home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chip 2007 January, February, March & April
/
Chip-Cover-CD-2007-02.iso
/
Pakiet bezpieczenstwa
/
mini Pentoo LiveCD 2006.1
/
mpentoo-2006.1.iso
/
livecd.squashfs
/
usr
/
lib
/
metasploit
/
msfupdate
< prev
next >
Wrap
Text File
|
2006-06-30
|
20KB
|
777 lines
#!/usr/bin/perl
###############
require 5.6.0;
use strict;
use vars qw{$SSL_SUPPORT};
use FindBin qw{$RealBin};
use lib "$RealBin/lib";
use Digest::Perl::MD5 qw{md5_hex};
use Getopt::Std;
use IO::Socket;
use IO::Select;
use POSIX;
no utf8;
no locale;
my $VERSION = '$Revision: 1.45 $';
my $FRAMEWORK = '2.6';
my ($REV) = $VERSION =~ m/\$Revisio.:\s+([^\s]+)/;
my $UPDATE_HOST = 'metasploit.com';
my $UPDATE_PATH = '/projects/Framework/updates/msfupdate.html';
my $SSL_VERIFIED = 0;
my $SSL_ISSUER = '/C=US/ST=Texas/L=San Antonio/O=The Metasploit Project/OU=Development/CN=Metasploit CA/emailAddress=cacert@metasploit.com';
my $SSL_CERTS = "$RealBin/docs";
my $OPSYS = $^O;
select(STDOUT); $|++;
# Check for buggy versions of perl with utf-8 locale set
BrokenUTF8();
# Determine if SSL support is enabled
BEGIN
{
if (eval "require Net::SSLeay")
{
Net::SSLeay->import();
Net::SSLeay::load_error_strings();
Net::SSLeay::SSLeay_add_ssl_algorithms();
Net::SSLeay::randomize();
$SSL_SUPPORT++;
}
}
my %opts;
getopts('hrvusmaxfOp:', \%opts);
if ($opts{v}) {
print "Msfupdate Version: $REV\n";
print "Framework Version: $FRAMEWORK\n";
exit(0);
}
if ($opts{h} || (! $opts{m} && ! $opts{r} && ! $opts{u} && ! $opts{U})) {
Usage();
}
if ($opts{O}) {
$OPSYS = 'paranoid';
}
chdir($RealBin);
my $proxy = $opts{'p'};
my ($old_data, $now_data, $new_data);
my ($old, $now, $new);
my ($mod, $upx, $upd);
print "\n";
print "+ -- --=[ msfupdate v$FRAMEWORK [revision $REV]\n\n";
print "[*] Calculating local file checksums, please wait...\n";
$now_data = ScanFiles('.');
print "\n";
if (! -r '.current') {
WriteFile('.current', $now_data);
$old_data = $now_data;
}
else {
$old_data = ReadFile('.current');
}
if ($opts{r}) {
print "[*] The local file hash has been rebuilt\n";
WriteFile('.current', $now_data);
exit(0);
}
# Allow the user to disable SSL mode entirely
if ($opts{f}) {
$SSL_SUPPORT = 0;
}
# Display a big nasty warning for non-SSL unless -x is specified
if ($opts{u} || $opts{U}) {
if (! $opts{x} && ! $SSL_SUPPORT) {
print "[*] WARNING: The Net::SSLeay module is not installed. The update\n";
print " process will fall back to plain HTTP, this may allow a \n";
print " malicious attacker to inject hostile code into your system.\n";
print "\n";
print "Continue anyways (yes or no) ";
my $resp;
while ($resp !~ /yes|no/i) {
print "> ";
$resp = <STDIN>;
chomp($resp);
}
print "\n";
if ($resp !~ /yes/i) {
print "[*] The update process has been cancelled\n";
exit(0);
}
}
$new_data = DownloadFile($UPDATE_HOST, "$UPDATE_PATH/.current", $proxy);
}
$now = Hashit($now_data);
$old = Hashit($old_data);
$new = Hashit($new_data);
$mod = Diff($old, $now);
$upx = Diff($old, $new);
$upd = Diff($now, $new);
if ($opts{m}) {
if (! keys(%{$mod})) {
print "[*] No modifications since the last update\n";
exit(0);
}
print "[*] Modifications since the last update:\n";
foreach (sort keys(%{$mod})) {
print "\t".$mod->{$_}."\t$_\n";
}
print "\n";
exit(0);
}
# Strip this list down to just modifications
foreach (keys(%{$mod})) {
if ($mod->{$_} ne 'Mod') {
delete($mod->{$_});
}
}
if (! $new_data) {
print "[*] Could not obtain the current version information from the update server\n";
exit(0);
}
my $mver = CheckVersion();
if ( ($opts{u} || $opts{U}) && ! $mver) {
print "[*] Could not determine the current Framework version.\n";
exit(0);
}
if ($mver && $mver ne $FRAMEWORK) {
if (! $opts{U}) {
print "[*] Version $mver of the Metasploit Framework is now available.\n";
print " - http://metasploit.com/projects/Framework/downloads.html\n\b\n";
}
else {
print "[*] Starting upgrade process for version $mver...\n\n";
}
}
if ($opts{U} && $mver && $mver eq $FRAMEWORK) {
print "[*] No version upgrade is necessary.\n";
exit(0);
