Module: Msf::Session
- Includes:
- Framework::Offspring
- Included in:
- Basic, Msf::Sessions::Custom, Msf::Sessions::Meterpreter, Msf::Sessions::Pingback, Msf::Sessions::VncInject
- Defined in:
- lib/msf/core/session.rb,
lib/msf/core/session/comm.rb,
lib/msf/core/session/basic.rb,
lib/msf/core/session/interactive.rb,
lib/msf/core/session/provider/multi_command_shell.rb,
lib/msf/core/session/provider/single_command_shell.rb,
lib/msf/core/session/provider/multi_command_execution.rb,
lib/msf/core/session/provider/single_command_execution.rb
Overview
The session class represents a post-exploitation, uh, session. Sessions can be written to, read from, and interacted with. The underlying medium on which they are backed is arbitrary. For instance, when an exploit is provided with a command shell, either through a network connection or locally, the session's read and write operations end up reading from and writing to the shell that was spawned. The session object can be seen as a general means of interacting with various post-exploitation payloads through a common interface that is not necessarily tied to a network connection.
Defined Under Namespace
Modules: Basic, Comm, Interactive, Provider
Instance Attribute Summary collapse
-
#alive ⇒ Object
Returns the value of attribute alive.
-
#db_record ⇒ Object
This session's associated database record.
-
#exploit ⇒ Object
The actual exploit module instance that created this session.
-
#exploit_datastore ⇒ Object
The datastore of the exploit that created this session.
-
#exploit_task ⇒ Object
The task that ran the exploit that got the session (that swallowed the fly).
-
#exploit_uuid ⇒ Object
The unique identifier of exploit that created this session.
-
#framework ⇒ Object
The framework instance that created this session.
-
#info ⇒ Object
The specific identified session info.
-
#machine_id ⇒ Object
The unique machine identifier for the host that created this session.
-
#payload_uuid ⇒ Object
The unique identifier of the payload that created this session.
-
#routes ⇒ Object
An array of routes associated with this session.
-
#sid ⇒ Object
The session unique identifier.
-
#sname ⇒ Object
The session name.
-
#target_host ⇒ Object
The original target host address.
-
#target_port ⇒ Object
The original target port if applicable.
-
#username ⇒ Object
The associated username.
-
#uuid ⇒ Object
The unique identifier of this session.
-
#via ⇒ Object
protected
:nodoc:.
-
#workspace ⇒ Object
The associated workspace name.
Class Method Summary collapse
-
.type ⇒ Object
Direct descendants Provider interfaces.
Instance Method Summary collapse
- #alive? ⇒ Boolean
-
#cleanup ⇒ Object
Perform session-specific cleanup.
- #comm_channel ⇒ Object
- #dead? ⇒ Boolean
-
#desc ⇒ Object
Returns the description of the session.
- #initialize ⇒ Object
-
#inspect ⇒ Object
Brief and to the point.
-
#interactive? ⇒ Boolean
By default, sessions are not interactive.
-
#kill ⇒ Object
Allow the user to terminate this session.
-
#log_file_name ⇒ Object
Returns the suggested name of the log file for this session.
-
#log_source ⇒ Object
Returns the log source that should be used for this session.
-
#name ⇒ Object
Returns the session's name if it's been assigned one, otherwise the sid is returned.
-
#name=(name) ⇒ Object
Sets the session's name.
-
#register? ⇒ Boolean
Allow the session to skip registration.
-
#session_host ⇒ Object
Returns the host associated with the session.
-
#session_host=(v) ⇒ Object
Override the host associated with this session.
-
#session_port ⇒ Object
Returns the port associated with the session.
-
#session_port=(v) ⇒ Object
Override the host associated with this session.
-
#session_type ⇒ Object
Get an arch/platform combination.
-
#set_from_exploit(m) ⇒ Object
Configures via_payload, via_payload, workspace, target_host from an exploit instance.
-
#set_via(opts) ⇒ Object
Sets the vector through which this session was realized.
-
#tunnel_local ⇒ Object
Returns the local side of the tunnel.
-
#tunnel_peer ⇒ Object
Returns the peer side of the tunnel.
-
#tunnel_to_s ⇒ Object
Returns a pretty representation of the tunnel.
-
#type ⇒ Object
Returns the type of session in use.
-
#via_exploit ⇒ Object
Returns the exploit module name through which this session was created.
-
#via_payload ⇒ Object
Returns the payload module name through which this session was created.
Instance Attribute Details
#alive ⇒ Object
Returns the value of attribute alive.
