Module: Msf::Session

Includes:
Framework::Offspring
Included in:
Basic, Msf::Sessions::Meterpreter, Msf::Sessions::VncInject
Defined in:
lib/msf/core/session.rb,
lib/msf/core/session/comm.rb,
lib/msf/core/session/basic.rb,
lib/msf/base/sessions/scriptable.rb,
lib/msf/core/session/interactive.rb,
lib/msf/core/session/provider/multi_command_shell.rb,
lib/msf/core/session/provider/single_command_shell.rb,
lib/msf/core/session/provider/multi_command_execution.rb,
lib/msf/core/session/provider/single_command_execution.rb

Overview

The session class represents a post-exploitation, uh, session. Sessions can be written to, read from, and interacted with. The underlying medium on which they are backed is arbitrary. For instance, when an exploit is provided with a command shell, either through a network connection or locally, the session's read and write operations end up reading from and writing to the shell that was spawned. The session object can be seen as a general means of interacting with various post-exploitation payloads through a common interface that is not necessarily tied to a network connection.

Defined Under Namespace

Modules: Basic, Comm, Interactive, Provider, Scriptable

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#aliveObject

Returns the value of attribute alive


341
342
343
# File 'lib/msf/core/session.rb', line 341

def alive
  @alive
end

#db_recordObject

This session's associated database record


402
403
404
# File 'lib/msf/core/session.rb', line 402

def db_record
  @db_record
end

#exploitObject

The actual exploit module instance that created this session


390
391
392
# File 'lib/msf/core/session.rb', line 390

def exploit
  @exploit
end

#exploit_datastoreObject

The datastore of the exploit that created this session


370
371
372
# File 'lib/msf/core/session.rb', line 370

def exploit_datastore
  @exploit_datastore
end

#exploit_taskObject

The task that ran the exploit that got the session (that swallowed the fly)


374
375
376
# File 'lib/msf/core/session.rb', line 374

def exploit_task
  @exploit_task
end

#exploit_uuidObject

The unique identifier of exploit that created this session


386
387
388
# File 'lib/msf/core/session.rb', line 386

def exploit_uuid
  @exploit_uuid
end

#frameworkObject

The framework instance that created this session.


346
347
348
# File 'lib/msf/core/session.rb', line 346

def framework
  @framework
end

#infoObject

The specific identified session info


378
379
380
# File 'lib/msf/core/session.rb', line 378

def info
  @info
end

#routesObject

An array of routes associated with this session


398
399
400
# File 'lib/msf/core/session.rb', line 398

def routes
  @routes
end

#sidObject

The session unique identifier.


350
351
352
# File 'lib/msf/core/session.rb', line 350

def sid
  @sid
end

#snameObject

The session name.


354
355
356
# File 'lib/msf/core/session.rb', line 354

def sname
  @sname
end

#target_hostObject

The original target host address


362
363
364
# File 'lib/msf/core/session.rb', line 362

def target_host
  @target_host
end

#target_portObject

The original target port if applicable


366
367
368
# File 'lib/msf/core/session.rb', line 366

def target_port
  @target_port
end

#usernameObject

The associated username


394
395
396
# File 'lib/msf/core/session.rb', line 394

def username
  @username
end

#uuidObject

The unique identifier of this session


382
383
384
# File 'lib/msf/core/session.rb', line 382

def uuid
  @uuid
end

#workspaceObject

The associated workspace name


358
359
360
# File 'lib/msf/core/session.rb', line 358

def workspace
  @workspace
end

Class Method Details

.typeObject


98
99
100
# File 'lib/msf/core/session.rb', line 98

def self.type
  "unknown"
end

Instance Method Details

#alive?Boolean


337
338
339
# File 'lib/msf/core/session.rb', line 337

def alive?
  (self.alive)
end

#cleanupObject

Perform session-specific cleanup.

NOTE: session classes overriding this method must call super! Also must tolerate being called multiple times.


300
301
302
303
304
305
306
307
308
309
# File 'lib/msf/core/session.rb', line 300

def cleanup
  if db_record and framework.db.active
    ::ActiveRecord::Base.connection_pool.with_connection {
      db_record.closed_at = Time.now.utc
      # ignore exceptions
      db_record.save
      db_record = nil
    }
  end
end

#dead?Boolean


333
334
335
# File 'lib/msf/core/session.rb', line 333

def dead?
  (not self.alive)
end

#descObject

Returns the description of the session.


127
128
# File 'lib/msf/core/session.rb', line 127

def desc
end

#initializeObject


80
81
82
83
84
85
# File 'lib/msf/core/session.rb', line 80

def initialize
  self.alive = true
  self.uuid  = Rex::Text.rand_text_alphanumeric(8).downcase
  @routes = RouteArray.new(self)
  #self.routes = []
end

#inspectObject

Brief and to the point


120
121
122
# File 'lib/msf/core/session.rb', line 120

def inspect
  "#<Session:#{self.type} #{self.tunnel_peer} (#{self.session_host}) #{self.info ? "\"#{self.info.to_s}\"" : nil}>"  # " Fixes highlighting
end

#interactive?Boolean

By default, sessions are not interactive.


