Skip to content

Commit

Permalink
Don't close sockets that we're using for sessions
Browse files Browse the repository at this point in the history
  • Loading branch information
dwelch-r7 committed Apr 5, 2024
1 parent a3bba29 commit ac0a138
Show file tree
Hide file tree
Showing 8 changed files with 50 additions and 55 deletions.
1 change: 1 addition & 0 deletions lib/metasploit/framework/login_scanner/mssql.rb
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ def attempt_login(credential)
result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
if use_client_as_proof
result_options[:proof] = client
result_options[:connection] = client.sock
else
client.disconnect
end
Expand Down
5 changes: 3 additions & 2 deletions lib/metasploit/framework/login_scanner/mysql.rb
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ def attempt_login(credential)
begin
# manage our behind the scenes socket. Close any existing one and open a new one
disconnect if self.sock
self.sock = connect
connect

mysql_conn = ::Rex::Proto::MySQL::Client.connect(host, credential.public, credential.private, '', port, io: self.sock)

Expand Down Expand Up @@ -75,7 +75,8 @@ def attempt_login(credential)
# Additionally assign values to nil to avoid closing the socket etc automatically
if use_client_as_proof
result_options[:proof] = mysql_conn
nil
result_options[:connection] = self.sock
self.sock = nil
else
mysql_conn.close
end
Expand Down
2 changes: 1 addition & 1 deletion lib/metasploit/framework/login_scanner/postgres.rb
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ def attempt_login(credential)
# Additionally assign values to nil to avoid closing the socket etc automatically
if use_client_as_proof
result_options[:proof] = pg_conn
pg_conn = nil
result_options[:connection] = pg_conn.conn
else
pg_conn.close
end
Expand Down
7 changes: 6 additions & 1 deletion lib/metasploit/framework/login_scanner/smb.rb
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,7 @@ def attempt_login(credential)
# Additionally assign values to nil to avoid closing the socket etc automatically
if use_client_as_proof
proof = client
connection = self.sock
client = nil
self.sock = nil
self.dispatcher = nil
Expand Down Expand Up @@ -184,7 +185,11 @@ def attempt_login(credential)
access_level ||= AccessLevels::GUEST
end

result = Result.new(credential: credential, status: status, proof: proof, access_level: access_level)
result = Result.new(credential: credential,
status: status,
proof: proof,
access_level: access_level,
connection: connection)
result.host = host
result.port = port
result.protocol = 'tcp'
Expand Down
23 changes: 12 additions & 11 deletions modules/auxiliary/scanner/mssql/mssql_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -132,12 +132,11 @@ def run_host(ip)

if create_session?
begin
mssql_client = result.proof
successful_sessions << session_setup(result, mssql_client)
successful_sessions << session_setup(result)
rescue ::StandardError => e
elog('Failed: ', error: e)
print_error(e)
result.proof.conn.close if result.proof&.conn
elog('Failed to setup the session', error: e)
print_brute level: :error, ip: ip, msg: "Failed to setup the session - #{e.class} #{e.message}"
result.connection.close unless result.connection.nil?
end
end
else
Expand All @@ -148,18 +147,20 @@ def run_host(ip)
{ successful_logins: successful_logins, successful_sessions: successful_sessions }
end

def session_setup(result, client)
return unless (result && client)
rstream = client.sock
my_session = Msf::Sessions::MSSQL.new(rstream, { client: client })
merging = {
# @param [Metasploit::Framework::LoginScanner::Result] result
# @return [Msf::Sessions::MSSQL]
def session_setup(result)
return unless (result.connection && result.proof)

my_session = Msf::Sessions::MSSQL.new(result.connection, { client: result.proof })
merge_me = {
'USERPASS_FILE' => nil,
'USER_FILE' => nil,
'PASS_FILE' => nil,
'USERNAME' => result.credential.public,
'PASSWORD' => result.credential.private
}

start_session(self, nil, merging, false, my_session.rstream, my_session)
start_session(self, nil, merge_me, false, my_session.rstream, my_session)
end
end
22 changes: 9 additions & 13 deletions modules/auxiliary/scanner/mysql/mysql_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -120,12 +120,11 @@ def run_host(ip)

if create_session?
begin
mysql_client = result.proof
successful_sessions << session_setup(result, mysql_client)
successful_sessions << session_setup(result)
rescue ::StandardError => e
elog('Failed: ', error: e)
print_error(e)
result.proof.conn.close if result.proof&.conn
elog('Failed to setup the session', error: e)
print_brute level: :error, ip: ip, msg: "Failed to setup the session - #{e.class} #{e.message}"
result.connection.close unless result.connection.nil?
end
end
else
Expand Down Expand Up @@ -195,22 +194,19 @@ def int_version(str)
end

