Module: Msf::Exploit::Git::PktLine

Included in:

SmartHttp, SmartHttp::Request, SmartHttp::Response

Defined in:

lib/msf/core/exploit/git/pkt_line.rb

Overview

This module implements the pkt-line format used by Git.

Constant Summary

FLUSH_PKT =

"0000"

DELIM_PKT =

"0001"

RESPONSE_END_PKT =

"0002"

Class Method Summary

• .generate_data_pkt(data) ⇒ Object
• .generate_pkt_line(data, type: 'data-pkt') ⇒ Object

  pkt-line format pkt-line = data-pkt / flush-pkt data-pkt = pkt-len pkt-payload pkt-len = 4*(HEXDIG) pkt-payload = (pkt-len - 4)*(OCTET) source: git-scm.com/docs/protocol-common.

• .get_pkt_line_data(pkt_line) ⇒ String

  Reads a single pkt-line and returns the data.

• .get_pkt_lines(data) ⇒ Array

  Retrieves pkt-lines from argument supplied.

• .has_pkt_line_data?(data) ⇒ Boolean

  Determine if data contains any pkt-lines.

• .request_ends ⇒ Object

Class Method Details

.generate_data_pkt(data) ⇒ Object

# File 'lib/msf/core/exploit/git/pkt_line.rb', line 36

def self.generate_data_pkt(data)
  return nil unless data

  return nil if data.empty?

  # The length should include the length
  # of pkt-payload plus four characters for
  # pkt-len plus another for the terminating LF
  pkt_line_len = data.length + 4 + 1
  pkt_line_len = pkt_line_len.to_s(16).rjust(4, '0')

  "#{pkt_line_len}#{data}\n"
end

.generate_pkt_line(data, type: 'data-pkt') ⇒ Object

pkt-line format pkt-line = data-pkt / flush-pkt data-pkt = pkt-len pkt-payload pkt-len = 4*(HEXDIG) pkt-payload = (pkt-len - 4)*(OCTET) source: git-scm.com/docs/protocol-common

# File 'lib/msf/core/exploit/git/pkt_line.rb', line 27

def self.generate_pkt_line(data, type: 'data-pkt')
  case type
  when 'data-pkt'
    generate_data_pkt(data)
  when 'flush-pkt'
    FLUSH_PKT 
  end
end

.get_pkt_line_data(pkt_line) ⇒ String

Reads a single pkt-line and returns the data

Parameters:

• a (String) —

  single pkt-line

Returns:

• (String) —

  the pkt-line data

# File 'lib/msf/core/exploit/git/pkt_line.rb', line 59

def self.get_pkt_line_data(pkt_line)
  return '' unless pkt_line.kind_of?(String)

  line_len = pkt_line.length - 4
  pkt_line[4, line_len - 1]
end

.get_pkt_lines(data) ⇒ Array

Retrieves pkt-lines from argument supplied

Parameters:

• data (String) —

  that possibly contains pkt-lines

Returns:

• (Array) —

  pkt-lines

# File 'lib/msf/core/exploit/git/pkt_line.rb', line 71

def self.get_pkt_lines(data)
  return [] if data.empty?

  pkt_lines = data.split("\n")
  pkt_lines.each { |line| line.gsub!(FLUSH_PKT, '') }
  pkt_lines.delete('')

  pkt_lines
end

.has_pkt_line_data?(data) ⇒ Boolean

Determine if data contains any pkt-lines

Parameters:

• the (String) —

  data to check for pkt-lines

Returns:

• (Boolean)

# File 'lib/msf/core/exploit/git/pkt_line.rb', line 86

def self.has_pkt_line_data?(data)
  return false unless data.kind_of?(String)

  return false if data.empty?

  get_pkt_lines(data).empty? ? false : true
end

.request_ends ⇒ Object

# File 'lib/msf/core/exploit/git/pkt_line.rb', line 50

def self.request_ends
  [ "#{FLUSH_PKT}0009done", "#{FLUSH_PKT}0009#{FLUSH_PKT}" ]
end