adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/DBManager/Import/Libpcap.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

760 lines
56 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::DBManager::Import::Libpcap
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::DBManager::Import::Libpcap";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (L)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../DBManager.html" title="Msf::DBManager (class)">DBManager</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Import.html" title="Msf::DBManager::Import (module)">Import</a></span></span>
&raquo;
<span class="title">Libpcap</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::DBManager::Import::Libpcap
</h1>
<div class="box_info">
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="../Import.html" title="Msf::DBManager::Import (module)">Msf::DBManager::Import</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/db_manager/import/libpcap.rb</dd>
</dl>
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#import_libpcap-instance_method" title="#import_libpcap (instance method)">#<strong>import_libpcap</strong>(args = {}, &amp;block) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>The libpcap file format is handled by PacketFu for data extraction.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#import_libpcap_file-instance_method" title="#import_libpcap_file (instance method)">#<strong>import_libpcap_file</strong>(args = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#inspect_single_packet-instance_method" title="#inspect_single_packet (instance method)">#<strong>inspect_single_packet</strong>(pkt, wspace, args) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Do all the single packet analysis we can while churning through the pcap the first time.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#inspect_single_packet_http-instance_method" title="#inspect_single_packet_http (instance method)">#<strong>inspect_single_packet_http</strong>(pkt, wspace, args) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Checks for packets that are headed towards port 80, are tcp, contain an HTTP/1.0 line, contains an Authorization line, contains a b64-encoded credential, and extracts it.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="import_libpcap-instance_method">
#<strong>import_libpcap</strong>(args = {}, &amp;block) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>The libpcap file format is handled by PacketFu for data extraction. TODO: Make this its own mixin, and possibly extend PacketFu to do better stream analysis on the fly.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/db_manager/import/libpcap.rb', line 5</span>
<span class='kw'>def</span> <span class='id identifier rubyid_import_libpcap'>import_libpcap</span><span class='lparen'>(</span><span class='id identifier rubyid_args'>args</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='comma'>,</span> <span class='op'>&amp;</span><span class='id identifier rubyid_block'>block</span><span class='rparen'>)</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:data</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_wspace'>wspace</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Util.html" title="Msf::Util (module)">Util</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../Util/DBManager.html" title="Msf::Util::DBManager (module)">DBManager</a></span></span><span class='period'>.</span><span class='id identifier rubyid_process_opts_workspace'><span class='object_link'><a href="../../Util/DBManager.html#process_opts_workspace-class_method" title="Msf::Util::DBManager.process_opts_workspace (method)">process_opts_workspace</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_args'>args</span><span class='comma'>,</span> <span class='id identifier rubyid_framework'>framework</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span>
<span class='id identifier rubyid_bl'>bl</span> <span class='op'>=</span> <span class='id identifier rubyid_validate_ips'>validate_ips</span><span class='lparen'>(</span><span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:blacklist</span><span class='rbracket'>]</span><span class='rparen'>)</span> <span class='op'>?</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:blacklist</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span> <span class='op'>:</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='comment'># seen_hosts is only used for determining when to yield an address. Once we get
</span> <span class='comment'># some packet analysis going, the values will have all sorts of info. The plan
</span> <span class='comment'># is to run through all the packets as a first pass and report host and service,
</span> <span class='comment'># then, once we have everything parsed, we can reconstruct sessions and ngrep
</span> <span class='comment'># out things like authentication sequences, examine ttl&#39;s and window sizes, all
</span> <span class='comment'># kinds of crazy awesome stuff like that.
