Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External modules have some stringified Bools #10179

Closed
wvu opened this issue Jun 16, 2018 · 5 comments · Fixed by #10989
Closed

External modules have some stringified Bools #10179

wvu opened this issue Jun 16, 2018 · 5 comments · Fixed by #10989
Assignees
@wvu
Labels
bug library

Comments

@wvu
Copy link
Contributor

wvu commented Jun 16, 2018
edited
Loading 

**DisablePayloadHandler: True   (RHOST and RPORT settings will be ignored!)**

msf5 exploit(windows/smb/ms17_010_eternalblue_win8) > set DisablePayloadHandler
DisablePayloadHandler => false
msf5 exploit(windows/smb/ms17_010_eternalblue_win8) >

[1] pry(#<Msf::Modules::Mod6578706c6f69742f77696e646f77732f736d622f6d7331375f3031305f657465726e616c626c75655f77696e38::MetasploitModule>)> datastore
=> {"WfsDelay"=>"5",
 "WORKSPACE"=>nil,
 "VERBOSE"=>"false",
 "EnableContextEncoding"=>"false",
 "ContextInformationFile"=>nil,
 "DisablePayloadHandler"=>"false",
 "SMBUser"=>"",
 "SMBPass"=>"",
 "GroomAllocations"=>"13",
 "RHOST"=>"192.168.56.101",
 "RPORT"=>"445",
 "payload"=>"windows/x64/meterpreter/reverse_tcp",
 "lhost"=>"192.168.56.1",
 "LPORT"=>4444,
 "ReverseListenerBindPort"=>nil,
 "ReverseAllowProxy"=>false,
 "ReverseListenerComm"=>nil,
 "ReverseListenerBindAddress"=>nil,
 "ReverseListenerThreaded"=>false,
 "StagerRetryCount"=>10,
 "StagerRetryWait"=>5,
 "PayloadUUIDSeed"=>nil,
 "PayloadUUIDRaw"=>nil,
 "PayloadUUIDName"=>nil,
 "PayloadUUIDTracking"=>false,
 "EnableStageEncoding"=>false,
 "StageEncoder"=>nil,
 "StageEncoderSaveRegisters"=>"",
 "StageEncodingFallback"=>true,
 "PrependMigrate"=>false,
 "PrependMigrateProc"=>nil,
 "EXITFUNC"=>"process",
 "AutoLoadStdapi"=>true,
 "AutoVerifySession"=>true,
 "AutoVerifySessionTimeout"=>30,
 "InitialAutoRunScript"=>"",
 "AutoRunScript"=>"",
 "AutoSystemInfo"=>true,
 "EnableUnicodeEncoding"=>false,
 "HandlerSSLCert"=>nil,
 "SessionRetryTotal"=>3600,
 "SessionRetryWait"=>10,
 "SessionExpirationTimeout"=>604800,
 "SessionCommunicationTimeout"=>300,
 "PayloadProcessCommandLine"=>""}
[2] pry(#<Msf::Modules::Mod6578706c6f69742f77696e646f77732f736d622f6d7331375f3031305f657465726e616c626c75655f77696e38::MetasploitModule>)>

lib/msf/ui/console/command_dispatcher/common.rb:        print("   **DisablePayloadHandler: True   (RHOST and RPORT settings will be ignored!)**\n\n") if mod.datastore['DisablePayloadHandler']
@wvu wvu changed the title Command dispatchers still have stringified Bools in some places Command dispatchers still have stringified Bools in ~some places~ external modules? Jun 18, 2018
@wvu wvu changed the title Command dispatchers still have stringified Bools in ~some places~ external modules? External modules have some stringified Bools Jun 18, 2018
@acammack-r7
Copy link
Contributor

To see what the external module would see, you can use datastore.to_nested_values to be sure (not an issue here, just a tip). Are you setting a default somewhere?

@wvu
Copy link
Contributor Author

wvu commented Jun 18, 2018

Nope, I'm not doing anything for DisablePayloadHandler. I'm setting RHOST, RPORT, GroomAllocations, SMBUser, and SMBPass - noticing that they're also stringified.

@wvu
Copy link
Contributor Author

wvu commented Jun 18, 2018

Figured out where it's coming from. When used with save, DisablePayloadHandler is being set in ~/.msf4/config automatically.

@wvu wvu mentioned this issue Jul 3, 2018
Closed
4 tasks
@wvu wvu self-assigned this Sep 19, 2018
@Knowledge-Wisdom-Understanding
Copy link

Has anybody solved this issue? How can I fix it?

@acammack-r7
Copy link
Contributor

@Knowledge-Wisdom-Understanding are you running into an issue like this? If so, what are you seeing? The particular problem with DisablePayloadHandler here (especially with save, and maybe other options then, too) is that when you set an unregistered option it is assumed to be a string, and I believe that either it may not always be registered before deeper code uses it or the type isn't getting picked up/normalized correctly before the module runs.

@wvu wvu mentioned this issue Nov 19, 2018
Merged
@wvu wvu mentioned this issue Apr 15, 2020
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wvu wvu

Labels
bug library
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Coerce DisablePayloadHandler into a Boolean string wvu/metasploit-framework
3 participants
@wvu @acammack-r7 @Knowledge-Wisdom-Understanding