Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
# -*- coding: binary -*-
2

3
module Msf
4
module Sessions
5

6
###
7
#
8
# This class provides the ability to receive a pingback UUID
9
#
10
###
11
class Pingback
12

13
  #
14
  # This interface supports basic interaction.
15
  #
16
  include Msf::Session
17
  include Msf::Session::Basic
18

19
  attr_accessor :arch
20
  attr_accessor :platform
21
  attr_accessor :uuid_string
22

23
  #
24
  # Returns the type of session.
25
  #
26
  def self.type
27
    "pingback"
28
  end
29

30
  def initialize(rstream, opts = {})
31
    super
32
    self.platform ||= ""
33
    self.arch     ||= ""
34
    datastore = opts[:datastore]
35
  end
36

37
  def self.create_session(rstream, opts = {})
38
    Msf::Sessions::Pingback.new(rstream, opts)
39
  end
40

41
  def process_autoruns(datastore)
42
    uuid_read
43
    cleanup
44
  end
45

46
  def cleanup
47
    if rstream
48
      # this is also a best-effort
49
      rstream.close rescue nil
50
      rstream = nil
51
    end
52
  end
53

54
  def uuid_read
55
    uuid_raw = rstream.get_once(16, 1)
56
    return nil unless uuid_raw
57
    self.uuid_string = uuid_raw.each_byte.map { |b| "%02x" % b.to_i() }.join
58
    print_status("Incoming UUID = #{uuid_string}")
59
    if framework.db.active
60
      begin
61
        payload = framework.db.payloads(uuid: uuid_string).first
62
        if payload.nil?
63
          print_warning("Provided UUID (#{uuid_string}) was not found in database!")
64
        else
65
          print_good("UUID identified (#{uuid_string})")
66
        end
67
      rescue ActiveRecord::ConnectionNotEstablished
68
        print_status("WARNING: UUID verification and logging is not available, because the database is not active.")
69
      rescue => e
70
        # TODO: Can we have a more specific exception handler?
71
        # Test: what if we send no bytes back?  What if we send less than 16 bytes?  Or more than?
72
        elog('Can\'t get original UUID', error: e)
73
      end
74
    else
75
      print_warning("WARNING: UUID verification and logging is not available, because the database is not active.")
76
    end
77
  end
78

79
  #
80
  # Returns the session description.
81
  #
82
  def desc
83
    "Pingback"
84
  end
85

86
  def self.can_cleanup_files
87
    false
88
  end
89

90
  #
91
  # Calls the class method
92
  #
93
  def type
94
    self.class.type
95
  end
96
end
97
end
98
end
99

100