Add loot update

Author: jbarnett-r7

lib/metasploit/framework/data_service/proxy/loot_data_proxy.rb

@@ -29,4 +29,14 @@ def loots(wspace, opts = {})
     end
   end
   alias_method :loot, :loots
+
+  def update_loot(opts)
+    begin
+      data_service = self.get_data_service
+      data_service.update_loot(opts)
+    rescue Exception => e
+      puts "Call to #{data_service.class}#update_loot threw exception: #{e.message}"
+      e.backtrace.each { |line| puts "#{line}\n" }
+    end
+  end
 end

lib/metasploit/framework/data_service/remote/http/remote_loot_data_service.rb

@@ -31,6 +31,16 @@ def report_loots(loot)
     self.post_data(LOOT_API_PATH, loot)
   end
 
+  def update_loot(opts)
+    $stderr.puts "RemoteLootDataService.update_host(): opts = #{opts}"  # TODO: remove
+    path = LOOT_API_PATH
+    if opts && opts[:id]
+      id = opts.delete(:id)
+      path = "#{LOOT_API_PATH}/#{id}"
+    end
+    json_to_mdm_object(self.put_data(path, opts), LOOT_MDM_CLASS, [])
+  end
+
   def delete_loot(opts)
     json_to_mdm_object(self.delete_data(LOOT_API_PATH, opts), LOOT_MDM_CLASS, [])
   end

lib/msf/core/db_manager/http/servlet/loot_servlet.rb

@@ -4,9 +4,14 @@ def self.api_path
     '/api/v1/loots'
   end
 
+  def self.api_path_with_id
+    "#{LootServlet.api_path}/?:id?"
+  end
+
   def self.registered(app)
     app.get LootServlet.api_path, &get_loot
     app.post LootServlet.api_path, &report_loot
+    app.put LootServlet.api_path, &udpate_loot
     app.delete LootServlet.api_path, &delete_loot
   end
 
@@ -42,6 +47,18 @@ def self.report_loot
     }
   end
 
+  def self.update_loot
+    lambda {
+      begin
+        opts = parse_json_request(request, false)
+        data = get_db().delete_loot(opts)
+        set_json_response(data)
+      rescue Exception => e
+        set_error_on_response(e)
+      end
+    }
+  end
+
   def self.delete_loot
     lambda {
       begin

lib/msf/core/db_manager/loot.rb

@@ -91,6 +91,18 @@ def report_loot(opts)
   }
   end
 
+  def update_loot(opts)
+    wspace = opts.delete(:workspace) || opts.delete(:wspace) || workspace
+    if wspace.kind_of? String
+      wspace = find_workspace(wspace)
+    end
+
+    ::ActiveRecord::Base.connection_pool.with_connection {
+      id = opts.delete(:id)
+      Mdm::Loot.update(id, opts)
+    }
+  end
+
   # Deletes Loot entries based on the IDs passed in.
   #
   # @param opts[:ids] [Array] Array containing Integers corresponding to the IDs of the Loot entries to delete.

lib/msf/ui/console/command_dispatcher/db.rb

@@ -1308,6 +1308,8 @@ def cmd_loot(*args)
                   types = typelist.strip().split(",")
                 when '-S', '--search'
                   search_term = args.shift
+                when '-u', '--update'
+                  mode = :update
                 when '-h','--help'
                   cmd_loot_help
                   return
@@ -1376,6 +1378,17 @@ def cmd_loot(*args)
               #   )
               # end
               row = []
+              if mode == :update
+                begin
+                  loot.info = info if info
+                  loot.filename = filename if filename
+                  loot.ltype = types if types
+                  framework.db.update_loot(loot.as_json.symbolize_keys)
+                rescue Exception => e
+                  elog "There was an error updating loot with ID #{loot.id}: #{e.message}"
+                  next
+                end
+              end
               row.push( ((loot.host && loot.host.address) ? loot.host.address : "") )
               if (loot.service)
                 svc = (loot.service.name ? loot.service.name : "#{loot.service.port}/#{loot.service.proto}")