Class: Msf::RPC::RPC_Console

Inherits:
RPC_Base show all
Defined in:
lib/msf/core/rpc/v10/rpc_console.rb

Instance Attribute Summary

Attributes inherited from RPC_Base

#framework, #job_status_tracker, #service, #tokens, #users

Instance Method Summary collapse

Methods inherited from RPC_Base

#error

Constructor Details

#initialize(*args) ⇒ Msf::Ui::Web::Driver

Initializes the RPC console


13
14
15
16
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 13

def initialize(*args)
  super
  @console_driver = Msf::Ui::Web::Driver.new(:framework => framework)
end

Instance Method Details

#rpc_create(opts = {}) ⇒ Hash

Creates a new framework console instance.

Examples:

Here's how you would use this from the client:

rpc.call('console.create')

Parameters:

  • opts (Hash) (defaults to: {})

    See Msf::Ui::Web::Driver#create_console

Returns:

  • (Hash)

    Information about the new console. It contains the following keys:

    • 'id' [Integer] The console's ID.

    • 'prompt' [String] The framework prompt (example: 'msf > ')

    • 'busy' [TrueClass] The console's busy state, or

    • 'busy' [FalseClass] The console's busy state.


28
29
30
31
32
33
34
35
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 28

def rpc_create(opts={})
  cid = @console_driver.create_console(opts)
  {
    'id'     => cid,
    'prompt' => @console_driver.consoles[cid].prompt || '',
    'busy'   => @console_driver.consoles[cid].busy   || false
  }
end

#rpc_destroy(cid) ⇒ Hash

Deletes a framework console instance.

Examples:

Here's how you would use this from the client:

rpc.call('console.destroy', 1)

Parameters:

  • cid (Integer)

    Framework console ID.

Returns:

  • (Hash)

    A result indicating whether the action was successful or not. It contains the following key:

    • 'result' [String] Either 'success' or 'failure'.


69
70
71
72
73
74
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 69

def rpc_destroy(cid)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  res = @console_driver.destroy_console(cid)
  { 'result' => res ? 'success' : 'failure' }
end

#rpc_listHash

Returns a list of framework consoles.

Examples:

Here's how you would use this from the client:

rpc.call('console.list')

Returns:

  • (Hash)

    Console information.

    • 'consoles' [Array<Hash>] consoles, each element is a hash that includes:

      • 'id' [Integer] The console's ID

      • 'prompt' [String] The framework prompt (example: 'msf > ')

      • 'busy' [TrueClass] The console's busy state, or

      • 'busy' [FalseClass] The console's busy state.


48
49
50
51
52
53
54
55
56
57
58
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 48

def rpc_list
  ret = []
  @console_driver.consoles.each_key do |cid|
    ret << {
      'id'     => cid,
      'prompt' => @console_driver.consoles[cid].prompt || '',
      'busy'   => @console_driver.consoles[cid].busy   || false
    }
  end
  {'consoles' => ret}
end

#rpc_read(cid) ⇒ Hash

Returns the framework console output in raw form.

Examples:

Here's how you would use this from the client:

rpc.call('console.read', 1)

Parameters:

  • cid (Integer)

    Framework console ID.

Returns:

  • (Hash)

    There are two different hashes you might get:

    If the console ID is invalid, you will get a hash like the following:

    • 'result' [String] A value that says 'failure'.

    If the console ID is valid, you will get a hash like the following:

    • 'data' [String] The output the framework console produces (example: the banner)

    • 'prompt' [String] The framework prompt (example: 'msf > ')

    • 'busy' [TrueClass] The console's busy state, or

    • 'busy' [FalseClass] The console's busy state.


91
92
93
94
95
96
97
98
99
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 91

def rpc_read(cid)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  {
    "data"   => @console_driver.read_console(cid)    || '',
    "prompt" => @console_driver.consoles[cid].prompt || '',
    "busy"   => @console_driver.consoles[cid].busy   || false
  }
end

#rpc_session_detach(cid) ⇒ Hash

Detaches a framework session. This serves the same purpose as [CTRL]+ to background an interactive session.

Examples:

Here's how you would use this from the client:

rpc.call('console.session_detach', 4)

Parameters:

  • cid (Integer)

    Framework console ID.

Returns:

  • (Hash)

    A hash indicating whether the action was successful or not. It contains:

    • 'result' [String] A message that says 'success' if the console ID is valid (and successfully detached, otherwise 'failed')


170
171
172
173
174
175
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 170

def rpc_session_detach(cid)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  @console_driver.consoles[cid].session_detach
  { 'result' => 'success' }
end

#rpc_session_kill(cid) ⇒ Hash

Kills a framework session. This serves the same purpose as [CTRL]+ to abort an interactive session. You might also want to considering using the session API calls instead of this.

Examples:

Here's how you would use this from the client:

rpc.call('console.session_kill', 4)

Parameters:

  • cid (Integer)

    Framework console ID.

Returns:

  • (Hash)

    A hash indicating whether the action was successful or not. It contains:

    • 'result' [String] A message that says 'success' if the console ID is valid (and successfully killed, otherwise 'failed')


154
155
156
157
158
159
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 154

def rpc_session_kill(cid)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  @console_driver.consoles[cid].session_kill
  { 'result' => 'success' }
end

#rpc_tabs(cid, line) ⇒ Hash

Returns the tab-completed version of your input (such as a module path).

Examples:

Here's how you would use this from the client:

# This will return:
# {"tabs"=>["use exploit/windows/smb/ms08_067_netapi"]}
rpc.call('console.tabs', 4, "use exploit/windows/smb/ms08_067_")

Parameters:

  • cid (Integer)

    Framework console ID.

  • line (String)

    Command.

Returns:

  • (Hash)

    There are two different hashes you might get:

    If the console ID is invalid, you will get a hash like the following:

    • 'result' [String] A value that says 'failure'.

    If the console ID is valid, you will get a hash like the following:

    • 'tabs' [String] The tab-completed version of the command.


139
140
141
142
143
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 139

def rpc_tabs(cid, line)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  { "tabs" => @console_driver.consoles[cid].tab_complete(line) }
end

#rpc_write(cid, data) ⇒ Hash

Note:

Remember to add a newline (\r\n) at the end of input, otherwise the console will not do anything. And you will need to use the #rpc_read method to retrieve the output again.

Sends an input (such as a command) to the framework console.

Examples:

Here's how you would use this from the client:

# This will show the current module's options.
rpc.call('console.write', 4, "show options\r\n")

Parameters:

  • cid (Integer)

    Framework console ID.

  • data (String)

    User input.

Returns:

  • (Hash)

    There are two different hashes you might get:

    If the console ID is invalid, you will get a hash like the following:

    • 'result' [String] A value that says 'failure'.

    If the console ID is invalid, you will get a hash like the following:

    • 'wrote' [Integer] Number of bytes sent.


118
119
120
121
122
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 118

def rpc_write(cid, data)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  { "wrote" => @console_driver.write_console(cid, data || '') }
end