Class: Msf::Sessions::AwsInstanceConnectCommandShellBind

Inherits:
CommandShell
  • Object
show all
Includes:
Msf::Session::Basic, Msf::Session::Provider::SingleCommandShell
Defined in:
lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb

Overview

This class provides basic interaction with an AWS InstanceConnect session SSH socket

Date:    Feb 5, 2023
Author:  RageLtMan

Instance Attribute Summary collapse

Attributes included from Msf::Session::Interactive

#rstream

Attributes included from Rex::Ui::Interactive

#completed, #interacting, #next_session, #on_command_proc, #on_print_proc, #on_run_command_error_proc, #orig_suspend, #orig_usr1, #orig_winch

Attributes included from Rex::Ui::Subscriber::Input

#user_input

Attributes included from Rex::Ui::Subscriber::Output

#user_output

Attributes included from Msf::Session

#alive, #db_record, #exploit, #exploit_datastore, #exploit_task, #exploit_uuid, #framework, #info, #machine_id, #payload_uuid, #routes, #sid, #sname, #target_host, #target_port, #uuid, #via, #workspace

Attributes included from Framework::Offspring

#framework

Attributes inherited from CommandShell

#arch, #banner, #max_threads, #platform

Instance Method Summary collapse

Methods included from Msf::Session::Provider::SingleCommandShell

#command_termination, #set_is_echo_shell, #shell_close, #shell_command_token, #shell_command_token_base, #shell_command_token_win32, #shell_init, #shell_read, #shell_read_until_token, #to_cmd

Methods included from Msf::Session::Basic

#_interact, #type

Methods included from Msf::Session::Interactive

#_interact, #_interact_complete, #_interrupt, #_suspend, #_usr1, #abort_foreground, #abort_foreground_supported, #comm_channel, #interactive?, #kill, #run_cmd, #tunnel_local, #tunnel_peer, #user_want_abort?

Methods included from Rex::Ui::Interactive

#_interact, #_interact_complete, #_interrupt, #_local_fd, #_remote_fd, #_stream_read_local_write_remote, #_stream_read_remote_write_local, #_suspend, #_winch, #detach, #handle_suspend, #handle_usr1, #handle_winch, #interact, #interact_stream, #prompt, #prompt_yesno, #restore_suspend, #restore_usr1, #restore_winch

Methods included from Rex::Ui::Subscriber

#copy_ui, #init_ui, #reset_ui

Methods included from Rex::Ui::Subscriber::Input

#gets

Methods included from Rex::Ui::Subscriber::Output

#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning

Methods included from Msf::Session

#alive?, #comm_channel, #dead?, #inspect, #interactive?, #kill, #log_file_name, #log_source, #name, #name=, #register?, #session_host, #session_host=, #session_port, #session_port=, #session_type, #set_from_exploit, #set_via, #tunnel_local, #tunnel_peer, #tunnel_to_s, type, #type, #via_exploit, #via_payload

Methods inherited from CommandShell

#_file_transfer, _glue_cmdline_escape, #_interact, #_interact_stream, #abort_foreground_supported, #binary_exists, binary_exists, can_cleanup_files, #cmd_background, #cmd_background_help, #cmd_download, #cmd_download_help, #cmd_help, #cmd_help_help, #cmd_irb, #cmd_irb_help, #cmd_pry, #cmd_pry_help, #cmd_resource, #cmd_resource_help, #cmd_sessions, #cmd_sessions_help, #cmd_shell, #cmd_shell_help, #cmd_source, #cmd_source_help, #cmd_upload, #cmd_upload_help, #commands, #docs_dir, #execute_file, #process_autoruns, #run_builtin_cmd, #run_single, #shell_close, #shell_command, #shell_init, #shell_read, #type, type

Methods included from Rex::Ui::Text::Resource

#load_resource

Methods included from Scriptable

#execute_file, #execute_script, included, #legacy_script_to_post_module

Constructor Details

#initialize(ssh_connection, opts = {}) ⇒ AwsInstanceConnectCommandShellBind

Create a sessions instance from an SshConnection. This will handle creating a new command stream.

Parameters:

  • ssh_connection (Net::SSH::Connection)

    The SSH connection to create a session instance for.

  • opts (Hash) (defaults to: {})

    Optional parameters to pass to the session object.



49
50
51
52
53
54
55
56
57
58
59
# File 'lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb', line 49

def initialize(ssh_connection, opts = {})
  @ssh_connection = ssh_connection
  @sock = ssh_connection.transport.socket

  @peer_info = ssh_connection.transport.socket.peerinfo
  @local_info = ssh_connection.transport.socket.localinfo
  @serial_username = opts[:serial_username]
  @serial_password = opts[:serial_password]
  self.platform = 'unix'
  super(nil, opts)
end

Instance Attribute Details

#serial_usernameObject (readonly)

Returns the value of attribute serial_username.



105
106
107
# File 'lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb', line 105

def serial_username
  @serial_username
end

#sockObject (readonly)

Returns the value of attribute sock.



105
106
107
# File 'lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb', line 105

def sock
  @sock
end

#ssh_connectionObject (readonly)

Returns the value of attribute ssh_connection.



105
106
107
# File 'lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb', line 105

def ssh_connection
  @ssh_connection
end

Instance Method Details

#bootstrap(datastore = {}, handler = nil) ⇒ Object



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
# File 'lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb', line 78

def bootstrap(datastore = {}, handler = nil)
  @ssh_command_stream = Net::SSH::CommandStream.new(ssh_connection)

  @ssh_command_stream.verify_channel
  # set remote_window_size to 32 which seems to help stability
  @ssh_command_stream.channel.do_window_adjust(-@ssh_command_stream.channel.remote_window_size + 32)
  @rstream = @ssh_command_stream.lsock

  if @serial_username.present? || @serial_password.present?
    shell_write("#{@serial_username}\n")
    shell_write("#{@serial_password}\n")
  end

  shell_command('stty -echo cbreak;pipe=$(mktemp -u);mkfifo -m 600 $pipe;cat $pipe & sh 1>$pipe 2>$pipe; rm $pipe; exit')
  shell_read(-1)

  @info = "EC2 Instance Connect #{@serial_username.present? ? @serial_username : ssh_username} @ #{@peer_info}"

  super
end

#cleanupObject



99
100
101
102
103
# File 'lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb', line 99

def cleanup
  super

  ssh_connection.close rescue nil
end

#descObject

Returns the session description.



74
75
76
# File 'lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb', line 74

def desc
  'AWS Instance Connect serial/SSH shell'
end

#shell_command_token_unix(cmd, timeout = 10) ⇒ Object



27
28
29
30
31
32
# File 'lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb', line 27

def shell_command_token_unix(cmd, timeout=10)
  res = shell_command_token_base(cmd, timeout, "\n")

  res.gsub!("\r\n", "\n") if res
  res
end

#shell_write(buf) ⇒ Object



34
35
36
37
38
39
40
# File 'lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb', line 34

def shell_write(buf)
  @ssh_command_stream.channel.send_data(buf)
  # net-ssh queues the data to send to the remote end, wait for it to all be sent to fix stability issues
  while @ssh_command_stream.channel.output.length > 0
    sleep 0.1
  end
end

#ssh_usernameObject Also known as: username

Accessor method for SSH session user



64
65
66
# File 'lib/msf/base/sessions/aws_instance_connect_command_shell_bind.rb', line 64

def ssh_username
  @ssh_connection.options[:user]
end