Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't close sockets that we're using for sessions #19056

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions lib/metasploit/framework/login_scanner/mssql.rb
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,7 @@ def attempt_login(credential)
result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
if use_client_as_proof
result_options[:proof] = client
result_options[:connection] = client.sock
adfoster-r7 marked this conversation as resolved.
Show resolved Hide resolved
else
client.disconnect
end
Expand Down
5 changes: 3 additions & 2 deletions lib/metasploit/framework/login_scanner/mysql.rb
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ def attempt_login(credential)
begin
# manage our behind the scenes socket. Close any existing one and open a new one
disconnect if self.sock
self.sock = connect
connect

mysql_conn = ::Rex::Proto::MySQL::Client.connect(host, credential.public, credential.private, '', port, io: self.sock)

Expand Down Expand Up @@ -75,7 +75,8 @@ def attempt_login(credential)
# Additionally assign values to nil to avoid closing the socket etc automatically
if use_client_as_proof
result_options[:proof] = mysql_conn
nil
result_options[:connection] = self.sock
self.sock = nil
else
mysql_conn.close
end
Expand Down
2 changes: 1 addition & 1 deletion lib/metasploit/framework/login_scanner/postgres.rb
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ def attempt_login(credential)
# Additionally assign values to nil to avoid closing the socket etc automatically
if use_client_as_proof
result_options[:proof] = pg_conn
pg_conn = nil
result_options[:connection] = pg_conn.conn
else
pg_conn.close
end
Expand Down
7 changes: 6 additions & 1 deletion lib/metasploit/framework/login_scanner/smb.rb
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,7 @@ def attempt_login(credential)
# Additionally assign values to nil to avoid closing the socket etc automatically
if use_client_as_proof
proof = client
connection = self.sock
client = nil
self.sock = nil
self.dispatcher = nil
Expand Down Expand Up @@ -184,7 +185,11 @@ def attempt_login(credential)
access_level ||= AccessLevels::GUEST
end

result = Result.new(credential: credential, status: status, proof: proof, access_level: access_level)
result = Result.new(credential: credential,
status: status,
proof: proof,
access_level: access_level,
connection: connection)
result.host = host
result.port = port
result.protocol = 'tcp'
Expand Down
23 changes: 12 additions & 11 deletions modules/auxiliary/scanner/mssql/mssql_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -132,12 +132,11 @@ def run_host(ip)

if create_session?
begin
mssql_client = result.proof
successful_sessions << session_setup(result, mssql_client)
successful_sessions << session_setup(result)
rescue ::StandardError => e
elog('Failed: ', error: e)
print_error(e)
result.proof.conn.close if result.proof&.conn
elog('Failed to setup the session', error: e)
print_brute level: :error, ip: ip, msg: "Failed to setup the session - #{e.class} #{e.message}"
result.connection.close unless result.connection.nil?
end
end
else
Expand All @@ -148,18 +147,20 @@ def run_host(ip)
{ successful_logins: successful_logins, successful_sessions: successful_sessions }
end

def session_setup(result, client)
return unless (result && client)
rstream = client.sock
my_session = Msf::Sessions::MSSQL.new(rstream, { client: client })
merging = {
# @param [Metasploit::Framework::LoginScanner::Result] result
# @return [Msf::Sessions::MSSQL]
def session_setup(result)
return unless (result.connection && result.proof)

my_session = Msf::Sessions::MSSQL.new(result.connection, { client: result.proof })
merge_me = {
'USERPASS_FILE' => nil,
'USER_FILE' => nil,
'PASS_FILE' => nil,
'USERNAME' => result.credential.public,
'PASSWORD' => result.credential.private
}

start_session(self, nil, merging, false, my_session.rstream, my_session)
start_session(self, nil, merge_me, false, my_session.rstream, my_session)
end
end
20 changes: 9 additions & 11 deletions modules/auxiliary/scanner/mysql/mysql_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -120,12 +120,11 @@ def run_host(ip)

if create_session?
begin
mysql_client = result.proof
successful_sessions << session_setup(result, mysql_client)
successful_sessions << session_setup(result)
rescue ::StandardError => e
elog('Failed: ', error: e)
print_error(e)
result.proof.conn.close if result.proof&.conn
elog('Failed to setup the session', error: e)
print_brute level: :error, ip: ip, msg: "Failed to setup the session - #{e.class} #{e.message}"
result.connection.close unless result.connection.nil?
end
end
else
Expand Down Expand Up @@ -195,20 +194,19 @@ def int_version(str)
end

# @param [Metasploit::Framework::LoginScanner::Result] result
# @param [::Rex::Proto::MySQL::Client] client
# @return [Msf::Sessions::MySQL]
def session_setup(result, client)
return unless (result && client)
def session_setup(result)
return unless (result.connection && result.proof)

my_session = Msf::Sessions::MySQL.new(client.io, { client: client })
merging = {
my_session = Msf::Sessions::MySQL.new(result.connection, { client: result.proof })
merge_me = {
'USERPASS_FILE' => nil,
'USER_FILE' => nil,
'PASS_FILE' => nil,
'USERNAME' => result.credential.public,
'PASSWORD' => result.credential.private
}

start_session(self, nil, merging, false, my_session.rstream, my_session)
start_session(self, nil, merge_me, false, my_session.rstream, my_session)
end
end
22 changes: 11 additions & 11 deletions modules/auxiliary/scanner/postgres/postgres_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -116,12 +116,11 @@ def run_host(ip)

if create_session?
begin
postgresql_client = result.proof
successful_sessions << session_setup(result, postgresql_client)
successful_sessions << session_setup(result)
rescue ::StandardError => e
elog('Failed: ', error: e)
print_error(e)
result.proof.conn.close if result.proof&.conn
elog('Failed to setup the session', error: e)
print_brute level: :error, ip: ip, msg: "Failed to setup the session - #{e.class} #{e.message}"
result.connection.close unless result.connection.nil?
end
end
else
Expand All @@ -142,19 +141,20 @@ def rport
datastore['RPORT']
end

def session_setup(result, client)
return unless (result && client)
# @param [Metasploit::Framework::LoginScanner::Result] result
# @return [Msf::Sessions::PostgreSQL]
def session_setup(result)
return unless (result.connection && result.proof)

rstream = client.conn
my_session = Msf::Sessions::PostgreSQL.new(rstream, { client: client })
merging = {
my_session = Msf::Sessions::PostgreSQL.new(result.connection, { client: result.proof })
merge_me = {
'USERPASS_FILE' => nil,
'USER_FILE' => nil,
'PASS_FILE' => nil,
'USERNAME' => result.credential.public,
'PASSWORD' => result.credential.private
}

start_session(self, nil, merging, false, my_session.rstream, my_session)
start_session(self, nil, merge_me, false, my_session.rstream, my_session)
end
end
23 changes: 7 additions & 16 deletions modules/auxiliary/scanner/smb/smb_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -191,11 +191,11 @@ def run_host(ip)
report_creds(ip, rport, result)
if create_session?
begin
smb_client = result.proof
successful_sessions << session_setup(result, smb_client)
rescue StandardError => e
successful_sessions << session_setup(result)
rescue ::StandardError => e
elog('Failed to setup the session', error: e)
print_brute level: :error, ip: ip, msg: "Failed to setup the session - #{e.class} #{e.message}"
result.connection.close unless result.connection.nil?
end
end
:next_user
Expand Down Expand Up @@ -296,20 +296,11 @@ def report_creds(ip, port, result)
end

# @param [Metasploit::Framework::LoginScanner::Result] result
# @param [RubySMB::Client] client
# @return [Msf::Sessions::SMB]
def session_setup(result, client)
return unless client

# Create a new session
rstream = client.dispatcher.tcp_socket
sess = Msf::Sessions::SMB.new(
rstream,
{
client: client
}
)
def session_setup(result)
return unless (result.connection && result.proof)

my_session = Msf::Sessions::SMB.new(result.connection, { client: result.proof })
merge_me = {
'USERPASS_FILE' => nil,
'USER_FILE' => nil,
Expand All @@ -318,7 +309,7 @@ def session_setup(result, client)
'PASSWORD' => result.credential.private
}

start_session(self, nil, merge_me, false, sess.rstream, sess)
start_session(self, nil, merge_me, false, my_session.rstream, my_session)
end

end