Module: Msf::Session
- Includes:
- Framework::Offspring
- Included in:
- Basic, Msf::Sessions::Custom, Msf::Sessions::Meterpreter, Msf::Sessions::Pingback, Msf::Sessions::VncInject
- Defined in:
- lib/msf/core/session.rb,
lib/msf/core/session/comm.rb,
lib/msf/core/session/basic.rb,
lib/msf/core/session/interactive.rb,
lib/msf/core/session/provider/multi_command_shell.rb,
lib/msf/core/session/provider/single_command_shell.rb,
lib/msf/core/session/provider/multi_command_execution.rb,
lib/msf/core/session/provider/single_command_execution.rb
Overview
The session class represents a post-exploitation, uh, session. Sessions can be written to, read from, and interacted with. The underlying medium on which they are backed is arbitrary. For instance, when an exploit is provided with a command shell, either through a network connection or locally, the session’s read and write operations end up reading from and writing to the shell that was spawned. The session object can be seen as a general means of interacting with various post-exploitation payloads through a common interface that is not necessarily tied to a network connection.
Defined Under Namespace
Modules: Basic, Comm, Interactive, Provider
Instance Attribute Summary collapse
-
#alive ⇒ Object
Returns the value of attribute alive.
-
#db_record ⇒ Object
This session’s associated database record.
-
#exploit ⇒ Object
The actual exploit module instance that created this session.
-
#exploit_datastore ⇒ Object
The datastore of the exploit that created this session.
-
#exploit_task ⇒ Object
The task that ran the exploit that got the session (that swallowed the fly).
-
#exploit_uuid ⇒ Object
The unique identifier of exploit that created this session.
-
#framework ⇒ Object
The framework instance that created this session.
-
#info ⇒ Object
The specific identified session info.
-
#machine_id ⇒ Object
The unique machine identifier for the host that created this session.
-
#payload_uuid ⇒ Object
The unique identifier of the payload that created this session.
-
#routes ⇒ Object
An array of routes associated with this session.
-
#sid ⇒ Object
The session unique identifier.
-
#sname ⇒ Object
The session name.
-
#target_host ⇒ Object
The original target host address.
-
#target_port ⇒ Object
The original target port if applicable.
-
#username ⇒ Object
The associated username.
-
#uuid ⇒ Object
The unique identifier of this session.
-
#via ⇒ Object
protected
:nodoc:.
-
#workspace ⇒ Object
The associated workspace name.
Class Method Summary collapse
-
.type ⇒ Object
Direct descendants Provider interfaces.
Instance Method Summary collapse
- #alive? ⇒ Boolean
-
#cleanup ⇒ Object
Perform session-specific cleanup.
- #comm_channel ⇒ Object
- #dead? ⇒ Boolean
-
#desc ⇒ Object
Returns the description of the session.
- #initialize ⇒ Object
-
#inspect ⇒ Object
Brief and to the point.
-
#interactive? ⇒ Boolean
By default, sessions are not interactive.
-
#kill ⇒ Object
Allow the user to terminate this session.
-
#log_file_name ⇒ Object
Returns the suggested name of the log file for this session.
-
#log_source ⇒ Object
Returns the log source that should be used for this session.
-
#name ⇒ Object
Returns the session’s name if it’s been assigned one, otherwise the sid is returned.
-
#name=(name) ⇒ Object
Sets the session’s name.
-
#register? ⇒ Boolean
Allow the session to skip registration.
-
#session_host ⇒ Object
Returns the host associated with the session.
-
#session_host=(v) ⇒ Object
Override the host associated with this session.
-
#session_port ⇒ Object
Returns the port associated with the session.
-
#session_port=(v) ⇒ Object
Override the host associated with this session.
-
#session_type ⇒ Object
Get an arch/platform combination.
-
#set_from_exploit(m) ⇒ Object
Configures via_payload, via_payload, workspace, target_host from an exploit instance.
-
#set_via(opts) ⇒ Object
Sets the vector through which this session was realized.
-
#tunnel_local ⇒ Object
Returns the local side of the tunnel.
-
#tunnel_peer ⇒ Object
Returns the peer side of the tunnel.
-
#tunnel_to_s ⇒ Object
Returns a pretty representation of the tunnel.
-
#type ⇒ Object
Returns the type of session in use.
-
#via_exploit ⇒ Object
Returns the exploit module name through which this session was created.
-
#via_payload ⇒ Object
Returns the payload module name through which this session was created.
Instance Attribute Details
#alive ⇒ Object
Returns the value of attribute alive.