</span> <span class='id identifier rubyid_seen_hosts'>seen_hosts</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span>
<span class='id identifier rubyid_decoded_packets'>decoded_packets</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='id identifier rubyid_last_count'>last_count</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='id identifier rubyid_data'>data</span><span class='period'>.</span><span class='id identifier rubyid_read_packet_bytes'>read_packet_bytes</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_p'>p</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_decoded_packets'>decoded_packets</span> <span class='op'>&gt;=</span> <span class='id identifier rubyid_last_count'>last_count</span> <span class='op'>+</span> <span class='int'>1000</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='id identifier rubyid_block'>block</span>
<span class='kw'>yield</span><span class='lparen'>(</span><span class='symbol'>:pcap_count</span><span class='comma'>,</span> <span class='id identifier rubyid_decoded_packets'>decoded_packets</span><span class='rparen'>)</span>
<span class='id identifier rubyid_last_count'>last_count</span> <span class='op'>=</span> <span class='id identifier rubyid_decoded_packets'>decoded_packets</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_decoded_packets'>decoded_packets</span> <span class='op'>+=</span> <span class='int'>1</span>
<span class='id identifier rubyid_pkt'>pkt</span> <span class='op'>=</span> <span class='const'>PacketFu</span><span class='op'>::</span><span class='const'>Packet</span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_p'>p</span><span class='rparen'>)</span> <span class='kw'>rescue</span> <span class='kw'>next</span> <span class='comment'># Just silently skip bad packets
</span>
<span class='kw'>next</span> <span class='kw'>unless</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_is_ip?'>is_ip?</span> <span class='comment'># Skip anything that&#39;s not IP. Technically, not Ethernet::Ip
</span> <span class='kw'>next</span> <span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_is_tcp?'>is_tcp?</span> <span class='op'>&amp;&amp;</span> <span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_src'>tcp_src</span> <span class='op'>==</span> <span class='int'>0</span> <span class='op'>||</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_dst'>tcp_dst</span> <span class='op'>==</span> <span class='int'>0</span><span class='rparen'>)</span> <span class='comment'># Skip port 0
</span> <span class='kw'>next</span> <span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_is_udp?'>is_udp?</span> <span class='op'>&amp;&amp;</span> <span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span> <span class='op'>==</span> <span class='int'>0</span> <span class='op'>||</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_dst'>udp_dst</span> <span class='op'>==</span> <span class='int'>0</span><span class='rparen'>)</span> <span class='comment'># Skip port 0
</span> <span class='id identifier rubyid_saddr'>saddr</span> <span class='op'>=</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_ip_saddr'>ip_saddr</span>
<span class='id identifier rubyid_daddr'>daddr</span> <span class='op'>=</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_ip_daddr'>ip_daddr</span>
<span class='comment'># Handle blacklists and obviously useless IP addresses, and report the host.
</span> <span class='kw'>next</span> <span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_bl'>bl</span> <span class='op'>|</span> <span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='comma'>,</span><span class='id identifier rubyid_daddr'>daddr</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span> <span class='op'>==</span> <span class='id identifier rubyid_bl'>bl</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span> <span class='comment'># Both hosts are blacklisted, skip everything.
</span> <span class='kw'>unless</span><span class='lparen'>(</span> <span class='id identifier rubyid_bl'>bl</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rparen'>)</span> <span class='op'>||</span> <span class='id identifier rubyid_rfc3330_reserved'>rfc3330_reserved</span><span class='lparen'>(</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>yield</span><span class='lparen'>(</span><span class='symbol'>:address</span><span class='comma'>,</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='id identifier rubyid_block'>block</span> <span class='kw'>and</span> <span class='op'>!</span><span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='period'>.</span><span class='id identifier rubyid_keys'>keys</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_msf_import_host'>msf_import_host</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span>
<span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_saddr'>saddr</span><span class='comma'>,</span>
<span class='symbol'>:state</span> <span class='op'>=&gt;</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../HostState.html" title="Msf::HostState (module)">HostState</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../HostState.html#Alive-constant" title="Msf::HostState::Alive (constant)">Alive</a></span></span><span class='comma'>,</span>
<span class='symbol'>:task</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:task</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rbracket'>]</span> <span class='op'>||=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>unless</span><span class='lparen'>(</span> <span class='id identifier rubyid_bl'>bl</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_daddr'>daddr</span><span class='rparen'>)</span> <span class='op'>||</span> <span class='id identifier rubyid_rfc3330_reserved'>rfc3330_reserved</span><span class='lparen'>(</span><span class='id identifier rubyid_daddr'>daddr</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>yield</span><span class='lparen'>(</span><span class='symbol'>:address</span><span class='comma'>,</span><span class='id identifier rubyid_daddr'>daddr</span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='id identifier rubyid_block'>block</span> <span class='kw'>and</span> <span class='op'>!</span><span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='period'>.</span><span class='id identifier rubyid_keys'>keys</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span><span class='lparen'>(</span><span class='id identifier rubyid_daddr'>daddr</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_daddr'>daddr</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_msf_import_host'>msf_import_host</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span>
