Proxy session events.

This enables modules to use report_loot with a remote data service

Author: jbarnett-r7

lib/metasploit/framework/data_service/proxy/data_proxy_auto_loader.rb

@@ -13,6 +13,7 @@ module DataProxyAutoLoader
   autoload :SessionDataProxy, 'metasploit/framework/data_service/proxy/session_data_proxy'
   autoload :ExploitDataProxy, 'metasploit/framework/data_service/proxy/exploit_data_proxy'
   autoload :LootDataProxy, 'metasploit/framework/data_service/proxy/loot_data_proxy'
+  autoload :SessionEventDataProxy, 'metasploit/framework/data_service/proxy/session_event_data_proxy'
   include ServiceDataProxy
   include HostDataProxy
   include VulnDataProxy
@@ -23,4 +24,5 @@ module DataProxyAutoLoader
   include SessionDataProxy
   include ExploitDataProxy
   include LootDataProxy
+  include SessionEventDataProxy
 end

lib/metasploit/framework/data_service/proxy/session_event_data_proxy.rb

@@ -0,0 +1,13 @@
+module SessionEventDataProxy
+
+  def report_session_event(opts)
+    begin
+      data_service = self.get_data_service()
+      # The full Session object contains in-memory instances of data we do not need to store.
+      opts[:session] = opts[:session].sid
+      data_service.report_session_event(opts)
+    rescue Exception => e
+      puts "Call to #{data_service.class}#report_session_event threw exception: #{e.message}"
+    end
+  end
+end

lib/metasploit/framework/data_service/remote/http/core.rb

@@ -59,7 +59,9 @@ def post_data(path, data_hash)
       end
     rescue Exception => e
       puts "Problem with POST request: #{e.message}"
-      puts "#{e.backtrace}"
+      e.backtrace.each do |line|
+        puts "#{line}\n"
+      end
     ensure
       @client_pool << client
     end

lib/metasploit/framework/data_service/remote/http/data_service_auto_loader.rb

@@ -12,6 +12,7 @@ module DataServiceAutoLoader
   autoload :RemoteSessionDataService, 'metasploit/framework/data_service/remote/http/remote_session_data_service'
   autoload :RemoteExploitDataService, 'metasploit/framework/data_service/remote/http/remote_exploit_data_service'
   autoload :RemoteLootDataService, 'metasploit/framework/data_service/remote/http/remote_loot_data_service'
+  autoload :RemoteSessionEventDataService, 'metasploit/framework/data_service/remote/http/remote_session_event_data_service'
   include RemoteHostDataService
   include RemoteEventDataService
   include RemoteNoteDataService
@@ -22,4 +23,5 @@ module DataServiceAutoLoader
   include RemoteSessionDataService
   include RemoteExploitDataService
   include RemoteLootDataService
+  include RemoteSessionEventDataService
 end

lib/metasploit/framework/data_service/remote/http/remote_session_event_data_service.rb

@@ -0,0 +1,12 @@
+require 'metasploit/framework/data_service/remote/http/response_data_helper'
+
+module RemoteSessionEventDataService
+  include ResponseDataHelper
+
+  SESSION_EVENT_PATH = '/api/1/msf/session_event'
+  SESSION_EVENT_SEARCH_PATH = SESSION_EVENT_PATH + "/search"
+
+  def report_session_event(opts)
+    self.post_data_async(SESSION_EVENT_PATH, opts)
+  end
+end

lib/metasploit/framework/data_service/stubs/session_event_service.rb

@@ -0,0 +1,6 @@
+module SessionEventDataService
+
+  def report_session_event(opts)
+    raise 'SessionEventDataService#report_session_event is not implemented'
+  end
+end