280 281 282 |
# File 'lib/msf/core/session.rb', line 280 def alive @alive end |
#db_record ⇒ Object
This session's associated database record
349 350 351 |
# File 'lib/msf/core/session.rb', line 349 def db_record @db_record end |
#exploit ⇒ Object
The actual exploit module instance that created this session
337 338 339 |
# File 'lib/msf/core/session.rb', line 337 def exploit @exploit end |
#exploit_datastore ⇒ Object
The datastore of the exploit that created this session
309 310 311 |
# File 'lib/msf/core/session.rb', line 309 def exploit_datastore @exploit_datastore end |
#exploit_task ⇒ Object
The task that ran the exploit that got the session (that swallowed the fly)
313 314 315 |
# File 'lib/msf/core/session.rb', line 313 def exploit_task @exploit_task end |
#exploit_uuid ⇒ Object
The unique identifier of exploit that created this session
325 326 327 |
# File 'lib/msf/core/session.rb', line 325 def exploit_uuid @exploit_uuid end |
#framework ⇒ Object
The framework instance that created this session.
285 286 287 |
# File 'lib/msf/core/session.rb', line 285 def framework @framework end |
#info ⇒ Object
The specific identified session info
317 318 319 |
# File 'lib/msf/core/session.rb', line 317 def info @info end |
#machine_id ⇒ Object
The unique machine identifier for the host that created this session
333 334 335 |
# File 'lib/msf/core/session.rb', line 333 def machine_id @machine_id end |
#payload_uuid ⇒ Object
The unique identifier of the payload that created this session
329 330 331 |
# File 'lib/msf/core/session.rb', line 329 def payload_uuid @payload_uuid end |
#routes ⇒ Object
An array of routes associated with this session
345 346 347 |
# File 'lib/msf/core/session.rb', line 345 def routes @routes end |
#sid ⇒ Object
The session unique identifier.
289 290 291 |
# File 'lib/msf/core/session.rb', line 289 def sid @sid end |
#sname ⇒ Object
The session name.
293 294 295 |
# File 'lib/msf/core/session.rb', line 293 def sname @sname end |
#target_host ⇒ Object
The original target host address
301 302 303 |
# File 'lib/msf/core/session.rb', line 301 def target_host @target_host end |
#target_port ⇒ Object
The original target port if applicable
305 306 307 |
# File 'lib/msf/core/session.rb', line 305 def target_port @target_port end |
#username ⇒ Object
The associated username
341 342 343 |
# File 'lib/msf/core/session.rb', line 341 def username @username end |
#uuid ⇒ Object
The unique identifier of this session
321 322 323 |
# File 'lib/msf/core/session.rb', line 321 def uuid @uuid end |
#via ⇒ Object (protected)
:nodoc:
352 353 354 |
# File 'lib/msf/core/session.rb', line 352 def via @via end |
#workspace ⇒ Object
The associated workspace name
297 298 299 |
# File 'lib/msf/core/session.rb', line 297 def workspace @workspace end |
Class Method Details
.type ⇒ Object
Direct descendants Provider interfaces
34 35 36 |
# File 'lib/msf/core/session.rb', line 34 def self.type "unknown" end |
Instance Method Details
#alive? ⇒ Boolean
261 262 263 |
# File 'lib/msf/core/session.rb', line 261 def alive? (self.alive) end |
#cleanup ⇒ Object
Perform session-specific cleanup.
NOTE: session classes overriding this method must call super! Also must tolerate being called multiple times.
226 227 228 229 230 231 232 233 |
# File 'lib/msf/core/session.rb', line 226 def cleanup if db_record and framework.db.active ::ApplicationRecord.connection_pool.with_connection { framework.db.update_session(id: db_record.id, closed_at: Time.now.utc, close_reason: db_record.close_reason) db_record = nil } end end |
#comm_channel ⇒ Object
84 85 |
# File 'lib/msf/core/session.rb', line 84 def comm_channel end |
#dead? ⇒ Boolean
257 258 259 |
# File 'lib/msf/core/session.rb', line 257 def dead? (not self.alive) end |
#desc ⇒ Object
Returns the description of the session.
63 64 |
# File 'lib/msf/core/session.rb', line 63 def desc end |
#initialize ⇒ Object
25 26 27 28 29 30 |
# File 'lib/msf/core/session.rb', line 25 def initialize self.alive = true self.uuid = Rex::Text.rand_text_alphanumeric(8).downcase @routes = RouteArray.new(self) #self.routes = [] end |
#inspect ⇒ Object
Brief and to the point
56 57 58 |
# File 'lib/msf/core/session.rb', line 56 def inspect "#<Session:#{self.type} #{self.tunnel_peer} (#{self.session_host}) #{self.info ? "\"#{self.info.to_s}\"" : nil}>" # " Fixes highlighting end |
#interactive? ⇒ Boolean
By default, sessions are not interactive.
238 239 240 |
# File 'lib/msf/core/session.rb', line 238 def interactive? false end |
#kill ⇒ Object
Allow the user to terminate this session
253 254 255 |
# File 'lib/msf/core/session.rb', line 253 def kill framework.sessions.deregister(self) if register? end |
#log_file_name ⇒ Object
Returns the suggested name of the log file for this session.
