Class: Mdm::Session

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Mdm::Session

Defined in:

app/models/mdm/session.rb

Overview

A session opened on a #host using an exploit and controlled through a payload to connect back to the local host using meterpreter or a cmd shell.

Instance Attribute Summary

• #close_reason ⇒ String

  Why the session was closed.

• #closed_at ⇒ DateTime

  When the session was closed on #host.

• #datastore ⇒ Hash

  Options for exploit and #via_payload modules.

• #desc ⇒ String

  Description of session.

• #events ⇒ Array<Mdm::Event>

  Events that occurred when this session was open.

• #exploit_attempt ⇒ Mdm::ExploitAttempt

  Exploit attempt that created this session.

• #host ⇒ Mdm::Host

  Host on which this session was opened.

• #last_seen ⇒ DateTime

  The last time the session was checked to see that it was still open.

• #local_id ⇒ Integer

  The ID number of the in-memory session.

• #opened_at ⇒ DateTime

  When the session was opened on #host.

• #platform ⇒ String

  The #host platform.

• #port ⇒ Integer

  The remote port on which this session is running on #host.

• #routes ⇒ Array<Mdm::Route>

  Routes tunneled throug this session.

• #stype ⇒ String

  The type of the session.

• #task ⇒ Mdm::Session

  Session this task touched.

• #task_sessions ⇒ Array<Mdm::TaskSession>

  Details about sessions this task touched.

• #via_exploit ⇒ String

  The full name of the exploit module that opened this session.

• #via_payload ⇒ String

  The full name if the payload module that's running this session.

• #vuln_attempt ⇒ Mdm::VulnAttempt

  Vulnerability attempt that created this session.

• #workspace ⇒ Mdm::Workspace readonly

  The workspace in which this session exists.

Instance Method Summary

• #upgradeable? ⇒ true, false

  Returns whether the session can be upgraded to a meterpreter session from a shell session on Windows.

Instance Attribute Details

#close_reason ⇒ String

Why the session was closed. Used to differentiate between user killing it local and the session being killed on the remote end.

Returns:

• (String)

# File 'app/models/mdm/session.rb', line 82

#closed_at ⇒ DateTime

When the session was closed on #host.

Returns:

• (DateTime)

# File 'app/models/mdm/session.rb', line 77

#datastore ⇒ Hash

Options for exploit and #via_payload modules.

Returns:

• (Hash)

# File 'app/models/mdm/session.rb', line 88

#desc ⇒ String

Description of session.

Returns:

• (String)

# File 'app/models/mdm/session.rb', line 93

#events ⇒ Array<Mdm::Event>

Events that occurred when this session was open.

Returns:

• (Array<Mdm::Event>)

# File 'app/models/mdm/session.rb', line 12

has_many :events,
class_name: 'Mdm::SessionEvent',
dependent: :delete_all,
inverse_of: :session,
order: 'created_at'

#exploit_attempt ⇒ Mdm::ExploitAttempt

Exploit attempt that created this session.

Returns:

• (Mdm::ExploitAttempt)

# File 'app/models/mdm/session.rb', line 22

has_one :exploit_attempt,
class_name: 'Mdm::ExploitAttempt',
inverse_of: :session

#host ⇒ Mdm::Host

Host on which this session was opened.

Returns:

• (Mdm::Host)

# File 'app/models/mdm/session.rb', line 30

belongs_to :host,
class_name: 'Mdm::Host',
inverse_of: :sessions

#last_seen ⇒ DateTime

The last time the session was checked to see that it was still open.

Returns:

• (DateTime)

# File 'app/models/mdm/session.rb', line 98

#local_id ⇒ Integer

The ID number of the in-memory session.

Returns:

• (Integer)

# File 'app/models/mdm/session.rb', line 103

#opened_at ⇒ DateTime

When the session was opened on #host.

Returns:

• (DateTime)

# File 'app/models/mdm/session.rb', line 108

#platform ⇒ String

The #host platform.

Returns:

• (String)

# File 'app/models/mdm/session.rb', line 113

#port ⇒ Integer

The remote port on which this session is running on #host.

Returns:

• (Integer)

# File 'app/models/mdm/session.rb', line 118

#routes ⇒ Array<Mdm::Route>

Routes tunneled throug this session.

Returns:

• (Array<Mdm::Route>)

# File 'app/models/mdm/session.rb', line 38

has_many :routes,
class_name: 'Mdm::Route',
dependent: :delete_all,
inverse_of: :session

#stype ⇒ String

The type of the session.

Returns:

• (String)

# File 'app/models/mdm/session.rb', line 123

#task ⇒ Mdm::Session

Session this task touched

Returns:

• (Mdm::Session)

# File 'app/models/mdm/session.rb', line 71

has_many :tasks, :through => :task_sessions, :class_name => 'Mdm::Task'

#task_sessions ⇒ Array<Mdm::TaskSession>

Details about sessions this task touched

Returns:

• (Array<Mdm::TaskSession>)

# File 'app/models/mdm/session.rb', line 65

has_many :task_sessions, :dependent => :destroy, :class_name => 'Mdm::TaskSession'

#via_exploit ⇒ String

The full name of the exploit module that opened this session.

Returns:

• (String)

# File 'app/models/mdm/session.rb', line 128

#via_payload ⇒ String

The full name if the payload module that's running this session.

Returns:

• (String)

# File 'app/models/mdm/session.rb', line 133

#vuln_attempt ⇒ Mdm::VulnAttempt

Vulnerability attempt that created this session.

Returns:

• (Mdm::VulnAttempt)

# File 'app/models/mdm/session.rb', line 47

has_one :vuln_attempt,
class_name: 'Mdm::VulnAttempt',
inverse_of: :session

#workspace ⇒ Mdm::Workspace (readonly)

The workspace in which this session exists.

Returns:

• (Mdm::Workspace)

# File 'app/models/mdm/session.rb', line 59

has_one :workspace, :through => :host, :class_name => 'Mdm::Workspace'

Instance Method Details

#upgradeable? ⇒ true, false

Returns whether the session can be upgraded to a meterpreter session from a shell session on Windows.

Returns:

• (true) —

  if #platform is some version of Windows and #stype is 'shell'.

• (false) —

  otherwise.

# File 'app/models/mdm/session.rb', line 162

def upgradeable?
  if (self.platform =~ /win/i and self.stype == 'shell')
    return true
  else
    return false
  end
end