Class: Msf::Sessions::WinrmCommandShell

Inherits:

CommandShell

• Object
• CommandShell
• Msf::Sessions::WinrmCommandShell

Defined in:

lib/msf/base/sessions/winrm_command_shell.rb

Overview

This class provides a session for WinRM client connections, where Metasploit has authenticated to a remote WinRM instance.

Defined Under Namespace

Classes: WinRMStreamAdapter

Instance Attribute Summary

• #adapter ⇒ Object protected

  Returns the value of attribute adapter.

• #interactive_command_id ⇒ Object protected

  Returns the value of attribute interactive_command_id.

• #shell ⇒ Object protected

  Returns the value of attribute shell.

Attributes inherited from CommandShell

#arch, #banner, #max_threads, #platform

Attributes included from Msf::Session::Interactive

#rstream

Attributes included from Rex::Ui::Interactive

#completed, #interacting, #next_session, #on_command_proc, #on_print_proc, #on_run_command_error_proc, #orig_suspend, #orig_usr1, #orig_winch

Attributes included from Rex::Ui::Subscriber::Input

#user_input

Attributes included from Rex::Ui::Subscriber::Output

#user_output

Attributes included from Msf::Session

#alive, #db_record, #exploit, #exploit_datastore, #exploit_task, #exploit_uuid, #framework, #info, #machine_id, #payload_uuid, #routes, #sid, #sname, #target_host, #target_port, #username, #uuid, #via, #workspace

Attributes included from Framework::Offspring

#framework

Instance Method Summary

• #_interact_stream ⇒ Object

  :category: Msf::Session::Interactive implementors.

• #abort_foreground ⇒ Object
• #abort_foreground_supported ⇒ Object
• #command_termination ⇒ Object

  The characters used to terminate a command in this shell (Breaks in 2012 without this).

• #commands ⇒ Object
• #initialize(shell, interactive_command_id, opts = {}) ⇒ WinrmCommandShell constructor

  Create an MSF command shell from a WinRM shell object.

• #on_registered ⇒ Object
• #shell_command(cmd, timeout = 5) ⇒ Object
• #shell_ended(reason = '') ⇒ Object

  Callback used by the background thread to let us know the thread is done.

Methods inherited from CommandShell

#_file_transfer, _glue_cmdline_escape, #_interact, #binary_exists, binary_exists, #bootstrap, can_cleanup_files, #cleanup, #cmd_background, #cmd_background_help, #cmd_download, #cmd_download_help, #cmd_help, #cmd_help_help, #cmd_irb, #cmd_irb_help, #cmd_pry, #cmd_pry_help, #cmd_resource, #cmd_resource_help, #cmd_sessions, #cmd_sessions_help, #cmd_shell, #cmd_shell_help, #cmd_source, #cmd_source_help, #cmd_upload, #cmd_upload_help, #desc, #docs_dir, #execute_file, #process_autoruns, #run_builtin_cmd, #run_single, #shell_close, #shell_init, #shell_read, #shell_write, type, #type

Methods included from Rex::Ui::Text::Resource

#load_resource

Methods included from Scriptable

#execute_file, #execute_script, included, #legacy_script_to_post_module

Methods included from Msf::Session::Provider::SingleCommandShell

#set_is_echo_shell, #shell_close, #shell_command_token, #shell_command_token_base, #shell_command_token_unix, #shell_command_token_win32, #shell_init, #shell_read, #shell_read_until_token, #shell_write, #to_cmd

Methods included from Msf::Session::Basic

#_interact, #desc, #type

Methods included from Msf::Session::Interactive

#_interact, #_interact_complete, #_interrupt, #_suspend, #_usr1, #cleanup, #comm_channel, #interactive?, #kill, #run_cmd, #tunnel_local, #tunnel_peer, #user_want_abort?

