Class: Msf::Handler::ReverseTcpDoubleSSL::TcpReverseDoubleSSLSessionChannel

Inherits:

Object

• Object
• Msf::Handler::ReverseTcpDoubleSSL::TcpReverseDoubleSSLSessionChannel

Includes:

Rex::IO::StreamAbstraction

Defined in:

lib/msf/core/handler/reverse_tcp_double_ssl.rb

Overview

This class wrappers the communication channel built over the two inbound connections, allowing input and output to be split across both.

Instance Method Summary

• #close ⇒ Object

  Closes the stream abstraction and kills the monitor thread.

• #initialize(framework, inp, out) ⇒ TcpReverseDoubleSSLSessionChannel constructor

  A new instance of TcpReverseDoubleSSLSessionChannel.

• #monitor_shell_stdout ⇒ Object

  Funnel data from the shell’s stdout to rsock.

• #read(length = 0, opts = {}) ⇒ Object
• #write(buf, opts = {}) ⇒ Object

Constructor Details

#initialize(framework, inp, out) ⇒ TcpReverseDoubleSSLSessionChannel

Returns a new instance of TcpReverseDoubleSSLSessionChannel.

# File 'lib/msf/core/handler/reverse_tcp_double_ssl.rb', line 267

def initialize(framework, inp, out)
  @framework = framework
  @sock_inp  = inp
  @sock_out  = out

  initialize_abstraction

  self.lsock.extend(TcpReverseDoubleSSLChannelExt)
  self.lsock.peerinfo  = @sock_inp.getpeername_as_array[1,2].map{|x| x.to_s}.join(":")
  self.lsock.localinfo = @sock_inp.getsockname[1,2].map{|x| x.to_s}.join(":")

  monitor_shell_stdout
end

Instance Method Details

#close ⇒ Object

Closes the stream abstraction and kills the monitor thread.

# File 'lib/msf/core/handler/reverse_tcp_double_ssl.rb', line 325

def close
  @monitor_thread.kill if (@monitor_thread)
  @monitor_thread = nil

  cleanup_abstraction
end

#monitor_shell_stdout ⇒ Object

Funnel data from the shell’s stdout to rsock

StreamAbstraction#monitor_rsock will deal with getting data from the client (user input). From there, it calls our write() below, funneling the data to the shell’s stdin on the other side.

# File 'lib/msf/core/handler/reverse_tcp_double_ssl.rb', line 288

def monitor_shell_stdout

  # Start a thread to pipe data between stdin/stdout and the two sockets
  @monitor_thread = @framework.threads.spawn("ReverseTcpDoubleSSLHandlerMonitor", false) {
    begin
      while true
        # Handle data from the server and write to the client
        if (@sock_out.has_read_data?(0.50))
          buf = @sock_out.get_once
          break if buf.nil?
          rsock.put(buf)
        end
      end
    rescue ::Exception => e
      ilog("ReverseTcpDoubleSSL monitor thread raised #{e.class}: #{e}")
    end

    # Clean up the sockets...
    begin
      @sock_inp.close
      @sock_out.close
    rescue ::Exception
    end
  }
end

#read(length = 0, opts = {}) ⇒ Object

# File 'lib/msf/core/handler/reverse_tcp_double_ssl.rb', line 318

def read(length=0, opts={})
  @sock_out.read(length, opts)
end

#write(buf, opts = {}) ⇒ Object

# File 'lib/msf/core/handler/reverse_tcp_double_ssl.rb', line 314

def write(buf, opts={})
  @sock_inp.write(buf, opts)
end