Class: Msf::Sessions::EncryptedShell
- Inherits:
-
CommandShell
- Object
- CommandShell
- Msf::Sessions::EncryptedShell
- Includes:
- Payload::Windows::PayloadDBConf, Msf::Session::Basic, Msf::Session::Provider::SingleCommandShell
- Defined in:
- lib/msf/base/sessions/encrypted_shell.rb
Instance Attribute Summary collapse
-
#arch ⇒ Object
Returns the value of attribute arch.
-
#chacha_cipher ⇒ Object
Returns the value of attribute chacha_cipher.
-
#iv ⇒ Object
Returns the value of attribute iv.
-
#key ⇒ Object
Returns the value of attribute key.
-
#platform ⇒ Object
Returns the value of attribute platform.
-
#staged ⇒ Object
Returns the value of attribute staged.
Attributes included from Msf::Session::Interactive
Attributes included from Rex::Ui::Interactive
#completed, #interacting, #next_session, #on_command_proc, #on_print_proc, #on_run_command_error_proc, #orig_suspend, #orig_usr1, #orig_winch
Attributes included from Rex::Ui::Subscriber::Input
Attributes included from Rex::Ui::Subscriber::Output
Attributes included from Msf::Session
#alive, #db_record, #exploit, #exploit_datastore, #exploit_task, #exploit_uuid, #framework, #info, #machine_id, #payload_uuid, #routes, #sid, #sname, #target_host, #target_port, #username, #uuid, #via, #workspace
Attributes included from Framework::Offspring
Attributes inherited from CommandShell
Class Method Summary collapse
Instance Method Summary collapse
- #bootstrap(datastore = {}, handler = nil) ⇒ Object
- #desc ⇒ Object
-
#initialize(rstream, opts = {}) ⇒ EncryptedShell
constructor
define some sort of method that checks for the existence of payload in the db before using datastore.
-
#shell_read(length = -1,, timeout = 1) ⇒ Object
Overridden from Msf::Sessions::CommandShell#shell_read.
-
#shell_write(buf) ⇒ Object
Overridden from Msf::Sessions::CommandShell#shell_write.
- #type ⇒ Object
Methods included from Payload::Windows::PayloadDBConf
#retrieve_chacha_creds, #retrieve_conf_from_db, #save_conf_to_db
Methods included from Msf::Session::Provider::SingleCommandShell
#command_termination, #set_is_echo_shell, #shell_close, #shell_command_token, #shell_command_token_base, #shell_command_token_unix, #shell_command_token_win32, #shell_init, #shell_read_until_token, #to_cmd
Methods included from Msf::Session::Basic
Methods included from Msf::Session::Interactive
#_interact, #_interact_complete, #_interrupt, #_suspend, #_usr1, #abort_foreground, #abort_foreground_supported, #cleanup, #comm_channel, #interactive?, #kill, #run_cmd, #tunnel_local, #tunnel_peer, #user_want_abort?
Methods included from Rex::Ui::Interactive
#_interact, #_interact_complete, #_interrupt, #_local_fd, #_remote_fd, #_stream_read_local_write_remote, #_stream_read_remote_write_local, #_suspend, #_winch, #detach, #handle_suspend, #handle_usr1, #handle_winch, #interact, #interact_stream, #prompt, #prompt_yesno, #restore_suspend, #restore_usr1, #restore_winch
Methods included from Rex::Ui::Subscriber
Methods included from Rex::Ui::Subscriber::Input
Methods included from Rex::Ui::Subscriber::Output
#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning
Methods included from Msf::Session
#alive?, #cleanup, #comm_channel, #dead?, #inspect, #interactive?, #kill, #log_file_name, #log_source, #name, #name=, #register?, #session_host, #session_host=, #session_port, #session_port=, #session_type, #set_from_exploit, #set_via, #tunnel_local, #tunnel_peer, #tunnel_to_s, #via_exploit, #via_payload
Methods inherited from CommandShell
#_file_transfer, _glue_cmdline_escape, #_interact, #_interact_stream, #abort_foreground_supported, binary_exists, #binary_exists, can_cleanup_files, #cleanup, #cmd_background, #cmd_background_help, #cmd_download, #cmd_download_help, #cmd_help, #cmd_help_help, #cmd_irb, #cmd_irb_help, #cmd_pry, #cmd_pry_help, #cmd_resource, #cmd_resource_help, #cmd_sessions, #cmd_sessions_help, #cmd_shell, #cmd_shell_help, #cmd_source, #cmd_source_help, #cmd_upload, #cmd_upload_help, #commands, #docs_dir, #escape_arg, #execute_file, #process_autoruns, #run_builtin_cmd, #run_single, #shell_close, #shell_command, #shell_init
Methods included from Rex::Ui::Text::Resource
Methods included from Scriptable
#execute_file, #execute_script, included, #legacy_script_to_post_module
Constructor Details
#initialize(rstream, opts = {}) ⇒ EncryptedShell
define some sort of method that checks for the existence of payload in the db before using datastore
25 26 27 28 29 30 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 25 def initialize(rstream, opts={}) self.arch ||= "" self.platform = "windows" @staged = opts[:datastore][:staged] super end |
Instance Attribute Details
#arch ⇒ Object
Returns the value of attribute arch.
