Class: Msf::Sessions::EncryptedShell
- Inherits:
-
CommandShell
- Object
- CommandShell
- Msf::Sessions::EncryptedShell
- Includes:
- Payload::Windows::PayloadDBConf, Msf::Session::Basic, Msf::Session::Provider::SingleCommandShell
- Defined in:
- lib/msf/base/sessions/encrypted_shell.rb
Instance Attribute Summary collapse
-
#arch ⇒ Object
Returns the value of attribute arch.
-
#chacha_cipher ⇒ Object
Returns the value of attribute chacha_cipher.
-
#iv ⇒ Object
Returns the value of attribute iv.
-
#key ⇒ Object
Returns the value of attribute key.
-
#platform ⇒ Object
Returns the value of attribute platform.
-
#staged ⇒ Object
Returns the value of attribute staged.
Attributes included from Msf::Session::Interactive
Attributes included from Rex::Ui::Interactive
#completed, #interacting, #next_session, #on_command_proc, #on_print_proc, #on_run_command_error_proc, #orig_suspend, #orig_usr1, #orig_winch
Attributes included from Rex::Ui::Subscriber::Input
Attributes included from Rex::Ui::Subscriber::Output
Attributes included from Msf::Session
#alive, #db_record, #exploit, #exploit_datastore, #exploit_task, #exploit_uuid, #framework, #info, #machine_id, #payload_uuid, #routes, #sid, #sname, #target_host, #target_port, #username, #uuid, #via, #workspace
Attributes included from Framework::Offspring
Attributes inherited from CommandShell
Class Method Summary collapse
Instance Method Summary collapse
- #bootstrap(datastore = {}, handler = nil) ⇒ Object
- #desc ⇒ Object
-
#initialize(rstream, opts = {}) ⇒ EncryptedShell
constructor
define some sort of method that checks for the existence of payload in the db before using datastore.
-
#shell_read(length = -1,, timeout = 1) ⇒ Object
Overridden from Msf::Sessions::CommandShell#shell_read.
-
#shell_write(buf) ⇒ Object
Overridden from Msf::Sessions::CommandShell#shell_write.
- #type ⇒ Object
Methods included from Payload::Windows::PayloadDBConf
#retrieve_chacha_creds, #retrieve_conf_from_db, #save_conf_to_db
Methods included from Msf::Session::Provider::SingleCommandShell
#command_termination, #set_is_echo_shell, #shell_close, #shell_command_token, #shell_command_token_base, #shell_command_token_unix, #shell_command_token_win32, #shell_init, #shell_read_until_token, #to_cmd
Methods included from Msf::Session::Basic
Methods included from Msf::Session::Interactive
#_interact, #_interact_complete, #_interrupt, #_suspend, #_usr1, #abort_foreground, #abort_foreground_supported, #cleanup, #comm_channel, #interactive?, #kill, #run_cmd, #tunnel_local, #tunnel_peer, #user_want_abort?
Methods included from Rex::Ui::Interactive
#_interact, #_interact_complete, #_interrupt, #_local_fd, #_remote_fd, #_stream_read_local_write_remote, #_stream_read_remote_write_local, #_suspend, #_winch, #detach, #handle_suspend, #handle_usr1, #handle_winch, #interact, #interact_stream, #prompt, #prompt_yesno, #restore_suspend, #restore_usr1, #restore_winch
Methods included from Rex::Ui::Subscriber
Methods included from Rex::Ui::Subscriber::Input
Methods included from Rex::Ui::Subscriber::Output
#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning
Methods included from Msf::Session
#alive?, #cleanup, #comm_channel, #dead?, #inspect, #interactive?, #kill, #log_file_name, #log_source, #name, #name=, #register?, #session_host, #session_host=, #session_port, #session_port=, #session_type, #set_from_exploit, #set_via, #tunnel_local, #tunnel_peer, #tunnel_to_s, #via_exploit, #via_payload
Methods inherited from CommandShell
#_file_transfer, #_interact, #_interact_stream, #abort_foreground_supported, binary_exists, #binary_exists, can_cleanup_files, #cleanup, #cmd_background, #cmd_background_help, #cmd_download, #cmd_download_help, #cmd_help, #cmd_help_help, #cmd_irb, #cmd_irb_help, #cmd_pry, #cmd_pry_help, #cmd_resource, #cmd_resource_help, #cmd_sessions, #cmd_sessions_help, #cmd_shell, #cmd_shell_help, #cmd_source, #cmd_source_help, #cmd_upload, #cmd_upload_help, #commands, #docs_dir, #execute_file, #process_autoruns, #run_builtin_cmd, #run_single, #shell_close, #shell_command, #shell_init
Methods included from Rex::Ui::Text::Resource
Methods included from Scriptable
#execute_file, #execute_script, included, #legacy_script_to_post_module
Constructor Details
#initialize(rstream, opts = {}) ⇒ EncryptedShell
define some sort of method that checks for the existence of payload in the db before using datastore
25 26 27 28 29 30 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 25 def initialize(rstream, opts={}) self.arch ||= "" self.platform = "windows" @staged = opts[:datastore][:staged] super end |
Instance Attribute Details
#arch ⇒ Object
Returns the value of attribute arch.