}
# Upgrade to a new major release version...
if ($opts{U}) {
my $backupdir = 'backup_'. $FRAMEWORK;
print "[*] WARNING: You are about to upgrade to a new major version of the\n";
print " Metasploit Framework. This process involves removing the current\n";
print " installation and downloading the new version, one file at a time.\n";
print " This process is slow and somewhat prone to failure. If you encounter\n";
print " any problems during the download, you *should* be able to simply\n";
print " restart msfupdate with the -u parameter\n\n";
print " If you have modified any of the files in the Framework directory,\n";
print " these will be saved to $backupdir. The same applies for any modules\n";
print " that you have added to this Framework installation. After the update\n";
print " is complete, you should be able to copy these modules from the\n";
print " backup directory ($backupdir) into the appropriate directories\n";
print " in the new installation.\n\n";
print " If you are using FreeBSD or any other operating that maintains a\n";
print " package for the Framework, we recommend that you use the system\n";
print " package manager to upgrade\n\n";
print " Please type 'yes' to initiate the upgrade process.\n";
print "Continue? (yes or no) ";
my $resp;
while ($resp !~ /yes|no/i) {
print "> ";
$resp = <STDIN>;
chomp($resp);
}
if ($resp =~ /no/i) {
exit(0);
}
delete($now->{'./msfupdate'});
delete($new->{'./msfupdate'});
delete($mod->{'./msfupdate'});
delete($upd->{'./msfupdate'});
print "[*] Backing up modified files to $backupdir...\n";
# Backup framework files that the user modified
foreach my $file (keys %{$mod} ) {
print " --- MOD $file\n";
my $data = ReadFile($file);
WriteFile($backupdir .'/'. $file , $data);
}
# Backup files that the user created
foreach my $file (keys %{$upd} ) {
next if $upd->{$file} ne 'Del';
print " --- USR $file\n";
my $data = ReadFile($file);
WriteFile($backupdir .'/'. $file , $data);
}
print "[*] Removing the current installation...\n";
# Do not remove these files since we need them to update...
my %docs_save = ('./docs/7f8d5320.0' => 1, './docs/cacert.pem' => 1);
# Remove all files that are part of the framework
foreach my $file (keys %{$now}) {
next if exists($docs_save{$file});
unlink($file);
}
# Remove all directories but 'docs'
foreach my $dir (split(/\n/, ScanDirs('.', 0))) {
next if $dir eq './docs';
system("rm", "-rf", $dir);
}
# Bump up the framework version
$FRAMEWORK = $mver;
# Download the file list for the new framework version
$new_data = DownloadFile($UPDATE_HOST, "$UPDATE_PATH/.current", $proxy);
# Rebuild the tables
$new = Hashit($new_data);
$now = {};
$old = {};
$mod = Diff($old, $now);
$upx = Diff($old, $new);
$upd = Diff($now, $new);
# Configure some options
$opts{a}++;
}
# They modified something, ask them what they want to do with it
if (! $opts{a} && keys(%{$mod})) {
print "[*] You have modified the following Framework components:\n\n";
foreach (sort(keys(%{$mod}))) {
print "\t".$_."\n";
}
print "\n";
print " Would you like to preserve these changes? If you say no, all\n";
print " local modifications will be overwritten by the update process.\n";
print "\n";
print "Preserve modifications (yes or no) ";
my $resp;
while ($resp !~ /yes|no/i) {
print "> ";
$resp = <STDIN>;
chomp($resp);
}
if ($resp =~ /no/i) {
$mod = {};
}
print "\n";
}
foreach (keys(%{$upd})) {
# Do not remove user-created files
if ($upd->{$_} eq 'Del') {
delete($upd->{$_});
}
# Ignore updates we already have
if ($now->{$_} eq $new->{$_}) {
delete($upd->{$_});
}
}
# Ignore locally modified files when -a is supplied
if ($opts{a}) {
$mod = {};
