Module: Msf::Session

Includes:
Framework::Offspring
Included in:
Basic, Msf::Sessions::Custom, Msf::Sessions::Meterpreter, Msf::Sessions::Pingback, Msf::Sessions::VncInject
Defined in:
lib/msf/core/session.rb,
lib/msf/core/session/comm.rb,
lib/msf/core/session/basic.rb,
lib/msf/core/session/interactive.rb,
lib/msf/core/session/provider/multi_command_shell.rb,
lib/msf/core/session/provider/single_command_shell.rb,
lib/msf/core/session/provider/multi_command_execution.rb,
lib/msf/core/session/provider/single_command_execution.rb

Overview

The session class represents a post-exploitation, uh, session. Sessions can be written to, read from, and interacted with. The underlying medium on which they are backed is arbitrary. For instance, when an exploit is provided with a command shell, either through a network connection or locally, the session’s read and write operations end up reading from and writing to the shell that was spawned. The session object can be seen as a general means of interacting with various post-exploitation payloads through a common interface that is not necessarily tied to a network connection.

Defined Under Namespace

Modules: Basic, Comm, Interactive, Provider

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#aliveObject

Returns the value of attribute alive.



291
292
293
# File 'lib/msf/core/session.rb', line 291

def alive
  @alive
end

#db_recordObject

This session’s associated database record



360
361
362
# File 'lib/msf/core/session.rb', line 360

def db_record
  @db_record
end

#exploitObject

The actual exploit module instance that created this session



348
349
350
# File 'lib/msf/core/session.rb', line 348

def exploit
  @exploit
end

#exploit_datastoreObject

The datastore of the exploit that created this session



320
321
322
# File 'lib/msf/core/session.rb', line 320

def exploit_datastore
  @exploit_datastore
end

#exploit_taskObject

The task that ran the exploit that got the session (that swallowed the fly)



324
325
326
# File 'lib/msf/core/session.rb', line 324

def exploit_task
  @exploit_task
end

#exploit_uuidObject

The unique identifier of exploit that created this session



336
337
338
# File 'lib/msf/core/session.rb', line 336

def exploit_uuid
  @exploit_uuid
end

#frameworkObject

The framework instance that created this session.



296
297
298
# File 'lib/msf/core/session.rb', line 296

def framework
  @framework
end

#infoObject

The specific identified session info



328
329
330
# File 'lib/msf/core/session.rb', line 328

def info
  @info
end

#machine_idObject

The unique machine identifier for the host that created this session



344
345
346
# File 'lib/msf/core/session.rb', line 344

def machine_id
  @machine_id
end

#payload_uuidObject

The unique identifier of the payload that created this session



340
341
342
# File 'lib/msf/core/session.rb', line 340

def payload_uuid
  @payload_uuid
end

#routesObject

An array of routes associated with this session



356
357
358
# File 'lib/msf/core/session.rb', line 356

def routes
  @routes
end

#sidObject

The session unique identifier.



300
301
302
# File 'lib/msf/core/session.rb', line 300

def sid
  @sid
end

#snameObject

The session name.



304
305
306
# File 'lib/msf/core/session.rb', line 304

def sname
  @sname
end

#target_hostObject

The original target host address



312
313
314
# File 'lib/msf/core/session.rb', line 312

def target_host
  @target_host
end

#target_portObject

The original target port if applicable



316
317
318
# File 'lib/msf/core/session.rb', line 316

def target_port
  @target_port
end

#usernameObject

The associated username



352
353
354
# File 'lib/msf/core/session.rb', line 352

def username
  @username
end

#uuidObject

The unique identifier of this session



332
333
334
# File 'lib/msf/core/session.rb', line 332

def uuid
  @uuid
end

#viaObject (protected)

:nodoc:



363
364
365
# File 'lib/msf/core/session.rb', line 363

def via
  @via
end

#workspaceObject

The associated workspace name



308
309
310
# File 'lib/msf/core/session.rb', line 308

def workspace
  @workspace
end

Class Method Details

.typeObject

Direct descendants Provider interfaces



36
37
38
# File 'lib/msf/core/session.rb', line 36

def self.type
  "unknown"
end

Instance Method Details

#alive?Boolean

Returns:

  • (Boolean)


272
273
274
# File 'lib/msf/core/session.rb', line 272

def alive?
  (self.alive)
end

#cleanupObject

Perform session-specific cleanup.

