Module: Msf::Session

Includes:
Framework::Offspring
Included in:
Basic, Msf::Sessions::Meterpreter, Msf::Sessions::Pingback, Msf::Sessions::VncInject
Defined in:
lib/msf/core/session.rb,
lib/msf/core/session/comm.rb,
lib/msf/core/session/basic.rb,
lib/msf/core/session/interactive.rb,
lib/msf/core/session/provider/multi_command_shell.rb,
lib/msf/core/session/provider/single_command_shell.rb,
lib/msf/core/session/provider/multi_command_execution.rb,
lib/msf/core/session/provider/single_command_execution.rb

Overview

The session class represents a post-exploitation, uh, session. Sessions can be written to, read from, and interacted with. The underlying medium on which they are backed is arbitrary. For instance, when an exploit is provided with a command shell, either through a network connection or locally, the session's read and write operations end up reading from and writing to the shell that was spawned. The session object can be seen as a general means of interacting with various post-exploitation payloads through a common interface that is not necessarily tied to a network connection.

Defined Under Namespace

Modules: Basic, Comm, Interactive, Provider

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#aliveObject

Returns the value of attribute alive


275
276
277
# File 'lib/msf/core/session.rb', line 275

def alive
  @alive
end

#db_recordObject

This session's associated database record


344
345
346
# File 'lib/msf/core/session.rb', line 344

def db_record
  @db_record
end

#exploitObject

The actual exploit module instance that created this session


332
333
334
# File 'lib/msf/core/session.rb', line 332

def exploit
  @exploit
end

#exploit_datastoreObject

The datastore of the exploit that created this session


304
305
306
# File 'lib/msf/core/session.rb', line 304

def exploit_datastore
  @exploit_datastore
end

#exploit_taskObject

The task that ran the exploit that got the session (that swallowed the fly)


308
309
310
# File 'lib/msf/core/session.rb', line 308

def exploit_task
  @exploit_task
end

#exploit_uuidObject

The unique identifier of exploit that created this session


320
321
322
# File 'lib/msf/core/session.rb', line 320

def exploit_uuid
  @exploit_uuid
end

#frameworkObject

The framework instance that created this session.


280
281
282
# File 'lib/msf/core/session.rb', line 280

def framework
  @framework
end

#infoObject

The specific identified session info


312
313
314
# File 'lib/msf/core/session.rb', line 312

def info
  @info
end

#machine_idObject

The unique machine identifier for the host that created this session


328
329
330
# File 'lib/msf/core/session.rb', line 328

def machine_id
  @machine_id
end

#payload_uuidObject

The unique identifier of the payload that created this session


324
325
326
# File 'lib/msf/core/session.rb', line 324

def payload_uuid
  @payload_uuid
end

#routesObject

An array of routes associated with this session


340
341
342
# File 'lib/msf/core/session.rb', line 340

def routes
  @routes
end

#sidObject

The session unique identifier.


284
285
286
# File 'lib/msf/core/session.rb', line 284

def sid
  @sid
end

#snameObject

The session name.


288
289
290
# File 'lib/msf/core/session.rb', line 288

def sname
  @sname
end

#target_hostObject

The original target host address


296
297
298
# File 'lib/msf/core/session.rb', line 296

def target_host
  @target_host
end

#target_portObject

The original target port if applicable


300
301
302
# File 'lib/msf/core/session.rb', line 300

def target_port
  @target_port
end

#usernameObject

The associated username


336
337
338
# File 'lib/msf/core/session.rb', line 336

def username
  @username
end

#uuidObject

The unique identifier of this session


316
317
318
# File 'lib/msf/core/session.rb', line 316

def uuid
  @uuid
end

#viaObject (protected)

:nodoc:


347
348
349
# File 'lib/msf/core/session.rb', line 347

def via
  @via
end

#workspaceObject

The associated workspace name


292
293
294
# File 'lib/msf/core/session.rb', line 292

def workspace
  @workspace
end

Class Method Details

.typeObject

Direct descendants Provider interfaces


34
35
36
# File 'lib/msf/core/session.rb', line 34

def self.type
  "unknown"
end

Instance Method Details

#alive?Boolean

Returns:

  • (Boolean)

256
257
258
# File 'lib/msf/core/session.rb', line 256

def alive?
  (self.alive)
end

#cleanupObject

Perform session-specific cleanup.

NOTE: session classes overriding this method must call super! Also must tolerate being called multiple times.


221
222
223
224
225
226
227
228
# File 'lib/msf/core/session.rb', line 221

def cleanup
  if db_record and framework.db.active
    ::ApplicationRecord.connection_pool.with_connection {
      framework.db.update_session(id: db_record.id, closed_at: Time.now.utc, close_reason: db_record.close_reason)
      db_record = nil
    }
  end
end

#dead?Boolean

Returns:

  • (Boolean)

252
253
254
# File 'lib/msf/core/session.rb', line 252

def dead?
  (not self.alive)
end

#descObject

Returns the description of the session.


63
64
# File 'lib/msf/core/session.rb', line 63

def desc
end

#initializeObject


25
26
27
28
29
30
# File 'lib/msf/core/session.rb', line 25

def initialize
  self.alive = true
  self.uuid  = Rex::Text.rand_text_alphanumeric(8).downcase
  @routes = RouteArray.new(self)
  #self.routes = []
end

#inspectObject

Brief and to the point


56
57
58
# File 'lib/msf/core/session.rb', line 56

def inspect
  "#<Session:#{self.type} #{self.tunnel_peer} (#{self.session_host}) #{self.info ? "\"#{self.info.to_s}\"" : nil}>"  # " Fixes highlighting
end

#interactive?Boolean

By default, sessions are not interactive.

Returns:

  • (Boolean)

233
234
235
# File 'lib/msf/core/session.rb', line 233

def interactive?
  false
end

#killObject

Allow the user to terminate this session


248
249
250
# File 'lib/msf/core/session.rb', line 248

def kill
  framework.sessions.deregister(self) if register?
end

#log_file_nameObject

Returns the suggested name of the log file for this session.


148
149
150
151
152
153
154
155
156
# File 'lib/msf/core/session.rb', line 148

def log_file_name
  dt = Time.now

  dstr  = sprintf("%.4d%.2d%.2d", dt.year, dt.mon, dt.mday)
  rhost = session_host.gsub(':', '_')
  sname = name.to_s.gsub(/\W+/,'_')

  "#{dstr}_#{sname}_#{rhost}_#{type}"
end

#log_sourceObject

Returns the log source that should be used for this session.


161
162
163
# File 'lib/msf/core/session.rb', line 161

def log_source
  "session_#{name}"
end

#nameObject

Returns the session's name if it's been assigned one, otherwise the sid is returned.


42
43
44
# File 'lib/msf/core/session.rb', line 42

def name
  return sname || sid
end

#name=(name) ⇒ Object

Sets the session's name.


49
50
51
# File 'lib/msf/core/session.rb', line 49

def name=(name)
  self.sname = name
end

#register?Boolean

Allow the session to skip registration

Returns:

  • (Boolean)

241
242
243
# File 'lib/msf/core/session.rb', line 241

def register?
  true
end

#session_hostObject

Returns the host associated with the session


87
88
89
90
91
92
93
94
95
96
97
98
99
100
# File 'lib/msf/core/session.rb', line 87

def session_host
  # Prefer the overridden session host or target_host
  host = @session_host || self.target_host
  return host if host

  # Fallback to the tunnel_peer (contains port)
  peer = self.tunnel_peer
  return if not peer

  # Pop off the trailing port number
  bits = peer.split(':')
  bits.pop
  bits.join(':')
end

#session_host=(v) ⇒ Object

Override the host associated with this session


105
106
107
# File 'lib/msf/core/session.rb', line 105

def session_host=(v)
  @session_host = v
end

#session_portObject

Returns the port associated with the session


112
113
114
115
116
117
118
119
120
121
122
123
# File 'lib/msf/core/session.rb', line 112

def session_port
  port = @session_port || self.target_port
  return port if port
  # Fallback to the tunnel_peer (contains port)
  peer = self.tunnel_peer
  return if not peer

  # Pop off the trailing port number
  bits = peer.split(':')
  port = bits.pop
  port.to_i
end

#session_port=(v) ⇒ Object

Override the host associated with this session


128
129
130
# File 'lib/msf/core/session.rb', line 128

def session_port=(v)
  @session_port = v
end

#session_typeObject

Get an arch/platform combination


263
264
265
266
267
268
269
270
271
272
# File 'lib/msf/core/session.rb', line 263

def session_type
  # avoid unnecessary slash separator
  if !self.arch.nil? && !self.arch.empty? && !self.platform.nil? && !self.platform.empty?
    separator =  '/'
  else
    separator = ''
  end

  "#{self.arch}#{separator}#{self.platform}"
end

#set_from_exploit(m) ⇒ Object

Configures via_payload, via_payload, workspace, target_host from an exploit instance. Store references from and to the exploit module.


182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
# File 'lib/msf/core/session.rb', line 182

def set_from_exploit(m)
  self.via = { 'Exploit' => m.fullname }
  self.via['Payload'] = ('payload/' + m.datastore['PAYLOAD'].to_s) if m.datastore['PAYLOAD']
  self.target_host = Rex::Socket.getaddress(m.target_host) if (m.target_host.to_s.strip.length > 0)
  self.target_port = m.target_port if (m.target_port.to_i != 0)
  self.workspace   = m.workspace
  self.username    = m.owner
  self.exploit_datastore = m.datastore
  self.user_input = m.user_input if m.user_input
  self.user_output = m.user_output if m.user_output
  self.exploit_uuid = m.uuid
  self.exploit = m
  if m[:task]
    self.exploit_task = m[:task]
  end
end

#set_via(opts) ⇒ Object

Sets the vector through which this session was realized.


174
175
176
# File 'lib/msf/core/session.rb', line 174

def set_via(opts)
  self.via = opts || {}
end

#tunnel_localObject

Returns the local side of the tunnel.


75
76
# File 'lib/msf/core/session.rb', line 75

def tunnel_local
end

#tunnel_peerObject

Returns the peer side of the tunnel.


81
82
# File 'lib/msf/core/session.rb', line 81

def tunnel_peer
end

#tunnel_to_sObject

Returns a pretty representation of the tunnel.


135
136
137
# File 'lib/msf/core/session.rb', line 135

def tunnel_to_s
  "#{(tunnel_local || '??')} -> #{(tunnel_peer || '??')}"
end

#typeObject

Returns the type of session in use.


69
70
# File 'lib/msf/core/session.rb', line 69

def type
end

#via_exploitObject

Returns the exploit module name through which this session was created.


203
204
205
# File 'lib/msf/core/session.rb', line 203

def via_exploit
  self.via['Exploit'] if (self.via)
end

#via_payloadObject

Returns the payload module name through which this session was created.


211
212
213
# File 'lib/msf/core/session.rb', line 211

def via_payload
  self.via['Payload'] if (self.via)
end