Module: Msf::Session

Includes:
Framework::Offspring
Included in:
Basic, Msf::Sessions::Custom, Msf::Sessions::Meterpreter, Msf::Sessions::Pingback, Msf::Sessions::VncInject
Defined in:
lib/msf/core/session.rb,
lib/msf/core/session/comm.rb,
lib/msf/core/session/basic.rb,
lib/msf/core/session/interactive.rb,
lib/msf/core/session/provider/multi_command_shell.rb,
lib/msf/core/session/provider/single_command_shell.rb,
lib/msf/core/session/provider/multi_command_execution.rb,
lib/msf/core/session/provider/single_command_execution.rb

Overview

The session class represents a post-exploitation, uh, session. Sessions can be written to, read from, and interacted with. The underlying medium on which they are backed is arbitrary. For instance, when an exploit is provided with a command shell, either through a network connection or locally, the session’s read and write operations end up reading from and writing to the shell that was spawned. The session object can be seen as a general means of interacting with various post-exploitation payloads through a common interface that is not necessarily tied to a network connection.

Defined Under Namespace

Modules: Basic, Comm, Interactive, Provider

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#aliveObject

Returns the value of attribute alive.



283
284
285
# File 'lib/msf/core/session.rb', line 283

def alive
  @alive
end

#db_recordObject

This session’s associated database record



352
353
354
# File 'lib/msf/core/session.rb', line 352

def db_record
  @db_record
end

#exploitObject

The actual exploit module instance that created this session



340
341
342
# File 'lib/msf/core/session.rb', line 340

def exploit
  @exploit
end

#exploit_datastoreObject

The datastore of the exploit that created this session



312
313
314
# File 'lib/msf/core/session.rb', line 312

def exploit_datastore
  @exploit_datastore
end

#exploit_taskObject

The task that ran the exploit that got the session (that swallowed the fly)



316
317
318
# File 'lib/msf/core/session.rb', line 316

def exploit_task
  @exploit_task
end

#exploit_uuidObject

The unique identifier of exploit that created this session



328
329
330
# File 'lib/msf/core/session.rb', line 328

def exploit_uuid
  @exploit_uuid
end

#frameworkObject

The framework instance that created this session.



288
289
290
# File 'lib/msf/core/session.rb', line 288

def framework
  @framework
end

#infoObject

The specific identified session info



320
321
322
# File 'lib/msf/core/session.rb', line 320

def info
  @info
end

#machine_idObject

The unique machine identifier for the host that created this session



336
337
338
# File 'lib/msf/core/session.rb', line 336

def machine_id
  @machine_id
end

#payload_uuidObject

The unique identifier of the payload that created this session



332
333
334
# File 'lib/msf/core/session.rb', line 332

def payload_uuid
  @payload_uuid
end

#routesObject

An array of routes associated with this session



348
349
350
# File 'lib/msf/core/session.rb', line 348

def routes
  @routes
end

#sidObject

The session unique identifier.



292
293
294
# File 'lib/msf/core/session.rb', line 292

def sid
  @sid
end

#snameObject

The session name.



296
297
298
# File 'lib/msf/core/session.rb', line 296

def sname
  @sname
end

#target_hostObject

The original target host address



304
305
306
# File 'lib/msf/core/session.rb', line 304

def target_host
  @target_host
end

#target_portObject

The original target port if applicable



308
309
310
# File 'lib/msf/core/session.rb', line 308

def target_port
  @target_port
end

#usernameObject

The associated username



344
345
346
# File 'lib/msf/core/session.rb', line 344

def username
  @username
end

#uuidObject

The unique identifier of this session



324
325
326
# File 'lib/msf/core/session.rb', line 324

def uuid
  @uuid
end

#viaObject (protected)

:nodoc:



355
356
357
# File 'lib/msf/core/session.rb', line 355

def via
  @via
end

#workspaceObject

The associated workspace name



300
301
302
# File 'lib/msf/core/session.rb', line 300

def workspace
  @workspace
end

Class Method Details

.typeObject

Direct descendants Provider interfaces



36
37
38
# File 'lib/msf/core/session.rb', line 36

def self.type
  "unknown"
end

Instance Method Details

#alive?Boolean

Returns:

  • (Boolean)


264
265
266
# File 'lib/msf/core/session.rb', line 264

def alive?
  (self.alive)
end

#cleanupObject

Perform session-specific cleanup.

NOTE: session classes overriding this method must call super! Also must tolerate being called multiple times.



228
229
230
231
232
233
234
235
236
# File 'lib/msf/core/session.rb', line 228

def cleanup
  if db_record and framework.db.active
    ::ApplicationRecord.connection_pool.with_connection do
      framework.db.update_session(id: db_record.id, closed_at: Time.now.utc, close_reason: db_record.close_reason)
    rescue ActiveRecord::RecordNotFound
      nil  # this will fail if the workspace was deleted before the session was closed, see #18561
    end
  end
end

#comm_channelObject



86
87
# File 'lib/msf/core/session.rb', line 86

def comm_channel
end

#dead?Boolean

Returns:

  • (Boolean)


260
261
262
# File 'lib/msf/core/session.rb', line 260

def dead?
  (not self.alive)
end

#descObject

Returns the description of the session.



65
66
# File 'lib/msf/core/session.rb', line 65

def desc
end

#initializeObject



27
28
29
30
31
32
# File 'lib/msf/core/session.rb', line 27

def initialize
  self.alive = true
  self.uuid  = Rex::Text.rand_text_alphanumeric(8).downcase
  @routes = RouteArray.new(self)
  #self.routes = []
end

#inspectObject

Brief and to the point



58
59
60
# File 'lib/msf/core/session.rb', line 58

def inspect
  "#<Session:#{self.type} #{self.tunnel_peer} (#{self.session_host}) #{self.info ? "\"#{self.info.to_s}\"" : nil}>"  # " Fixes highlighting
end

#interactive?Boolean

By default, sessions are not interactive.