NOTE: session classes overriding this method must call super! Also must tolerate being called multiple times.



236
237
238
239
240
241
242
243
244
# File 'lib/msf/core/session.rb', line 236

def cleanup
  if db_record and framework.db.active
    ::ApplicationRecord.connection_pool.with_connection do
      framework.db.update_session(id: db_record.id, closed_at: Time.now.utc, close_reason: db_record.close_reason)
    rescue ActiveRecord::RecordNotFound
      nil  # this will fail if the workspace was deleted before the session was closed, see #18561
    end
  end
end

#comm_channelObject



86
87
# File 'lib/msf/core/session.rb', line 86

def comm_channel
end

#dead?Boolean

Returns:

  • (Boolean)


268
269
270
# File 'lib/msf/core/session.rb', line 268

def dead?
  (not self.alive)
end

#descObject

Returns the description of the session.



65
66
# File 'lib/msf/core/session.rb', line 65

def desc
end

#initializeObject



27
28
29
30
31
32
# File 'lib/msf/core/session.rb', line 27

def initialize
  self.alive = true
  self.uuid  = Rex::Text.rand_text_alphanumeric(8).downcase
  @routes = RouteArray.new(self)
  #self.routes = []
end

#inspectObject

Brief and to the point



58
59
60
# File 'lib/msf/core/session.rb', line 58

def inspect
  "#<Session:#{self.type} #{self.tunnel_peer} (#{self.session_host}) #{self.info ? "\"#{self.info.to_s}\"" : nil}>"  # " Fixes highlighting
end

#interactive?Boolean

By default, sessions are not interactive.

Returns:

  • (Boolean)


249
250
251
# File 'lib/msf/core/session.rb', line 249

def interactive?
  false
end

#killObject

Allow the user to terminate this session



264
265
266
# File 'lib/msf/core/session.rb', line 264

def kill
  framework.sessions.deregister(self) if register?
end

#log_file_nameObject

Returns the suggested name of the log file for this session.



155
156
157
158
159
160
161
162
163
# File 'lib/msf/core/session.rb', line 155

def log_file_name
  dt = Time.now

  dstr  = sprintf("%.4d%.2d%.2d", dt.year, dt.mon, dt.mday)
  rhost = session_host.gsub(':', '_')
  sname = name.to_s.gsub(/\W+/,'_')

  "#{dstr}_#{sname}_#{rhost}_#{type}"
end

#log_sourceObject

Returns the log source that should be used for this session.



168
169
170
# File 'lib/msf/core/session.rb', line 168

def log_source
  "session_#{name}"
end

#nameObject

Returns the session’s name if it’s been assigned one, otherwise the sid is returned.



44
45
46
# File 'lib/msf/core/session.rb', line 44

def name
  return sname || sid
end

#name=(name) ⇒ Object

Sets the session’s name.



51
52
53
# File 'lib/msf/core/session.rb', line 51

def name=(name)
  self.sname = name
end

#register?Boolean

Allow the session to skip registration

Returns:

  • (Boolean)


257
258
259
# File 'lib/msf/core/session.rb', line 257

def register?
  true
end

#session_hostObject

Returns the host associated with the session



92
93
94
95
96
97
98
99
100
101
102
103
104
105
# File 'lib/msf/core/session.rb', line 92

def session_host
  # Prefer the overridden session host or target_host
  host = @session_host || self.target_host
  return host if host

