Class: Mdm::Session

Inherits:
ApplicationRecord
  • Object
show all
Defined in:
app/models/mdm/session.rb

Overview

A session opened on a #host using an exploit and controlled through a payload to connect back to the local host using meterpreter or a cmd shell.

Instance Attribute Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#close_reasonString

Why the session was closed. Used to differentiate between user killing it local and the session being killed on the remote end.

Returns:

  • (String)

# File 'app/models/mdm/session.rb', line 100

#closed_atDateTime

When the session was closed on #host.

Returns:

  • (DateTime)

# File 'app/models/mdm/session.rb', line 95

#datastoreHash

Options for exploit and #via_payload modules.

Returns:

  • (Hash)

# File 'app/models/mdm/session.rb', line 106

#descString

Description of session.

Returns:

  • (String)

# File 'app/models/mdm/session.rb', line 111

#eventsArray<Mdm::Event>

Events that occurred when this session was open.

Returns:


13
14
15
16
17
# File 'app/models/mdm/session.rb', line 13

has_many :events,
-> { order('created_at') },
class_name: 'Mdm::SessionEvent',
dependent: :delete_all,
inverse_of: :session

#exploit_attemptMdm::ExploitAttempt

Exploit attempt that created this session.

Returns:


23
24
25
# File 'app/models/mdm/session.rb', line 23

has_one :exploit_attempt,
class_name: 'Mdm::ExploitAttempt',
inverse_of: :session

#hostMdm::Host

Host on which this session was opened.

Returns:


31
32
33
# File 'app/models/mdm/session.rb', line 31

belongs_to :host,
class_name: 'Mdm::Host',
inverse_of: :sessions

#last_seenDateTime

The last time the session was checked to see that it was still open.

Returns:

  • (DateTime)

# File 'app/models/mdm/session.rb', line 116

#local_idInteger

The ID number of the in-memory session.

Returns:

  • (Integer)

# File 'app/models/mdm/session.rb', line 121

#opened_atDateTime

When the session was opened on #host.

Returns:

  • (DateTime)

# File 'app/models/mdm/session.rb', line 126

#originating_module_runMetasploitDataModels::ModuleRun

Records the Metasploit modules run that created this session


48
49
50
51
# File 'app/models/mdm/session.rb', line 48

belongs_to :originating_module_run,
class_name: 'MetasploitDataModels::ModuleRun',
foreign_key: :module_run_id,
inverse_of: :spawned_session

#platformString

The #host platform.

Returns:

  • (String)

# File 'app/models/mdm/session.rb', line 131

#portInteger

The remote port on which this session is running on #host.

Returns:

  • (Integer)

# File 'app/models/mdm/session.rb', line 136

#routesActiveRecord::Relation<Mdm::Route>

Routes tunneled throug this session.

Returns:


39
40
41
42
# File 'app/models/mdm/session.rb', line 39

has_many :routes,
class_name: 'Mdm::Route',
dependent: :delete_all,
inverse_of: :session

#stypeString

The type of the session.

Returns:

  • (String)

# File 'app/models/mdm/session.rb', line 141

#target_module_runsActiveRecord::Relation<MetasploitDataModels::ModuleRun>

Records the Metasploit modules run on this session

Returns:


57
58
59
# File 'app/models/mdm/session.rb', line 57

has_many :target_module_runs,
class_name: 'MetasploitDataModels::ModuleRun',
inverse_of: :target_session

#taskMdm::Session

Session this task touched

Returns:


89
# File 'app/models/mdm/session.rb', line 89

has_many :tasks, :through => :task_sessions, :class_name => 'Mdm::Task'

#task_sessionsArray<Mdm::TaskSession>

Details about sessions this task touched

Returns:


83
# File 'app/models/mdm/session.rb', line 83

has_many :task_sessions, :dependent => :destroy, :class_name => 'Mdm::TaskSession'

#via_exploitString

The full name of the exploit module that opened this session.

Returns:

  • (String)

# File 'app/models/mdm/session.rb', line 146

#via_payloadString

The full name if the payload module that's running this session.

Returns:

  • (String)

# File 'app/models/mdm/session.rb', line 151

#vuln_attemptMdm::VulnAttempt

Vulnerability attempt that created this session.

Returns:


65
66
67
# File 'app/models/mdm/session.rb', line 65

has_one :vuln_attempt,
class_name: 'Mdm::VulnAttempt',
inverse_of: :session

#workspaceMdm::Workspace (readonly)

The workspace in which this session exists.

Returns:


77
# File 'app/models/mdm/session.rb', line 77

has_one :workspace, :through => :host, :class_name => 'Mdm::Workspace'

Instance Method Details

#upgradeable?true, false

Returns whether the session can be upgraded to a meterpreter session from a shell session on Windows.

Returns:

  • (true)

    if #platform is some version of Windows and #stype is 'shell'.

  • (false)

    otherwise.


180
181
182
183
184
185
186
# File 'app/models/mdm/session.rb', line 180

def upgradeable?
  if (self.platform =~ /win/i and self.stype == 'shell')
    return true
  else
    return false
  end
end