Module: Msf::Session

Includes:

Framework::Offspring

Included in:

Basic, Msf::Sessions::Custom, Msf::Sessions::Meterpreter, Msf::Sessions::Pingback, Msf::Sessions::VncInject

Defined in:

lib/msf/core/session.rb,
lib/msf/core/session/comm.rb,
lib/msf/core/session/basic.rb,
lib/msf/core/session/interactive.rb,
lib/msf/core/session/provider/multi_command_shell.rb,
lib/msf/core/session/provider/single_command_shell.rb,
lib/msf/core/session/provider/multi_command_execution.rb,
lib/msf/core/session/provider/single_command_execution.rb

Overview

The session class represents a post-exploitation, uh, session. Sessions can be written to, read from, and interacted with. The underlying medium on which they are backed is arbitrary. For instance, when an exploit is provided with a command shell, either through a network connection or locally, the session’s read and write operations end up reading from and writing to the shell that was spawned. The session object can be seen as a general means of interacting with various post-exploitation payloads through a common interface that is not necessarily tied to a network connection.

Defined Under Namespace

Modules: Basic, Comm, Interactive, Provider

Instance Attribute Summary

• #alive ⇒ Object

  Returns the value of attribute alive.

• #db_record ⇒ Object

  This session’s associated database record.

• #exploit ⇒ Object

  The actual exploit module instance that created this session.

• #exploit_datastore ⇒ Object

  The datastore of the exploit that created this session.

• #exploit_task ⇒ Object

  The task that ran the exploit that got the session (that swallowed the fly).

• #exploit_uuid ⇒ Object

  The unique identifier of exploit that created this session.

• #framework ⇒ Object

  The framework instance that created this session.

• #info ⇒ Object

  The specific identified session info.

• #machine_id ⇒ Object

  The unique machine identifier for the host that created this session.

• #payload_uuid ⇒ Object

  The unique identifier of the payload that created this session.

• #routes ⇒ Object

  An array of routes associated with this session.

• #sid ⇒ Object

  The session unique identifier.

• #sname ⇒ Object

  The session name.

• #target_host ⇒ Object

  The original target host address.

• #target_port ⇒ Object

  The original target port if applicable.

• #username ⇒ Object

  The associated username.

• #uuid ⇒ Object

  The unique identifier of this session.

• #via ⇒ Object protected

  :nodoc:.

• #workspace ⇒ Object

  The associated workspace name.

Class Method Summary

• .type ⇒ Object

  Direct descendants Provider interfaces.

Instance Method Summary

• #alive? ⇒ Boolean
• #cleanup ⇒ Object

  Perform session-specific cleanup.

• #comm_channel ⇒ Object
• #dead? ⇒ Boolean
• #desc ⇒ Object

  Returns the description of the session.

• #initialize ⇒ Object
• #inspect ⇒ Object

  Brief and to the point.

• #interactive? ⇒ Boolean

  By default, sessions are not interactive.

• #kill ⇒ Object

  Allow the user to terminate this session.

• #log_file_name ⇒ Object

  Returns the suggested name of the log file for this session.

• #log_source ⇒ Object

  Returns the log source that should be used for this session.

• #name ⇒ Object

  Returns the session’s name if it’s been assigned one, otherwise the sid is returned.

• #name=(name) ⇒ Object

  Sets the session’s name.

• #register? ⇒ Boolean

  Allow the session to skip registration.

• #session_host ⇒ Object

  Returns the host associated with the session.

• #session_host=(v) ⇒ Object

  Override the host associated with this session.

• #session_port ⇒ Object

  Returns the port associated with the session.

• #session_port=(v) ⇒ Object

  Override the host associated with this session.

• #session_type ⇒ Object

  Get an arch/platform combination.

• #set_from_exploit(m) ⇒ Object

  Configures via_payload, via_payload, workspace, target_host from an exploit instance.

• #set_via(opts) ⇒ Object

  Sets the vector through which this session was realized.

• #tunnel_local ⇒ Object

  Returns the local side of the tunnel.

• #tunnel_peer ⇒ Object

  Returns the peer side of the tunnel.

• #tunnel_to_s ⇒ Object

  Returns a pretty representation of the tunnel.

• #type ⇒ Object

  Returns the type of session in use.

• #via_exploit ⇒ Object

  Returns the exploit module name through which this session was created.

• #via_payload ⇒ Object

  Returns the payload module name through which this session was created.

Instance Attribute Details

#alive ⇒ Object

Returns the value of attribute alive.

