예제 #1
0
  /** Creates a new URL to use as the basis of a connection. */
  public MsgRpcImpl(
      String username, String password, String host, int port, boolean ssl, boolean debugf)
      throws MalformedURLException {
    if (ssl) { // Install the all-trusting trust manager & HostnameVerifier
      try {
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(
            null,
            new TrustManager[] {
              new X509TrustManager() {
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                  return null;
                }

                public void checkClientTrusted(
                    java.security.cert.X509Certificate[] certs, String authType) {}

                public void checkServerTrusted(
                    java.security.cert.X509Certificate[] certs, String authType) {}
              }
            },
            new java.security.SecureRandom());

        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(
            new HostnameVerifier() {
              public boolean verify(String string, SSLSession ssls) {
                return true;
              }
            });
      } catch (Exception e) {
      }
      u = new URL("https", host, port, "/api/1.0/");
    } else {
      u = new URL("http", host, port, "/api/1.0/");
    }

    /* login to msf server */
    Object[] params = new Object[] {username, password};
    Map results = exec("auth.login", params);

    /* save the temp token (lasts for 5 minutes of inactivity) */
    rpcToken = results.get("token").toString();

    /* generate a non-expiring token and use that */
    params = new Object[] {rpcToken};
    results = exec("auth.token_generate", params);
    rpcToken = results.get("token").toString();
  }
예제 #2
0
  /**
   * Decodes a response recursively from MessagePackObject to a normal Java object
   *
   * @param src MessagePack response
   * @return decoded object
   */
  private static Object unMsg(Object src) {
    Object out = src;
    if (src instanceof ArrayType) {
      List l = ((ArrayType) src).asList();
      List outList = new ArrayList(l.size());
      out = outList;
      for (Object o : l) outList.add(unMsg(o));
    } else if (src instanceof BooleanType) {
      out = ((BooleanType) src).asBoolean();
    } else if (src instanceof FloatType) {
      out = ((FloatType) src).asFloat();
    } else if (src instanceof IntegerType) {
      try {
        out = ((IntegerType) src).asInt();
      } catch (Exception ex) {
        /* this is a bandaid until I have a chance to further examine what's happening */
        out = ((IntegerType) src).asLong();
      }
    } else if (src instanceof MapType) {
      Set ents = ((MapType) src).asMap().entrySet();
      out = new HashMap();
      for (Object ento : ents) {
        Map.Entry ent = (Map.Entry) ento;
        Object key = unMsg(ent.getKey());
        Object val = ent.getValue();
        // Hack - keep bytes of generated or encoded payload
        if (ents.size() == 1
            && val instanceof RawType
            && (key.equals("payload") || key.equals("encoded")))
          val = ((RawType) val).asByteArray();
        else val = unMsg(val);
        ((Map) out).put(key + "", val);
      }

      if (((Map) out).containsKey("error") && ((Map) out).containsKey("error_class")) {
        armitage.ArmitageMain.print_error(
            "Metasploit Framework Exception: "
                + ((Map) out).get("error_message").toString()
                + "\n"
                + ((Map) out).get("error_backtrace"));
        throw new RuntimeException(((Map) out).get("error_message").toString());
      }
    } else if (src instanceof NilType) {
      out = null;
    } else if (src instanceof RawType) {
      out = ((RawType) src).asString();
    }
    return out;
  }