291 292 293 |
# File 'lib/msf/core/session.rb', line 291 def alive @alive end |
#db_record ⇒ Object
This session’s associated database record
360 361 362 |
# File 'lib/msf/core/session.rb', line 360 def db_record @db_record end |
#exploit ⇒ Object
The actual exploit module instance that created this session
348 349 350 |
# File 'lib/msf/core/session.rb', line 348 def exploit @exploit end |
#exploit_datastore ⇒ Object
The datastore of the exploit that created this session
320 321 322 |
# File 'lib/msf/core/session.rb', line 320 def exploit_datastore @exploit_datastore end |
#exploit_task ⇒ Object
The task that ran the exploit that got the session (that swallowed the fly)
324 325 326 |
# File 'lib/msf/core/session.rb', line 324 def exploit_task @exploit_task end |
#exploit_uuid ⇒ Object
The unique identifier of exploit that created this session
336 337 338 |
# File 'lib/msf/core/session.rb', line 336 def exploit_uuid @exploit_uuid end |
#framework ⇒ Object
The framework instance that created this session.
296 297 298 |
# File 'lib/msf/core/session.rb', line 296 def framework @framework end |
#info ⇒ Object
The specific identified session info
328 329 330 |
# File 'lib/msf/core/session.rb', line 328 def info @info end |
#machine_id ⇒ Object
The unique machine identifier for the host that created this session
344 345 346 |
# File 'lib/msf/core/session.rb', line 344 def machine_id @machine_id end |
#payload_uuid ⇒ Object
The unique identifier of the payload that created this session
340 341 342 |
# File 'lib/msf/core/session.rb', line 340 def payload_uuid @payload_uuid end |
#routes ⇒ Object
An array of routes associated with this session
356 357 358 |
# File 'lib/msf/core/session.rb', line 356 def routes @routes end |
#sid ⇒ Object
The session unique identifier.
300 301 302 |
# File 'lib/msf/core/session.rb', line 300 def sid @sid end |
#sname ⇒ Object
The session name.
304 305 306 |
# File 'lib/msf/core/session.rb', line 304 def sname @sname end |
#target_host ⇒ Object
The original target host address
312 313 314 |
# File 'lib/msf/core/session.rb', line 312 def target_host @target_host end |
#target_port ⇒ Object
The original target port if applicable
316 317 318 |
# File 'lib/msf/core/session.rb', line 316 def target_port @target_port end |
#username ⇒ Object
The associated username
352 353 354 |
# File 'lib/msf/core/session.rb', line 352 def username @username end |
#uuid ⇒ Object
The unique identifier of this session
332 333 334 |
# File 'lib/msf/core/session.rb', line 332 def uuid @uuid end |
#via ⇒ Object (protected)
:nodoc:
363 364 365 |
# File 'lib/msf/core/session.rb', line 363 def via @via end |
#workspace ⇒ Object
The associated workspace name
308 309 310 |
# File 'lib/msf/core/session.rb', line 308 def workspace @workspace end |
Class Method Details
.type ⇒ Object
Direct descendants Provider interfaces
36 37 38 |
# File 'lib/msf/core/session.rb', line 36 def self.type "unknown" end |
Instance Method Details
#alive? ⇒ Boolean
272 273 274 |
# File 'lib/msf/core/session.rb', line 272 def alive? (self.alive) end |
#cleanup ⇒ Object
Perform session-specific cleanup.
NOTE: session classes overriding this method must call super! Also must tolerate being called multiple times.
236 237 238 239 240 241 242 243 244 |
# File 'lib/msf/core/session.rb', line 236 def cleanup if db_record and framework.db.active ::ApplicationRecord.connection_pool.with_connection do framework.db.update_session(id: db_record.id, closed_at: Time.now.utc, close_reason: db_record.close_reason) rescue ActiveRecord::RecordNotFound nil # this will fail if the workspace was deleted before the session was closed, see #18561 end end end |
#comm_channel ⇒ Object
86 87 |
# File 'lib/msf/core/session.rb', line 86 def comm_channel end |
#dead? ⇒ Boolean
268 269 270 |
# File 'lib/msf/core/session.rb', line 268 def dead? (not self.alive) end |
#desc ⇒ Object
Returns the description of the session.
65 66 |
# File 'lib/msf/core/session.rb', line 65 def desc end |
#initialize ⇒ Object
27 28 29 30 31 32 |
# File 'lib/msf/core/session.rb', line 27 def initialize self.alive = true self.uuid = Rex::Text.rand_text_alphanumeric(8).downcase @routes = RouteArray.new(self) #self.routes = [] end |
#inspect ⇒ Object
Brief and to the point
58 59 60 |
# File 'lib/msf/core/session.rb', line 58 def inspect "#<Session:#{self.type} #{self.tunnel_peer} (#{self.session_host}) #{self.info ? "\"#{self.info.to_s}\"" : nil}>" # " Fixes highlighting end |
#interactive? ⇒ Boolean
By default, sessions are not interactive.
249 250 251 |
# File 'lib/msf/core/session.rb', line 249 def interactive? false end |
#kill ⇒ Object
Allow the user to terminate this session
264 265 266 |
# File 'lib/msf/core/session.rb', line 264 def kill framework.sessions.deregister(self) if register? end |
#log_file_name ⇒ Object
Returns the suggested name of the log file for this session.
