MetaSploitFraemwork/plugins/alias.rb

require 'rex/text/table'

module Msf
  class Plugin::Alias < Msf::Plugin
    class AliasCommandDispatcher
      include Msf::Ui::Console::CommandDispatcher

      attr_reader :aliases

      def initialize(driver)
        super(driver)
        @aliases = {}
      end

      def name
        'Alias'
      end

      @@alias_opts = Rex::Parser::Arguments.new(
        '-h' => [ false, 'Help banner.' ],
        '-c' => [ true, 'Clear an alias (* to clear all).'],
        '-f' => [ true, 'Force an alias assignment.' ]
      )
      #
      # Returns the hash of commands supported by this dispatcher.
      #
      # driver.dispatcher_stack[3].commands
      def commands
        {
          'alias' => 'create or view an alias.'
          #			"alias_clear" => "clear an alias (or all aliases).",
          #			"alias_force" => "Force an alias (such as to override)"
        }.merge(aliases) # make aliased commands available as commands of their own
      end

      #
      # the main alias command handler
      #
      # usage: alias [options] [name [value]]
      def cmd_alias(*args)
        # we parse args manually instead of using @@alias.opts.parse to handle special cases
        case args.length
        when 0 # print the list of current aliases
          if @aliases.empty?
            return print_status('No aliases currently defined')
          else
            tbl = Rex::Text::Table.new(
              'Header' => 'Current Aliases',
              'Prefix' => "\n",
              'Postfix' => "\n",
              'Columns' => [ '', 'Alias Name', 'Alias Value' ]
            )
            # add 'alias' in front of each row so that the output can be copy pasted into an rc file if desired
            @aliases.each_pair do |key, val|
              tbl << ['alias', key, val]
            end
            return print(tbl.to_s)
          end
        when 1 # display the alias if one matches this name (or help)
          return cmd_alias_help if (args[0] == '-h') || (args[0] == '--help')

          if @aliases.keys.include?(args[0])
            print_status("\'#{args[0]}\' is aliased to \'#{@aliases[args[0]]}\'")
          else
            print_status("\'#{args[0]}\' is not currently aliased")
          end
        else # let's see if we can assign or clear the alias
          force = false
          clear = false
          # if using -f or -c, they must be the first arg, because -f/-c may also show up in the alias
          # value so we can't do something like if args.include("-f") or delete_if etc
          # we should never have to force and clear simultaneously.
          if args[0] == '-f'
            force = true
            args.shift
          elsif args[0] == '-c'
            clear = true
            args.shift
          end
          name = args.shift
          # alias name can NEVER be certain reserved words like 'alias', add any other reserved words here
          # We prevent the user from naming the alias "alias" cuz they could end up unable to clear the aliases,
          # for example you 'alias -f set unset and then 'alias -f alias sessions', now you're screwed.  The byproduct
          # of this is that it prevents you from aliasing 'alias' to 'alias -f' etc, but that's acceptable
          reserved_words = [/^alias$/i]
          reserved_words.each do |regex|
            if name =~ regex
              print_error "You cannot use #{name} as the name for an alias, sorry"
              return false
            end
          end

          if clear
            # clear all aliases if "*"
            if name == '*'
              @aliases.each_key do |a|
                deregister_alias(a)
              end
              print_status 'Cleared all aliases'
            elsif @aliases.keys.include?(name) # clear the named alias if it exists
              deregister_alias(name)
              print_status "Cleared alias #{name}"
            else
              print_error("#{name} is not a currently active alias")
            end
            return
          end
          # smash everything that's left together
          value = args.join(' ')
          value.strip!
          # value can NEVER be certain bad words like 'rm -rf /', add any other reserved words here
          # this is basic idiot protection, not meant to be impervious to subversive intentions
          reserved_words = [%r{^rm +(-rf|-r +-f|-f +-r) +/.*$}]
          reserved_words.each do |regex|
            if value =~ regex
              print_error "You cannot use #{value} as the value for an alias, sorry"
              return false
            end
          end

          is_valid_alias = valid_alias?(name, value)
          # print_good "Alias validity = #{is_valid_alias}"
          is_sys_cmd = Rex::FileUtils.find_full_path(name)
          is_already_alias = @aliases.keys.include?(name)
          if is_valid_alias && !is_sys_cmd && !is_already_alias
            register_alias(name, value)
          elsif force
            if !is_valid_alias
              print_status 'The alias failed validation, but force is set so we allow this.  This is often the case'
              print_status "when for instance 'exploit' is being overridden but msfconsole is not currently in the"
              print_status 'exploit context (an exploit is not loaded), or you are overriding a system command'
            end
            register_alias(name, value)
          else
            print_error("#{name} already exists as a system command, use -f to force override") if is_sys_cmd
            print_error("#{name} is already an alias, use -f to force override") if is_already_alias
            if !is_valid_alias && !force
              print_error("'#{name}' is not a permitted name or '#{value}' is not valid/permitted")
              print_error("It's possible the responding dispatcher isn't loaded yet, try changing to the proper context or using -f to force")
            end
          end
        end
      end

      def cmd_alias_help
        print_line 'Usage: alias [options] [name [value]]'
        print_line
        print(@@alias_opts.usage)
      end

