Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
require 'rex/post/ldap'
4

5
class Msf::Sessions::LDAP
6
  #
7
  # This interface supports basic interaction.
8
  #
9
  include Msf::Session::Basic
10
  include Msf::Sessions::Scriptable
11

12
  # @return [Rex::Post::LDAP::Ui::Console] The interactive console
13
  attr_accessor :console
14
  # @return [Rex::Proto::LDAP::Client] The LDAP client
15
  attr_accessor :client
16

17
  attr_accessor :keep_alive_thread
18
  
19
  # @return [Integer] Seconds between keepalive requests
20
  attr_accessor :keepalive_seconds
21

22
  attr_accessor :platform, :arch
23
  attr_reader :framework
24

25
  # @param[Rex::IO::Stream] rstream
26
  # @param [Hash] opts
27
  # @option opts [Rex::Proto::LDAP::Client] :client
28
  # @option opts [Integer] :keepalive
29
  def initialize(rstream, opts = {})
30
    @client = opts.fetch(:client)
31
    @keepalive_seconds = opts.fetch(:keepalive_seconds)
32
    self.console = Rex::Post::LDAP::Ui::Console.new(self)
33
    super(rstream, opts)
34
  end
35

36
  def cleanup
37
    stop_keep_alive_loop
38
    super
39
  end
40

41
  def bootstrap(datastore = {}, handler = nil)
42
    session = self
43
    session.init_ui(user_input, user_output)
44

45
    @info = "LDAP #{datastore['USERNAME']} @ #{@peer_info}"
46
  end
47

48
  def execute_file(full_path, args)
49
    if File.extname(full_path) == '.rb'
50
      Rex::Script::Shell.new(self, full_path).run(args)
51
    else
52
      console.load_resource(full_path)
53
    end
54
  end
55

56
  def process_autoruns(datastore)
57
    ['InitialAutoRunScript', 'AutoRunScript'].each do |key|
58
      next if datastore[key].nil? || datastore[key].empty?
59

60
      args = Shellwords.shellwords(datastore[key])
61
      print_status("Session ID #{sid} (#{tunnel_to_s}) processing #{key} '#{datastore[key]}'")
62
      execute_script(args.shift, *args)
63
    end
64
  end
65

66
  def type
67
    self.class.type
68
  end
69

70
  # Returns the type of session.
71
  #
72
  def self.type
73
    'ldap'
74
  end
75

76
  def self.can_cleanup_files
77
    false
78
  end
79

80
  #
81
  # Returns the session description.
82
  #
83
  def desc
84
    'LDAP'
85
  end
86

87
  def address
88
    @address ||= client.peerhost
89
  end
90

91
  def port
92
    @port ||= client.peerport
93
  end
94

95
  ##
96
  # :category: Msf::Session::Interactive implementors
97
  #
98
  # Initializes the console's I/O handles.
99
  #
100
  def init_ui(input, output)
101
    self.user_input = input
102
    self.user_output = output
103
    console.init_ui(input, output)
104
    console.set_log_source(log_source)
105

106
    super
107
  end
108

109
  ##
110
  # :category: Msf::Session::Interactive implementors
111
  #
112
  # Resets the console's I/O handles.
113
  #
114
  def reset_ui
115
    console.unset_log_source
116
    console.reset_ui
117
  end
118

119
  def exit
120
    console.stop
121
  end
122

123
  ##
124
  # :category: Msf::Session::Interactive implementors
125
  #
126
  # Override the basic session interaction to use shell_read and
127
  # shell_write instead of operating on rstream directly.
128
  def _interact
129
    framework.events.on_session_interact(self)
130
    framework.history_manager.with_context(name: type.to_sym) do
131
      _interact_stream
132
    end
133
  end
134

135
  ##
136
  # :category: Msf::Session::Interactive implementors
137
  #
138
  def _interact_stream
139
    framework.events.on_session_interact(self)
140

141
    console.framework = framework
142
    # Call the console interaction of the ldap client and
143
    # pass it a block that returns whether or not we should still be
144
    # interacting.  This will allow the shell to abort if interaction is
145
    # canceled.
146
    console.interact { interacting != true }
147
    console.framework = nil
148

149
    # If the stop flag has been set, then that means the user exited.  Raise
150
    # the EOFError so we can drop this handle like a bad habit.
151
    raise EOFError if (console.stopped? == true)
152
  end
153

154
  def on_registered
155
    start_keep_alive_loop
156
  end
157

158
  # Start a background thread for regularly sending a no-op command to keep the connection alive
159
  def start_keep_alive_loop
160
    self.keep_alive_thread = framework.threads.spawn("LDAP-shell-keepalive-#{sid}", false) do
161
      loop do
162
        if client.last_interaction.nil?
163
          remaining_sleep = @keepalive_seconds
164
        else
165
          remaining_sleep = @keepalive_seconds - (Process.clock_gettime(Process::CLOCK_MONOTONIC) - client.last_interaction)
166
        end
167
        sleep(remaining_sleep)
168
        if (Process.clock_gettime(Process::CLOCK_MONOTONIC) - client.last_interaction) > @keepalive_seconds
169
          client.search_root_dse
170
        end
171
        # This should have moved last_interaction forwards
172
        fail if (Process.clock_gettime(Process::CLOCK_MONOTONIC) - client.last_interaction) > @keepalive_seconds
173
      end
174
    end
175
  end
176

177
  # Stop the background thread
178
  def stop_keep_alive_loop
179
    keep_alive_thread.kill
180
  end
181
end
182

183