Add MySQL Arch & Platform detection by query

rapid7 · Mar 28, 2024 · 1991a4c · 1991a4c
1 parent 47fc61f
commit 1991a4c
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 1 deletion.
diff --git a/lib/msf/base/sessions/mysql.rb b/lib/msf/base/sessions/mysql.rb
@@ -9,6 +9,13 @@ class Msf::Sessions::MySQL < Msf::Sessions::Sql
   def initialize(rstream, opts = {})
     @client = opts.fetch(:client)
     self.console = ::Rex::Post::MySQL::Ui::Console.new(self)
+
+    server_version_vars = @client.query_server_version_vars
+    unless server_version_vars.empty?
+      self.arch = server_version_vars.fetch(:arch, nil)
+      self.platform = server_version_vars.fetch(:platform, nil)
+    end
+
     super(rstream, opts)
   end
 

diff --git a/lib/msf/core/module/platform.rb b/lib/msf/core/module/platform.rb
@@ -383,7 +383,7 @@ class Ruby < Msf::Module::Platform
   #
   class Linux < Msf::Module::Platform
     Rank = 100
-    Alias = "linux"
+    Aliases = [ 'linux', 'debian-linux-gnu' ]
   end
 
   #

diff --git a/lib/rex/proto/mysql/client.rb b/lib/rex/proto/mysql/client.rb
@@ -28,6 +28,28 @@ def current_database
           # Current database is stored as an array under the type 1 key.
           session_track.fetch(1, ['']).first
         end
+
+        # @return [Hash] A hash with :arch and :version keys if the query was successful, otherwise empty.
+        def query_server_version_vars
+          result = {}
+
+          # Get the current platform & arch by querying the server.
+          server_vars = query("show variables where variable_name like 'version%'").entries
+          server_vars.each do |server_var|
+            name, value = server_var
+
+            case name
+            when 'version_compile_machine'
+              result[:arch] = value
+            when 'version_compile_os'
+              result[:platform] = value
+            else
+              next
+            end
+          end
+
+          result
+        end
       end
     end
   end

diff --git a/spec/lib/msf/base/sessions/mysql_spec.rb b/spec/lib/msf/base/sessions/mysql_spec.rb
@@ -19,13 +19,15 @@
   let(:port) { '3306' }
   let(:peerinfo) { "#{address}:#{port}" }
   let(:current_database) { 'database_name' }
+  let(:server_version_vars) { { arch: 'x86_64', platform: 'Linux' } }
 
   before(:each) do
     allow(user_input).to receive(:output=)
     allow(user_input).to receive(:intrinsic_shell?).and_return(true)
     allow(rstream).to receive(:peerinfo).and_return(peerinfo)
     allow(client).to receive(:socket).and_return(rstream)
     allow(client).to receive(:current_database).and_return(current_database)
+    allow(client).to receive(:query_server_version_vars).and_return(server_version_vars)
     allow(::Rex::Proto::MySQL::Client).to receive(:connect).and_return(client)
   end
 
@@ -78,6 +80,14 @@
     it 'creates a new console' do
       expect(subject.console).to be_a(console_class)
     end
+
+    it 'gets the correct arch' do
+      expect(subject.arch).to eq('x86_64')
+    end
+
+    it 'gets the correct platform' do
+      expect(subject.platform).to eq('Linux')
+    end
   end
 
   describe '#bootstrap' do

diff --git a/spec/lib/rex/post/mysql/ui/console/command_dispatcher/core_spec.rb b/spec/lib/rex/post/mysql/ui/console/command_dispatcher/core_spec.rb
@@ -17,11 +17,13 @@
     console.disable_output = true
     console
   end
+  let(:server_version_vars) { { arch: 'x86_64', platform: 'Linux' } }
 
   before(:each) do
     allow(rstream).to receive(:peerinfo).and_return(peerinfo)
     allow(client).to receive(:current_database).and_return(current_database)
     allow(client).to receive(:socket).and_return(rstream)
+    allow(client).to receive(:query_server_version_vars).and_return(server_version_vars)
     allow(session).to receive(:console).and_return(console)
     allow(session).to receive(:name).and_return('test client name')
     allow(session).to receive(:sid).and_return('test client sid')