155 156 157 158 159 160 161 162 163 |
# File 'lib/msf/core/session.rb', line 155 def log_file_name dt = Time.now dstr = sprintf("%.4d%.2d%.2d", dt.year, dt.mon, dt.mday) rhost = session_host.gsub(':', '_') sname = name.to_s.gsub(/\W+/,'_') "#{dstr}_#{sname}_#{rhost}_#{type}" end |
#log_source ⇒ Object
Returns the log source that should be used for this session.
168 169 170 |
# File 'lib/msf/core/session.rb', line 168 def log_source "session_#{name}" end |
#name ⇒ Object
Returns the session’s name if it’s been assigned one, otherwise the sid is returned.
44 45 46 |
# File 'lib/msf/core/session.rb', line 44 def name return sname || sid end |
#name=(name) ⇒ Object
Sets the session’s name.
51 52 53 |
# File 'lib/msf/core/session.rb', line 51 def name=(name) self.sname = name end |
#register? ⇒ Boolean
Allow the session to skip registration
257 258 259 |
# File 'lib/msf/core/session.rb', line 257 def register? true end |
#session_host ⇒ Object
Returns the host associated with the session
92 93 94 95 96 97 98 99 100 101 102 103 104 105 |
# File 'lib/msf/core/session.rb', line 92 def session_host # Prefer the overridden session host or target_host host = @session_host || self.target_host return host if host # Fallback to the tunnel_peer (contains port) peer = self.tunnel_peer return if not peer # Pop off the trailing port number bits = peer.split(':') bits.pop bits.join(':') end |
#session_host=(v) ⇒ Object
Override the host associated with this session
110 111 112 |
# File 'lib/msf/core/session.rb', line 110 def session_host=(v) @session_host = v end |
#session_port ⇒ Object
Returns the port associated with the session
117 118 119 120 121 122 123 124 125 126 127 128 |
# File 'lib/msf/core/session.rb', line 117 def session_port port = @session_port || self.target_port return port if port # Fallback to the tunnel_peer (contains port) peer = self.tunnel_peer return if not peer # Pop off the trailing port number bits = peer.split(':') port = bits.pop port.to_i end |
#session_port=(v) ⇒ Object
Override the host associated with this session
133 134 135 |
# File 'lib/msf/core/session.rb', line 133 def session_port=(v) @session_port = v end |
#session_type ⇒ Object
Get an arch/platform combination
279 280 281 282 283 284 285 286 287 288 |
# File 'lib/msf/core/session.rb', line 279 def session_type # avoid unnecessary slash separator if !self.arch.nil? && !self.arch.empty? && !self.platform.nil? && !self.platform.empty? separator = '/' else separator = '' end "#{self.arch}#{separator}#{self.platform}" end |
#set_from_exploit(m) ⇒ Object
Configures via_payload, via_payload, workspace, target_host from an exploit instance. Store references from and to the exploit module.
189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 |
# File 'lib/msf/core/session.rb', line 189 def set_from_exploit(m) target_host = nil unless m.target_host.blank? # only propagate the target_host value if it's exactly 1 host if (rw = Rex::Socket::RangeWalker.new(m.target_host)).length == 1 target_host = rw.next_ip end end self.via = { 'Exploit' => m.fullname } self.via['Payload'] = ('payload/' + m.datastore['PAYLOAD'].to_s) if m.datastore['PAYLOAD'] self.target_host = target_host self.target_port = m.target_port if (m.target_port.to_i != 0) self.workspace = m.workspace self.username = m.owner self.exploit_datastore = m.datastore self.user_input = m.user_input if m.user_input self.user_output = m.user_output if m.user_output self.exploit_uuid = m.uuid self.exploit = m if m[:task] self.exploit_task = m[:task] end end |
#set_via(opts) ⇒ Object
Sets the vector through which this session was realized.
181 182 183 |
# File 'lib/msf/core/session.rb', line 181 def set_via(opts) self.via = opts || {} end |
#tunnel_local ⇒ Object
Returns the local side of the tunnel.
77 78 |
# File 'lib/msf/core/session.rb', line 77 def tunnel_local end |
#tunnel_peer ⇒ Object
Returns the peer side of the tunnel.
83 84 |
# File 'lib/msf/core/session.rb', line 83 def tunnel_peer end |
#tunnel_to_s ⇒ Object
Returns a pretty representation of the tunnel.
140 141 142 143 144 |
# File 'lib/msf/core/session.rb', line 140 def tunnel_to_s tunnel_str = "#{tunnel_local || '??'} -> #{tunnel_peer || '??'}" tunnel_str << " #{comm_channel}" if comm_channel tunnel_str end |
#type ⇒ Object
Returns the type of session in use.
71 72 |
# File 'lib/msf/core/session.rb', line 71 def type end |
#via_exploit ⇒ Object
Returns the exploit module name through which this session was created.
218 219 220 |
# File 'lib/msf/core/session.rb', line 218 def via_exploit self.via['Exploit'] if (self.via) end |
#via_payload ⇒ Object
Returns the payload module name through which this session was created.
226 227 228 |
# File 'lib/msf/core/session.rb', line 226 def via_payload self.via['Payload'] if (self.via) end |