lib/msf/core/session/interactive.rb

# -*- coding: binary -*-

module Msf
module Session

###
#
# This class implements the stubs that are needed to provide an interactive
# session.
#
###
module Interactive

  #
  # Interactive sessions by default may interact with the local user input
  # and output.
  #
  include Rex::Ui::Interactive

  #
  # Initializes the session.
  #
  def initialize(rstream, opts={})
    # A nil is passed in the case of non-stream interactive sessions (Meterpreter)
    if rstream
      self.rstream = rstream
      begin
        @peer_info = rstream.peerinfo
      rescue ::Exception
      end
    end
    super()
  end

  #
  # Returns that, yes, indeed, this session supports going interactive with
  # the user.
  #
  def interactive?
    true
  end

  #
  # Returns the local information.
  #
  def tunnel_local
    return @local_info if @local_info
    begin
      @local_info = rstream.localinfo
    rescue ::Exception => e
      elog('Interactive#tunnel_local error', error: e)
      @local_info = '127.0.0.1'
    end
  end

  #
  # Returns the remote peer information.
  #
  def tunnel_peer
    return @peer_info if @peer_info
    begin
      @peer_info = rstream.peerinfo
    rescue ::Exception => e
      elog('Interactive#tunnel_peer error', error: e)
      @peer_info = '127.0.0.1'
    end
  end

  def comm_channel
    return @comm_info if @comm_info
    if rstream.respond_to?(:channel) && rstream.channel.respond_to?(:client)
      @comm_info = "via session #{rstream.channel.client.sid}" if rstream.channel.client.respond_to?(:sid)
    end
  end

  #
  # Run an arbitrary command as if it came from user input.
  #
  def run_cmd(cmd)
  end

  #
  # Terminate the session
  #
  def kill
    self.reset_ui
    self.cleanup
    super()
  end

  #
  # Closes rstream.
  #
  def cleanup
    begin
      self.interacting = false if self.interactive?
      rstream.close if (rstream)
    rescue ::Exception
    end

    rstream = nil
    super
  end

  #
  # The remote stream handle.  Must inherit from Rex::IO::Stream.
  #
  attr_accessor :rstream

protected

  #
  # Stub method that is meant to handler interaction.
  #
  def _interact
    framework.events.on_session_interact(self)
  end

  #
  # Check to see if the user wants to abort.
  #
  def _interrupt
    begin
      intent = user_want_abort?
      # Judge the user wants to abort the reverse shell session
      # Or just want to abort the process running on the target machine
      # If the latter, just send ASCII Control Character \u0003 (End of Text) to the socket fd
      # The character will be handled by the line discipline program of the pseudo-terminal on target machine
      # It will send the SEGINT signal to the foreground process
      if !intent
        # TODO: Check the shell is interactive or not
        # If the current shell is not interactive, the ASCII Control Character will not work
        if abort_foreground_supported
          print_status("Aborting foreground process in the shell session")
          abort_foreground
        end
        return
      end
    rescue Interrupt
      # The user hit ctrl-c while we were handling a ctrl-c. Ignore
    end
    true
  end

  def abort_foreground_supported
    true
  end

  def abort_foreground
    self.rstream.write("\u0003")
  end

  def _usr1
    # A simple signal to exit vim in reverse shell
    # Just for fun
    # Make sure you have already executed `shell` meta-shell command to pop up an interactive shell
    self.rstream.write("\x1B\x1B\x1B:q!\r")
  end

  #
  # Check to see if we should suspend.
  #
  def _suspend
    # Ask the user if they would like to background the session
    intent = prompt_yesno("Background session #{name}?")
    if !intent
      # User does not want to background the current session
      # Assuming the target is *nix, we'll forward CTRL-Z to the foreground process on the target
      if !(self.platform=="windows" && self.type =="shell")
        print_status("Backgrounding foreground process in the shell session")
        self.rstream.write("\u001A")
      end
      return
    end
    self.interacting = false
  end

  #
  # If the session reaches EOF, deregister it.
  #
  def _interact_complete
    framework.events.on_session_interact_completed()
    framework.sessions.deregister(self, "User exit")
  end

