Class: Msf::Handler::ReverseTcpDouble::TcpReverseDoubleSessionChannel

Inherits:
Object
  • Object
show all
Includes:
Rex::IO::StreamAbstraction
Defined in:
lib/msf/core/handler/reverse_tcp_double.rb

Overview

This class wrappers the communication channel built over the two inbound connections, allowing input and output to be split across both.

Instance Method Summary collapse

Constructor Details

#initialize(framework, inp, out) ⇒ TcpReverseDoubleSessionChannel

Returns a new instance of TcpReverseDoubleSessionChannel.



217
218
219
220
221
222
223
224
225
226
227
228
229
 
# File 'lib/msf/core/handler/reverse_tcp_double.rb', line 217

def initialize(framework, inp, out)
  @framework = framework
  @sock_inp  = inp
  @sock_out  = out

  initialize_abstraction

  self.lsock.extend(TcpReverseDoubleChannelExt)
  self.lsock.peerinfo  = @sock_inp.getpeername_as_array[1,2].map{|x| x.to_s}.join(":")
  self.lsock.localinfo = @sock_inp.getsockname[1,2].map{|x| x.to_s}.join(":")

  monitor_shell_stdout
end

Instance Method Details

#closeObject

Closes the stream abstraction and kills the monitor thread.



275
276
277
278
279
280
 
# File 'lib/msf/core/handler/reverse_tcp_double.rb', line 275

def close
  @monitor_thread.kill if (@monitor_thread)
  @monitor_thread = nil

  cleanup_abstraction
end

#monitor_shell_stdoutObject

Funnel data from the shell’s stdout to rsock

StreamAbstraction#monitor_rsock will deal with getting data from the client (user input). From there, it calls our write() below, funneling the data to the shell’s stdin on the other side.



238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
 
# File 'lib/msf/core/handler/reverse_tcp_double.rb', line 238

def monitor_shell_stdout

  # Start a thread to pipe data between stdin/stdout and the two sockets
  @monitor_thread = @framework.threads.spawn("ReverseTcpDoubleHandlerMonitor", false) {
    begin
      while true
        # Handle data from the server and write to the client
        if (@sock_out.has_read_data?(0.50))
          buf = @sock_out.get_once
          break if buf.nil?
          rsock.put(buf)
        end
      end
    rescue ::Exception => e
      ilog("ReverseTcpDouble monitor thread raised #{e.class}: #{e}")
    end

    # Clean up the sockets...
    begin
      @sock_inp.close
      @sock_out.close
    rescue ::Exception
    end
  }
end

#read(length = 0, opts = {}) ⇒ Object 



268
269
270
 
# File 'lib/msf/core/handler/reverse_tcp_double.rb', line 268

def read(length=0, opts={})
  @sock_out.read(length, opts)
end

#write(buf, opts = {}) ⇒ Object 



264
265
266
 
# File 'lib/msf/core/handler/reverse_tcp_double.rb', line 264

def write(buf, opts={})
  @sock_inp.write(buf, opts)
end