153 154 155 156 157 158 159 160 161 |
# File 'lib/msf/core/session.rb', line 153 def log_file_name dt = Time.now dstr = sprintf("%.4d%.2d%.2d", dt.year, dt.mon, dt.mday) rhost = session_host.gsub(':', '_') sname = name.to_s.gsub(/\W+/,'_') "#{dstr}_#{sname}_#{rhost}_#{type}" end |
#log_source ⇒ Object
Returns the log source that should be used for this session.
166 167 168 |
# File 'lib/msf/core/session.rb', line 166 def log_source "session_#{name}" end |
#name ⇒ Object
Returns the session's name if it's been assigned one, otherwise the sid is returned.
42 43 44 |
# File 'lib/msf/core/session.rb', line 42 def name return sname || sid end |
#name=(name) ⇒ Object
Sets the session's name.
49 50 51 |
# File 'lib/msf/core/session.rb', line 49 def name=(name) self.sname = name end |
#register? ⇒ Boolean
Allow the session to skip registration
246 247 248 |
# File 'lib/msf/core/session.rb', line 246 def register? true end |
#session_host ⇒ Object
Returns the host associated with the session
90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/msf/core/session.rb', line 90 def session_host # Prefer the overridden session host or target_host host = @session_host || self.target_host return host if host # Fallback to the tunnel_peer (contains port) peer = self.tunnel_peer return if not peer # Pop off the trailing port number bits = peer.split(':') bits.pop bits.join(':') end |
#session_host=(v) ⇒ Object
Override the host associated with this session
108 109 110 |
# File 'lib/msf/core/session.rb', line 108 def session_host=(v) @session_host = v end |
#session_port ⇒ Object
Returns the port associated with the session
115 116 117 118 119 120 121 122 123 124 125 126 |
# File 'lib/msf/core/session.rb', line 115 def session_port port = @session_port || self.target_port return port if port # Fallback to the tunnel_peer (contains port) peer = self.tunnel_peer return if not peer # Pop off the trailing port number bits = peer.split(':') port = bits.pop port.to_i end |
#session_port=(v) ⇒ Object
Override the host associated with this session
131 132 133 |
# File 'lib/msf/core/session.rb', line 131 def session_port=(v) @session_port = v end |
#session_type ⇒ Object
Get an arch/platform combination
268 269 270 271 272 273 274 275 276 277 |
# File 'lib/msf/core/session.rb', line 268 def session_type # avoid unnecessary slash separator if !self.arch.nil? && !self.arch.empty? && !self.platform.nil? && !self.platform.empty? separator = '/' else separator = '' end "#{self.arch}#{separator}#{self.platform}" end |
#set_from_exploit(m) ⇒ Object
Configures via_payload, via_payload, workspace, target_host from an exploit instance. Store references from and to the exploit module.
187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 |
# File 'lib/msf/core/session.rb', line 187 def set_from_exploit(m) self.via = { 'Exploit' => m.fullname } self.via['Payload'] = ('payload/' + m.datastore['PAYLOAD'].to_s) if m.datastore['PAYLOAD'] self.target_host = Rex::Socket.getaddress(m.target_host) if (m.target_host.to_s.strip.length > 0) self.target_port = m.target_port if (m.target_port.to_i != 0) self.workspace = m.workspace self.username = m.owner self.exploit_datastore = m.datastore self.user_input = m.user_input if m.user_input self.user_output = m.user_output if m.user_output self.exploit_uuid = m.uuid self.exploit = m if m[:task] self.exploit_task = m[:task] end end |
#set_via(opts) ⇒ Object
Sets the vector through which this session was realized.
179 180 181 |
# File 'lib/msf/core/session.rb', line 179 def set_via(opts) self.via = opts || {} end |
#tunnel_local ⇒ Object
Returns the local side of the tunnel.
75 76 |
# File 'lib/msf/core/session.rb', line 75 def tunnel_local end |
#tunnel_peer ⇒ Object
Returns the peer side of the tunnel.
81 82 |
# File 'lib/msf/core/session.rb', line 81 def tunnel_peer end |
#tunnel_to_s ⇒ Object
Returns a pretty representation of the tunnel.
138 139 140 141 142 |
# File 'lib/msf/core/session.rb', line 138 def tunnel_to_s tunnel_str = "#{tunnel_local || '??'} -> #{tunnel_peer || '??'}" tunnel_str << " #{comm_channel}" if comm_channel tunnel_str end |
#type ⇒ Object
Returns the type of session in use.
69 70 |
# File 'lib/msf/core/session.rb', line 69 def type end |
#via_exploit ⇒ Object
Returns the exploit module name through which this session was created.
208 209 210 |
# File 'lib/msf/core/session.rb', line 208 def via_exploit self.via['Exploit'] if (self.via) end |
#via_payload ⇒ Object
Returns the payload module name through which this session was created.
216 217 218 |
# File 'lib/msf/core/session.rb', line 216 def via_payload self.via['Payload'] if (self.via) end |