Class: Mdm::Session

Inherits:

ApplicationRecord

• Object
• ApplicationRecord
• Mdm::Session

Extended by:

ActiveSupport::Autoload

Includes:

Metasploit::Model::Search

Defined in:

app/models/mdm/session.rb

Overview

A session opened on a #host using an exploit and controlled through a payload to connect back to the local host using meterpreter or a cmd shell.

Instance Attribute Summary

• #close_reason ⇒ String

  Why the session was closed.

• #closed_at ⇒ DateTime

  When the session was closed on #host.

• #datastore ⇒ Hash

  Options for exploit and #via_payload modules.

• #desc ⇒ String

  Description of session.

• #events ⇒ Array<Mdm::Event>

  Events that occurred when this session was open.

• #exploit_attempt ⇒ Mdm::ExploitAttempt

  Exploit attempt that created this session.

• #host ⇒ Mdm::Host

  Host on which this session was opened.

• #last_seen ⇒ DateTime

  The last time the session was checked to see that it was still open.

• #local_id ⇒ Integer

  The ID number of the in-memory session.

• #opened_at ⇒ DateTime

  When the session was opened on #host.

• #originating_module_run ⇒ MetasploitDataModels::ModuleRun

  Records the Metasploit modules run that created this session.

• #platform ⇒ String

  The #host platform.

• #port ⇒ Integer

  The remote port on which this session is running on #host.

• #routes ⇒ ActiveRecord::Relation<Mdm::Route>

  Routes tunneled throug this session.

• #sessions_tags ⇒ ActiveRecord::Relation<Mdm::SessionTag>

  A join model between Tag and Session.

• #stype ⇒ String

  The type of the session.

• #tags ⇒ ActiveRecord::Relation<Mdm::Tag> readonly

  The tags on this session.

• #target_module_runs ⇒ ActiveRecord::Relation<MetasploitDataModels::ModuleRun>

  Records the Metasploit modules run on this session.

• #task ⇒ Mdm::Session

  Session this task touched.

• #task_sessions ⇒ Array<Mdm::TaskSession>

  Details about sessions this task touched.

• #via_exploit ⇒ String

  The full name of the exploit module that opened this session.

• #via_payload ⇒ String

  The full name if the payload module that's running this session.

• #vuln_attempt ⇒ Mdm::VulnAttempt

  Vulnerability attempt that created this session.

• #workspace ⇒ Mdm::Workspace readonly

  The workspace in which this session exists.

Instance Method Summary

• #upgradeable? ⇒ true, false

  Returns whether the session can be upgraded to a meterpreter session from a shell session on Windows.

Instance Attribute Details

#close_reason ⇒ String

Why the session was closed. Used to differentiate between user killing it local and the session being killed on the remote end.

Returns:

# File 'app/models/mdm/session.rb', line 127

#closed_at ⇒ DateTime

When the session was closed on #host.

Returns:

# File 'app/models/mdm/session.rb', line 122

#datastore ⇒ Hash

Options for exploit and #via_payload modules.

Returns:

# File 'app/models/mdm/session.rb', line 133

#desc ⇒ String

Description of session.

Returns:

# File 'app/models/mdm/session.rb', line 138

#events ⇒ Array<Mdm::Event>

Events that occurred when this session was open.

Returns:

# File 'app/models/mdm/session.rb', line 18

has_many :events,
-> { order('created_at') },
class_name: 'Mdm::SessionEvent',
dependent: :delete_all,
inverse_of: :session

#exploit_attempt ⇒ Mdm::ExploitAttempt

Exploit attempt that created this session.

Returns:

# File 'app/models/mdm/session.rb', line 28

has_one :exploit_attempt,
class_name: 'Mdm::ExploitAttempt',
inverse_of: :session

#host ⇒ Mdm::Host

Host on which this session was opened.

Returns:

# File 'app/models/mdm/session.rb', line 36

belongs_to :host,
class_name: 'Mdm::Host',
inverse_of: :sessions

#last_seen ⇒ DateTime

The last time the session was checked to see that it was still open.

Returns:

# File 'app/models/mdm/session.rb', line 143

#local_id ⇒ Integer

The ID number of the in-memory session.

Returns:

# File 'app/models/mdm/session.rb', line 148

#opened_at ⇒ DateTime

When the session was opened on #host.

Returns:

# File 'app/models/mdm/session.rb', line 153

#originating_module_run ⇒ MetasploitDataModels::ModuleRun

Records the Metasploit modules run that created this session

Returns:

# File 'app/models/mdm/session.rb', line 53

belongs_to :originating_module_run,
class_name: 'MetasploitDataModels::ModuleRun',
optional: true, # no code currently generates a module_run
foreign_key: :module_run_id,
inverse_of: :spawned_session

#platform ⇒ String

The #host platform.

Returns:

# File 'app/models/mdm/session.rb', line 158

#port ⇒ Integer

The remote port on which this session is running on #host.

Returns:

# File 'app/models/mdm/session.rb', line 163

#routes ⇒ ActiveRecord::Relation<Mdm::Route>

Routes tunneled throug this session.

Returns:

# File 'app/models/mdm/session.rb', line 44

has_many :routes,
class_name: 'Mdm::Route',
dependent: :delete_all,
inverse_of: :session

#sessions_tags ⇒ ActiveRecord::Relation<Mdm::SessionTag>

TODO:

MSP-2723

A join model between Tag and Mdm::Session. Use #tags to get the actual Mdm::Tags on this host.

Returns:

# File 'app/models/mdm/session.rb', line 80

has_many :sessions_tags,
class_name: 'Mdm::SessionTag',
dependent: :destroy,
inverse_of: :session

#stype ⇒ String

The type of the session.

Returns:

# File 'app/models/mdm/session.rb', line 168

#tags ⇒ ActiveRecord::Relation<Mdm::Tag> (readonly)

The tags on this session. Tags are used to filter sessions.

Returns:

See Also:

• #sessions_tags

# File 'app/models/mdm/session.rb', line 94

has_many :tags, :class_name => 'Mdm::Tag', :through => :sessions_tags

#target_module_runs ⇒ ActiveRecord::Relation<MetasploitDataModels::ModuleRun>

Records the Metasploit modules run on this session

Returns:

# File 'app/models/mdm/session.rb', line 63

has_many :target_module_runs,
class_name: 'MetasploitDataModels::ModuleRun',
inverse_of: :target_session

#task ⇒ Mdm::Session

Session this task touched

Returns:

# File 'app/models/mdm/session.rb', line 116

has_many :tasks, :through => :task_sessions, :class_name => 'Mdm::Task'

#task_sessions ⇒ Array<Mdm::TaskSession>

Details about sessions this task touched

Returns:

# File 'app/models/mdm/session.rb', line 110

has_many :task_sessions, :dependent => :destroy, :class_name => 'Mdm::TaskSession'

#via_exploit ⇒ String

The full name of the exploit module that opened this session.

Returns:

# File 'app/models/mdm/session.rb', line 173

#via_payload ⇒ String

The full name if the payload module that's running this session.

Returns:

# File 'app/models/mdm/session.rb', line 178

#vuln_attempt ⇒ Mdm::VulnAttempt

Vulnerability attempt that created this session.

Returns:

# File 'app/models/mdm/session.rb', line 71

has_one :vuln_attempt,
class_name: 'Mdm::VulnAttempt',
inverse_of: :session

#workspace ⇒ Mdm::Workspace (readonly)

The workspace in which this session exists.

Returns:

# File 'app/models/mdm/session.rb', line 104

has_one :workspace, :through => :host, :class_name => 'Mdm::Workspace'

Instance Method Details

#upgradeable? ⇒ true, false

Returns whether the session can be upgraded to a meterpreter session from a shell session on Windows.

Returns:

• if #platform is some version of Windows and #stype is 'shell'.

• otherwise.

# File 'app/models/mdm/session.rb', line 211

def upgradeable?
  if (self.platform =~ /win/i and self.stype == 'shell')
    return true
  else
    return false
  end
end