Class: Msf::Handler::ReverseTcpDoubleSSL::TcpReverseDoubleSSLSessionChannel

Inherits:
Object
  • Object
show all
Includes:
Rex::IO::StreamAbstraction
Defined in:
lib/msf/core/handler/reverse_tcp_double_ssl.rb

Overview

This class wrappers the communication channel built over the two inbound connections, allowing input and output to be split across both.

Instance Method Summary collapse

Constructor Details

#initialize(framework, inp, out) ⇒ TcpReverseDoubleSSLSessionChannel

Returns a new instance of TcpReverseDoubleSSLSessionChannel.


267
268
269
270
271
272
273
274
275
276
277
278
279
# File 'lib/msf/core/handler/reverse_tcp_double_ssl.rb', line 267

def initialize(framework, inp, out)
  @framework = framework
  @sock_inp  = inp
  @sock_out  = out

  initialize_abstraction

  self.lsock.extend(TcpReverseDoubleSSLChannelExt)
  self.lsock.peerinfo  = @sock_inp.getpeername_as_array[1,2].map{|x| x.to_s}.join(":")
  self.lsock.localinfo = @sock_inp.getsockname[1,2].map{|x| x.to_s}.join(":")

  monitor_shell_stdout
end

Instance Method Details

#closeObject

Closes the stream abstraction and kills the monitor thread.


325
326
327
328
329
330
# File 'lib/msf/core/handler/reverse_tcp_double_ssl.rb', line 325

def close
  @monitor_thread.kill if (@monitor_thread)
  @monitor_thread = nil

  cleanup_abstraction
end

#monitor_shell_stdoutObject

Funnel data from the shell's stdout to rsock

StreamAbstraction#monitor_rsock will deal with getting data from the client (user input). From there, it calls our write() below, funneling the data to the shell's stdin on the other side.


288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
# File 'lib/msf/core/handler/reverse_tcp_double_ssl.rb', line 288

def monitor_shell_stdout

  # Start a thread to pipe data between stdin/stdout and the two sockets
  @monitor_thread = @framework.threads.spawn("ReverseTcpDoubleSSLHandlerMonitor", false) {
    begin
      while true
        # Handle data from the server and write to the client
        if (@sock_out.has_read_data?(0.50))
          buf = @sock_out.get_once
          break if buf.nil?
          rsock.put(buf)
        end
      end
    rescue ::Exception => e
      ilog("ReverseTcpDoubleSSL monitor thread raised #{e.class}: #{e}")
    end

    # Clean up the sockets...
    begin
      @sock_inp.close
      @sock_out.close
    rescue ::Exception
    end
  }
end

#read(length = 0, opts = {}) ⇒ Object


318
319
320
# File 'lib/msf/core/handler/reverse_tcp_double_ssl.rb', line 318

def read(length=0, opts={})
  @sock_out.read(length, opts)
end

#write(buf, opts = {}) ⇒ Object


314
315
316
# File 'lib/msf/core/handler/reverse_tcp_double_ssl.rb', line 314

def write(buf, opts={})
  @sock_inp.write(buf, opts)
end