<span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_daddr'>daddr</span><span class='comma'>,</span>
<span class='symbol'>:state</span> <span class='op'>=&gt;</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../HostState.html" title="Msf::HostState (module)">HostState</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../HostState.html#Alive-constant" title="Msf::HostState::Alive (constant)">Alive</a></span></span><span class='comma'>,</span>
<span class='symbol'>:task</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:task</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_daddr'>daddr</span><span class='rbracket'>]</span> <span class='op'>||=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_is_tcp?'>is_tcp?</span> <span class='comment'># First pass on TCP packets
</span> <span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_flags'>tcp_flags</span><span class='period'>.</span><span class='id identifier rubyid_syn'>syn</span> <span class='op'>==</span> <span class='int'>1</span> <span class='kw'>and</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_flags'>tcp_flags</span><span class='period'>.</span><span class='id identifier rubyid_ack'>ack</span> <span class='op'>==</span> <span class='int'>1</span><span class='rparen'>)</span> <span class='kw'>or</span> <span class='comment'># Oh, this kills me
</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_src'>tcp_src</span> <span class='op'>&lt;</span> <span class='int'>1024</span> <span class='comment'># If it&#39;s a low port, assume it&#39;s a proper service.
</span> <span class='kw'>if</span> <span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rbracket'>]</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span> <span class='lbracket'>[</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_src'>tcp_src</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>tcp</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_msf_import_service'>msf_import_service</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span> <span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_saddr'>saddr</span><span class='comma'>,</span>
<span class='symbol'>:proto</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>tcp</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='symbol'>:port</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_src'>tcp_src</span><span class='comma'>,</span>
<span class='symbol'>:state</span> <span class='op'>=&gt;</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ServiceState.html" title="Msf::ServiceState (module)">ServiceState</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ServiceState.html#Open-constant" title="Msf::ServiceState::Open (constant)">Open</a></span></span><span class='comma'>,</span>
<span class='symbol'>:task</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:task</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rbracket'>]</span> <span class='op'>&lt;&lt;</span> <span class='lbracket'>[</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_src'>tcp_src</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>tcp</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='kw'>yield</span><span class='lparen'>(</span><span class='symbol'>:service</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>%s:%d/%s</span><span class='tstring_end'>&quot;</span></span> <span class='op'>%</span> <span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='comma'>,</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_src'>tcp_src</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>tcp</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_is_udp?'>is_udp?</span> <span class='comment'># First pass on UDP packets
</span> <span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span> <span class='op'>==</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_dst'>udp_dst</span> <span class='comment'># Very basic p2p detection.
</span> <span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='comma'>,</span><span class='id identifier rubyid_daddr'>daddr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_xaddr'>xaddr</span><span class='op'>|</span>
<span class='kw'>if</span> <span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_xaddr'>xaddr</span><span class='rbracket'>]</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_xaddr'>xaddr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span> <span class='lbracket'>[</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>udp</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_msf_import_service'>msf_import_service</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span> <span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_xaddr'>xaddr</span><span class='comma'>,</span>
<span class='symbol'>:proto</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>udp</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='symbol'>:port</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span><span class='comma'>,</span>
<span class='symbol'>:state</span> <span class='op'>=&gt;</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ServiceState.html" title="Msf::ServiceState (module)">ServiceState</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ServiceState.html#Open-constant" title="Msf::ServiceState::Open (constant)">Open</a></span></span><span class='comma'>,</span>
<span class='symbol'>:task</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:task</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_xaddr'>xaddr</span><span class='rbracket'>]</span> <span class='op'>&lt;&lt;</span> <span class='lbracket'>[</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>udp</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='kw'>yield</span><span class='lparen'>(</span><span class='symbol'>:service</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>%s:%d/%s</span><span class='tstring_end'>&quot;</span></span> <span class='op'>%</span> <span class='lbracket'>[</span><span class='id identifier rubyid_xaddr'>xaddr</span><span class='comma'>,</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>udp</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span> <span class='op'>&lt;</span> <span class='int'>1024</span> <span class='comment'># Probably a service