}
# After all of this stuff, this is what we have
# - $mod is a table of anything the user wants to keep
# - $upd is a table of everything online new or updated
# The plan of attack is:
# - Iterate through each item in $upd, if there is a match in
# $mod, we print a message and ignore the download for it.
# We will delete anything with the Del status set in this
# table.
# - Once we have identified an update, we try to download it.
# If an error occurs, either because the download fails or
# the md5 does no match.
#
# - After all files have been processed, we rebuild the local
# .current file and get ready for the next update.
#
if (! keys(%{$upd})) {
print "[*] No new updates are available\n";
exit(0);
}
print "[*] Online Update Task Summary\n\n";
foreach my $entry (sort keys(%{$upd})) {
next if $opts{U};
if ($mod->{$entry}) {
print "\tIgnore: $entry\n";
}
else {
print "\tUpdate: $entry\n";
}
}
print "\n";
exit(0) if $opts{s};
if (! $opts{a}) {
print "Continue? (yes or no) ";
my $resp;
while ($resp !~ /yes|no/i) {
print "> ";
$resp = <STDIN>;
chomp($resp);
}
print "\n";
if ($resp !~ /yes/i) {
exit(0);
}
}
my @tasks = sort(keys(%{$upd}));
# Force msfupdate to downloaded first...
if ($opts{U}) {
unshift(@tasks, './msfupdate');
unshift(@tasks, './lib/Digest/Perl/MD5.pm');
}
my $upd_tot = scalar(@tasks);
my $upd_cur = 0;
print "\n";
print "[*] Starting online update of $upd_tot file(s)...\n\n";
foreach my $entry (@tasks) {
if ($mod->{$entry}) {
next;
}
my $data = DownloadFile($UPDATE_HOST, "$UPDATE_PATH/$entry", $proxy);
if ($new->{$entry} ne md5_hex($data)) {
print "$entry: ". $new->{$entry} ." != ". md5_hex($data) ."\n";
my $errmsg = $data ? 'checksum mismatch' : 'download failed';
print "[*] Failed to update $entry: $errmsg\n";
next;
}
# overwrite the local file O_o
WriteFile($entry, $data);
# set it executable since we dont track permissions
chmod(0755, $entry);
printf("[%.4d/%.4d - 0x%.6x bytes] $entry\n", ++$upd_cur, $upd_tot, length($data));
}
print "\n";
print "[*] Regenerating local file database\n";
$now_data = ScanFiles('.');
WriteFile('.current', $now_data);
sub Usage {
print STDERR " Usage: $0 [options]>\n";
print STDERR "Options:\n";
print STDERR " -h You're looking at me baby\n";
print STDERR " -v Display version information\n";
print STDERR " -u Perform an online update via metasploit.com\n";
print STDERR " -s Only display update tasks, do not actually download\n";
print STDERR " -m Show any files locally modified since last update\n";
print STDERR " -a Do not prompt, default to overwrite all files\n";
print STDERR " -x Do not require confirmation for non-SSL updates\n";
print STDERR " -f Disable ssl support entirely, use with -x to avoid warnings\n";
print STDERR " -O Removes the operating system name from the user agent\n";
print STDERR " -p Specifies a proxy: <http|socks4>:<hostname>:<port>\n";
# Too buggy and dangerous to use
# print STDERR " -U Upgrade to a new major revision of the Framework\n";
# Developer options
# print STDERR " -r Rebuild the local version database (internal only)\n";
print "\n";