lib/msf/core/db_manager/http/servlet/session_event_servlet.rb

@@ -0,0 +1,34 @@
+module SessionEventServlet
+
+  def self.api_path
+    '/api/1/msf/session_event'
+  end
+
+  def self.registered(app)
+    app.get SessionEventServlet.api_path, &get_session_event
+    app.post SessionEventServlet.api_path, &report_session_event
+  end
+
+  #######
+  private
+  #######
+
+  def self.get_session_event
+    lambda {
+      begin
+        opts = parse_json_request(request, false)
+        data = get_db().session_events(opts)
+        set_json_response(data)
+      rescue Exception => e
+        set_error_on_response(e)
+      end
+    }
+  end
+
+  def self.report_session_event
+    lambda {
+      job = lambda { |opts| get_db().report_session_event(opts) }
+      exec_report_job(request, &job)
+    }
+  end
+end

lib/msf/core/db_manager/http/sinatra_app.rb

@@ -12,6 +12,7 @@
 require 'msf/core/db_manager/http/servlet/session_servlet'
 require 'msf/core/db_manager/http/servlet/exploit_servlet'
 require 'msf/core/db_manager/http/servlet/loot_servlet'
+require 'msf/core/db_manager/http/servlet/session_event_servlet'
 
 class SinatraApp < Sinatra::Base
 
@@ -31,5 +32,6 @@ class SinatraApp < Sinatra::Base
   register SessionServlet
   register ExploitServlet
   register LootServlet
+  register SessionEventServlet
 
 end

lib/msf/ui/console/command_dispatcher/db.rb

@@ -1184,7 +1184,7 @@ def cmd_loot_help
 
   def cmd_loot(*args)
     return unless active?
-  ::ActiveRecord::Base.connection_pool.with_connection {
+
     mode = :search
     host_ranges = []
     types = nil
@@ -1329,7 +1329,6 @@ def cmd_loot(*args)
     print_line
     print_line(tbl.to_s)
     print_status("Deleted #{delete_count} loots") if delete_count > 0
-  }
   end
 
   # :category: Deprecated Commands

lib/msf/util/host.rb

@@ -0,0 +1,63 @@
+# -*- coding: binary -*-
+
+module Msf
+  module Util
+    module Host
+
+      #
+      # Returns something suitable for the +:host+ parameter to the various report_* methods
+      #
+      # Takes a Host object, a Session object, an Msf::Session object or a String
+      # address
+      #
+      def self.normalize_host(host)
+        return host if defined?(::Mdm) && host.kind_of?(::Mdm::Host)
+        norm_host = nil
+
+        puts "in normalize host. host is #{host}"
+        if (host.kind_of? String)
+
+          if Rex::Socket.is_ipv4?(host)
+            # If it's an IPv4 addr with a port on the end, strip the port
+            if host =~ /((\d{1,3}\.){3}\d{1,3}):\d+/
+              norm_host = $1
+            else
+              norm_host = host
+            end
+          elsif Rex::Socket.is_ipv6?(host)
+            # If it's an IPv6 addr, drop the scope
+            address, scope = host.split('%', 2)
+            norm_host = address
+          else
+            norm_host = Rex::Socket.getaddress(host, true)
+          end
+        elsif defined?(::Mdm) && host.kind_of?(::Mdm::Session)
+          norm_host = host.host
+        elsif host.respond_to?(:session_host)
+          # Then it's an Msf::Session object
+          norm_host = host.session_host
+        end
+
+        # If we got here and don't have a norm_host yet, it could be a
+        # Msf::Session object with an empty or nil tunnel_host and tunnel_peer;
+        # see if it has a socket and use its peerhost if so.
+        if (
+        norm_host.nil? &&
+            host.respond_to?(:sock) &&
+            host.sock.respond_to?(:peerhost) &&
+            host.sock.peerhost.to_s.length > 0
+        )
+          norm_host = session.sock.peerhost
+        end
+        # If We got here and still don't have a real host, there's nothing left
+        # to try, just log it and return what we were given
+        if !norm_host
+          dlog("Host could not be normalized: #{host.inspect}")
+          norm_host = host
+        end
+
+        norm_host
+      end
+    end
+  end
+end