# @param [Metasploit::Framework::LoginScanner::Result] result
# @param [::Rex::Proto::MySQL::Client] client
# @return [Msf::Sessions::MySQL]
def session_setup(result, client)
return unless (result && client)
def session_setup(result)
return unless (result.connection && result.proof)

rstream = client.socket || client.io

my_session = Msf::Sessions::MySQL.new(rstream, { client: client })
merging = {
my_session = Msf::Sessions::MySQL.new(result.connection, { client: result.proof })
merge_me = {
'USERPASS_FILE' => nil,
'USER_FILE' => nil,
'PASS_FILE' => nil,
'USERNAME' => result.credential.public,
'PASSWORD' => result.credential.private
}

start_session(self, nil, merging, false, my_session.rstream, my_session)
start_session(self, nil, merge_me, false, my_session.rstream, my_session)
end
end
22 changes: 11 additions & 11 deletions modules/auxiliary/scanner/postgres/postgres_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -116,12 +116,11 @@ def run_host(ip)

if create_session?
begin
postgresql_client = result.proof
successful_sessions << session_setup(result, postgresql_client)
successful_sessions << session_setup(result)
rescue ::StandardError => e
elog('Failed: ', error: e)
print_error(e)
result.proof.conn.close if result.proof&.conn
elog('Failed to setup the session', error: e)
print_brute level: :error, ip: ip, msg: "Failed to setup the session - #{e.class} #{e.message}"
result.connection.close unless result.connection.nil?
end
end
else
Expand All @@ -142,19 +141,20 @@ def rport
datastore['RPORT']
end

def session_setup(result, client)
return unless (result && client)
# @param [Metasploit::Framework::LoginScanner::Result] result
# @return [Msf::Sessions::PostgreSQL]
def session_setup(result)
return unless (result.connection && result.proof)

rstream = client.conn
my_session = Msf::Sessions::PostgreSQL.new(rstream, { client: client })
merging = {
my_session = Msf::Sessions::PostgreSQL.new(result.connection, { client: result.proof })
merge_me = {
'USERPASS_FILE' => nil,
'USER_FILE' => nil,
'PASS_FILE' => nil,
'USERNAME' => result.credential.public,
'PASSWORD' => result.credential.private
}

start_session(self, nil, merging, false, my_session.rstream, my_session)
start_session(self, nil, merge_me, false, my_session.rstream, my_session)
end
end
23 changes: 7 additions & 16 deletions modules/auxiliary/scanner/smb/smb_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -191,11 +191,11 @@ def run_host(ip)
report_creds(ip, rport, result)
if create_session?
begin
smb_client = result.proof
successful_sessions << session_setup(result, smb_client)
rescue StandardError => e
successful_sessions << session_setup(result)
rescue ::StandardError => e
elog('Failed to setup the session', error: e)
print_brute level: :error, ip: ip, msg: "Failed to setup the session - #{e.class} #{e.message}"
result.connection.close unless result.connection.nil?
end
end
:next_user
Expand Down Expand Up @@ -296,20 +296,11 @@ def report_creds(ip, port, result)
end

# @param [Metasploit::Framework::LoginScanner::Result] result
# @param [RubySMB::Client] client
# @return [Msf::Sessions::SMB]
def session_setup(result, client)
return unless client

# Create a new session
rstream = client.dispatcher.tcp_socket
sess = Msf::Sessions::SMB.new(
rstream,
{
client: client
}
)
def session_setup(result)
return unless (result.connection && result.proof)

my_session = Msf::Sessions::SMB.new(result.connection, { client: result.proof })
merge_me = {
'USERPASS_FILE' => nil,
'USER_FILE' => nil,
Expand All @@ -318,7 +309,7 @@ def session_setup(result, client)
'PASSWORD' => result.credential.private
}

start_session(self, nil, merge_me, false, sess.rstream, sess)
start_session(self, nil, merge_me, false, my_session.rstream, my_session)
end

end

0 comments on commit ac0a138

Please sign in to comment.