Class: Msf::RPC::RPC_Console

Inherits:
RPC_Base show all
Defined in:
lib/msf/core/rpc/v10/rpc_console.rb

Instance Attribute Summary

Attributes inherited from RPC_Base

#framework, #job_status_tracker, #service, #tokens, #users

Instance Method Summary collapse

Methods inherited from RPC_Base

#error

Constructor Details

#initialize(*args) ⇒ Msf::Ui::Web::Driver

Initializes the RPC console



12
13
14
15
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 12

def initialize(*args)
  super
  @console_driver = Msf::Ui::Web::Driver.new(:framework => framework)
end

Instance Method Details

#rpc_create(opts = {}) ⇒ Hash

Creates a new framework console instance.

Examples:

Here's how you would use this from the client:

rpc.call('console.create')

Parameters:

  • opts (Hash) (defaults to: {})

    See Msf::Ui::Web::Driver#create_console

Returns:

  • (Hash)

    Information about the new console. It contains the following keys:

    • 'id' [Integer] The console's ID.

    • 'prompt' [String] The framework prompt (example: 'msf > ')

    • 'busy' [TrueClass] The console's busy state, or

    • 'busy' [FalseClass] The console's busy state.



27
28
29
30
31
32
33
34
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 27

def rpc_create(opts={})
  cid = @console_driver.create_console(opts)
  {
    'id'     => cid,
    'prompt' => @console_driver.consoles[cid].prompt || '',
    'busy'   => @console_driver.consoles[cid].busy   || false
  }
end

#rpc_destroy(cid) ⇒ Hash

Deletes a framework console instance.

Examples:

Here's how you would use this from the client:

rpc.call('console.destroy', 1)

Parameters:

  • cid (Integer)

    Framework console ID.

Returns:

  • (Hash)

    A result indicating whether the action was successful or not. It contains the following key:

    • 'result' [String] Either 'success' or 'failure'.



68
69
70
71
72
73
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 68

def rpc_destroy(cid)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  res = @console_driver.destroy_console(cid)
  { 'result' => res ? 'success' : 'failure' }
end

#rpc_listHash

Returns a list of framework consoles.

Examples:

Here's how you would use this from the client:

rpc.call('console.list')

Returns:

  • (Hash)

    Console information.

    • 'consoles' [Array<Hash>] consoles, each element is a hash that includes:

      • 'id' [Integer] The console's ID

      • 'prompt' [String] The framework prompt (example: 'msf > ')

      • 'busy' [TrueClass] The console's busy state, or

      • 'busy' [FalseClass] The console's busy state.



47
48
49
50
51
52
53
54
55
56
57
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 47

def rpc_list
  ret = []
  @console_driver.consoles.each_key do |cid|
    ret << {
      'id'     => cid,
      'prompt' => @console_driver.consoles[cid].prompt || '',
      'busy'   => @console_driver.consoles[cid].busy   || false
    }
  end
  {'consoles' => ret}
end

#rpc_read(cid) ⇒ Hash

Returns the framework console output in raw form.

Examples:

Here's how you would use this from the client:

rpc.call('console.read', 1)

Parameters:

  • cid (Integer)

    Framework console ID.

Returns:

  • (Hash)

    There are two different hashes you might get:

    If the console ID is invalid, you will get a hash like the following:

    • 'result' [String] A value that says 'failure'.

    If the console ID is valid, you will get a hash like the following:

    • 'data' [String] The output the framework console produces (example: the banner)

    • 'prompt' [String] The framework prompt (example: 'msf > ')

    • 'busy' [TrueClass] The console's busy state, or

    • 'busy' [FalseClass] The console's busy state.



90
91
92
93
94
95
96
97
98
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 90

def rpc_read(cid)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  {
    "data"   => @console_driver.read_console(cid)    || '',
    "prompt" => @console_driver.consoles[cid].prompt || '',
    "busy"   => @console_driver.consoles[cid].busy   || false
  }
end

#rpc_session_detach(cid) ⇒ Hash

Detaches a framework session. This serves the same purpose as [CTRL]+ to background an interactive session.

Examples:

Here's how you would use this from the client:

rpc.call('console.session_detach', 4)

Parameters:

  • cid (Integer)

    Framework console ID.

Returns:

  • (Hash)

    A hash indicating whether the action was successful or not. It contains:

    • 'result' [String] A message that says 'success' if the console ID is valid (and successfully detached, otherwise 'failed')



169
170
171
172
173
174
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 169

def rpc_session_detach(cid)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  @console_driver.consoles[cid].session_detach
  { 'result' => 'success' }
end

#rpc_session_kill(cid) ⇒ Hash

Kills a framework session. This serves the same purpose as [CTRL]+ to abort an interactive session. You might also want to considering using the session API calls instead of this.

Examples:

Here's how you would use this from the client:

rpc.call('console.session_kill', 4)

Parameters:

  • cid (Integer)

    Framework console ID.

Returns:

  • (Hash)

    A hash indicating whether the action was successful or not. It contains:

    • 'result' [String] A message that says 'success' if the console ID is valid (and successfully killed, otherwise 'failed')



153
154
155
156
157
158
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 153

def rpc_session_kill(cid)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  @console_driver.consoles[cid].session_kill
  { 'result' => 'success' }
end

#rpc_tabs(cid, line) ⇒ Hash

Returns the tab-completed version of your input (such as a module path).

Examples:

Here's how you would use this from the client:

# This will return:
# {"tabs"=>["use exploit/windows/smb/ms08_067_netapi"]}
rpc.call('console.tabs', 4, "use exploit/windows/smb/ms08_067_")

Parameters:

  • cid (Integer)

    Framework console ID.

  • line (String)

    Command.

Returns:

  • (Hash)

    There are two different hashes you might get:

    If the console ID is invalid, you will get a hash like the following:

    • 'result' [String] A value that says 'failure'.

    If the console ID is valid, you will get a hash like the following:

    • 'tabs' [String] The tab-completed version of the command.



138
139
140
141
142
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 138

def rpc_tabs(cid, line)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  { "tabs" => @console_driver.consoles[cid].tab_complete(line) }
end

#rpc_write(cid, data) ⇒ Hash

Note:

Remember to add a newline (\r\n) at the end of input, otherwise the console will not do anything. And you will need to use the #rpc_read method to retrieve the output again.

Sends an input (such as a command) to the framework console.

Examples:

Here's how you would use this from the client:

# This will show the current module's options.
rpc.call('console.write', 4, "show options\r\n")

Parameters:

  • cid (Integer)

    Framework console ID.

  • data (String)

    User input.

Returns:

  • (Hash)

    There are two different hashes you might get:

    If the console ID is invalid, you will get a hash like the following:

    • 'result' [String] A value that says 'failure'.

    If the console ID is invalid, you will get a hash like the following:

    • 'wrote' [Integer] Number of bytes sent.



117
118
119
120
121
# File 'lib/msf/core/rpc/v10/rpc_console.rb', line 117

def rpc_write(cid, data)
  cid = cid.to_s
  return { 'result' => 'failure' } if not @console_driver.consoles[cid]
  { "wrote" => @console_driver.write_console(cid, data || '') }
end