Add irb and pry commands to command shells

[wvu]

msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload java/shell_reverse_tcp
payload => java/shell_reverse_tcp
msf5 exploit(multi/handler) > set lhost 127.0.0.1
lhost => 127.0.0.1
msf5 exploit(multi/handler) > run

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP handler on 127.0.0.1:4444
[*] Command shell session 1 opened (127.0.0.1:4444 -> 127.0.0.1:58372) at 2019-03-12 13:42:29 -0500

help

Meta shell commands
===================

    Command     Description
    -------     -----------
    help        Help menu
    background  Backgrounds the current shell session
    sessions    Quickly switch to another session
    resource    Run a meta commands script stored in a local file
    shell       Spawn an interactive shell (*NIX Only)
    download    Download files (*NIX Only)
    upload      Upload files (*NIX Only)
    source      Run a shell script on remote machine (*NIX Only)
    irb         Open an interactive Ruby shell on the current session
    pry         Open the Pry debugger on the current session

irb -h
Usage: irb

Open an interactive Ruby shell on the current session.

OPTIONS:

    -e <opt>  Expression to evaluate.
    -h        Help menu.
irb
[*] Starting IRB shell...
[*] You are in the "self" (session) object

irb: warn: can't alias kill from irb_kill.
>> self
=> #<Session:shell 127.0.0.1:58372 (127.0.0.1) >
>>
irb -e 'p self'
[*] You are executing expressions in #<Msf::Sessions::CommandShell:0x00007fb381349ec8>
#<Session:shell 127.0.0.1:58372 (127.0.0.1) >
pry -h
Usage: pry

Open the Pry debugger on the current session.

pry
[*] Starting Pry shell...
[*] You are in the "self" (session) object

[1] pry(#<Msf::Sessions::CommandShell>)> self
=> #<Session:shell 127.0.0.1:58372 (127.0.0.1) >
[2] pry(#<Msf::Sessions::CommandShell>)>
whoami
wvu
^Z
Background session 1? [y/N]  y
msf5 exploit(multi/handler) >

#10687, #11530

[bcoles]

What do I do if I want to run irb on the target?

[wvu]

Die inside. Same problem with any metashell command. Consider help or source, for instance.

You would have to use something like command irb or an absolute path, since the original implementation failed to account for this limitation.

I suggested implementing a metashell command prefix or escape menu, but no one listened...

msf5 > use exploit/multi/handler
msf5 exploit(multi/handler) > set payload cmd/unix/reverse_netcat_gaping
payload => cmd/unix/reverse_netcat_gaping
msf5 exploit(multi/handler) > set lhost 192.168.1.2
lhost => 192.168.1.2
msf5 exploit(multi/handler) > run

[*] Started reverse TCP handler on 192.168.1.2:4444
[*] Command shell session 1 opened (192.168.1.2:4444 -> 192.168.1.2:59277) at 2019-03-12 18:18:51 -0500

help

Meta shell commands
===================

    Command     Description
    -------     -----------
    help        Help menu
    background  Backgrounds the current shell session
    sessions    Quickly switch to another session
    resource    Run a meta commands script stored in a local file
    shell       Spawn an interactive shell (*NIX Only)
    download    Download files (*NIX Only)
    upload      Upload files (*NIX Only)
    source      Run a shell script on remote machine (*NIX Only)
    irb         Open an interactive Ruby shell on the current session
    pry         Open the Pry debugger on the current session

irb
[*] Starting IRB shell...
[*] You are in the "self" (session) object

irb: warn: can't alias kill from irb_kill.
>> puts RUBY_VERSION
2.6.1
=> nil
>>
script -q /dev/null
# command irb
command irb
irb(main):001:0> puts RUBY_VERSION
puts RUBY_VERSION
2.6.1
=> nil
irb(main):002:0> exit
exit
# command -v irb
command -v irb
/usr/local/bin/irb
# /usr/local/bin/irb
/usr/local/bin/irb
irb(main):001:0> puts RUBY_VERSION
puts RUBY_VERSION
2.6.1
=> nil
irb(main):002:0> exit
exit
#

Shall I take another stab at making this thing usable?

[bcoles]

I suggested implementing a metashell command prefix or escape menu, but no one listened...

I listened. I distinctly recall suggesting that the world needs more magic.

Shall I take another stab at making this thing usable?

Nope. Perhaps a metashell prefix would be the way to go, but we'll burn that bridge when we get to it.

[wvu]

I could add a passthru or similarly named command in the meantime, but I wouldn't want to have to deprecate it later. So far, the command shell builtin has worked well for me. Thoughts?

I have some additional fixes to add to this PR, so I'm adding the delayed label back on. Thanks for your input as always.

[jrobles-r7]

LGTM @wvu-r7

sessions -i 2
[*] Starting interaction with 2...

help

Meta shell commands
===================

    Command     Description
    -------     -----------
    help        Help menu
    background  Backgrounds the current shell session
    sessions    Quickly switch to another session
    resource    Run a meta commands script stored in a local file
    shell       Spawn an interactive shell (*NIX Only)
    download    Download files (*NIX Only)
    upload      Upload files (*NIX Only)
    source      Run a shell script on remote machine (*NIX Only)
    irb         Open an interactive Ruby shell on the current session
    pry         Open the Pry debugger on the current session

irb -h

Usage: irb

Open an interactive Ruby shell on the current session.

OPTIONS:

    -e <opt>  Expression to evaluate.
    -h        Help menu.
help irb
Usage: irb

Open an interactive Ruby shell on the current session.

OPTIONS:

    -e <opt>  Expression to evaluate.
    -h        Help menu.
help pry
Usage: pry

Open the Pry debugger on the current session.

irb -e 'puts "This is a test"'
This is a test
irb 
[*] Starting IRB shell...
[*] You are in the "self" (session) object

irb: warn: can't alias kill from irb_kill.
>> self
=> #<Session:shell 172.22.222.154:38778 (172.22.222.154) >
>> a = []
=> []
>> exit
pry
[*] Starting Pry shell...
[*] You are in the "self" (session) object

[1] pry(#<Msf::Sessions::CommandShell>)> self
=> #<Session:shell 172.22.222.154:38778 (172.22.222.154) >
[2] pry(#<Msf::Sessions::CommandShell>)> self.methods
=> [:pushws,
 :irb_push_binding,
 :irb_pushb,
 :pushb,
...
[3] pry(#<Msf::Sessions::CommandShell>)> exit
uname -a
Linux ubuntu 4.18.0-16-generic #17~18.04.1-Ubuntu SMP Tue Feb 12 13:35:51 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
whoami
msfdev

[wvu]

Release Notes

This adds the irb and pry commands to the metashell in command shells.