Class: Msf::Handler::ReverseTcpDouble::TcpReverseDoubleSessionChannel

Inherits:
Object
  • Object
show all
Includes:
Rex::IO::StreamAbstraction
Defined in:
lib/msf/core/handler/reverse_tcp_double.rb

Overview

This class wrappers the communication channel built over the two inbound connections, allowing input and output to be split across both.

Instance Method Summary collapse

Constructor Details

#initialize(framework, inp, out) ⇒ TcpReverseDoubleSessionChannel

Returns a new instance of TcpReverseDoubleSessionChannel.


202
203
204
205
206
207
208
209
210
211
212
213
214
# File 'lib/msf/core/handler/reverse_tcp_double.rb', line 202

def initialize(framework, inp, out)
  @framework = framework
  @sock_inp  = inp
  @sock_out  = out

  initialize_abstraction

  self.lsock.extend(TcpReverseDoubleChannelExt)
  self.lsock.peerinfo  = @sock_inp.getpeername_as_array[1,2].map{|x| x.to_s}.join(":")
  self.lsock.localinfo = @sock_inp.getsockname[1,2].map{|x| x.to_s}.join(":")

  monitor_shell_stdout
end

Instance Method Details

#closeObject

Closes the stream abstraction and kills the monitor thread.


260
261
262
263
264
265
# File 'lib/msf/core/handler/reverse_tcp_double.rb', line 260

def close
  @monitor_thread.kill if (@monitor_thread)
  @monitor_thread = nil

  cleanup_abstraction
end

#monitor_shell_stdoutObject

Funnel data from the shell's stdout to rsock

StreamAbstraction#monitor_rsock will deal with getting data from the client (user input). From there, it calls our write() below, funneling the data to the shell's stdin on the other side.


223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
# File 'lib/msf/core/handler/reverse_tcp_double.rb', line 223

def monitor_shell_stdout

  # Start a thread to pipe data between stdin/stdout and the two sockets
  @monitor_thread = @framework.threads.spawn("ReverseTcpDoubleHandlerMonitor", false) {
    begin
      while true
        # Handle data from the server and write to the client
        if (@sock_out.has_read_data?(0.50))
          buf = @sock_out.get_once
          break if buf.nil?
          rsock.put(buf)
        end
      end
    rescue ::Exception => e
      ilog("ReverseTcpDouble monitor thread raised #{e.class}: #{e}")
    end

    # Clean up the sockets...
    begin
      @sock_inp.close
      @sock_out.close
    rescue ::Exception
    end
  }
end

#read(length = 0, opts = {}) ⇒ Object


253
254
255
# File 'lib/msf/core/handler/reverse_tcp_double.rb', line 253

def read(length=0, opts={})
  @sock_out.read(length, opts)
end

#write(buf, opts = {}) ⇒ Object


249
250
251
# File 'lib/msf/core/handler/reverse_tcp_double.rb', line 249

def write(buf, opts={})
  @sock_inp.write(buf, opts)
end