-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add alert to show user the new session options available in Metasploit 6.4 #18761
Add alert to show user the new session options available in Metasploit 6.4 #18761
Conversation
Desired end goals:
And we want to remove the blank line when using the module:
We also want the messages to only appear when we've got the feature flag enabled |
It looks like this is printing an extra blank line when using the module:
Looks like the new line is caused by the prompting value, will need to look deeper why this isn't unset correctly diff --git a/lib/msf/core/module/alert.rb b/lib/msf/core/module/alert.rb
index 1bc609e356..904000c638 100644
--- a/lib/msf/core/module/alert.rb
+++ b/lib/msf/core/module/alert.rb
@@ -243,25 +243,36 @@ module Msf::Module::Alert
def alert_user
self.you_have_been_warned ||= {}
- errors.each do |msg|
- if msg && !self.you_have_been_warned[msg.hash]
- print_error(msg)
- self.you_have_been_warned[msg.hash] = true
+ self.without_prompt do
+ errors.each do |msg|
+ if msg && !self.you_have_been_warned[msg.hash]
+ print_error(msg)
+ self.you_have_been_warned[msg.hash] = true
+ end
end
- end
- warnings.each do |msg|
- if msg && !self.you_have_been_warned[msg.hash]
- print_warning(msg)
- self.you_have_been_warned[msg.hash] = true
+ warnings.each do |msg|
+ if msg && !self.you_have_been_warned[msg.hash]
+ print_warning(msg)
+ self.you_have_been_warned[msg.hash] = true
+ end
end
- end
- infos.each do |msg|
- if msg && !self.you_have_been_warned[msg.hash]
- print_line(msg)
- self.you_have_been_warned[msg.hash] = true
+ infos.each do |msg|
+ if msg && !self.you_have_been_warned[msg.hash]
+ print_status("i am updated, hello")
+ print_status(msg)
+ self.you_have_been_warned[msg.hash] = true
+ end
end
end
end
+
+ # Temporarily set the prompt mode to false to ensure that there are not additional lines printed
+ # A workaround for the prompting bug spotted in https://github.com/rapid7/metasploit-framework/pull/18761#issuecomment-1916645095
+ def without_prompt(&block)
+ previous_prompting_value = user_output.prompting
+ user_output.prompting(false)
+ yield
+ ensure
+ user_output.prompting(previous_prompting_value)
+ end
end
Edit: Looks like the prompting logic was removed here: ecc853d I'm not sure that's correct, I believe it's meant to be this: def pgets
line = nil
orig = Thread.current.priority
begin
Thread.current.priority = -20
output.prompting
line = readline_with_output(prompt, true)
::Readline::HISTORY.pop if (line and line.empty?)
ensure
Thread.current.priority = orig || 0
+ output.prompting(false)
end
line
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you mind also adding a callout for this new functionality in the tips array that shown on startup and by the tips
command.
infos.each do |msg| | ||
if msg && !self.you_have_been_warned[msg.hash] | ||
# Make prefix an empty string to avoid adding clutter (timestamps, rhost, rport, etc.) to the output | ||
print_status(msg, prefix: '') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm assuming that all of the calls to print_*
shouldn't have a prefix?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you mean for the warnings and errors too? ummm I'm not sure, I don't think we particularly want the prefixes for them but I wouldn't be 100% on that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like this might be leaving around tech debt/inconsistencies for the next person 👀
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't mind making the change, can sort that now
end | ||
|
||
print_status("Using #{used_module}") if used_module |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we talked about moving this above the cmd_use
call - did we leave that out intentionally? 👀
Current:
msf6 auxiliary(scanner/mysql/mysql_login) > use smb_login
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 auxiliary/scanner/smb/smb_login . normal No SMB Login Check Scanner
Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/smb/smb_login
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
[*] Using auxiliary/scanner/smb/smb_login
Expected:
msf6 auxiliary(scanner/mysql/mysql_login) > use smb_login
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 auxiliary/scanner/smb/smb_login . normal No SMB Login Check Scanner
Interact with a module by name or index. For example info 0, use 0 or use auxiliary/scanner/smb/smb_login
[*] Using auxiliary/scanner/smb/smb_login
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nope just forgot to move it
Release NotesAdds a user notification that new modules support a |
With the introduction of the new SMB, Postgresql, etc. sessions we thought it would be a good idea to add in some messaging to the user when they use a module that supports ether the creation or use of one of these modules that supports these new session types
Draft PR for the moment so we can discuss some UX details
Open questions:
Example output: