2005-12-17 06:46:23 +00:00
|
|
|
#!/usr/bin/env ruby
|
2005-04-12 05:37:11 +00:00
|
|
|
|
2005-07-09 21:18:49 +00:00
|
|
|
require 'rex/post/meterpreter/channel'
|
2005-04-12 05:37:11 +00:00
|
|
|
|
|
|
|
|
module Rex
|
|
|
|
|
module Post
|
|
|
|
|
module Meterpreter
|
|
|
|
|
module Channels
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# This class acts as a base class for all channels that are classified
|
|
|
|
|
# as 'pools'. This means that only one side of the channel, typically
|
|
|
|
|
# the client half, acts on the other half of the channel. Examples
|
|
|
|
|
# of pools come in the form of files where the remote side never sends
|
|
|
|
|
# any unrequested data.
|
|
|
|
|
#
|
|
|
|
|
# Another key distinction of Pools is that they, in general, support
|
|
|
|
|
# the DIO mode 'seek' which allows for changing the position, or offset,
|
|
|
|
|
# into the channel.
|
|
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
class Pool < Rex::Post::Meterpreter::Channel
|
|
|
|
|
|
|
|
|
|
class <<self
|
|
|
|
|
def cls
|
|
|
|
|
return CHANNEL_CLASS_POOL
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
#
|
|
|
|
|
# Constructor
|
|
|
|
|
#
|
|
|
|
|
##
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
2005-04-12 05:37:11 +00:00
|
|
|
# Passes the initialization information up to the base class
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
2005-04-12 05:37:11 +00:00
|
|
|
def initialize(client, cid, type, flags)
|
|
|
|
|
super(client, cid, type, flags)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
##
|
|
|
|
|
#
|
|
|
|
|
# Channel interaction
|
|
|
|
|
#
|
|
|
|
|
##
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
|
|
|
|
# Checks to see if the EOF flag has been set on the pool.
|
|
|
|
|
#
|
2005-04-13 07:31:11 +00:00
|
|
|
def eof
|
|
|
|
|
request = Packet.create_request('core_channel_eof')
|
|
|
|
|
|
|
|
|
|
request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid)
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
response = self.client.send_request(request)
|
|
|
|
|
rescue
|
|
|
|
|
return true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if (response.has_tlv?(TLV_TYPE_BOOL))
|
|
|
|
|
return response.get_tlv_value(TLV_TYPE_BOOL)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
return false
|
2005-04-12 06:39:33 +00:00
|
|
|
end
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
|
|
|
|
# Reads data from the remote side of the pool and raises EOFError if the
|
|
|
|
|
# pool has been reached EOF.
|
|
|
|
|
#
|
2005-04-12 06:39:33 +00:00
|
|
|
def read(length = nil)
|
2005-04-12 15:13:15 +00:00
|
|
|
begin
|
|
|
|
|
data = super(length)
|
|
|
|
|
rescue
|
|
|
|
|
data = nil
|
|
|
|
|
end
|
2005-04-13 07:31:11 +00:00
|
|
|
|
|
|
|
|
if (((data == nil) || (data.length == 0)) &&
|
|
|
|
|
(self.eof))
|
2005-04-12 06:39:33 +00:00
|
|
|
raise EOFError
|
|
|
|
|
end
|
|
|
|
|
|
2005-04-12 15:13:15 +00:00
|
|
|
return data
|
2005-04-12 06:39:33 +00:00
|
|
|
end
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
|
|
|
|
# This method seeks to an offset within the remote side of the pool using
|
|
|
|
|
# the standard seek whence clauses.
|
|
|
|
|
#
|
2005-04-12 05:37:11 +00:00
|
|
|
def seek(offset, whence = SEEK_SET)
|
2005-04-13 07:31:11 +00:00
|
|
|
sane = 0
|
|
|
|
|
|
|
|
|
|
# Just in case...
|
|
|
|
|
case whence
|
|
|
|
|
when ::IO::SEEK_SET
|
|
|
|
|
sane = 0
|
|
|
|
|
when ::IO::SEEK_CUR
|
|
|
|
|
sane = 1
|
|
|
|
|
when ::IO::SEEK_END
|
|
|
|
|
sane = 2
|
|
|
|
|
else
|
|
|
|
|
raise RuntimeError, "Invalid seek whence #{whence}.", caller
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
request = Packet.create_request('core_channel_seek')
|
|
|
|
|
|
|
|
|
|
request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid)
|
|
|
|
|
request.add_tlv(TLV_TYPE_SEEK_OFFSET, offset)
|
|
|
|
|
request.add_tlv(TLV_TYPE_SEEK_WHENCE, sane)
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
response = self.client.send_request(request)
|
|
|
|
|
rescue
|
|
|
|
|
return -1
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
return tell
|
|
|
|
|
end
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
|
|
|
|
# Synonym for tell.
|
|
|
|
|
#
|
2005-04-13 07:31:11 +00:00
|
|
|
def pos
|
|
|
|
|
return tell
|
2005-04-12 05:37:11 +00:00
|
|
|
end
|
|
|
|
|
|
2005-11-15 05:22:13 +00:00
|
|
|
#
|
|
|
|
|
# This method returns the current file pointer position to the caller.
|
|
|
|
|
#
|
2005-04-12 05:37:11 +00:00
|
|
|
def tell
|
2005-04-13 07:31:11 +00:00
|
|
|
request = Packet.create_request('core_channel_tell')
|
|
|
|
|
pos = -1
|
|
|
|
|
|
|
|
|
|
request.add_tlv(TLV_TYPE_CHANNEL_ID, self.cid)
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
response = self.client.send_request(request)
|
|
|
|
|
rescue
|
|
|
|
|
return pos
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Set the return value to the position that we're at
|
|
|
|
|
if (response.has_tlv?(TLV_TYPE_SEEK_POS))
|
|
|
|
|
pos = response.get_tlv_value(TLV_TYPE_SEEK_POS)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
return pos
|
2005-04-12 05:37:11 +00:00
|
|
|
end
|
|
|
|
|
|
2005-04-12 06:39:33 +00:00
|
|
|
protected
|
2005-11-15 05:22:13 +00:00
|
|
|
attr_accessor :_eof # :nodoc:
|
2005-04-12 05:37:11 +00:00
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
end; end; end; end
|