  #
  # Checks to see if the user wants to abort.
  #
  def user_want_abort?
    prompt_yesno("Abort session #{name}?")
  end

end

end
end
Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00			`# -- coding: binary --`
TODO update 2005-09-24 18:02:24 +00:00
it lives, major changes, fixed bugs, exploiting works with the test exploit 2005-07-16 07:32:11 +00:00			`module Msf`
			`module Session`

			`###`
			`#`
			`# This class implements the stubs that are needed to provide an interactive`
			`# session.`
			`#`
			`###`
			`module Interactive`

added ui subscriber stuff 2005-07-17 07:06:05 +00:00			`#`
			`# Interactive sessions by default may interact with the local user input`
			`# and output.`
			`#`
moved some code around for interactive channels, still not functional yet, boohoo 2005-07-19 04:21:15 +00:00			`include Rex::Ui::Interactive`
Retab lib 2013-08-30 16:28:33 -05:00
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Initializes the session.`
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`#`
Small patch to enable a new stager 2010-04-03 05:21:15 +00:00			`def initialize(rstream, opts={})`
Create a dedicated db table to track sessions & session events. 2011-04-07 21:59:32 +00:00			`# A nil is passed in the case of non-stream interactive sessions (Meterpreter)`
			`if rstream`
			`self.rstream = rstream`
Fix #16684 , Set @peer_info in #initialize 2022-09-19 12:12:00 -04:00			`begin`
			`@peer_info = rstream.peerinfo`
			`rescue ::Exception`
			`end`
Create a dedicated db table to track sessions & session events. 2011-04-07 21:59:32 +00:00			`end`
look for dead sesions with a reaper thread instead of on other session events, add Session#alive accessor for all session types; still need to figure out when a shell session is dead and set it accordingly. Add a reason argument to on_session_close to distinguish between killed sessions and dead sessions 2010-02-23 05:59:30 +00:00			`super()`
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
it lives, major changes, fixed bugs, exploiting works with the test exploit 2005-07-16 07:32:11 +00:00			`#`
			`# Returns that, yes, indeed, this session supports going interactive with`
			`# the user.`
			`#`
			`def interactive?`
			`true`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
it lives, major changes, fixed bugs, exploiting works with the test exploit 2005-07-16 07:32:11 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Returns the local information.`
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`#`
			`def tunnel_local`
Create a dedicated db table to track sessions & session events. 2011-04-07 21:59:32 +00:00			`return @local_info if @local_info`
Closes command and meterpreter sessions in a much more consistent way 2010-03-21 04:24:27 +00:00			`begin`
Create a dedicated db table to track sessions & session events. 2011-04-07 21:59:32 +00:00			`@local_info = rstream.localinfo`
Fix #16684 , Set @peer_info in #initialize 2022-09-19 12:12:00 -04:00			`rescue ::Exception => e`
			`elog('Interactive#tunnel_local error', error: e)`
Create a dedicated db table to track sessions & session events. 2011-04-07 21:59:32 +00:00			`@local_info = '127.0.0.1'`
Closes command and meterpreter sessions in a much more consistent way 2010-03-21 04:24:27 +00:00			`end`
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Returns the remote peer information.`
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`#`
			`def tunnel_peer`
Create a dedicated db table to track sessions & session events. 2011-04-07 21:59:32 +00:00			`return @peer_info if @peer_info`
bug fix 2005-11-03 00:18:12 +00:00			`begin`
More UI updates 2008-01-20 22:40:11 +00:00			`@peer_info = rstream.peerinfo`
Fix #16684 , Set @peer_info in #initialize 2022-09-19 12:12:00 -04:00			`rescue ::Exception => e`
			`elog('Interactive#tunnel_peer error', error: e)`
Create a dedicated db table to track sessions & session events. 2011-04-07 21:59:32 +00:00			`@peer_info = '127.0.0.1'`
bug fix 2005-11-03 00:18:12 +00:00			`end`
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
When listing sessions and jobs, note whether they are dependent on TCP forwarding 2021-09-24 20:30:57 +10:00			`def comm_channel`
			`return @comm_info if @comm_info`
Fix tunnel info crash when running the sessions command with a websocket based session 2021-10-21 13:06:22 +01:00			`if rstream.respond_to?(:channel) && rstream.channel.respond_to?(:client)`
When listing sessions and jobs, note whether they are dependent on TCP forwarding 2021-09-24 20:30:57 +10:00			`@comm_info = "via session #{rstream.channel.client.sid}" if rstream.channel.client.respond_to?(:sid)`
			`end`
			`end`

logging fix, meterpreter multi-load fixed, advanced option display, meterpreter optino to autoload stdapi 2005-11-19 15:09:41 +00:00			`#`
			`# Run an arbitrary command as if it came from user input.`
			`#`
			`def run_cmd(cmd)`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
Support for killing sessions from the UI and killing all running jobs with jobs -a 2007-02-11 23:24:25 +00:00			`#`
			`# Terminate the session`
			`#`
			`def kill`
			`self.reset_ui`
			`self.cleanup`
			`super()`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`#`
			`# Closes rstream.`
			`#`
			`def cleanup`
vncinject payload 2005-12-12 07:07:19 +00:00			`begin`
Create a dedicated db table to track sessions & session events. 2011-04-07 21:59:32 +00:00			`self.interacting = false if self.interactive?`
vncinject payload 2005-12-12 07:07:19 +00:00			`rstream.close if (rstream)`
Closes command and meterpreter sessions in a much more consistent way 2010-03-21 04:24:27 +00:00			`rescue ::Exception`
vncinject payload 2005-12-12 07:07:19 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`rstream = nil`
Create a dedicated db table to track sessions & session events. 2011-04-07 21:59:32 +00:00			`super`
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`#`
			`# The remote stream handle. Must inherit from Rex::IO::Stream.`
			`#`
			`attr_accessor :rstream`
Retab lib 2013-08-30 16:28:33 -05:00
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`protected`

workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Stub method that is meant to handler interaction.`
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`#`
			`def _interact`
Revamp the event system and add some ui hooks. Sessions are still ghetto -- we get interact events (in a lame way) but no input or output events yet. see 619 2009-12-22 18:52:48 +00:00			`framework.events.on_session_interact(self)`
workin on integrating meterp client 2005-07-18 04:07:56 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Check to see if the user wants to abort.`
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`#`
moved some code around for interactive channels, still not functional yet, boohoo 2005-07-19 04:21:15 +00:00			`def _interrupt`
initial commit of php findsock. This patch makes all http connections global and removes the "close if (!pipelining)" checks, so beware of bugs. 2008-09-24 04:41:51 +00:00			`begin`
[+] Fix can not abort reverse shell session 2018-08-12 05:40:40 +08:00			`intent = user_want_abort?`
remove spaces at EOL 2020-03-24 18:08:34 +05:30			`# Judge the user wants to abort the reverse shell session`
[+] handler CTRL+C Signal in reverse shell sessions 2018-08-12 02:41:16 +08:00			`# Or just want to abort the process running on the target machine`
			`# If the latter, just send ASCII Control Character \u0003 (End of Text) to the socket fd`
spelling fixes for lib folder 2024-01-06 15:54:49 -05:00			`# The character will be handled by the line discipline program of the pseudo-terminal on target machine`
			`# It will send the SEGINT signal to the foreground process`
[+] Fix can not abort reverse shell session 2018-08-12 05:40:40 +08:00			`if !intent`
[+] handler CTRL+C Signal in reverse shell sessions 2018-08-12 02:41:16 +08:00			`# TODO: Check the shell is interactive or not`
			`# If the current shell is not interactive, the ASCII Control Character will not work`
Support Ctrl+C now we're using Command Shell rather than Powershell 2021-09-10 18:15:43 +10:00			`if abort_foreground_supported`
Land #10450 , Implementation of CTRL+Z in reverse shell session 2018-10-22 15:50:41 -05:00			`print_status("Aborting foreground process in the shell session")`
Modified shell to a PowerShell shell 2021-09-08 08:19:43 +10:00			`abort_foreground`
Land #10450 , Implementation of CTRL+Z in reverse shell session 2018-10-22 15:50:41 -05:00			`end`
[+] handler CTRL+C Signal in reverse shell sessions 2018-08-12 02:41:16 +08:00			`return`
			`end`
initial commit of php findsock. This patch makes all http connections global and removes the "close if (!pipelining)" checks, so beware of bugs. 2008-09-24 04:41:51 +00:00			`rescue Interrupt`
Create a dedicated db table to track sessions & session events. 2011-04-07 21:59:32 +00:00			`# The user hit ctrl-c while we were handling a ctrl-c. Ignore`
initial commit of php findsock. This patch makes all http connections global and removes the "close if (!pipelining)" checks, so beware of bugs. 2008-09-24 04:41:51 +00:00			`end`
fix session abort with Ctrl C 2020-06-29 12:35:02 +08:00			`true`
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
Support Ctrl+C now we're using Command Shell rather than Powershell 2021-09-10 18:15:43 +10:00			`def abort_foreground_supported`
			`true`
			`end`

Modified shell to a PowerShell shell 2021-09-08 08:19:43 +10:00			`def abort_foreground`
			`self.rstream.write("\u0003")`
			`end`

[+] Exit vim opened in reverse shell via signal USR1 2018-08-12 06:07:05 +08:00			`def _usr1`
			`# A simple signal to exit vim in reverse shell`
			`# Just for fun`
			# Make sure you have already executed `shell` meta-shell command to pop up an interactive shell
			`self.rstream.write("\x1B\x1B\x1B:q!\r")`
			`end`

minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Check to see if we should suspend.`
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`#`
moved some code around for interactive channels, still not functional yet, boohoo 2005-07-19 04:21:15 +00:00			`def _suspend`
			`# Ask the user if they would like to background the session`
[+] handler CTRL+Z Signal in shell session and remove debug print 2018-08-13 04:21:56 +08:00			`intent = prompt_yesno("Background session #{name}?")`
			`if !intent`
			`# User does not want to background the current session`
Land #10450 , Implementation of CTRL+Z in reverse shell session 2018-10-22 15:50:41 -05:00			`# Assuming the target is *nix, we'll forward CTRL-Z to the foreground process on the target`
			`if !(self.platform=="windows" && self.type =="shell")`
			`print_status("Backgrounding foreground process in the shell session")`
			`self.rstream.write("\u001A")`
			`end`
[+] handler CTRL+Z Signal in shell session and remove debug print 2018-08-13 04:21:56 +08:00			`return`
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`end`
[+] handler CTRL+Z Signal in shell session and remove debug print 2018-08-13 04:21:56 +08:00			`self.interacting = false`
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`#`
moved some code around for interactive channels, still not functional yet, boohoo 2005-07-19 04:21:15 +00:00			`# If the session reaches EOF, deregister it.`
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`#`
moved some code around for interactive channels, still not functional yet, boohoo 2005-07-19 04:21:15 +00:00			`def _interact_complete`
Revamp the event system and add some ui hooks. Sessions are still ghetto -- we get interact events (in a lame way) but no input or output events yet. see 619 2009-12-22 18:52:48 +00:00			`framework.events.on_session_interact_completed()`
look for dead sesions with a reaper thread instead of on other session events, add Session#alive accessor for all session types; still need to figure out when a shell session is dead and set it accordingly. Add a reason argument to on_session_close to distinguish between killed sessions and dead sessions 2010-02-23 05:59:30 +00:00			`framework.sessions.deregister(self, "User exit")`
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
rockin 32 windows payloads, fixed some bugs, other cool shit, OptInt, what what what 2005-07-18 23:32:34 +00:00			`#`
last of normalized docs from last night 2005-11-15 15:11:43 +00:00			`# Checks to see if the user wants to abort.`
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`#`
moved some code around for interactive channels, still not functional yet, boohoo 2005-07-19 04:21:15 +00:00			`def user_want_abort?`
Land #10450 , Implementation of CTRL+Z in reverse shell session 2018-10-22 15:50:41 -05:00			`prompt_yesno("Abort session #{name}?")`
minor improvements to session interaction, dumping sessions, interacting with sessions that are backgrounded 2005-07-17 02:04:39 +00:00			`end`
it lives, major changes, fixed bugs, exploiting works with the test exploit 2005-07-16 07:32:11 +00:00
			`end`

			`end`
Revamp the event system and add some ui hooks. Sessions are still ghetto -- we get interact events (in a lame way) but no input or output events yet. see 619 2009-12-22 18:52:48 +00:00			`end`