      #
      # Tab completion for the alias command
      #
      def cmd_alias_tabs(_str, words)
        if words.length <= 1
          # puts "1 word or less"
          return @@alias_opts.option_keys + tab_complete_aliases_and_commands
        else
          # puts "more than 1 word"
          return tab_complete_aliases_and_commands
        end
      end

      private

      #
      # do everything needed to add an alias of +name+ having the value +value+
      #
      def register_alias(name, value)
        # TODO:  begin rescue?
        # TODO:  security concerns since we are using eval

        # define some class instance methods
        class_eval do
          # define a class instance method that will respond for the alias
          define_method "cmd_#{name}" do |*args|
            # just replace the alias w/the alias' value and run that
            driver.run_single("#{value} #{args.join(' ')}")
          end
          # define a class instance method that will tab complete the aliased command
          # we just proxy to the top-level tab complete function and let them handle it
          define_method "cmd_#{name}_tabs" do |str, words|
            # we need to repair the tab complete string/words and pass back
            # replace alias name with the root alias value
            value_words = value.split(/[\s\t\n]+/) # in case value is e.g. 'sessions -l'
            # valwords is now [sessions,-l]
            words[0] = value_words[0]
            # words[0] is now 'sessions' (was 'sue')
            value_words.shift # valwords is now ['-l']
            # insert any remaining parts of value and rebuild the line
            line = words.join(' ') + ' ' + value_words.join(' ') + ' ' + str

            [driver.tab_complete(line.strip), :override_completions]
          end
          # add a cmd_#{name}_help method
          define_method "cmd_#{name}_help" do |*_args|
            driver.run_single("help #{value}")
          end
        end
        # add the alias to the list
        @aliases[name] = value
      end

      #
      # do everything required to remove an alias of name +name+
      #
      def deregister_alias(name)
        class_eval do
          # remove the class methods we created when the alias was registered
          remove_method("cmd_#{name}")
          remove_method("cmd_#{name}_tabs")
          remove_method("cmd_#{name}_help")
        end
        # remove the alias from the list of active aliases
        @aliases.delete(name)
      end

      #
      # Validate a proposed alias with the +name+ and having the value +value+
      #
      def valid_alias?(name, value)
        # print_good "Assessing validay for #{name} and #{value}"
        # we validate two things, the name and the value

        ### name
        # we don't check if this alias name exists or if it's a console command already etc as -f can override
        # that so those need to be checked externally, we pretty much just check to see if the name is sane
        name.strip!
        bad_words = [/\*/] # add any additional "bad word" regexes here
        bad_words.each do |regex|
          # don't mess around, just return false in this case, prevents wasted processing
          return false if name =~ regex
        end

        ### value
        # value is considered valid if it's a ref to a valid console cmd, a system executable, or an existing
        # alias AND isn't a "bad word"
        # Here we check for "bad words" to avoid for the value...value would have to NOT match these regexes
        # this is just basic idiot protection
        value.strip!
        bad_words = [/^msfconsole$/]
        bad_words.each do |regex|
          # don't mess around, just return false if we match
          return false if value =~ regex
        end

        # we're only gonna validate the first part of the cmd, e.g. just ls from "ls -lh"
        value = value.split(' ').first
        return true if @aliases.keys.include?(value)

        [value, value + '.exe'].each do |cmd|
          return true if Rex::FileUtils.find_full_path(cmd)
        end

        # gather all the current commands the driver's dispatcher's have & check 'em
        driver.dispatcher_stack.each do |dispatcher|
          next unless dispatcher.respond_to?(:commands)
          next if dispatcher.commands.nil?
          next if dispatcher.commands.empty?

          if dispatcher.respond_to?("cmd_#{value.split(' ').first}")
            # print_status "Dispatcher (#{dispatcher.name}) responds to cmd_#{value.split(" ").first}"
            return true
          end
        end

        false
      end

      #
      # Provide tab completion list for aliases and commands
      #
      def tab_complete_aliases_and_commands
        items = []
        # gather all the current commands the driver's dispatcher's have
        driver.dispatcher_stack.each do |dispatcher|
          next unless dispatcher.respond_to?(:commands)
          next if (dispatcher.commands.nil? || dispatcher.commands.empty?)

          items.concat(dispatcher.commands.keys)
        end
        # add all the current aliases to the list
        items.concat(@aliases.keys)
        return items
      end

    end

    #
    # The constructor is called when an instance of the plugin is created.  The
    # framework instance that the plugin is being associated with is passed in
    # the framework parameter.  Plugins should call the parent constructor when
    # inheriting from Msf::Plugin to ensure that the framework attribute on
    # their instance gets set.
    #
    def initialize(framework, opts)
      super

      ## Register the commands above
      add_console_dispatcher(AliasCommandDispatcher)
    end

    #
    # The cleanup routine for plugins gives them a chance to undo any actions
    # they may have done to the framework.  For instance, if a console
    # dispatcher was added, then it should be removed in the cleanup routine.
    #
    def cleanup
      # If we had previously registered a console dispatcher with the console,
      # deregister it now.
      remove_console_dispatcher('Alias')

      # we don't need to remove class methods we added because they were added to
      # AliasCommandDispatcher class
    end

    #
    # This method returns a short, friendly name for the plugin.
    #
    def name
      'alias'
    end

    #
    # This method returns a brief description of the plugin.  It should be no
    # more than 60 characters, but there are no hard limits.
    #
    def desc
      'Adds the ability to alias console commands'
    end

  end
end