13 14 15 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 13 def arch @arch end |
#chacha_cipher ⇒ Object
Returns the value of attribute chacha_cipher.
20 21 22 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 20 def chacha_cipher @chacha_cipher end |
#iv ⇒ Object
Returns the value of attribute iv.
16 17 18 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 16 def iv @iv end |
#key ⇒ Object
Returns the value of attribute key.
17 18 19 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 17 def key @key end |
#platform ⇒ Object
Returns the value of attribute platform.
14 15 16 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 14 def platform @platform end |
#staged ⇒ Object
Returns the value of attribute staged.
18 19 20 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 18 def staged @staged end |
Class Method Details
.type ⇒ Object
40 41 42 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 40 def self.type self.class.type = "Encrypted" end |
Instance Method Details
#bootstrap(datastore = {}, handler = nil) ⇒ Object
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 44 def bootstrap(datastore = {}, handler = nil) @key = datastore[:key] || datastore['ChachaKey'] nonce = datastore[:nonce] || datastore['ChachaNonce'] @iv = nonce # staged payloads retrieve UUID via # handle_connection() in stager.rb unless @staged curr_uuid = rstream.get_once(16, 1) @key, @nonce = retrieve_chacha_creds(curr_uuid) @iv = @nonce ? @nonce : "\0" * 12 unless @key && @nonce print_status('Failed to retrieve key/nonce for uuid. Resorting to datastore') @key = datastore['ChachaKey'] @iv = datastore['ChachaNonce'] end end new_nonce = SecureRandom.hex(6) new_key = SecureRandom.hex(16) @chacha_cipher = Rex::Crypto::Chacha20.new(@key, @iv) new_cipher = @chacha_cipher.chacha20_crypt(new_nonce + new_key) rstream.write(new_cipher) @key = new_key @iv = new_nonce @chacha_cipher.reset_cipher(@key, @iv) super(datastore, handler) end |
#desc ⇒ Object
36 37 38 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 36 def desc "Encrypted reverse shell" end |
#shell_read(length = -1,, timeout = 1) ⇒ Object
Overridden from Msf::Sessions::CommandShell#shell_read
Read encrypted data from console and decrypt it
82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 82 def shell_read(length=-1, timeout=1) rv = rstream.get_once(length, timeout) # Needed to avoid crashing the +chacha20_crypt+ method return nil unless rv decrypted = @chacha_cipher.chacha20_crypt(rv) framework.events.on_session_output(self, decrypted) if decrypted return decrypted rescue ::Rex::SocketError, ::EOFError, ::IOError, ::Errno::EPIPE => e shell_close raise e end |
#shell_write(buf) ⇒ Object
Overridden from Msf::Sessions::CommandShell#shell_write
Encrypt data then write it to the console
100 101 102 103 104 105 106 107 108 109 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 100 def shell_write(buf) return unless buf framework.events.on_session_command(self, buf.strip) encrypted = @chacha_cipher.chacha20_crypt(buf) rstream.write(encrypted) rescue ::Rex::SocketError, ::EOFError, ::IOError, ::Errno::EPIPE => e shell_close raise e end |
#type ⇒ Object
32 33 34 |
# File 'lib/msf/base/sessions/encrypted_shell.rb', line 32 def type "Encrypted" end |