exit(0);
}
sub ScanFiles {
my $dir = shift;
my $res;
my $hwn;
opendir ($hwn, $dir) || return;
while (defined(my $entry = readdir($hwn))) {
my $path = "$dir/$entry";
# ignore all symlinks
next if -l $path;
# ignore all leading dot files
next if $entry =~ /^\./;
# ignore the backup directories
next if $entry =~ /^backup_/;
# recurse into directories
if (-d $path) {
$res .= ScanFiles($path);
}
elsif (-f $path) {
$res .= HashFile($path)."\t$path\n";;
}
}
closedir($hwn);
return $res;
}
sub ScanDirs {
my $dir = shift;
my $dep = @_ ? shift() : 0;
my $res;
my $hwn;
return if $dep == -1;
opendir ($hwn, $dir) || return;
while (defined(my $entry = readdir($hwn))) {
my $path = "$dir/$entry";
# ignore all symlinks
next if -l $path;
# ignore the backup directories
next if $entry =~ /^backup_/;
# ignore all leading dot files
next if $entry =~ /^\./;
# recurse into directories
if (-d $path) {
$res .= "$path\n";
$res .= ScanDirs($path, $dep - 1);
}
}
closedir($hwn);
return $res;
}
sub CheckVersion {
my $data = DownloadFile($UPDATE_HOST, $UPDATE_PATH, $proxy);
my ($vers, $mtime) = split(/\s+/, $data);
return $vers;
}
sub DownloadFile {
my $host = shift;
my $path = shift;
my $prox = shift;
my $port = $SSL_SUPPORT ? 443 : 80;
my $data;
$path = EscapeURI($path);
my ($proxy_type, $proxy_host, $proxy_port);
if ($prox =~ m/^(socks4|http):([^:]+):(\d+)/) {
($proxy_type, $proxy_host, $proxy_port) = ($1, $2, $3);
}
if ($prox && ! $proxy_host) {
print STDERR "[*] Invalid proxy format ($prox), please use one of the following:\n";
print STDERR "\tSOCKS: socks4:<hostname|ip address>:<port>\n";
print STDERR "\t HTTP: http:<hostname|ip address>:<port>\n\n";
exit(0);
}
my $sock = IO::Socket::INET->new
(
PeerAddr => $proxy_host || $host,
PeerPort => $proxy_port || $port,
Proto => 'tcp',
);
if (! $sock) {
print STDERR "[*] Could not connect to $host: $!\n";
exit(0);
}
if ($proxy_type eq 'http') {
$sock->send("CONNECT ".$host.":".$port." HTTP/1.0\r\n\r\n");
# Look for the HTTP response message from the Proxy server
my $sel = IO::Select->new($sock);
my $resp = '';
if ($sel->can_read(5)) {
while (my $line = <$sock>) {
last if $line eq "\r\n";
$resp .= $line;
}
} else {
print STDERR "[*] No reply received from the HTTP proxy\n";
exit(0);
}
if ($resp !~ /HTTP\/1\.\d\s+2/) {
foreach my $line (split(/\r\n/, $resp)) {
$line =~ s/\r|\n//g;
$line =~ s/\e//g;
print STDERR "[*] Proxy: " . $line . "\n";
}
print STDERR "[*] Connection failed\n";
exit(0);
}
}
if ($proxy_type eq 'socks4') {
$sock->send("\x04\x01".pack('n',$port).gethostbyname($host)."\x00");
$sock->recv(my $res, 8);
if (! $res || ($res && ord(substr($res,1,1)) != 90)) {
print STDERR "[*] Failed to established connection through socks4 proxy $proxy_host\n";
if (length($res)) {
print STDERR "[*] Response: ". unpack("H*", $res) ."\n";
}
exit(0);
}
}
my $req =
"GET $path HTTP/1.0\r\n".
"Host: ".$host.":".$port."\r\n".