# File 'lib/msf/core/session.rb', line 291

def alive
  @alive
end

#db_record ⇒ Object

This session’s associated database record

# File 'lib/msf/core/session.rb', line 360

def db_record
  @db_record
end

#exploit ⇒ Object

The actual exploit module instance that created this session

# File 'lib/msf/core/session.rb', line 348

def exploit
  @exploit
end

#exploit_datastore ⇒ Object

The datastore of the exploit that created this session

# File 'lib/msf/core/session.rb', line 320

def exploit_datastore
  @exploit_datastore
end

#exploit_task ⇒ Object

The task that ran the exploit that got the session (that swallowed the fly)

# File 'lib/msf/core/session.rb', line 324

def exploit_task
  @exploit_task
end

#exploit_uuid ⇒ Object

The unique identifier of exploit that created this session

# File 'lib/msf/core/session.rb', line 336

def exploit_uuid
  @exploit_uuid
end

#framework ⇒ Object

The framework instance that created this session.

# File 'lib/msf/core/session.rb', line 296

def framework
  @framework
end

#info ⇒ Object

The specific identified session info

# File 'lib/msf/core/session.rb', line 328

def info
  @info
end

#machine_id ⇒ Object

The unique machine identifier for the host that created this session

# File 'lib/msf/core/session.rb', line 344

def machine_id
  @machine_id
end

#payload_uuid ⇒ Object

The unique identifier of the payload that created this session

# File 'lib/msf/core/session.rb', line 340

def payload_uuid
  @payload_uuid
end

#routes ⇒ Object

An array of routes associated with this session

# File 'lib/msf/core/session.rb', line 356

def routes
  @routes
end

#sid ⇒ Object

The session unique identifier.

# File 'lib/msf/core/session.rb', line 300

def sid
  @sid
end

#sname ⇒ Object

The session name.

# File 'lib/msf/core/session.rb', line 304

def sname
  @sname
end

#target_host ⇒ Object

The original target host address

# File 'lib/msf/core/session.rb', line 312

def target_host
  @target_host
end

#target_port ⇒ Object

The original target port if applicable

# File 'lib/msf/core/session.rb', line 316

def target_port
  @target_port
end

#username ⇒ Object

The associated username

# File 'lib/msf/core/session.rb', line 352

def username
  @username
end

#uuid ⇒ Object

The unique identifier of this session

# File 'lib/msf/core/session.rb', line 332

def uuid
  @uuid
end

#via ⇒ Object (protected)

:nodoc:

# File 'lib/msf/core/session.rb', line 363

def via
  @via
end

#workspace ⇒ Object

The associated workspace name

# File 'lib/msf/core/session.rb', line 308

def workspace
  @workspace
end

Class Method Details

.type ⇒ Object

Direct descendants Provider interfaces

# File 'lib/msf/core/session.rb', line 36

def self.type
  "unknown"
end

Instance Method Details

#alive? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/msf/core/session.rb', line 272

def alive?
  (self.alive)
end

#cleanup ⇒ Object

Perform session-specific cleanup.

NOTE: session classes overriding this method must call super! Also must tolerate being called multiple times.

# File 'lib/msf/core/session.rb', line 236

def cleanup
  if db_record and framework.db.active
    ::ApplicationRecord.connection_pool.with_connection do
      framework.db.update_session(id: db_record.id, closed_at: Time.now.utc, close_reason: db_record.close_reason)
    rescue ActiveRecord::RecordNotFound
      nil  # this will fail if the workspace was deleted before the session was closed, see #18561
    end
  end
end

#comm_channel ⇒ Object

# File 'lib/msf/core/session.rb', line 86

def comm_channel
end

#dead? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/msf/core/session.rb', line 268

def dead?
  (not self.alive)
end

#desc ⇒ Object

Returns the description of the session.

# File 'lib/msf/core/session.rb', line 65

def desc
end

#initialize ⇒ Object

# File 'lib/msf/core/session.rb', line 27

def initialize
  self.alive = true
  self.uuid  = Rex::Text.rand_text_alphanumeric(8).downcase
  @routes = RouteArray.new(self)
  #self.routes = []
end

#inspect ⇒ Object

Brief and to the point

# File 'lib/msf/core/session.rb', line 58

def inspect
  "#<Session:#{self.type} #{self.tunnel_peer} (#{self.session_host}) #{self.info ? "\"#{self.info.to_s}\"" : nil}>"  # " Fixes highlighting
end

#interactive? ⇒ Boolean

By default, sessions are not interactive.

Returns:

• (Boolean)

# File 'lib/msf/core/session.rb', line 249

def interactive?
  false
end

#kill ⇒ Object

Allow the user to terminate this session

# File 'lib/msf/core/session.rb', line 264

def kill
  framework.sessions.deregister(self) if register?
end

#log_file_name ⇒ Object

Returns the suggested name of the log file for this session.

# File 'lib/msf/core/session.rb', line 155

def log_file_name
  dt = Time.now

  dstr  = sprintf("%.4d%.2d%.2d", dt.year, dt.mon, dt.mday)
  rhost = session_host.gsub(':', '_')
  sname = name.to_s.gsub(/\W+/,'_')

  "#{dstr}_#{sname}_#{rhost}_#{type}"
end

#log_source ⇒ Object

Returns the log source that should be used for this session.

