Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add shutdown method to Exploit::Remote::Tcp #12031

Merged
merged 2 commits into from
Jul 12, 2019
Merged

Add shutdown method to Exploit::Remote::Tcp #12031

merged 2 commits into from
Jul 12, 2019

Conversation

bcoles
Copy link
Contributor

@bcoles bcoles commented Jun 29, 2019

This PR exposes a shutdown method for Exploit::Remote::Tcp.sock.

I encountered a protocol recently which required sending sock.shutdown(1) before replying. The server refused to return data until it received a promise that no more data was to be sent.

@bcoles bcoles mentioned this pull request Jun 29, 2019
Merged
@busterb
Copy link
Member

busterb commented Jun 29, 2019
edited
Loading

Would it be alright to prefer one of the symbolic representations instead, as mentioned in the ruby docs? :SHUT_WR instead of 1 ?

@bcoles
Copy link
Contributor Author

bcoles commented Jun 30, 2019

Would it be alright to prefer one of the symbolic representations instead, as mentioned in the ruby docs? :SHUT_WR instead of 1 ?

Yeah, they're interchangeable. Updated.

@wvu wvu self-assigned this Jul 12, 2019
wvu
wvu approved these changes Jul 12, 2019
View reviewed changes
Copy link
Contributor

@wvu wvu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

[1] pry(#<Msf::Modules::Exploit__Bsd__Finger__Morris_fingerd_bof::MetasploitModule>)> connect
=> #<Socket:fd 19>
[2] pry(#<Msf::Modules::Exploit__Bsd__Finger__Morris_fingerd_bof::MetasploitModule>)> disconnect
=> #<Socket:(closed)>
[3] pry(#<Msf::Modules::Exploit__Bsd__Finger__Morris_fingerd_bof::MetasploitModule>)> connect
=> #<Socket:fd 19>
[4] pry(#<Msf::Modules::Exploit__Bsd__Finger__Morris_fingerd_bof::MetasploitModule>)> shutdown
=> true
[5] pry(#<Msf::Modules::Exploit__Bsd__Finger__Morris_fingerd_bof::MetasploitModule>)> sock
=> #<Socket:fd 19>
[6] pry(#<Msf::Modules::Exploit__Bsd__Finger__Morris_fingerd_bof::MetasploitModule>)> sock.close
=> nil
[7] pry(#<Msf::Modules::Exploit__Bsd__Finger__Morris_fingerd_bof::MetasploitModule>)> sock
=> #<Socket:(closed)>
[8] pry(#<Msf::Modules::Exploit__Bsd__Finger__Morris_fingerd_bof::MetasploitModule>)>

    1   0.000000    127.0.0.1 → 127.0.0.1    51153 79 TCP 68 51153 → 79 [SYN] Seq=0 Win=65535 Len=0 MSS=16344 WS=64 TSval=2564325313 TSecr=0 SACK_PERM=1
    2   0.000056    127.0.0.1 → 127.0.0.1    79 51153 TCP 68 79 → 51153 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=16344 WS=64 TSval=2564325313 TSecr=2564325313 SACK_PERM=1
    3   0.000065    127.0.0.1 → 127.0.0.1    51153 79 TCP 56 51153 → 79 [ACK] Seq=1 Ack=1 Win=408256 Len=0 TSval=2564325313 TSecr=2564325313
    4   0.000076    127.0.0.1 → 127.0.0.1    79 51153 TCP 56 [TCP Window Update] 79 → 51153 [ACK] Seq=1 Ack=1 Win=408256 Len=0 TSval=2564325313 TSecr=2564325313
    5   7.131531    127.0.0.1 → 127.0.0.1    51153 79 TCP 56 51153 → 79 [FIN, ACK] Seq=1 Ack=1 Win=408256 Len=0 TSval=2564332412 TSecr=2564325313
    6   7.131560    127.0.0.1 → 127.0.0.1    79 51153 TCP 56 79 → 51153 [ACK] Seq=1 Ack=2 Win=408256 Len=0 TSval=2564332412 TSecr=2564332412
    7   7.131611    127.0.0.1 → 127.0.0.1    79 51153 TCP 56 79 → 51153 [FIN, ACK] Seq=1 Ack=2 Win=408256 Len=0 TSval=2564332412 TSecr=2564332412
    8   7.131633    127.0.0.1 → 127.0.0.1    51153 79 TCP 56 51153 → 79 [ACK] Seq=2 Ack=2 Win=408256 Len=0 TSval=2564332412 TSecr=2564332412
    9   8.490880    127.0.0.1 → 127.0.0.1    51154 79 TCP 68 51154 → 79 [SYN] Seq=0 Win=65535 Len=0 MSS=16344 WS=64 TSval=2564333763 TSecr=0 SACK_PERM=1
   10   8.490939    127.0.0.1 → 127.0.0.1    79 51154 TCP 68 79 → 51154 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=16344 WS=64 TSval=2564333763 TSecr=2564333763 SACK_PERM=1
   11   8.490948    127.0.0.1 → 127.0.0.1    51154 79 TCP 56 51154 → 79 [ACK] Seq=1 Ack=1 Win=408256 Len=0 TSval=2564333763 TSecr=2564333763
   12   8.490957    127.0.0.1 → 127.0.0.1    79 51154 TCP 56 [TCP Window Update] 79 → 51154 [ACK] Seq=1 Ack=1 Win=408256 Len=0 TSval=2564333763 TSecr=2564333763
   13  10.527828    127.0.0.1 → 127.0.0.1    51154 79 TCP 56 51154 → 79 [FIN, ACK] Seq=1 Ack=1 Win=408256 Len=0 TSval=2564335784 TSecr=2564333763
   14  10.527887    127.0.0.1 → 127.0.0.1    79 51154 TCP 56 79 → 51154 [ACK] Seq=1 Ack=2 Win=408256 Len=0 TSval=2564335784 TSecr=2564335784
   15  10.527914    127.0.0.1 → 127.0.0.1    79 51154 TCP 56 79 → 51154 [FIN, ACK] Seq=1 Ack=2 Win=408256 Len=0 TSval=2564335784 TSecr=2564335784
   16  10.527938    127.0.0.1 → 127.0.0.1    51154 79 TCP 56 51154 → 79 [ACK] Seq=2 Ack=2 Win=408256 Len=0 TSval=2564335784 TSecr=2564335784

@wvu wvu merged commit 82b583b into rapid7:master Jul 12, 2019
wvu added a commit that referenced this pull request Jul 12, 2019
@wvu
Land #12031, Msf::Exploit::Remote::Tcp#shutdown
a586fda
@wvu
Copy link
Contributor

wvu commented Jul 12, 2019
edited by tdoan-r7
Loading

Release Notes

The shutdown method has been added to the Msf::Exploit::Remote::Tcp mixin. It exposes the shutdown method from Rex::Socket::Tcp to provide a consistent interface for module developers. Please note that the disconnect method will shut down and close a socket, which isn't always desired.

msjenkins-r7 pushed a commit that referenced this pull request Jul 12, 2019
@wvu @msjenkins-r7
Land #12031, Msf::Exploit::Remote::Tcp#shutdown
cb6400e
@wvu wvu added the easy label Jul 12, 2019
@bcoles bcoles deleted the tcp_sock_shutdown branch July 12, 2019 17:52
@tdoan-r7 tdoan-r7 added the rn-enhancement release notes enhancement label Jul 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wvu wvu wvu approved these changes

Assignees

@wvu wvu

Labels
easy enhancement library rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@bcoles @busterb @wvu @tdoan-r7