Improves handling of dying SMB and SQL sessions

[cgranleese-r7]

Note

This PR is in conjunction with a PR in ruby_smb . This PR will need to be landed before the framework PR.

This PR improves the handling of dying SMB and SQL sessions. Previously when a session was killed, then interacting with it would return errors but not exit the session. Now the session will close as expected.

MSSQL

SMB

Targets for testing

PostgreSQL

Docker command:

docker run -it -p 5432:5432 -e POSTGRES_PASSWORD=password postgres:16.1

Module commands:

use postgres_login
run rhost=127.0.0.1 rport=5432 username=postgres password=password database=template1 createsession=true

MSSQL

Docker command:

docker run -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=MyMSSQLServerPassword__<>" -p 1433:1433 mcr.microsoft.com/mssql/server:2022-preview-ubuntu-22.04

Module commands:

use mssql_login
run rhost=127.0.0.1 rport=1433 username=sa password=MyMSSQLServerPassword__<> use_windows_authent=false createsession=true

MySQL

Docker command:

MariaDB:

docker run -it --rm -e MYSQL_ROOT_PASSWORD='password' -p 4306:3306 mariadb:11.2.2

MySQL:

docker run -it --rm -e MYSQL_ROOT_PASSWORD='password' -p 3306:3306 mysql:8.3.0

Module commands:

MariaDB:

use mysql_login
run rhost=127.0.0.1 rport=4306 username=root password=password createsession=true

MySQL

use mysql_login
run rhost=127.0.0.1 rport=3306 username=root password=password createsession=true

Verification

• Start msfconsole
• Run use smb_login, use mysql_login, use mssql_login, use postgres_login
• Run sessions -i -1
• Run a remote command (query/share interactions)
• Kill the session - restart docker container or disconnect VM network adapter
• Verify when running the same command the session now exits

[adfoster-r7]

sql

msf6 auxiliary(scanner/mysql/mysql_login) > sessions -i -1
[*] Starting interaction with 3...

mysql @ 127.0.0.1:3306 () > query select 1
[-] Query has failed. Reasons: Lost connection to server during query

[*] 127.0.0.1 - MySQL session 3 closed.  Reason: User exit
msf6 auxiliary(scanner/mysql/mysql_login) > 

smb (Better, but still not perfect 😄)

msf6 auxiliary(scanner/smb/smb_login) > sessions -i -1
[*] Starting interaction with 4...

SMB (192.168.123.133) > shares

[-] Error running command shares: RubySMB::Error::CommunicationError Communication error with the remote host: Read timeout expired when reading from the Socket (timeout=30). The server supports encryption and this error may have been caused by encryption issues, but not always.

[*] 192.168.123.133 - SMB session 4 closed.  Reason: Died
SMB (192.168.123.133) > 

postgres

msf6 auxiliary(scanner/postgres/postgres_login) > sessions

Active sessions
===============

  Id  Name  Type        Information                           Connection
  --  ----  ----        -----------                           ----------
  5         postgresql  PostgreSQL postgres @ 127.0.0.1:9000  127.0.0.1:55125 -> 127.0.0.1:9000 (127.0.0.1)

msf6 auxiliary(scanner/postgres/postgres_login) > sessions -i -1
[*] Starting interaction with 5...

postgresql @ 127.0.0.1:9000 (template1) > query select 1;
[-] Query has failed. Reasons: EOFError

[*] 127.0.0.1 - PostgreSQL session 5 closed.  Reason: Died

mssql

smsf6 auxiliary(scanner/mssql/mssql_login) > sessions -i -1
[*] Starting interaction with 6...

mssql @ 127.0.0.1:1433 (master) > query_interactive
[*] Starting interactive SQL shell for mssql @ 127.0.0.1:1433 (master)
[*] SQL commands ending with ; will be executed on the remote server. Use the exit command to exit.

SQL >> select 123;

[*] Executing query: select 123;
[-] Query has failed. Reasons: EOFError

[*] 127.0.0.1 - MSSQL session 6 closed.  Reason: Died
mssql @ 127.0.0.1:1433 (master) > 
msf6 auxiliary(scanner/mssql/mssql_login) >

[adfoster-r7]

Release Notes

This PR improves the handling of dying SMB and SQL sessions. Previously when a session was killed, then interacting with it would return errors but not exit the session. Now the session will close as expected.