Returns:

  • (Boolean)


241
242
243
# File 'lib/msf/core/session.rb', line 241

def interactive?
  false
end

#killObject

Allow the user to terminate this session



256
257
258
# File 'lib/msf/core/session.rb', line 256

def kill
  framework.sessions.deregister(self) if register?
end

#log_file_nameObject

Returns the suggested name of the log file for this session.



155
156
157
158
159
160
161
162
163
# File 'lib/msf/core/session.rb', line 155

def log_file_name
  dt = Time.now

  dstr  = sprintf("%.4d%.2d%.2d", dt.year, dt.mon, dt.mday)
  rhost = session_host.gsub(':', '_')
  sname = name.to_s.gsub(/\W+/,'_')

  "#{dstr}_#{sname}_#{rhost}_#{type}"
end

#log_sourceObject

Returns the log source that should be used for this session.



168
169
170
# File 'lib/msf/core/session.rb', line 168

def log_source
  "session_#{name}"
end

#nameObject

Returns the session’s name if it’s been assigned one, otherwise the sid is returned.



44
45
46
# File 'lib/msf/core/session.rb', line 44

def name
  return sname || sid
end

#name=(name) ⇒ Object

Sets the session’s name.



51
52
53
# File 'lib/msf/core/session.rb', line 51

def name=(name)
  self.sname = name
end

#register?Boolean

Allow the session to skip registration

Returns:

  • (Boolean)


249
250
251
# File 'lib/msf/core/session.rb', line 249

def register?
  true
end

#session_hostObject

Returns the host associated with the session



92
93
94
95
96
97
98
99
100
101
102
103
104
105
# File 'lib/msf/core/session.rb', line 92

def session_host
  # Prefer the overridden session host or target_host
  host = @session_host || self.target_host
  return host if host

  # Fallback to the tunnel_peer (contains port)
  peer = self.tunnel_peer
  return if not peer

  # Pop off the trailing port number
  bits = peer.split(':')
  bits.pop
  bits.join(':')
end

#session_host=(v) ⇒ Object

Override the host associated with this session



110
111
112
# File 'lib/msf/core/session.rb', line 110

def session_host=(v)
  @session_host = v
end

#session_portObject

Returns the port associated with the session



117
118
119
120
121
122
123
124
125
126
127
128
# File 'lib/msf/core/session.rb', line 117

def session_port
  port = @session_port || self.target_port
  return port if port
  # Fallback to the tunnel_peer (contains port)
  peer = self.tunnel_peer
  return if not peer

  # Pop off the trailing port number
  bits = peer.split(':')
  port = bits.pop
  port.to_i
end

#session_port=(v) ⇒ Object

Override the host associated with this session



133
134
135
# File 'lib/msf/core/session.rb', line 133

def session_port=(v)
  @session_port = v
end

#session_typeObject

Get an arch/platform combination



271
272
273
274
275
276
277
278
279
280
# File 'lib/msf/core/session.rb', line 271

def session_type
  # avoid unnecessary slash separator
  if !self.arch.nil? && !self.arch.empty? && !self.platform.nil? && !self.platform.empty?
    separator =  '/'
  else
    separator = ''
  end

  "#{self.arch}#{separator}#{self.platform}"
end

#set_from_exploit(m) ⇒ Object

Configures via_payload, via_payload, workspace, target_host from an exploit instance. Store references from and to the exploit module.



189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
# File 'lib/msf/core/session.rb', line 189

def set_from_exploit(m)
  self.via = { 'Exploit' => m.fullname }
  self.via['Payload'] = ('payload/' + m.datastore['PAYLOAD'].to_s) if m.datastore['PAYLOAD']
  self.target_host = Rex::Socket.getaddress(m.target_host) if (m.target_host.to_s.strip.length > 0)
  self.target_port = m.target_port if (m.target_port.to_i != 0)
  self.workspace   = m.workspace
  self.username    = m.owner
  self.exploit_datastore = m.datastore
  self.user_input = m.user_input if m.user_input
  self.user_output = m.user_output if m.user_output
  self.exploit_uuid = m.uuid
  self.exploit = m
  if m[:task]
    self.exploit_task = m[:task]
  end
end

#set_via(opts) ⇒ Object

Sets the vector through which this session was realized.



181
182
183
# File 'lib/msf/core/session.rb', line 181

def set_via(opts)
  self.via = opts || {}
end

#tunnel_localObject

Returns the local side of the tunnel.



77
78
# File 'lib/msf/core/session.rb', line 77

def tunnel_local
end

#tunnel_peerObject

Returns the peer side of the tunnel.



83
84
# File 'lib/msf/core/session.rb', line 83

def tunnel_peer
end

#tunnel_to_sObject

Returns a pretty representation of the tunnel.



140
141
142
143
144
# File 'lib/msf/core/session.rb', line 140

def tunnel_to_s
  tunnel_str = "#{tunnel_local || '??'} -> #{tunnel_peer || '??'}"
  tunnel_str << " #{comm_channel}" if comm_channel
  tunnel_str
end

#typeObject

Returns the type of session in use.



71
72
# File 'lib/msf/core/session.rb', line 71

def type
end

#via_exploitObject

Returns the exploit module name through which this session was created.



210
211
212
# File 'lib/msf/core/session.rb', line 210

def via_exploit
  self.via['Exploit'] if (self.via)
end

#via_payloadObject

Returns the payload module name through which this session was created.



218
219
220
# File 'lib/msf/core/session.rb', line 218

def via_payload
  self.via['Payload'] if (self.via)
end