
+				if ($mclient is $null) {
+					[$progress close];
+					return;
+				}
 			}
 			$flag = $null;
 		}
@@ -319,28 +325,23 @@ sub postSetup {
 }
 
 sub main {
-        local('$console $panel $dir');
+        local('$console $panel $dir $app');
 
-	$frame = [new ArmitageApplication];
+	$frame = [new ArmitageApplication: $__frame__, $DESCRIBE, $mclient];
 	[$frame setTitle: $TITLE];
-        [$frame setSize: 800, 600];
-
+	[$frame setIconImage: [ImageIO read: resource("resources/armitage-icon.gif")]];
 	init_menus($frame);
 	initLogSystem();
 
-	[$frame setIconImage: [ImageIO read: resource("resources/armitage-icon.gif")]];
-        [$frame show];
-	[$frame setExtendedState: [JFrame MAXIMIZED_BOTH]];
-
 	# this window listener is dead-lock waiting to happen. That's why we're adding it in a
 	# separate thread (Sleep threads don't share data/locks).
 	fork({
-		[$frame addWindowListener: {
+		[$__frame__ addWindowListener: {
 			if ($0 eq "windowClosing" && $msfrpc_handle !is $null) {
 				closef($msfrpc_handle);
 			}
 		}];
-	}, \$msfrpc_handle, \$frame);
+	}, \$msfrpc_handle, \$__frame__);
 
 	dispatchEvent({
 		if ($client !is $mclient) {
@@ -371,7 +372,6 @@ sub checkDir {
 	}
 }
 
-setLookAndFeel();
 checkDir();
 
 if ($CLIENT_CONFIG !is $null && -exists $CLIENT_CONFIG) {

external/source/armitage/scripts-cortana/internal.sl

@@ -23,6 +23,7 @@ sub createEventLogTab {
 		$client = [$cortana getEventLog: $console];
 		[$client setEcho: $null];
 		[$console updatePrompt: "> "];
+		[new EventLogTabCompletion: $console, $mclient];
 	}
 	else {
 		[$console updateProperties: $preferences];
@@ -63,6 +64,7 @@ sub c_client {
 	# run this thing in its own thread to avoid really stupid deadlock situations
 	local('$handle');
 	$handle = [[new SecureSocket: $1, int($2), &verify_server] client];
+	push(@CLOSEME, $handle);
 	return wait(fork({
 		local('$client');
 		$client = newInstance(^RpcConnection, lambda({
@@ -91,9 +93,11 @@ sub setup_collaboration {
 	%r = call($mclient, "armitage.validate", $1, $2, $nick, "armitage", 120326);
 	if (%r["error"] eq "1") {
 		showErrorAndQuit(%r["message"]);
+		return $null;
 	}
 
 	%r = call($client, "armitage.validate", $1, $2, $null, "armitage", 120326);
+	$DESCRIBE = "$nick $+ @ $+ $3";
 	return $mclient;
 }
 

external/source/armitage/scripts/armitage.sl

@@ -95,13 +95,13 @@ sub dispatchEvent {
 
 sub showError {
 	dispatchEvent(lambda({
-		[JOptionPane showMessageDialog: $frame, $message];
+		[JOptionPane showMessageDialog: $__frame__, $message];
 	}, $message => $1));
 }
 
 sub showErrorAndQuit {
-	[JOptionPane showMessageDialog: $frame, $1];
-	[System exit: 0];
+	[JOptionPane showMessageDialog: $__frame__, $1];
+	[$__frame__ closeConnect];
 }
 
 sub ask {
@@ -155,7 +155,7 @@ sub chooseFile {
 		[$fc setFileSelectionMode: [JFileChooser DIRECTORIES_ONLY]];
 	}
 
-	[$fc showOpenDialog: $frame];
+	[$fc showOpenDialog: $__frame__];
 
 	if ($multi) {
 		return [$fc getSelectedFiles];
@@ -179,17 +179,18 @@ sub saveFile2 {
 		[$fc setSelectedFile: [new java.io.File: $sel]];
 	}
 
-	[$fc showSaveDialog: $frame];
-	$file = [$fc getSelectedFile];
-	if ($file !is $null) {
-		return $file;
+	if ([$fc showSaveDialog: $__frame__] == 0) {
+		$file = [$fc getSelectedFile];
+		if ($file !is $null) {
+			return $file;
+		}
 	}
 }
 
 sub saveFile {
 	local('$fc $file');
 	$fc = [new JFileChooser];
-	[$fc showSaveDialog: $frame];
+	[$fc showSaveDialog: $__frame__];
 	$file = [$fc getSelectedFile];
 	if ($file !is $null) {
 		local('$ihandle $data $ohandle');
@@ -250,18 +251,26 @@ sub left {
 
 sub dialog {
 	local('$dialog $4');
-        $dialog = [new JDialog: $frame, $1];
+        $dialog = [new JDialog: $__frame__, $1];
         [$dialog setSize: $2, $3];
         [$dialog setLayout: [new BorderLayout]];
-        [$dialog setLocationRelativeTo: $frame];
+        [$dialog setLocationRelativeTo: $__frame__];
 	return $dialog;
 }
 
 sub window {
 	local('$dialog $4');
         $dialog = [new JFrame: $1];
 	[$dialog setIconImage: [ImageIO read: resource("resources/armitage-icon.gif")]];
-	[$dialog setDefaultCloseOperation: [JFrame EXIT_ON_CLOSE]];
+
+	fork({
+		[$dialog addWindowListener: {
+			if ($0 eq "windowClosing") {
+				[$__frame__ closeConnect];
+			}
+		}];
+	}, \$__frame__, \$dialog);
+
         [$dialog setSize: $2, $3];
         [$dialog setLayout: [new BorderLayout]];
 	return $dialog;
@@ -277,12 +286,14 @@ sub overlay_images {
 		return %cache[join(';', $1)];
 	}
 
