Class: Rex::Post::Meterpreter::Extensions::Stdapi::Net::SocketSubsystem::TcpClientChannel

Inherits:
Stream
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb

Overview

This class represents a logical TCP client connection that is established from the remote machine and tunnelled through the established meterpreter connection, similar to an SSH port forward.

Defined Under Namespace

Modules: DirectChannelWrite, SocketInterface

Instance Attribute Summary

Attributes included from IO::StreamAbstraction

#lsock, #rsock

Attributes inherited from Channel

#cid, #client, #cls, #flags, #params, #type

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Stream

#cleanup, #dio_close_handler, #dio_write_handler

Methods included from IO::StreamAbstraction

#cleanup_abstraction, #close, #initialize_abstraction, #localinfo, #peerinfo, #sysread, #syswrite

Methods inherited from Channel

_close, #_close, #_read, #close, #close_read, create, #dio_close_handler, #dio_handler, #dio_map, #dio_read_handler, #dio_write_handler, finalize, #flag?, #interactive, #read, request_handler, #synchronous?, #write

Methods included from InboundPacketHandler

#request_handler, #response_handler

Constructor Details

#initialize(client, cid, type, flags) ⇒ TcpClientChannel

Passes the channel initialization information up to the base class.



127
128
129
130
131
132
133
134
135
136
137
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 127

def initialize( client, cid, type, flags )
  super( client, cid, type, flags )

  lsock.extend( SocketInterface )
  lsock.extend( DirectChannelWrite )
  lsock.channel = self

  rsock.extend( SocketInterface )
  rsock.channel = self

end

Class Method Details

.clsObject 



27
28
29
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 27

def cls
  return CHANNEL_CLASS_STREAM
end

.open(client, params) ⇒ Object

Opens a TCP client channel using the supplied parameters.



90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 90

def TcpClientChannel.open(client, params)
  c = Channel.create(client, 'stdapi_net_tcp_client', self, CHANNEL_FLAG_SYNCHRONOUS,
    [
      {
        'type'  => TLV_TYPE_PEER_HOST,
        'value' => params.peerhost
      },
      {
        'type'  => TLV_TYPE_PEER_PORT,
        'value' => params.peerport
      },
      {
        'type'  => TLV_TYPE_LOCAL_HOST,
        'value' => params.localhost
      },
      {
        'type'  => TLV_TYPE_LOCAL_PORT,
        'value' => params.localport
      },
      {
        'type'  => TLV_TYPE_CONNECT_RETRIES,
        'value' => params.retries
      }
    ])
  c.params = params
  c
end

Instance Method Details

#_write(*args) ⇒ Object

Wrap the _write() call in order to catch some common, but harmless Windows exceptions



167
168
169
170
171
172
173
174
175
176
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 167

def _write(*args)
  begin
    super(*args)
  rescue ::Rex::Post::Meterpreter::RequestError => e
    case e.code
    when 10000 .. 10100
      raise ::Rex::ConnectionError.new
    end
  end
end

#close_writeObject

Closes the write half of the connection.



142
143
144
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 142

def close_write
  return shutdown(1)
end

#shutdown(how = 1) ⇒ Object

Shutdown the connection

0 -> future reads 1 -> future sends 2 -> both



153
154
155
156
157
158
159
160
161
162
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb', line 153

def shutdown(how = 1)
  request = Packet.create_request('stdapi_net_socket_tcp_shutdown')

  request.add_tlv(TLV_TYPE_SHUTDOWN_HOW, how)
  request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid)

  response = client.send_request(request)

  return true
end