</span> <span class='kw'>if</span> <span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rbracket'>]</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_include?'>include?</span> <span class='lbracket'>[</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>udp</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='id identifier rubyid_msf_import_service'>msf_import_service</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span> <span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_saddr'>saddr</span><span class='comma'>,</span>
<span class='symbol'>:proto</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>udp</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='symbol'>:port</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span><span class='comma'>,</span>
<span class='symbol'>:state</span> <span class='op'>=&gt;</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ServiceState.html" title="Msf::ServiceState (module)">ServiceState</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ServiceState.html#Open-constant" title="Msf::ServiceState::Open (constant)">Open</a></span></span><span class='comma'>,</span>
<span class='symbol'>:task</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:task</span><span class='rbracket'>]</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_seen_hosts'>seen_hosts</span><span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='rbracket'>]</span> <span class='op'>&lt;&lt;</span> <span class='lbracket'>[</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>udp</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='kw'>yield</span><span class='lparen'>(</span><span class='symbol'>:service</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>%s:%d/%s</span><span class='tstring_end'>&quot;</span></span> <span class='op'>%</span> <span class='lbracket'>[</span><span class='id identifier rubyid_saddr'>saddr</span><span class='comma'>,</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_udp_src'>udp_src</span><span class='comma'>,</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>udp</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span> <span class='comment'># tcp or udp
</span>
<span class='id identifier rubyid_inspect_single_packet'>inspect_single_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span><span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span><span class='id identifier rubyid_args'>args</span><span class='rparen'>)</span>
<span class='kw'>end</span> <span class='comment'># data.body.map
</span>
<span class='comment'># Right about here, we should have built up some streams for some stream analysis.
</span> <span class='comment'># Not sure what form that will take, but people like shoving many hundreds of
</span> <span class='comment'># thousands of packets through this thing, so it&#39;ll need to be memory efficient.
</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="import_libpcap_file-instance_method">
#<strong>import_libpcap_file</strong>(args = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
119
120
121
122
123
124</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/db_manager/import/libpcap.rb', line 119</span>
<span class='kw'>def</span> <span class='id identifier rubyid_import_libpcap_file'>import_libpcap_file</span><span class='lparen'>(</span><span class='id identifier rubyid_args'>args</span><span class='op'>=</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_filename'>filename</span> <span class='op'>=</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:filename</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_data'>data</span> <span class='op'>=</span> <span class='const'>PacketFu</span><span class='op'>::</span><span class='const'>PcapFile</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='symbol'>:filename</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_filename'>filename</span><span class='rparen'>)</span>
<span class='id identifier rubyid_import_libpcap'>import_libpcap</span><span class='lparen'>(</span><span class='id identifier rubyid_args'>args</span><span class='period'>.</span><span class='id identifier rubyid_merge'>merge</span><span class='lparen'>(</span><span class='symbol'>:data</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_data'>data</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="inspect_single_packet-instance_method">
#<strong>inspect_single_packet</strong>(pkt, wspace, args) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Do all the single packet analysis we can while churning through the pcap the first time. Multiple packet inspection will come later, where we can do stream analysis, compare requests and responses, etc.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
129
130
131
132
133</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/db_manager/import/libpcap.rb', line 129</span>
<span class='kw'>def</span> <span class='id identifier rubyid_inspect_single_packet'>inspect_single_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span><span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span><span class='id identifier rubyid_args'>args</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_is_tcp?'>is_tcp?</span> <span class='kw'>or</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_is_udp?'>is_udp?</span>
<span class='id identifier rubyid_inspect_single_packet_http'>inspect_single_packet_http</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span><span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span><span class='id identifier rubyid_args'>args</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="inspect_single_packet_http-instance_method">
#<strong>inspect_single_packet_http</strong>(pkt, wspace, args) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Checks for packets that are headed towards port 80, are tcp, contain an HTTP/1.0 line, contains an Authorization line, contains a b64-encoded credential, and extracts it. Reports this credential and solidifies the service as HTTP.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/db_manager/import/libpcap.rb', line 138</span>
<span class='kw'>def</span> <span class='id identifier rubyid_inspect_single_packet_http'>inspect_single_packet_http</span><span class='lparen'>(</span><span class='id identifier rubyid_pkt'>pkt</span><span class='comma'>,</span><span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span><span class='id identifier rubyid_args'>args</span><span class='rparen'>)</span>
<span class='id identifier rubyid_task'>task</span> <span class='op'>=</span> <span class='id identifier rubyid_args'>args</span><span class='period'>.</span><span class='id identifier rubyid_fetch'>fetch</span><span class='lparen'>(</span><span class='symbol'>:task</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='comment'># First, check the server side (data from port 80).
