Sys get ip (#228)

spellshift · Jul 22, 2023 · 098afd7 · 098afd7
1 parent 324b363
commit 098afd7
Show file tree

Hide file tree

Showing 6 changed files with 113 additions and 1 deletion.
diff --git a/docs/_docs/user-guide/eldritch.md b/docs/_docs/user-guide/eldritch.md
@@ -306,6 +306,30 @@ sys.execute("/bin/bash",["-c", "ls /nofile"])
 }
 ```
 
+### sys.get_ip
+`sys.get_ip() -> List<Dict>`
+
+The <b>sys.get_ip</b> method returns a list of network interfaces as a dictionary. An example is available below:
+
+```JSON
+[
+    {
+        "name": "eth0",
+        "ips": [
+            "172.17.0.2"
+        ],
+        "mac": "02:42:ac:11:00:02"
+    },
+    {
+        "name": "lo",
+        "ips": [
+            "127.0.0.1"
+        ],
+        "mac": "00:00:00:00:00:00"
+    }
+]
+```
+
 ### sys.is_linux
 `sys.is_linux() -> bool`
 

diff --git a/implants/Cargo.toml b/implants/Cargo.toml
@@ -25,6 +25,7 @@ graphql_client = "0.12.0"
 httptest = "0.15.4"
 itertools = "0.10"
 lsp-types = "0.93.0"
+network-interface = "1.0.1"
 nix = "0.26.1"
 openssl = "0.10"
 predicates = "2.1"

diff --git a/implants/lib/eldritch/Cargo.toml b/implants/lib/eldritch/Cargo.toml
@@ -12,6 +12,7 @@ derive_more = { workspace = true }
 eval = { workspace = true }
 flate2 = { workspace = true }
 gazebo = { workspace = true }
+network-interface = { workspace = true }
 nix = { workspace = true }
 regex = { workspace = true }
 reqwest = { workspace = true , features = ["blocking", "stream"] }

diff --git a/implants/lib/eldritch/src/lib.rs b/implants/lib/eldritch/src/lib.rs
@@ -172,7 +172,7 @@ mod tests {
             r#"
 dir(file) == ["append", "compress", "copy", "download", "exists", "hash", "is_dir", "is_file", "mkdir", "read", "remove", "rename", "replace", "replace_all", "template", "timestomp", "write"]
 dir(process) == ["kill", "list", "name"]
-dir(sys) == ["dll_inject", "exec", "is_linux", "is_macos", "is_windows", "shell"]
+dir(sys) == ["dll_inject", "exec", "get_ip", "is_linux", "is_macos", "is_windows", "shell"]
 dir(pivot) == ["arp_scan", "bind_proxy", "ncat", "port_forward", "port_scan", "smb_exec", "ssh_exec", "ssh_password_spray"]
 dir(assets) == ["copy","list"]
 "#,

diff --git a/implants/lib/eldritch/src/sys.rs b/implants/lib/eldritch/src/sys.rs
@@ -1,4 +1,5 @@
 mod exec_impl;
+mod get_ip_impl;
 mod is_linux_impl;
 mod is_windows_impl;
 mod is_macos_impl;
@@ -65,6 +66,10 @@ fn methods(builder: &mut MethodsBuilder) {
         if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
         dll_inject_impl::dll_inject(dll_path, pid)
     }
+    fn get_ip<'v>(this: SysLibrary, starlark_heap: &'v Heap) -> anyhow::Result<Vec<Dict<'v>>> {
+        if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
+        get_ip_impl::get_ip(starlark_heap)
+    }
     fn is_linux(this: SysLibrary) -> anyhow::Result<bool> {
         if false { println!("Ignore unused this var. _this isn't allowed by starlark. {:?}", this); }
         is_linux_impl::is_linux()

diff --git a/implants/lib/eldritch/src/sys/get_ip_impl.rs b/implants/lib/eldritch/src/sys/get_ip_impl.rs
@@ -0,0 +1,81 @@
+use anyhow::Result;
+use network_interface::{NetworkInterfaceConfig, NetworkInterface};
+use starlark::{values::{dict::Dict, Heap, Value}, collections::SmallMap, const_frozen_string};
+
+const UNKNOWN: &str = "UNKNOWN";
+
+#[derive(Debug)]
+struct NetInterface {
+    name: String,
+    ips: Vec<std::net::IpAddr>, //IPv6 and IPv4 Addresses on the itnerface
+    mac: String,
+}
+
+fn handle_get_ip() -> Result<Vec<NetInterface>> {
+    let mut res = Vec::new();
+    for network_interface in NetworkInterface::show()? {
+
+        let mac_addr = match network_interface.mac_addr {
+            Some(local_mac) => local_mac,
+            None => UNKNOWN.to_string(),
+        };
+
+        let mut ips: Vec<std::net::IpAddr> = Vec::new();
+        for ip in network_interface.addr {
+            ips.push(ip.ip());
+        }
+
+        res.push(NetInterface{
+            name: network_interface.name,
+            ips: ips,
+            mac: mac_addr,
+        });
+    }
+    Ok(res)
+}
+
+fn create_dict_from_interface(starlark_heap: &Heap, interface: NetInterface) -> Result<Dict>{
+    let res: SmallMap<Value, Value> = SmallMap::new();
+    let mut tmp_res = Dict::new(res);
+
+    let tmp_value1 = starlark_heap.alloc_str(&interface.name);
+    tmp_res.insert_hashed(const_frozen_string!("name").to_value().get_hashed().unwrap(), tmp_value1.to_value());
+
+    let mut tmp_value2_arr = Vec::<Value>::new();
+    for ip in interface.ips {
+        tmp_value2_arr.push(starlark_heap.alloc_str(&ip.to_string()).to_value());
+    }
+    let tmp_value2 = starlark_heap.alloc(tmp_value2_arr);
+    tmp_res.insert_hashed(const_frozen_string!("ips").to_value().get_hashed().unwrap(), tmp_value2);
+
+    let tmp_value3 = starlark_heap.alloc_str(&interface.mac);
+    tmp_res.insert_hashed(const_frozen_string!("mac").to_value().get_hashed().unwrap(), tmp_value3.to_value());
+
+
+    Ok(tmp_res)
+}
+
+
+pub fn get_ip(starlark_heap: &Heap) -> Result<Vec<Dict>> {
+    let mut final_res: Vec<Dict> = Vec::new();
+    for network_interface in handle_get_ip()? {
+        let tmp_res = create_dict_from_interface(starlark_heap, network_interface)?;
+        final_res.push(tmp_res);
+    }
+    Ok(final_res)
+}
+
+#[cfg(test)]
+mod tests {
+    use std::net::{Ipv4Addr, IpAddr};
+
+    use super::*;
+
+    #[test]
+    fn test_sys_get_ip() {
+        let starlark_heap = Heap::new();
+        let res = get_ip(&starlark_heap).unwrap();
+        println!("{:?}", res);
+        assert!(format!("{:?}", res).contains("127.0.0.1"));
+    }
+}