314
315
316
# File 'lib/msf/core/session.rb', line 314

def interactive?
  false
end

#killObject

Allow the user to terminate this session


329
330
331
# File 'lib/msf/core/session.rb', line 329

def kill
  framework.sessions.deregister(self) if register?
end

#log_file_nameObject

Returns the suggested name of the log file for this session.


212
213
214
215
216
217
218
219
# File 'lib/msf/core/session.rb', line 212

def log_file_name
  dt = Time.now

  dstr  = sprintf("%.4d%.2d%.2d", dt.year, dt.mon, dt.mday)
  rhost = session_host.gsub(':', '_')

  "#{dstr}_#{rhost}_#{type}"
end

#log_from_local(buf) ⇒ Object

This method logs the supplied buffer as coming from the local side of the session.


240
241
242
# File 'lib/msf/core/session.rb', line 240

def log_from_local(buf)
  rlog(buf, log_source)
end

#log_from_remote(buf) ⇒ Object

This method logs the supplied buffer as coming from the remote side of the session.


232
233
234
# File 'lib/msf/core/session.rb', line 232

def log_from_remote(buf)
  rlog(buf, log_source)
end

#log_sourceObject

Returns the log source that should be used for this session.


224
225
226
# File 'lib/msf/core/session.rb', line 224

def log_source
  "session_#{name}"
end

#nameObject

Returns the session's name if it's been assigned one, otherwise the sid is returned.


106
107
108
# File 'lib/msf/core/session.rb', line 106

def name
  return sname || sid
end

#name=(name) ⇒ Object

Sets the session's name.


113
114
115
# File 'lib/msf/core/session.rb', line 113

def name=(name)
  self.sname = name
end

#register?Boolean

Allow the session to skip registration


322
323
324
# File 'lib/msf/core/session.rb', line 322

def register?
  true
end

#session_hostObject

Returns the host associated with the session


151
152
153
154
155
156
157
158
159
160
161
162
163
164
# File 'lib/msf/core/session.rb', line 151

def session_host
  # Prefer the overridden session host or target_host
  host = @session_host || self.target_host
  return host if host

  # Fallback to the tunnel_peer (contains port)
  peer = self.tunnel_peer
  return if not peer

  # Pop off the trailing port number
  bits = peer.split(':')
  bits.pop
  bits.join(':')
end

#session_host=(v) ⇒ Object

Override the host associated with this session


169
170
171
# File 'lib/msf/core/session.rb', line 169

def session_host=(v)
  @session_host = v
end

#session_portObject

Returns the port associated with the session


176
177
178
179
180
181
182
183
184
185
186
187
# File 'lib/msf/core/session.rb', line 176

def session_port
  port = @session_port || self.target_port
  return port if port
  # Fallback to the tunnel_peer (contains port)
  peer = self.tunnel_peer
  return if not peer

  # Pop off the trailing port number
  bits = peer.split(':')
  port = bits.pop
  port.to_i
end

#session_port=(v) ⇒ Object

Override the host associated with this session


192
193
194
# File 'lib/msf/core/session.rb', line 192

def session_port=(v)
  @session_port = v
end

#set_from_exploit(m) ⇒ Object

Configures via_payload, via_payload, workspace, target_host from an exploit instance. Store references from and to the exploit module.


261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
# File 'lib/msf/core/session.rb', line 261

def set_from_exploit(m)
  self.via = { 'Exploit' => m.fullname }
  self.via['Payload'] = ('payload/' + m.datastore['PAYLOAD'].to_s) if m.datastore['PAYLOAD']
  self.target_host = Rex::Socket.getaddress(m.target_host) if (m.target_host.to_s.strip.length > 0)
  self.target_port = m.target_port if (m.target_port.to_i != 0)
  self.workspace   = m.workspace
  self.username    = m.owner
  self.exploit_datastore = m.datastore
  self.user_input = m.user_input if m.user_input
  self.user_output = m.user_output if m.user_output
  self.exploit_uuid = m.uuid
  self.exploit = m
  if m[:task]
    self.exploit_task = m[:task]
  end
end

#set_via(opts) ⇒ Object

Sets the vector through which this session was realized.


253
254
255
# File 'lib/msf/core/session.rb', line 253

def set_via(opts)
  self.via = opts || {}
end

#tunnel_localObject

Returns the local side of the tunnel.


139
140
# File 'lib/msf/core/session.rb', line 139

def tunnel_local
end

#tunnel_peerObject

Returns the peer side of the tunnel.


145
146
# File 'lib/msf/core/session.rb', line 145

def tunnel_peer
end

#tunnel_to_sObject

Returns a pretty representation of the tunnel.


199
200
201
# File 'lib/msf/core/session.rb', line 199

def tunnel_to_s
  "#{(tunnel_local || '??')} -> #{(tunnel_peer || '??')}"
end

#typeObject

Returns the type of session in use.


133
134
# File 'lib/msf/core/session.rb', line 133

def type
end

#via_exploitObject

Returns the exploit module name through which this session was created.


282
283
284
# File 'lib/msf/core/session.rb', line 282

def via_exploit
  self.via['Exploit'] if (self.via)
end

#via_payloadObject

Returns the payload module name through which this session was created.


290
291
292
# File 'lib/msf/core/session.rb', line 290

def via_payload
  self.via['Payload'] if (self.via)
end