Class: Msf::Sessions::WinrmCommandShell

Inherits:
CommandShell show all
Defined in:
lib/msf/base/sessions/winrm_command_shell.rb

Overview

This class provides a session for WinRM client connections, where Metasploit has authenticated to a remote WinRM instance.

Defined Under Namespace

Classes: WinRMStreamAdapter

Instance Attribute Summary collapse

Attributes inherited from CommandShell

#arch, #banner, #max_threads, #platform

Attributes included from Msf::Session::Interactive

#rstream

Attributes included from Rex::Ui::Interactive

#completed, #interacting, #next_session, #on_command_proc, #on_print_proc, #orig_suspend, #orig_usr1, #orig_winch

Attributes included from Rex::Ui::Subscriber::Input

#user_input

Attributes included from Rex::Ui::Subscriber::Output

#user_output

Attributes included from Msf::Session

#alive, #db_record, #exploit, #exploit_datastore, #exploit_task, #exploit_uuid, #framework, #info, #machine_id, #payload_uuid, #routes, #sid, #sname, #target_host, #target_port, #username, #uuid, #via, #workspace

Attributes included from Framework::Offspring

#framework

Instance Method Summary collapse

Methods inherited from CommandShell

#_file_transfer, #_interact, binary_exists, #binary_exists, #bootstrap, can_cleanup_files, #cleanup, #cmd_background, #cmd_background_help, #cmd_download, #cmd_download_help, #cmd_help, #cmd_help_help, #cmd_irb, #cmd_irb_help, #cmd_pry, #cmd_pry_help, #cmd_resource, #cmd_resource_help, #cmd_sessions, #cmd_sessions_help, #cmd_shell, #cmd_shell_help, #cmd_source, #cmd_source_help, #cmd_upload, #cmd_upload_help, #desc, #docs_dir, #execute_file, #process_autoruns, #run_builtin_cmd, #run_single, #shell_close, #shell_init, #shell_read, #shell_write, type, #type

Methods included from Rex::Ui::Text::Resource

#load_resource

Methods included from Scriptable

#execute_file, #execute_script, included, #legacy_script_to_post_module

Methods included from Msf::Session::Provider::SingleCommandShell

#set_is_echo_shell, #shell_close, #shell_command_token, #shell_command_token_base, #shell_command_token_unix, #shell_command_token_win32, #shell_init, #shell_read, #shell_read_until_token, #shell_write

Methods included from Msf::Session::Basic

#_interact, #desc, #type

Methods included from Msf::Session::Interactive

#_interact, #_interact_complete, #_interrupt, #_suspend, #_usr1, #cleanup, #comm_channel, #interactive?, #kill, #run_cmd, #tunnel_local, #tunnel_peer, #user_want_abort?

Methods included from Rex::Ui::Interactive

#_interact, #_interact_complete, #_interrupt, #_local_fd, #_remote_fd, #_stream_read_local_write_remote, #_stream_read_remote_write_local, #_suspend, #_winch, #detach, #handle_suspend, #handle_usr1, #handle_winch, #interact, #interact_stream, #prompt, #prompt_yesno, #restore_suspend, #restore_usr1, #restore_winch

Methods included from Rex::Ui::Subscriber

#copy_ui, #init_ui, #reset_ui

Methods included from Rex::Ui::Subscriber::Input

#gets

Methods included from Rex::Ui::Subscriber::Output

#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning

Methods included from Msf::Session

#alive?, #cleanup, #comm_channel, #dead?, #desc, #inspect, #interactive?, #kill, #log_file_name, #log_source, #name, #name=, #register?, #session_host, #session_host=, #session_port, #session_port=, #session_type, #set_from_exploit, #set_via, #tunnel_local, #tunnel_peer, #tunnel_to_s, #type, type, #via_exploit, #via_payload

Constructor Details

#initialize(shell, interactive_command_id, opts = {}) ⇒ WinrmCommandShell

Create an MSF command shell from a WinRM shell object

Parameters:

  • shell (WinRM::Shells::Base)

    A WinRM shell object

  • opts (Hash) (defaults to: {})

    Optional parameters to pass to the session object.



176
177
178
179
180
181
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 176

def initialize(shell, interactive_command_id, opts = {})
  self.shell = shell
  self.interactive_command_id = interactive_command_id
  self.adapter = WinRMStreamAdapter.new(self.shell, interactive_command_id, method(:shell_ended))
  super(adapter, opts)
end

Instance Attribute Details

#adapterObject (protected)

Returns the value of attribute adapter.



237
238
239
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 237

def adapter
  @adapter
end

#interactive_command_idObject (protected)

Returns the value of attribute interactive_command_id.



237
238
239
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 237

def interactive_command_id
  @interactive_command_id
end

#shellObject (protected)

Returns the value of attribute shell.



237
238
239
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 237

def shell
  @shell
end

Instance Method Details

#_interact_streamObject

:category: Msf::Session::Interactive implementors



207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 207

def _interact_stream
  fds = [user_input.fd]
  while interacting
    sd = Rex::ThreadSafe.select(fds, nil, fds, 0.5)
    begin
      user_output.print(shell_read(-1, 0))
      if sd
        run_single((user_input.gets || '').chomp("\n"))
      end
    rescue WinRM::WinRMWSManFault => e
      print_error(e.fault_description)
      shell_close
    end
    Thread.pass
  end
end

#abort_foregroundObject



187
188
189
190
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 187

def abort_foreground
  shell.send_ctrl_c(interactive_command_id)
  adapter.refresh_stdout
end

#abort_foreground_supportedObject



183
184
185
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 183

def abort_foreground_supported
  true
end

#command_terminationObject

The characters used to terminate a command in this shell (Breaks in 2012 without this)



200
201
202
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 200

def command_termination
  "\r\n"
end

#commandsObject



160
161
162
163
164
165
166
167
168
169
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 160

def commands
  {
    'help' => 'Help menu',
    'background' => 'Backgrounds the current shell session',
    'sessions' => 'Quickly switch to another session',
    'resource' => 'Run a meta commands script stored in a local file',
    'irb' => 'Open an interactive Ruby shell on the current session',
    'pry' => 'Open the Pry debugger on the current session'
  }
end

#on_registeredObject



224
225
226
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 224

def on_registered
  adapter.start_keep_alive_loop(framework)
end

#shell_command(cmd, timeout = 5) ⇒ Object



192
193
194
195
196
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 192

def shell_command(cmd, timeout = 5)
  args = Shellwords.shellwords(cmd)
  command = args.shift
  shell.shell_command_synchronous(command, args, timeout)
end

#shell_ended(reason = '') ⇒ Object

Callback used by the background thread to let us know the thread is done



229
230
231
232
233
# File 'lib/msf/base/sessions/winrm_command_shell.rb', line 229

def shell_ended(reason = '')
  self.interacting = false
  framework.events.on_session_interact_completed
  framework.sessions.deregister(self, reason)
end