Class: Msf::Sessions::VncInject

Inherits:

Object

• Object
• Msf::Sessions::VncInject

Includes:

Msf::Session, Msf::Session::Basic

Defined in:

lib/msf/base/sessions/vncinject.rb

Instance Attribute Summary

• #conn_eof ⇒ Object protected

  :nodoc:.

• #got_conn ⇒ Object protected

  :nodoc:.

• #view ⇒ Object protected

  :nodoc:.

• #vlhost ⇒ Object protected

  :nodoc:.

• #vlport ⇒ Object protected

  :nodoc:.

Attributes included from Msf::Session::Interactive

#rstream

Attributes included from Rex::Ui::Interactive

#completed, #interacting, #next_session, #on_command_proc, #on_print_proc, #on_run_command_error_proc, #orig_suspend, #orig_usr1, #orig_winch

Attributes included from Rex::Ui::Subscriber::Input

#user_input

Attributes included from Rex::Ui::Subscriber::Output

#user_output

Attributes included from Msf::Session

#alive, #db_record, #exploit, #exploit_datastore, #exploit_task, #exploit_uuid, #framework, #info, #machine_id, #payload_uuid, #routes, #sid, #sname, #target_host, #target_port, #username, #uuid, #via, #workspace

Attributes included from Framework::Offspring

#framework

Class Method Summary

• .can_cleanup_files ⇒ Object
• .type ⇒ Object

  Returns the session type as being ‘vncinject’.

Instance Method Summary

• #_interact ⇒ Object

  :nodoc:.

• #autovnc(viewonly = true) ⇒ Object

  Launches VNC viewer against the local relay for this VNC server session.

• #cleanup ⇒ Object

  Cleans up the local relay and closes the stream.

• #desc ⇒ Object

  Returns the session description.

• #initialize(rstream, opts = {}) ⇒ VncInject constructor

  Initializes a vncinject session instance using the supplied rstream that is to be used as the client’s connection to the server.

• #interactive? ⇒ Boolean

  Not interactive in the normal sense.

• #register? ⇒ Boolean

  Skip session registration for VNC.

• #setup_relay(port, host = '127.0.0.1') ⇒ Object

  Sets up a local relay that is associated with the stream connection.

• #type ⇒ Object

  Calls the class method.

Methods included from Msf::Session::Interactive

#_interact_complete, #_interrupt, #_suspend, #_usr1, #abort_foreground, #abort_foreground_supported, #comm_channel, #kill, #run_cmd, #tunnel_local, #tunnel_peer, #user_want_abort?

Methods included from Rex::Ui::Interactive

#_interact_complete, #_interrupt, #_local_fd, #_remote_fd, #_stream_read_local_write_remote, #_stream_read_remote_write_local, #_suspend, #_winch, #detach, #handle_suspend, #handle_usr1, #handle_winch, #interact, #interact_stream, #prompt, #prompt_yesno, #restore_suspend, #restore_usr1, #restore_winch

Methods included from Rex::Ui::Subscriber

#copy_ui, #init_ui, #reset_ui

Methods included from Rex::Ui::Subscriber::Input

#gets

Methods included from Rex::Ui::Subscriber::Output

#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning

Methods included from Msf::Session

#alive?, #comm_channel, #dead?, #inspect, #kill, #log_file_name, #log_source, #name, #name=, #session_host, #session_host=, #session_port, #session_port=, #session_type, #set_from_exploit, #set_via, #tunnel_local, #tunnel_peer, #tunnel_to_s, #via_exploit, #via_payload

Constructor Details

#initialize(rstream, opts = {}) ⇒ VncInject

Initializes a vncinject session instance using the supplied rstream that is to be used as the client’s connection to the server.

# File 'lib/msf/base/sessions/vncinject.rb', line 22

def initialize(rstream, opts={})
  super

  self.conn_eof = false
  self.got_conn = false
end

Instance Attribute Details

#conn_eof ⇒ Object (protected)

:nodoc:

# File 'lib/msf/base/sessions/vncinject.rb', line 180

def conn_eof
  @conn_eof
end

#got_conn ⇒ Object (protected)

:nodoc:

# File 'lib/msf/base/sessions/vncinject.rb', line 181

def got_conn
  @got_conn
end

#view ⇒ Object (protected)

:nodoc:

# File 'lib/msf/base/sessions/vncinject.rb', line 182

def view
  @view
end

#vlhost ⇒ Object (protected)

:nodoc:

# File 'lib/msf/base/sessions/vncinject.rb', line 178

def vlhost
  @vlhost
end

#vlport ⇒ Object (protected)

:nodoc:

# File 'lib/msf/base/sessions/vncinject.rb', line 179

def vlport
  @vlport
end

Class Method Details

.can_cleanup_files ⇒ Object

# File 'lib/msf/base/sessions/vncinject.rb', line 61

def self.can_cleanup_files
  false
end

.type ⇒ Object

Returns the session type as being ‘vncinject’.

# File 'lib/msf/base/sessions/vncinject.rb', line 57

def self.type
  "vncinject"
end

Instance Method Details

#_interact ⇒ Object

:nodoc:

Raises:

• (EOFError)

# File 'lib/msf/base/sessions/vncinject.rb', line 85

def _interact # :nodoc:
  raise EOFError if (self.conn_eof == true)

  sleep(1)
end

#autovnc(viewonly = true) ⇒ Object

Launches VNC viewer against the local relay for this VNC server session.

Returns true if we were able to find the executable and false otherwise. Note that this says nothing about whether it worked, only that we found the file.

# File 'lib/msf/base/sessions/vncinject.rb', line 157

def autovnc(viewonly=true)
  vnc =
    Rex::FileUtils::find_full_path('vncviewer') ||
    Rex::FileUtils::find_full_path('vncviewer.exe')

  if (vnc)
    args = []
    args.push '-viewonly' if viewonly
    args.push "#{vlhost}::#{vlport}"

    self.view = framework.threads.spawn("VncViewerWrapper", false) {
      system(vnc, *args)
    }

    return true
  end
  false
end

#cleanup ⇒ Object

Cleans up the local relay and closes the stream.

# File 'lib/msf/base/sessions/vncinject.rb', line 32

def cleanup
  # Stop the local TCP relay
  service = Rex::ServiceManager.start(Rex::Services::LocalRelay)

  if (service)
    begin
      service.stop_tcp_relay(vlport, vlhost) if (vlport)
    ensure
      service.deref
    end
  end

  super
end

#desc ⇒ Object

Returns the session description.

# File 'lib/msf/base/sessions/vncinject.rb', line 74

def desc
  "VNC Server"
end

#interactive? ⇒ Boolean

Not interactive in the normal sense

Returns:

• (Boolean)

# File 'lib/msf/base/sessions/vncinject.rb', line 94

def interactive?
  false
end

#register? ⇒ Boolean

Skip session registration for VNC

Returns:

• (Boolean)

# File 'lib/msf/base/sessions/vncinject.rb', line 50

def register?
  false
end

#setup_relay(port, host = '127.0.0.1') ⇒ Object

Sets up a local relay that is associated with the stream connection

# File 'lib/msf/base/sessions/vncinject.rb', line 107

def setup_relay(port, host = '127.0.0.1')
  if (port)
    self.vlhost = host
    self.vlport = port

    service = Rex::ServiceManager.start(Rex::Services::LocalRelay)

    if (service)
      begin
        service.start_tcp_relay(port,
          'LocalHost'         => host,
          'Stream'            => true,
          'OnLocalConnection' => Proc.new {

            if (self.got_conn == true)
              nil
            else
              self.got_conn = true

              rstream
            end
          },
          'OnConnectionClose' => Proc.new {

            if (self.conn_eof == false)
              print_status("VNC connection closed.")
              self.conn_eof = true

              # Closing time
              self.view.kill if self.view
              self.view = nil
              self.kill
            end

          },
          '__RelayType'       => 'vncinject')
      end
    else
      raise RuntimeError, "Relay failed to start."
    end
  end
end

#type ⇒ Object

Calls the class method.

# File 'lib/msf/base/sessions/vncinject.rb', line 81

def type
  self.class.type
end