  # Fallback to the tunnel_peer (contains port)
  peer = self.tunnel_peer
  return if not peer

  # Pop off the trailing port number
  bits = peer.split(':')
  bits.pop
  bits.join(':')
end

#session_host=(v) ⇒ Object

Override the host associated with this session



110
111
112
# File 'lib/msf/core/session.rb', line 110

def session_host=(v)
  @session_host = v
end

#session_portObject

Returns the port associated with the session



117
118
119
120
121
122
123
124
125
126
127
128
# File 'lib/msf/core/session.rb', line 117

def session_port
  port = @session_port || self.target_port
  return port if port
  # Fallback to the tunnel_peer (contains port)
  peer = self.tunnel_peer
  return if not peer

  # Pop off the trailing port number
  bits = peer.split(':')
  port = bits.pop
  port.to_i
end

#session_port=(v) ⇒ Object

Override the host associated with this session



133
134
135
# File 'lib/msf/core/session.rb', line 133

def session_port=(v)
  @session_port = v
end

#session_typeObject

Get an arch/platform combination



279
280
281
282
283
284
285
286
287
288
# File 'lib/msf/core/session.rb', line 279

def session_type
  # avoid unnecessary slash separator
  if !self.arch.nil? && !self.arch.empty? && !self.platform.nil? && !self.platform.empty?
    separator =  '/'
  else
    separator = ''
  end

  "#{self.arch}#{separator}#{self.platform}"
end

#set_from_exploit(m) ⇒ Object

Configures via_payload, via_payload, workspace, target_host from an exploit instance. Store references from and to the exploit module.



189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# File 'lib/msf/core/session.rb', line 189

def set_from_exploit(m)
  target_host = nil
  unless m.target_host.blank?
    # only propagate the target_host value if it's exactly 1 host
    if (rw = Rex::Socket::RangeWalker.new(m.target_host)).length == 1
      target_host = rw.next_ip
    end
  end

  self.via = { 'Exploit' => m.fullname }
  self.via['Payload'] = ('payload/' + m.datastore['PAYLOAD'].to_s) if m.datastore['PAYLOAD']
  self.target_host = target_host
  self.target_port = m.target_port if (m.target_port.to_i != 0)
  self.workspace   = m.workspace
  self.username    = m.owner
  self.exploit_datastore = m.datastore
  self.user_input = m.user_input if m.user_input
  self.user_output = m.user_output if m.user_output
  self.exploit_uuid = m.uuid
  self.exploit = m
  if m[:task]
    self.exploit_task = m[:task]
  end
end

#set_via(opts) ⇒ Object

Sets the vector through which this session was realized.



181
182
183
# File 'lib/msf/core/session.rb', line 181

def set_via(opts)
  self.via = opts || {}
end

#tunnel_localObject

Returns the local side of the tunnel.



77
78
# File 'lib/msf/core/session.rb', line 77

def tunnel_local
end

#tunnel_peerObject

Returns the peer side of the tunnel.



83
84
# File 'lib/msf/core/session.rb', line 83

def tunnel_peer
end

#tunnel_to_sObject

Returns a pretty representation of the tunnel.



140
141
142
143
144
# File 'lib/msf/core/session.rb', line 140

def tunnel_to_s
  tunnel_str = "#{tunnel_local || '??'} -> #{tunnel_peer || '??'}"
  tunnel_str << " #{comm_channel}" if comm_channel
  tunnel_str
end

#typeObject

Returns the type of session in use.



71
72
# File 'lib/msf/core/session.rb', line 71

def type
end

#via_exploitObject

Returns the exploit module name through which this session was created.



218
219
220
# File 'lib/msf/core/session.rb', line 218

def via_exploit
  self.via['Exploit'] if (self.via)
end

#via_payloadObject

Returns the payload module name through which this session was created.



226
227
228
# File 'lib/msf/core/session.rb', line 226

def via_payload
  self.via['Payload'] if (self.via)
end