Methods included from Rex::Ui::Interactive

#_interact, #_interact_complete, #_interrupt, #_local_fd, #_remote_fd, #_stream_read_local_write_remote, #_stream_read_remote_write_local, #_suspend, #_winch, #detach, #handle_suspend, #handle_usr1, #handle_winch, #interact, #interact_stream, #prompt, #prompt_yesno, #restore_suspend, #restore_usr1, #restore_winch

Methods included from Rex::Ui::Subscriber

#copy_ui, #init_ui, #reset_ui

Methods included from Rex::Ui::Subscriber::Input

#gets

Methods included from Rex::Ui::Subscriber::Output

#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning

Methods included from Msf::Session

#alive?, #cleanup, #comm_channel, #dead?, #desc, #inspect, #interactive?, #kill, #log_file_name, #log_source, #name, #name=, #register?, #session_host, #session_host=, #session_port, #session_port=, #session_type, #set_from_exploit, #set_via, #tunnel_local, #tunnel_peer, #tunnel_to_s, #type, type, #via_exploit, #via_payload

Constructor Details

#initialize(shell, interactive_command_id, opts = {}) ⇒ WinrmCommandShell

Create an MSF command shell from a WinRM shell object

Parameters:

• shell (WinRM::Shells::Base) —

  A WinRM shell object

• opts (Hash) (defaults to: {}) —

  Optional parameters to pass to the session object.

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 176

def initialize(shell, interactive_command_id, opts = {})
  self.shell = shell
  self.interactive_command_id = interactive_command_id
  self.adapter = WinRMStreamAdapter.new(self.shell, interactive_command_id, method(:shell_ended))
  super(adapter, opts)
end

Instance Attribute Details

#adapter ⇒ Object (protected)

Returns the value of attribute adapter.

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 237

def adapter
  @adapter
end

#interactive_command_id ⇒ Object (protected)

Returns the value of attribute interactive_command_id.

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 237

def interactive_command_id
  @interactive_command_id
end

#shell ⇒ Object (protected)

Returns the value of attribute shell.

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 237

def shell
  @shell
end

Instance Method Details

#_interact_stream ⇒ Object

:category: Msf::Session::Interactive implementors

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 207

def _interact_stream
  fds = [user_input.fd]
  while interacting
    sd = Rex::ThreadSafe.select(fds, nil, fds, 0.5)
    begin
      user_output.print(shell_read(-1, 0))
      if sd
        run_single((user_input.gets || '').chomp("\n"))
      end
    rescue WinRM::WinRMWSManFault => e
      print_error(e.fault_description)
      shell_close
    end
    Thread.pass
  end
end

#abort_foreground ⇒ Object

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 187

def abort_foreground
  shell.send_ctrl_c(interactive_command_id)
  adapter.refresh_stdout
end

#abort_foreground_supported ⇒ Object

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 183

def abort_foreground_supported
  true
end

#command_termination ⇒ Object

The characters used to terminate a command in this shell (Breaks in 2012 without this)

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 200

def command_termination
  "\r\n"
end

#commands ⇒ Object

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 160

def commands
  {
    'help' => 'Help menu',
    'background' => 'Backgrounds the current shell session',
    'sessions' => 'Quickly switch to another session',
    'resource' => 'Run a meta commands script stored in a local file',
    'irb' => 'Open an interactive Ruby shell on the current session',
    'pry' => 'Open the Pry debugger on the current session'
  }
end

#on_registered ⇒ Object

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 224

def on_registered
  adapter.start_keep_alive_loop(framework)
end

#shell_command(cmd, timeout = 5) ⇒ Object

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 192

def shell_command(cmd, timeout = 5)
  args = Shellwords.shellwords(cmd)
  command = args.shift
  shell.shell_command_synchronous(command, args, timeout)
end

#shell_ended(reason = '') ⇒ Object

Callback used by the background thread to let us know the thread is done

# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 229

def shell_ended(reason = '')
  self.interacting = false
  framework.events.on_session_interact_completed
  framework.sessions.deregister(self, reason)
end