New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sessions -v crash on nil platform #10772

Closed
h00die opened this Issue Oct 8, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@h00die
Contributor

h00die commented Oct 8, 2018

PR incoming for fix.
When a session is obtained where the platform can't be determined or something bugs out, it becomes nil. However, sessions -v can't string concat a nil and bombs.

This is a Cisco UC520.

msf5 > use auxiliary/scanner/ssh/ssh_login
msf5 auxiliary(scanner/ssh/ssh_login) > set rhosts 2.2.2.2
rhosts => 2.2.2.2
msf5 auxiliary(scanner/ssh/ssh_login) > set username cisco
username => cisco
smsf5 auxiliary(scanner/ssh/ssh_login) > set password cisco
password => cisco
msf5 auxiliary(scanner/ssh/ssh_login) > run

[+] 2.2.2.2:22 - Success: 'cisco:cisco' '  Line has invalid autocommand "id  "'
[*] Command shell session 1 opened (?? -> ??) at 2018-10-08 11:30:14 -0400
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/ssh/ssh_login) > sessions -v

[-] Session manipulation failed: no implicit conversion of nil into String ["/root/metasploit-framework/lib/msf/base/serializer/readable_text.rb:772:in `+'", "/root/metasploit-framework/lib/msf/base/serializer/readable_text.rb:772:in `block in dump_sessions_verbose'", "/root/metasploit-framework/lib/msf/core/session_manager.rb:184:in `each'", "/root/metasploit-framework/lib/msf/core/session_manager.rb:184:in `each_sorted'", "/root/metasploit-framework/lib/msf/base/serializer/readable_text.rb:752:in `dump_sessions_verbose'", "/root/metasploit-framework/lib/msf/base/serializer/readable_text.rb:611:in `dump_sessions'", "/root/metasploit-framework/lib/msf/ui/console/command_dispatcher/core.rb:1436:in `cmd_sessions'", "/root/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:501:in `run_command'", "/root/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:453:in `block in run_single'", "/root/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:447:in `each'", "/root/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:447:in `run_single'", "/root/metasploit-framework/lib/rex/ui/text/shell.rb:151:in `run'", "/root/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'", "/root/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'", "./msfconsole:49:in `<main>'"]

This is due to the logic that there isn't a default case for ssh_login: https://github.com/rapid7/metasploit-framework/blob/master/lib/metasploit/framework/login_scanner/ssh.rb#L152 (yes, i had the last edit on it).

I could argue that this case should have a default of '' or 'Unknown', but i'll at least solve the other issue.

@h00die

This comment has been minimized.

Show comment
Hide comment
@h00die

h00die Oct 8, 2018

Contributor

There are additional downstream issues with the root nil issue as well:

msf5 post(cisco/gather/enum_cisco) > run

[-] Post failed: TypeError compared with non class/module
[-] Call stack:
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:102:in `>='
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:102:in `block (2 levels) in supports?'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:101:in `each'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:101:in `block in supports?'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:99:in `each'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:99:in `supports?'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/post_mixin.rb:172:in `session_compatible?'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/post_mixin.rb:38:in `setup'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/post.rb:38:in `setup'
[*] Post module execution completed
Contributor

h00die commented Oct 8, 2018

There are additional downstream issues with the root nil issue as well:

msf5 post(cisco/gather/enum_cisco) > run

[-] Post failed: TypeError compared with non class/module
[-] Call stack:
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:102:in `>='
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:102:in `block (2 levels) in supports?'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:101:in `each'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:101:in `block in supports?'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:99:in `each'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/module/platform_list.rb:99:in `supports?'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/post_mixin.rb:172:in `session_compatible?'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/post_mixin.rb:38:in `setup'
[-]   /my/fake/path/metasploit-framework/lib/msf/core/post.rb:38:in `setup'
[*] Post module execution completed

@wvu-r7 wvu-r7 closed this in #10773 Oct 8, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment