Cache "show payloads" and set PAYLOAD by index

rapid7 · Jul 24, 2019 · 3acb901 · 3acb901
1 parent 29d6c27
commit 3acb901
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 14 deletions.
diff --git a/lib/msf/ui/console/command_dispatcher/core.rb b/lib/msf/ui/console/command_dispatcher/core.rb
@@ -1574,6 +1574,27 @@ def cmd_set(*args)
     name  = args[0]
     value = args[1, args.length-1].join(' ')
 
+    # Set PAYLOAD by index
+    if name.upcase == 'PAYLOAD' && active_module && (active_module.exploit? || active_module.evasion?)
+      mod_index =
+        begin
+          Integer(value)
+        rescue ArgumentError, TypeError
+          nil
+        end
+
+      payload_show_results =
+        Msf::Ui::Console::CommandDispatcher::Modules.class_variable_get(:@@payload_show_results)
+
+      if mod_index
+        if mod_index < 0 || payload_show_results[mod_index].nil?
+          return false
+        end
+
+        value = payload_show_results[mod_index].first
+      end
+    end
+
     # If the driver indicates that the value is not valid, bust out.
     if (driver.on_variable_set(global, name, value) == false)
       print_error("The value specified for #{name} is not valid.")

diff --git a/lib/msf/ui/console/command_dispatcher/modules.rb b/lib/msf/ui/console/command_dispatcher/modules.rb
@@ -49,6 +49,7 @@ def initialize(driver)
             @previous_module = nil
             @module_name_stack = []
             @module_search_results = []
+            @@payload_show_results = []
             @dangerzone_map = nil
           end
 
@@ -651,7 +652,10 @@ def cmd_use(*args)
 
             # Use a module by search index
             if mod_index
-              return if mod_index < 0 || @module_search_results[mod_index].nil?
+              if mod_index < 0 || @module_search_results[mod_index].nil?
+                return false
+              end
+
               mod_name = @module_search_results[mod_index].fullname
             end
 
@@ -1039,10 +1043,12 @@ def show_exploits(regex = nil, minrank = nil, opts = nil) # :nodoc:
           def show_payloads(regex = nil, minrank = nil, opts = nil) # :nodoc:
             # If an active module has been selected and it's an exploit, get the
             # list of compatible payloads and display them
-            if (active_module and (active_module.exploit? == true or active_module.evasion?))
-              show_module_set("Compatible Payloads", active_module.compatible_payloads, regex, minrank, opts)
+            if active_module && (active_module.exploit? || active_module.evasion?)
+              @@payload_show_results = active_module.compatible_payloads
+
+              show_module_set('Compatible Payloads', @@payload_show_results, regex, minrank, opts)
             else
-              show_module_set("Payloads", framework.payloads, regex, minrank, opts)
+              show_module_set('Payloads', framework.payloads, regex, minrank, opts)
             end
           end
 

diff --git a/lib/msf/ui/console/driver.rb b/lib/msf/ui/console/driver.rb
@@ -404,22 +404,14 @@ def on_startup(opts = {})
   #
   def on_variable_set(glob, var, val)
     case var.downcase
-    when 'payload'
-      if framework && !framework.payloads.valid?(val)
-        return false
-      elsif active_module && active_module.type == 'exploit' && !active_module.is_payload_compatible?(val)
-        return false
-      elsif active_module
-        active_module.datastore.clear_non_user_defined
-      elsif framework
-        framework.datastore.clear_non_user_defined
-      end
     when 'sessionlogging'
       handle_session_logging(val) if glob
     when 'consolelogging'
       handle_console_logging(val) if glob
     when 'loglevel'
       handle_loglevel(val) if glob
+    when 'payload'
+      handle_payload(val)
     when 'ssh_ident'
       handle_ssh_ident(val)
     end
@@ -572,6 +564,23 @@ def handle_loglevel(val)
     set_log_level(Msf::LogSource, val)
   end
 
+  #
+  # This method handles setting a desired payload
+  #
+  # TODO: Move this out of the console driver!
+  #
+  def handle_payload(val)
+    if framework && !framework.payloads.valid?(val)
+      return false
+    elsif active_module && (active_module.exploit? || active_module.evasion?)
+      return false unless active_module.is_payload_compatible?(val)
+    elsif active_module
+      active_module.datastore.clear_non_user_defined
+    elsif framework
+      framework.datastore.clear_non_user_defined
+    end
+  end
+
   #
   # This method monkeypatches Net::SSH's client identification string
   #