</span> <span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_is_tcp?'>is_tcp?</span> <span class='kw'>and</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_src'>tcp_src</span> <span class='op'>==</span> <span class='int'>80</span> <span class='kw'>and</span> <span class='op'>!</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_payload'>payload</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>and</span> <span class='op'>!</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_payload'>payload</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_payload'>payload</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>^HTTP\x2f1\x2e[01]</span><span class='regexp_end'>/n</span></span>
<span class='id identifier rubyid_http_server_match'>http_server_match</span> <span class='op'>=</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_payload'>payload</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\nServer:\s+([^\r\n]+)[\r\n]</span><span class='regexp_end'>/n</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_http_server_match'>http_server_match</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>MatchData</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='id identifier rubyid_http_server_match'>http_server_match</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_msf_import_service'>msf_import_service</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span>
<span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_ip_saddr'>ip_saddr</span><span class='comma'>,</span>
<span class='symbol'>:port</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_src'>tcp_src</span><span class='comma'>,</span>
<span class='symbol'>:proto</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>tcp</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='symbol'>:name</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>http</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='symbol'>:info</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_http_server_match'>http_server_match</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='symbol'>:state</span> <span class='op'>=&gt;</span> <span class='const'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ServiceState.html" title="Msf::ServiceState (module)">ServiceState</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../ServiceState.html#Open-constant" title="Msf::ServiceState::Open (constant)">Open</a></span></span><span class='comma'>,</span>
<span class='symbol'>:task</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_task'>task</span>
<span class='rparen'>)</span>
<span class='comment'># That&#39;s all we want to know from this service.
</span> <span class='kw'>return</span> <span class='symbol'>:something_significant</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='comment'># Next, check the client side (data to port 80)
</span> <span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_is_tcp?'>is_tcp?</span> <span class='kw'>and</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_dst'>tcp_dst</span> <span class='op'>==</span> <span class='int'>80</span> <span class='kw'>and</span> <span class='op'>!</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_payload'>payload</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='kw'>and</span> <span class='op'>!</span><span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_payload'>payload</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='kw'>if</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_payload'>payload</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>[\x00-\x20]HTTP\x2f1\x2e[10]</span><span class='regexp_end'>/n</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_auth_match'>auth_match</span> <span class='op'>=</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_payload'>payload</span><span class='period'>.</span><span class='id identifier rubyid_match'>match</span><span class='lparen'>(</span><span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>\nAuthorization:\s+Basic\s+([A-Za-z0-9=\x2b]+)</span><span class='regexp_end'>/n</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_auth_match'>auth_match</span><span class='period'>.</span><span class='id identifier rubyid_kind_of?'>kind_of?</span><span class='lparen'>(</span><span class='const'>MatchData</span><span class='rparen'>)</span> <span class='kw'>and</span> <span class='id identifier rubyid_auth_match'>auth_match</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_b64_cred'>b64_cred</span> <span class='op'>=</span> <span class='id identifier rubyid_auth_match'>auth_match</span><span class='lbracket'>[</span><span class='int'>1</span><span class='rbracket'>]</span>
<span class='kw'>else</span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>end</span>
<span class='comment'># If we&#39;re this far, we can surmise that at least the client is a web browser,
</span> <span class='comment'># he thinks the server is HTTP and he just made an authentication attempt. At
</span> <span class='comment'># this point, we&#39;ll just believe everything the packet says -- validation ought
</span> <span class='comment'># to come later.