-	local('$file $image $buffered $graphics');
+	local('$file $image $buffered $graphics $resource');
 
         $buffered = [new BufferedImage: 1000, 776, [BufferedImage TYPE_INT_ARGB]];
 	$graphics = [$buffered createGraphics];
 	foreach $file ($1) {
-		$image = [ImageIO read: resource($file)];
+		$resource = resource($file);
+		$image = [ImageIO read: $resource];
+		closef($resource);
 		[$graphics drawImage: $image, 0, 0, 1000, 776, $null];
 	}
 
@@ -371,15 +382,6 @@ sub wrapComponent {
 	return $panel;
 }
 
-sub setLookAndFeel {
-	local('$laf');
-	foreach $laf ([UIManager getInstalledLookAndFeels]) {
-		if ([$laf getName] eq [$preferences getProperty: "application.skin.skin", "Nimbus"]) {
-			[UIManager setLookAndFeel: [$laf getClassName]];
-		}
-	}
-}
-
 sub thread {
 	local('$thread');
 	$thread = [new ArmitageThread: $1];
@@ -467,6 +469,13 @@ sub quickListDialog {
 	[$dialog setVisible: 1];
 }
 
+sub setTableColumnWidths {
+	local('$col $width $temp');
+	foreach $col => $width ($2) {
+		[[$1 getColumn: $col] setPreferredWidth: $width];
+	}
+}
+
 sub tableRenderer {
 	return [ATable getDefaultTableRenderer: $1, $2];
 }

external/source/armitage/scripts/collaborate.sl

@@ -8,10 +8,10 @@ import java.awt.event.*;
 
 sub addHostDialog {
 	local('$dialog $label $text $finish $button');
-	$dialog = [new JDialog: $frame, "Add Hosts", 0];
+	$dialog = [new JDialog: $__frame__, "Add Hosts", 0];
 	[$dialog setSize: 320, 240];
 	[$dialog setLayout: [new BorderLayout]];
-	[$dialog setLocationRelativeTo: $frame];
+	[$dialog setLocationRelativeTo: $__frame__];
 
 	$label = [new JLabel: "Enter one host/line:"];
 	$text = [new JTextArea];

external/source/armitage/scripts/gui.sl

@@ -15,8 +15,8 @@ sub logNow {
 	if ([$preferences getProperty: "armitage.log_everything.boolean", "true"] eq "true") {
 		local('$today $stream');
 		$today = formatDate("yyMMdd");
-		mkdir(getFileProper(dataDirectory(), $today, $2));
-		$stream = %logs[ getFileProper(dataDirectory(), $today, $2, "$1 $+ .log") ];
+		mkdir(getFileProper(dataDirectory(), $today, $DESCRIBE, $2));
+		$stream = %logs[ getFileProper(dataDirectory(), $today, $DESCRIBE, $2, "$1 $+ .log") ];
 		[$stream println: $3];
 	}
 }
@@ -26,8 +26,8 @@ sub logCheck {
 		local('$today');
 		$today = formatDate("yyMMdd");
 		if ($2 ne "") {
-			mkdir(getFileProper(dataDirectory(), $today, $2));
-			[$1 writeToLog: %logs[ getFileProper(dataDirectory(), $today, $2, "$3 $+ .log") ]];
+			mkdir(getFileProper(dataDirectory(), $today, $DESCRIBE, $2));
+			[$1 writeToLog: %logs[ getFileProper(dataDirectory(), $today, $DESCRIBE, $2, "$3 $+ .log") ]];
 		}
 	}
 }
@@ -38,15 +38,15 @@ sub logFile {
 		local('$today $handle $data $out');
 		$today = formatDate("yyMMdd");
 		if (-exists $1 && -canread $1) {
-			mkdir(getFileProper(dataDirectory(), $today, $2, $3));
+			mkdir(getFileProper(dataDirectory(), $today, $DESCRIBE, $2, $3));
 
 			# read in the file
 			$handle = openf($1);
 			$data = readb($handle, -1);
 			closef($handle);
 
 			# write it out.
-			$out = getFileProper(dataDirectory(), $today, $2, $3, getFileName($1));
+			$out = getFileProper(dataDirectory(), $today, $DESCRIBE, $2, $3, getFileName($1));
 			$handle = openf("> $+ $out");
 			writeb($handle, $data);
 			closef($handle);
@@ -70,7 +70,7 @@ sub initLogSystem {
 			logFile([$file getAbsolutePath], "screenshots", ".");
 			deleteFile([$file getAbsolutePath]);
 
-			showError("Saved " . getFileName($file) . "\nGo to View -> Reporting -> Activity Logs\n\nThe file is in:\n[today's date]/screenshots");
+			showError("Saved " . getFileName($file) . "\nGo to View -> Reporting -> Activity Logs\n\nThe file is in:\n[today's date]/ $+ $DESCRIBE $+ /screenshots");
 		}, \$image, \$title));
 	}];
 }