Class: Msf::Sessions::PowerShell

Inherits:

CommandShell

• Object
• CommandShell
• Msf::Sessions::PowerShell

Defined in:

lib/msf/base/sessions/powershell.rb

Instance Attribute Summary

Attributes inherited from CommandShell

#arch, #banner, #max_threads

Attributes included from Msf::Session::Interactive

#rstream

Attributes included from Rex::Ui::Interactive

#completed, #interacting, #next_session, #on_command_proc, #on_print_proc, #orig_suspend, #orig_usr1, #orig_winch

Attributes included from Rex::Ui::Subscriber::Input

#user_input

Attributes included from Rex::Ui::Subscriber::Output

#user_output

Attributes included from Msf::Session

#alive, #db_record, #exploit, #exploit_datastore, #exploit_task, #exploit_uuid, #framework, #info, #machine_id, #payload_uuid, #routes, #sid, #sname, #target_host, #target_port, #username, #uuid, #via, #workspace

Attributes included from Framework::Offspring

#framework

Class Method Summary

• .can_cleanup_files ⇒ Object
• .type ⇒ Object

  Returns the type of session.

Instance Method Summary

• #desc ⇒ Object

  Returns the session description.

• #platform ⇒ Object

  Returns the session platform.

• #process_autoruns(datastore) ⇒ Object

  Execute any specified auto-run scripts for this session.

• #shell_command(cmd, timeout = 1800) ⇒ Object

  Takes over the shell_command of the parent.

Methods inherited from CommandShell

#_file_transfer, #_interact, #_interact_stream, #abort_foreground_supported, binary_exists, #binary_exists, #bootstrap, #cleanup, #cmd_background, #cmd_background_help, #cmd_download, #cmd_download_help, #cmd_help, #cmd_help_help, #cmd_irb, #cmd_irb_help, #cmd_pry, #cmd_pry_help, #cmd_resource, #cmd_resource_help, #cmd_sessions, #cmd_sessions_help, #cmd_shell, #cmd_shell_help, #cmd_source, #cmd_source_help, #cmd_upload, #cmd_upload_help, #commands, #docs_dir, #execute_file, #initialize, #run_builtin_cmd, #run_single, #shell_close, #shell_init, #shell_read, #shell_write, #type

Methods included from Rex::Ui::Text::Resource

#load_resource

Methods included from Scriptable

#execute_file, #execute_script, included, #legacy_script_to_post_module

Methods included from Msf::Session::Provider::SingleCommandShell

#command_termination, #set_is_echo_shell, #shell_close, #shell_command_token, #shell_command_token_base, #shell_command_token_unix, #shell_command_token_win32, #shell_init, #shell_read, #shell_read_until_token, #shell_write

Methods included from Msf::Session::Basic

#_interact, #type

Methods included from Msf::Session::Interactive

#_interact, #_interact_complete, #_interrupt, #_suspend, #_usr1, #abort_foreground, #abort_foreground_supported, #cleanup, #comm_channel, #initialize, #interactive?, #kill, #run_cmd, #tunnel_local, #tunnel_peer, #user_want_abort?

Methods included from Rex::Ui::Interactive

#_interact, #_interact_complete, #_interrupt, #_local_fd, #_remote_fd, #_stream_read_local_write_remote, #_stream_read_remote_write_local, #_suspend, #_winch, #detach, #handle_suspend, #handle_usr1, #handle_winch, #interact, #interact_stream, #prompt, #prompt_yesno, #restore_suspend, #restore_usr1, #restore_winch

Methods included from Rex::Ui::Subscriber

#copy_ui, #init_ui, #reset_ui

Methods included from Rex::Ui::Subscriber::Input

#gets

Methods included from Rex::Ui::Subscriber::Output

#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning

Methods included from Msf::Session

#alive?, #cleanup, #comm_channel, #dead?, #initialize, #inspect, #interactive?, #kill, #log_file_name, #log_source, #name, #name=, #register?, #session_host, #session_host=, #session_port, #session_port=, #session_type, #set_from_exploit, #set_via, #tunnel_local, #tunnel_peer, #tunnel_to_s, #type, #via_exploit, #via_payload

Constructor Details

This class inherits a constructor from Msf::Sessions::CommandShell

Class Method Details

.can_cleanup_files ⇒ Object

# File 'lib/msf/base/sessions/powershell.rb', line 30

def self.can_cleanup_files
  true
end

.type ⇒ Object

Returns the type of session.

# File 'lib/msf/base/sessions/powershell.rb', line 26

def self.type
  'powershell'
end

Instance Method Details

#desc ⇒ Object

Returns the session description.

# File 'lib/msf/base/sessions/powershell.rb', line 44

def desc
  'Powershell session'
end

#platform ⇒ Object

Returns the session platform.

# File 'lib/msf/base/sessions/powershell.rb', line 37

def platform
  'windows'
end

#process_autoruns(datastore) ⇒ Object

Execute any specified auto-run scripts for this session

# File 'lib/msf/base/sessions/powershell.rb', line 8

def process_autoruns(datastore)
  # Read the username and hostname from the initial banner
  initial_output = shell_read(-1, 2)
  if initial_output =~ /running as user ([^\s]+) on ([^\s]+)/
    username = Regexp.last_match(1)
    hostname = Regexp.last_match(2)
    self.info = "#{username} @ #{hostname}"
  elsif initial_output
    self.info = initial_output.gsub(/[\r\n]/, ' ')
  end

  # Call our parent class's autoruns processing method
  super
end

#shell_command(cmd, timeout = 1800) ⇒ Object

Takes over the shell_command of the parent

# File 'lib/msf/base/sessions/powershell.rb', line 51

def shell_command(cmd, timeout = 1800)
  # insert random marker
  strm = Rex::Text.rand_text_alpha(15)
  endm = Rex::Text.rand_text_alpha(15)

  # Send the shell channel's stdin.
  shell_write(";'#{strm}'\n" + cmd + "\n'#{endm}';\n")

  etime = ::Time.now.to_f + timeout

  buff = ''
  # Keep reading data until the marker has been received or the 30 minture timeout has occured
  while (::Time.now.to_f < etime)
    res = shell_read(-1, timeout)
    break unless res

    timeout = etime - ::Time.now.to_f

    buff << res
    next unless buff.include?(endm)

    # if you see the end marker, read the buffer from the start marker to the end and then display back to screen
    buff = buff.split(/#{strm}\r\n/)[-1]
    buff = buff.split(endm)[0]
    buff.gsub!(/(?<=\r\n)PS [^>]*>/, '')
    return buff
  end
  buff
end