</span> <span class='id identifier rubyid_user'>user</span><span class='comma'>,</span><span class='id identifier rubyid_pass'>pass</span> <span class='op'>=</span> <span class='id identifier rubyid_b64_cred'>b64_cred</span><span class='period'>.</span><span class='id identifier rubyid_unpack'>unpack</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>m*</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>:</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span><span class='int'>2</span><span class='rparen'>)</span>
<span class='id identifier rubyid_msf_import_service'>msf_import_service</span><span class='lparen'>(</span>
<span class='symbol'>:workspace</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='comma'>,</span>
<span class='symbol'>:host</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_ip_daddr'>ip_daddr</span><span class='comma'>,</span>
<span class='symbol'>:port</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_dst'>tcp_dst</span><span class='comma'>,</span>
<span class='symbol'>:proto</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>tcp</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='symbol'>:name</span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>http</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='symbol'>:task</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_task'>task</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_service_data'>service_data</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='label'>address:</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_ip_daddr'>ip_daddr</span><span class='comma'>,</span>
<span class='label'>port:</span> <span class='id identifier rubyid_pkt'>pkt</span><span class='period'>.</span><span class='id identifier rubyid_tcp_dst'>tcp_dst</span><span class='comma'>,</span>
<span class='label'>service_name:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>http</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='label'>protocol:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>tcp</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='label'>workspace_id:</span> <span class='id identifier rubyid_wspace'>wspace</span><span class='period'>.</span><span class='id identifier rubyid_id'>id</span>
<span class='rbrace'>}</span>
<span class='id identifier rubyid_service_data'>service_data</span><span class='lbracket'>[</span><span class='symbol'>:task_id</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_task'>task</span><span class='period'>.</span><span class='id identifier rubyid_id'>id</span> <span class='kw'>if</span> <span class='id identifier rubyid_task'>task</span>
<span class='id identifier rubyid_filename'>filename</span> <span class='op'>=</span> <span class='id identifier rubyid_args'>args</span><span class='lbracket'>[</span><span class='symbol'>:filename</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_credential_data'>credential_data</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='label'>origin_type:</span> <span class='symbol'>:import</span><span class='comma'>,</span>
<span class='label'>private_data:</span> <span class='id identifier rubyid_pass'>pass</span><span class='comma'>,</span>
<span class='label'>private_type:</span> <span class='symbol'>:password</span><span class='comma'>,</span>
<span class='label'>username:</span> <span class='id identifier rubyid_user'>user</span><span class='comma'>,</span>
<span class='label'>filename:</span> <span class='id identifier rubyid_filename'>filename</span>
<span class='rbrace'>}</span>
<span class='id identifier rubyid_credential_data'>credential_data</span><span class='period'>.</span><span class='id identifier rubyid_merge!'>merge!</span><span class='lparen'>(</span><span class='id identifier rubyid_service_data'>service_data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_credential_core'>credential_core</span> <span class='op'>=</span> <span class='id identifier rubyid_create_credential'>create_credential</span><span class='lparen'>(</span><span class='id identifier rubyid_credential_data'>credential_data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_login_data'>login_data</span> <span class='op'>=</span> <span class='lbrace'>{</span>
<span class='label'>core:</span> <span class='id identifier rubyid_credential_core'>credential_core</span><span class='comma'>,</span>
<span class='label'>status:</span> <span class='const'><span class='object_link'><a href="../../../Metasploit.html" title="Metasploit (module)">Metasploit</a></span></span><span class='op'>::</span><span class='const'>Model</span><span class='op'>::</span><span class='const'>Login</span><span class='op'>::</span><span class='const'>Status</span><span class='op'>::</span><span class='const'>UNTRIED</span>
<span class='rbrace'>}</span>
<span class='id identifier rubyid_login_data'>login_data</span><span class='period'>.</span><span class='id identifier rubyid_merge!'>merge!</span><span class='lparen'>(</span><span class='id identifier rubyid_service_data'>service_data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_create_credential_login'>create_credential_login</span><span class='lparen'>(</span><span class='id identifier rubyid_login_data'>login_data</span><span class='rparen'>)</span>
<span class='comment'># That&#39;s all we want to know from this service.
</span> <span class='kw'>return</span> <span class='symbol'>:something_significant</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:52 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink