Module: Msf::PostMixin

Includes:
Auxiliary::Report, Module::HasActions, Msf::Post::Common
Included in:
Exploit::Local, Post
Defined in:
lib/msf/core/post_mixin.rb

Overview

A mixin used for providing Modules with post-exploitation options and helper methods

Instance Attribute Summary collapse

Attributes included from Module::HasActions

#actions, #default_action, #passive_actions

Instance Method Summary collapse

Methods included from Msf::Post::Common

#cmd_exec, #cmd_exec_get_pid, #get_env, #get_envs, #has_pid?, #peer, #report_vm, #rhost, #rport

Methods included from Module::HasActions

#action, #find_action, #passive_action?

Methods included from Auxiliary::Report

#db, #get_client, #get_host, #inside_workspace_boundary?, #mytask, #myworkspace, #report_auth_info, #report_client, #report_exploit, #report_host, #report_loot, #report_note, #report_service, #report_vuln, #report_web_form, #report_web_page, #report_web_site, #report_web_vuln, #store_cred, #store_local, #store_loot

Instance Attribute Details

#passiveBoolean

True when this module is passive, false when active

See Also:


202
203
204
# File 'lib/msf/core/post_mixin.rb', line 202

def passive
  @passive
end

Instance Method Details

#check_for_session_readiness(tries = 6) ⇒ Object

Meterpreter sometimes needs a little bit of extra time to actually be responsive for post modules. Default tries and retries for 5 seconds.


47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/msf/core/post_mixin.rb', line 47

def check_for_session_readiness(tries=6)
  session_ready_count = 0
  session_ready = false
  until session.sys or session_ready_count > tries
    session_ready_count += 1
    back_off_period = (session_ready_count**2)/10.0
    select(nil,nil,nil,back_off_period)
  end
  session_ready = !!session.sys
  raise "Could not get a hold of the session." unless session_ready
  return session_ready
end

#cleanupObject

Default cleanup handler does nothing


63
64
# File 'lib/msf/core/post_mixin.rb', line 63

def cleanup
end

#compatible_sessionsArray

Return a (possibly empty) list of all compatible sessions


116
117
118
119
120
121
122
# File 'lib/msf/core/post_mixin.rb', line 116

def compatible_sessions
  sessions = []
  framework.sessions.each do |sid, s|
    sessions << sid if session_compatible?(s)
  end
  sessions
end

#initialize(info = {}) ⇒ Object


15
16
17
18
19
20
21
22
23
24
# File 'lib/msf/core/post_mixin.rb', line 15

def initialize(info={})
  super

  register_options( [
    Msf::OptInt.new('SESSION', [ true, "The session to run this module on." ])
  ] , Msf::Post)

  # Default stance is active
  self.passive = (info['Passive'] and info['Passive'] == true) || false
end

#passive?Boolean

Whether this module's Exploit::Stance is passive


108
109
110
# File 'lib/msf/core/post_mixin.rb', line 108

def passive?
  self.passive
end

#post_commandsObject

Can be overridden by individual modules to add new commands


103
104
105
# File 'lib/msf/core/post_mixin.rb', line 103

def post_commands
  {}
end

#sessionMsf::Session? Also known as: client

Return the associated session or nil if there isn't one


72
73
74
75
76
77
78
79
80
81
82
83
# File 'lib/msf/core/post_mixin.rb', line 72

def session
  # Try the cached one
  return @session if @session and not session_changed?

  if datastore["SESSION"]
    @session = framework.sessions.get(datastore["SESSION"].to_i)
  else
    @session = nil
  end

  @session
end

#session_compatible?(sess_or_sid) ⇒ Boolean

Note:

Because it errs on the side of compatibility, a true return value from this method does not guarantee the module will work with the session.

Return false if the given session is not compatible with this module

Checks the session's type against this module's module_info["SessionTypes"] as well as examining platform compatibility. sess_or_sid can be a Session object, Fixnum, or String. In the latter cases it sould be a key in framework.sessions.


142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
# File 'lib/msf/core/post_mixin.rb', line 142

def session_compatible?(sess_or_sid)
  # Normalize the argument to an actual Session
  case sess_or_sid
  when ::Fixnum, ::String
    s = framework.sessions[sess_or_sid.to_i]
  when ::Msf::Session
    s = sess_or_sid
  end

  # Can't do anything without a session
  return false if s.nil?

  # Can't be compatible if it's the wrong type
  if self.module_info["SessionTypes"]
    return false unless self.module_info["SessionTypes"].include?(s.type)
  end

  # XXX: Special-case java and php for now.  This sucks and Session
  # should have a method to auto-detect the underlying platform of
  # platform-independent sessions such as these.
  plat = s.platform
  if plat =~ /php|java/ and sysinfo and sysinfo["OS"]
    plat = sysinfo["OS"]
  end

  # Types are okay, now check the platform.  This is kind of a ghetto
  # workaround for session platforms being ad-hoc and Platform being
  # inflexible.
  if self.platform and self.platform.kind_of?(Msf::Module::PlatformList)
    [
      # Add as necessary
      "win", "linux", "osx"
    ].each do |name|
      if plat =~ /#{name}/
        p = Msf::Module::PlatformList.transform(name)
        return false unless self.platform.supports? p
      end
    end
  elsif self.platform and self.platform.kind_of?(Msf::Module::Platform)
    p_klass = Msf::Module::Platform
    case plat.downcase
    when /win/
      return false unless self.platform.kind_of?(p_klass::Windows)
    when /osx/
      return false unless self.platform.kind_of?(p_klass::OSX)
    when /linux/
      return false unless self.platform.kind_of?(p_klass::Linux)
    end
  end

  # If we got here, we haven't found anything that definitely
  # disqualifies this session.  Assume that means we can use it.
  return true
end

#setupObject

Grabs a session object from the framework or raises OptionValidateError if one doesn't exist. Initializes user input and output on the session.

Raises:


31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/msf/core/post_mixin.rb', line 31

def setup
  if not session
    raise Msf::OptionValidateError.new(["SESSION"])
  end

  super

  check_for_session_readiness() if session.type == "meterpreter"

  @session.init_ui(self.user_input, self.user_output)
  @sysinfo = nil
end

#sysinfoHash?

Cached sysinfo, returns nil for non-meterpreter sessions


91
92
93
94
95
96
97
98
# File 'lib/msf/core/post_mixin.rb', line 91

def sysinfo
  begin
    @sysinfo ||= session.sys.config.sysinfo
  rescue NoMethodError
    @sysinfo = nil
  end
  @sysinfo
end