# File 'lib/msf/core/session.rb', line 168

def log_source
  "session_#{name}"
end

#name ⇒ Object

Returns the session’s name if it’s been assigned one, otherwise the sid is returned.

# File 'lib/msf/core/session.rb', line 44

def name
  return sname || sid
end

#name=(name) ⇒ Object

Sets the session’s name.

# File 'lib/msf/core/session.rb', line 51

def name=(name)
  self.sname = name
end

#register? ⇒ Boolean

Allow the session to skip registration

Returns:

• (Boolean)

# File 'lib/msf/core/session.rb', line 257

def register?
  true
end

#session_host ⇒ Object

Returns the host associated with the session

# File 'lib/msf/core/session.rb', line 92

def session_host
  # Prefer the overridden session host or target_host
  host = @session_host || self.target_host
  return host if host

  # Fallback to the tunnel_peer (contains port)
  peer = self.tunnel_peer
  return if not peer

  # Pop off the trailing port number
  bits = peer.split(':')
  bits.pop
  bits.join(':')
end

#session_host=(v) ⇒ Object

Override the host associated with this session

# File 'lib/msf/core/session.rb', line 110

def session_host=(v)
  @session_host = v
end

#session_port ⇒ Object

Returns the port associated with the session

# File 'lib/msf/core/session.rb', line 117

def session_port
  port = @session_port || self.target_port
  return port if port
  # Fallback to the tunnel_peer (contains port)
  peer = self.tunnel_peer
  return if not peer

  # Pop off the trailing port number
  bits = peer.split(':')
  port = bits.pop
  port.to_i
end

#session_port=(v) ⇒ Object

Override the host associated with this session

# File 'lib/msf/core/session.rb', line 133

def session_port=(v)
  @session_port = v
end

#session_type ⇒ Object

Get an arch/platform combination

# File 'lib/msf/core/session.rb', line 279

def session_type
  # avoid unnecessary slash separator
  if !self.arch.nil? && !self.arch.empty? && !self.platform.nil? && !self.platform.empty?
    separator =  '/'
  else
    separator = ''
  end

  "#{self.arch}#{separator}#{self.platform}"
end

#set_from_exploit(m) ⇒ Object

Configures via_payload, via_payload, workspace, target_host from an exploit instance. Store references from and to the exploit module.

# File 'lib/msf/core/session.rb', line 189

def set_from_exploit(m)
  target_host = nil
  unless m.target_host.blank?
    # only propagate the target_host value if it's exactly 1 host
    if (rw = Rex::Socket::RangeWalker.new(m.target_host)).length == 1
      target_host = rw.next_ip
    end
  end

  self.via = { 'Exploit' => m.fullname }
  self.via['Payload'] = ('payload/' + m.datastore['PAYLOAD'].to_s) if m.datastore['PAYLOAD']
  self.target_host = target_host
  self.target_port = m.target_port if (m.target_port.to_i != 0)
  self.workspace   = m.workspace
  self.username    = m.owner
  self.exploit_datastore = m.datastore
  self.user_input = m.user_input if m.user_input
  self.user_output = m.user_output if m.user_output
  self.exploit_uuid = m.uuid
  self.exploit = m
  if m[:task]
    self.exploit_task = m[:task]
  end
end

#set_via(opts) ⇒ Object

Sets the vector through which this session was realized.

# File 'lib/msf/core/session.rb', line 181

def set_via(opts)
  self.via = opts || {}
end

#tunnel_local ⇒ Object

Returns the local side of the tunnel.

# File 'lib/msf/core/session.rb', line 77

def tunnel_local
end

#tunnel_peer ⇒ Object

Returns the peer side of the tunnel.

# File 'lib/msf/core/session.rb', line 83

def tunnel_peer
end

#tunnel_to_s ⇒ Object

Returns a pretty representation of the tunnel.

# File 'lib/msf/core/session.rb', line 140

def tunnel_to_s
  tunnel_str = "#{tunnel_local || '??'} -> #{tunnel_peer || '??'}"
  tunnel_str << " #{comm_channel}" if comm_channel
  tunnel_str
end

#type ⇒ Object

Returns the type of session in use.

# File 'lib/msf/core/session.rb', line 71

def type
end

#via_exploit ⇒ Object

Returns the exploit module name through which this session was created.

# File 'lib/msf/core/session.rb', line 218

def via_exploit
  self.via['Exploit'] if (self.via)
end

#via_payload ⇒ Object

Returns the payload module name through which this session was created.

# File 'lib/msf/core/session.rb', line 226

def via_payload
  self.via['Payload'] if (self.via)
end