Class: Rex::Post::Meterpreter::Extensions::Stdapi::Net::SocketSubsystem::TcpClientChannel

Inherits:
Stream
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb

Overview

This class represents a logical TCP client connection that is established from the remote machine and tunnelled through the established meterpreter connection, similar to an SSH port forward.

Defined Under Namespace

Modules: DirectChannelWrite, SocketInterface

Instance Attribute Summary

Attributes included from IO::StreamAbstraction

#lsock, #rsock

Attributes inherited from Channel

#cid, #client, #cls, #flags, #params, #type

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Stream

#cleanup, #dio_close_handler, #dio_write_handler

Methods included from IO::StreamAbstraction

#cleanup_abstraction, #close, #initialize_abstraction, #localinfo, #peerinfo, #sysread, #syswrite

Methods inherited from Channel

_close, #_close, #_read, #close, #close_read, create, #dio_close_handler, #dio_handler, #dio_map, #dio_read_handler, #dio_write_handler, finalize, #flag?, #interactive, #read, request_handler, #synchronous?, #write

Methods included from InboundPacketHandler

#request_handler, #response_handler

Constructor Details

#initialize(client, cid, type, flags) ⇒ TcpClientChannel

Passes the channel initialization information up to the base class.



128
129
130
131
132
133
134
135
136
137
138
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 128

def initialize( client, cid, type, flags )
  super( client, cid, type, flags )

  lsock.extend( SocketInterface )
  lsock.extend( DirectChannelWrite )
  lsock.channel = self

  rsock.extend( SocketInterface )
  rsock.channel = self

end

Class Method Details

.clsObject 



28
29
30
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 28

def cls
  return CHANNEL_CLASS_STREAM
end

.open(client, params) ⇒ Object

Opens a TCP client channel using the supplied parameters.



91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 91

def TcpClientChannel.open(client, params)
  c = Channel.create(client, 'stdapi_net_tcp_client', self, CHANNEL_FLAG_SYNCHRONOUS,
    [
      {
        'type'  => TLV_TYPE_PEER_HOST,
        'value' => params.peerhost
      },
      {
        'type'  => TLV_TYPE_PEER_PORT,
        'value' => params.peerport
      },
      {
        'type'  => TLV_TYPE_LOCAL_HOST,
        'value' => params.localhost
      },
      {
        'type'  => TLV_TYPE_LOCAL_PORT,
        'value' => params.localport
      },
      {
        'type'  => TLV_TYPE_CONNECT_RETRIES,
        'value' => params.retries
      }
    ])
  c.params = params
  c
end

Instance Method Details

#_write(*args) ⇒ Object

Wrap the _write() call in order to catch some common, but harmless Windows exceptions



168
169
170
171
172
173
174
175
176
177
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 168

def _write(*args)
  begin
    super(*args)
  rescue ::Rex::Post::Meterpreter::RequestError => e
    case e.code
    when 10000 .. 10100
      raise ::Rex::ConnectionError.new
    end
  end
end

#close_writeObject

Closes the write half of the connection.



143
144
145
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 143

def close_write
  return shutdown(1)
end

#shutdown(how = 1) ⇒ Object

Shutdown the connection

0 -> future reads 1 -> future sends 2 -> both



154
155
156
157
158
159
160
161
162
163
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 154

def shutdown(how = 1)
  request = Packet.create_request('stdapi_net_socket_tcp_shutdown')

  request.add_tlv(TLV_TYPE_SHUTDOWN_HOW, how)
  request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid)

  response = client.send_request(request)

  return true
end