Add setg sessiontlvlogging command to log TLV packets

[sjanusz-r7]

This PR allows the user to setg sessiontlvlogging true/console/false/file:<file> to enable/disable logging of TLV packets for all sessions.

Future effort could include adding this toggle to individual sessions as well.

There is some logic behind deciding if we want to write to a file or directory.
If we set the logging output to a file and we have write permissions, TLV packets will be appended to the file.
If we set it to a directory and we have write permissions, TLV packets will be stored in that directory with a default filename of sessiontlvlogging.txt.
If we set it to a non-existent directory such as setg sessiontlvlogging file:/tmp/this/directory/does/not/exist, the last part of the file: argument will be treated as the output file e.g. exist in this example. This will also create the relevant subdirectories, meaning if we do setg sessiontlvlogging file:/tmp/this/directory/does/not in the future, we will output to a file, /tmp/this/directory/does/not/sessiontlvlogging.txt as the directory exists.

Verification

• Start msfconsole
• setg sessiontlvlogging console
• Get or interact with a session
• Confirm both SEND and RECV TLV packets are output to the console
• setg sessiontlvlogging false
• Get or interact with a session
• Confirm no TLV packets are being output to console
• setg sessiontlvlogging file:./output.txt
• Get or interact with a session
• Confirm that the output.txt file has TLV packet information stored.

Before / setg sessiontlvlogging false

msf6 payload(java/meterpreter/reverse_tcp) >
[*] Sending stage (78874 bytes) to 192.168.129.131
[*] Meterpreter session 7 opened (192.168.129.1:4455 -> 192.168.129.131:49749 ) at 2022-01-31 17:29:37 +0000

After / setg sessiontlvlogging console

msf6 payload(java/meterpreter/reverse_tcp) >
[*] Sending stage (78874 bytes) to 192.168.129.131

SEND: #<Rex::Post::Meterpreter::Packet type=Request         tlvs=[
  #<Rex::Post::Meterpreter::Tlv type=COMMAND-ID      meta=INT        value=16 command=core_negotiate_tlv_encryption>
  #<Rex::Post::Meterpreter::Tlv type=REQUEST-ID      meta=STRING     value="88608609954242027287119365197473">
  #<Rex::Post::Meterpreter::Tlv type=RSA-PUB-KEY     meta=RAW        value="0\x82\x01\"0\r\x06\t*\x86H\x86\xF7\r\x01\x01\x01\ ...">
]>

RECV: #<Rex::Post::Meterpreter::Packet type=Response        tlvs=[
  #<Rex::Post::Meterpreter::Tlv type=COMMAND-ID      meta=INT        value=16 command=core_negotiate_tlv_encryption>
  #<Rex::Post::Meterpreter::Tlv type=REQUEST-ID      meta=STRING     value="88608609954242027287119365197473">
  #<Rex::Post::Meterpreter::Tlv type=ENC-SYM-KEY     meta=RAW        value="?=\r\x19\xCF\x82\xAB*!1\x84~\r\xBAV\x8D)4w\xB6\xA ...">
  #<Rex::Post::Meterpreter::Tlv type=SYM-KEY-TYPE    meta=INT        value=1>
  #<Rex::Post::Meterpreter::Tlv type=RESULT          meta=INT        value=0>
  #<Rex::Post::Meterpreter::Tlv type=UUID            meta=RAW        value="W\\o\xDBd\xD8\xC1\xB2\\=X,=\xC5@\xC6">
]>

[adfoster-r7]

We'll want to make sure this works with the save command too, i.e. setg + save, then reopen msfconsole and verify it still works as expected

[cdelafuente-r7]

That would be interesting to have this also logged to a file. This could be set with an option, for example:

# set output to the console only:
setg logtlv console

# output to a file:
setg logtlv file:/path/to/file

# disable it:
setg logtlv

[adfoster-r7]

We may want to follow a similar pattern to the existing session logging, it's potentially worth taking a look at that to see if it's a viable pattern to follow

[adfoster-r7]

Looks like we'll want to also include this in the top level options:

msf6 > show options

Global Options:
===============

   Option             Current Setting      Description
   ------             ---------------      -----------
   ConsoleLogging     false                Log all console input and output
   LogLevel           3                    Verbosity of logs (default 0, max 3)
   MeterpreterPrompt  meterpreter  The meterpreter prompt string
   MinimumRank        0                    The minimum rank of exploits that will run without explicit confirmation
   Prompt             msf6                 The prompt string
   PromptChar         >                    The prompt character
   PromptTimeFormat   %Y-%m-%d %H:%M:%S    Format for timestamp escapes in prompts
   SessionLogging     false                Log all input and output for sessions
   TimestampOutput    false                Prefix all console output with a timestamp

[adfoster-r7]

We might find use out of allowing users to specify timestamps etc, similar to the current prompt handling:

metasploit-framework/lib/rex/ui/text/shell.rb

Lines 390 to 393 in e771147

	#
	# Handle prompt substitutions
	#
	def format_prompt(str)

[adfoster-r7]

Thinking aloud:

Should we validate the file path is valid on assignment?

msf6 > setg sessiontlvlogging file:/tmp/bar/logs.txt
sessiontlvlogging => file:/tmp/bar/logs.txt
msf6 > sessions -i -1 -C 'dir'
[*] Running 'dir' on meterpreter session 5 (192.168.123.1)
[-] Error running command dir: Errno::ENOENT No such file or directory @ rb_sysopen - /tmp/bar/logs.txt
msf6 > [*] 192.168.123.1 - Meterpreter session 5 closed.  Reason: Died

If we fail to write to a log file, should that block meterpreter from working? It feels like something we might be able to ignore 🤔

[adfoster-r7]

Not a blocker: If the user changed log file location, this would still log to the old location. I believe that's what handle_session_tlv_logging is meant to handle potentially

[adfoster-r7]

Release Notes

This adds support for logging Meterpreter's TLV Packets with setg SessionTlvLogging true. Other values for the SessionTlvLogging option include console, false, and file:<file_location>.