13 14 15 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 13 def arch @arch end |
#chacha_cipher ⇒ Object
Returns the value of attribute chacha_cipher.
20 21 22 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 20 def chacha_cipher @chacha_cipher end |
#iv ⇒ Object
Returns the value of attribute iv.
16 17 18 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 16 def iv @iv end |
#key ⇒ Object
Returns the value of attribute key.
17 18 19 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 17 def key @key end |
#platform ⇒ Object
Returns the value of attribute platform.
14 15 16 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 14 def platform @platform end |
#staged ⇒ Object
Returns the value of attribute staged.
18 19 20 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 18 def staged @staged end |
Class Method Details
.type ⇒ Object
[View source]
40 41 42 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 40 def self.type self.class.type = "Encrypted" end |
Instance Method Details
#bootstrap(datastore = {}, handler = nil) ⇒ Object
[View source]
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 44 def bootstrap(datastore = {}, handler = nil) @key = datastore[:key] || datastore['ChachaKey'] nonce = datastore[:nonce] || datastore['ChachaNonce'] @iv = nonce # staged payloads retrieve UUID via # handle_connection() in stager.rb unless @staged curr_uuid = rstream.get_once(16, 1) @key, @nonce = retrieve_chacha_creds(curr_uuid) @iv = @nonce ? @nonce : "\0" * 12 unless @key && @nonce print_status('Failed to retrieve key/nonce for uuid. Resorting to datastore') @key = datastore['ChachaKey'] @iv = datastore['ChachaNonce'] end end new_nonce = SecureRandom.hex(6) new_key = SecureRandom.hex(16) @chacha_cipher = Rex::Crypto::Chacha20.new(@key, @iv) new_cipher = @chacha_cipher.chacha20_crypt(new_nonce + new_key) rstream.write(new_cipher) @key = new_key @iv = new_nonce @chacha_cipher.reset_cipher(@key, @iv) super(datastore, handler) end |
#desc ⇒ Object
[View source]
36 37 38 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 36 def desc "Encrypted reverse shell" end |
#shell_read(length = -1,, timeout = 1) ⇒ Object
Overridden from Msf::Sessions::CommandShell#shell_read
Read encrypted data from console and decrypt it
82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 82 def shell_read(length=-1, timeout=1) rv = rstream.get_once(length, timeout) # Needed to avoid crashing the +chacha20_crypt+ method return nil unless rv decrypted = @chacha_cipher.chacha20_crypt(rv) framework.events.on_session_output(self, decrypted) if decrypted return decrypted rescue ::Rex::SocketError, ::EOFError, ::IOError, ::Errno::EPIPE => e shell_close raise e end |
#shell_write(buf) ⇒ Object
Overridden from Msf::Sessions::CommandShell#shell_write
Encrypt data then write it to the console
100 101 102 103 104 105 106 107 108 109 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 100 def shell_write(buf) return unless buf framework.events.on_session_command(self, buf.strip) encrypted = @chacha_cipher.chacha20_crypt(buf) rstream.write(encrypted) rescue ::Rex::SocketError, ::EOFError, ::IOError, ::Errno::EPIPE => e shell_close raise e end |
#type ⇒ Object
[View source]
32 33 34 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 32 def type "Encrypted" end |