"User-Agent: msfupdate/$REV $FRAMEWORK ($OPSYS)\r\n\r\n";
if ($SSL_SUPPORT) {
# Reset the verified flag
$SSL_VERIFIED = 0;
# Create SSL Context
my $ctx = Net::SSLeay::CTX_new();
# Tell SSL to use the certificate in the docs directory
Net::SSLeay::CTX_load_verify_locations($ctx, '', $SSL_CERTS);
# Configure the SSL call-back to prevent MiTM
Net::SSLeay::CTX_set_verify($ctx, &Net::SSLeay::VERIFY_PEER, \&SSLVerify);
# Configure session for maximum interoperability
Net::SSLeay::CTX_set_options($ctx, &Net::SSLeay::OP_ALL);
# Create a new SSL object with context
my $ssl = Net::SSLeay::new($ctx);
# Bind the SSL descriptor to the socket
Net::SSLeay::set_fd($ssl, $sock->fileno);
# Negotiate connection
my $sslConn = Net::SSLeay::connect($ssl);
if ($sslConn <= 0) {
print STDERR "[*] SSL error:". Net::SSLeay::print_errs()."\n";
$sock->close;
return;
}
Net::SSLeay::ssl_write_all($ssl, $req);
my $cert = Net::SSLeay::get_peer_certificate($ssl);
$data = Net::SSLeay::ssl_read_all($ssl);
Net::SSLeay::free ($ssl);
Net::SSLeay::CTX_free ($ctx);
$sock->close;
$data = ProcessHTTP($data);
return $data;
}
$sock->send($req);
$sock->shutdown(1);
while (<$sock>) { $data .= $_ }
close ($sock);
$data = ProcessHTTP($data);
return $data;
}
# Prevent MiTM attacks on the update downloads when run over SSL
sub SSLVerify {
my ($ok, $x509_store_ctx) = @_;
my $cert = Net::SSLeay::X509_STORE_CTX_get_current_cert($x509_store_ctx);
if ($cert) {
my $x509_issuer = Net::SSLeay::X509_get_issuer_name($cert);
my $issuer = Net::SSLeay::X509_NAME_oneline($x509_issuer);
# differences between openssl 0.9.6 vs 0.9.7 (thanks par!)
$issuer =~ s/Email/emailAddress/g;
if ($ok && $issuer eq $SSL_ISSUER) {
$SSL_VERIFIED++;
return 1;
}
}
return;
}
sub ProcessHTTP {
my $http = shift;
my $idx = index($http, "\r\n\r\n");
return if -1 == $idx;
my $head = substr($http, 0, $idx);
my $body = substr($http, $idx + 4);
return if $head !~ /HTTP\/1..\s+2/;
return $body;
}
sub WriteFile {
my $file = shift;
my $data = shift;
my @path = split(/\//, $file);
pop(@path);
my $cdir = ".";
foreach (@path) {
$cdir .= "/".$_;
if (! -d $cdir) {
mkdir($cdir, 0755);
}
}
open (my $out, ">$file") || return;
print $out $data;
close ($out);
}
sub ReadFile {
my $path = shift;
my $data;
my $inp;
open($inp, "<$path") || return;
while (<$inp>) { $data .= $_ }
close($inp);
return $data;
}
sub HashFile {
my $path = shift;
my $data = ReadFile($path);
return md5_hex($data);
}
sub Hashit {
my $data = shift;
my $hash = {};
foreach my $line (split(/\n/, $data)) {
my ($md5, $path) = $line =~ m/^([^\s]+)\s+(.*)/g;
$hash->{$path} = $md5;
}
return $hash;
}
sub Diff {
my $setA = shift;
my $setB = shift;
my $res;
foreach (keys(%{$setA})) {
if (exists($setB->{$_})) {
if ($setA->{$_} ne $setB->{$_}) {
$res->{$_} = 'Mod';
}
}
else {
$res->{$_} = 'Del';
}
}
foreach (keys(%{$setB})) {
if (! exists($setA->{$_})) {
$res->{$_} = 'New';
}
}
return $res;
}
sub EscapeURI {
my $path = shift;
my %escapes = ();
for (0..255) { $escapes{chr($_)} = sprintf("%%%02X", $_) }
$path =~ s/([^A-Za-z0-9\-_.!~*'()\/])/$escapes{$1}/eg;
return $path;
}
sub BrokenUTF8 {
if ( $] >= 5.008 && $] < 5.008002 )
{
my $badver;
# Check LANG first
$badver = ($ENV{'LANG'} =~ /utf/i) ? 1 : 0;
# LC_ALL overrides LANG if its set
if (defined($ENV{'LC_ALL'})) {
$badver = ($ENV{'LC_ALL'} =~ /utf/i) ? 1 : 0;
}
return if ! $badver;
print STDERR qq|
[*] This version of Perl ($]) contains a buggy utf-8 implementation. If you
would like to use this version with the Metasploit Framework, you must
set the LC_ALL environment variable to 'C'. For example:
\$ export LC_ALL=C; ./msfconsole
|;
exit(0);
}
}
