Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ms01_026_dbldecode triggers undefined method on payload_exe #4246

Closed
hdm opened this issue Nov 22, 2014 · 5 comments · Fixed by #4321
Closed

ms01_026_dbldecode triggers undefined method on payload_exe #4246

hdm opened this issue Nov 22, 2014 · 5 comments · Fixed by #4321
Assignees
@wchen-r7
Labels
bug module

Comments

@hdm
Copy link
Contributor

hdm commented Nov 22, 2014

Reported on IRC by netsecstudent. The WINDIR option is incorrect, but the stack trace seems unrelated.

msf exploit(ms01_026_dbldecode) > show options

Module options (exploit/windows/iis/ms01_026_dbldecode):

   Name    Current Setting  Required  Description
   ----    ---------------  --------  -----------
   CMD                      no        Execute this command instead of using command stager
   RHOST   192.168.100.20   yes       The target address
   RPORT   80               yes       The target port
   WINDIR  C:Windows        no        The windows directory of the target host


Payload options (windows/meterpreter/bind_tcp):

   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   EXITFUNC  process          yes       Exit technique (accepted: seh, thread, process, none)
   LPORT     21168            yes       The listen port
   RHOST     192.168.100.20   no        The target address


Exploit target:

   Id  Name
   --  ----
   0   Automatic


msf exploit(ms01_026_dbldecode) > exploit
[*] Started bind handler
[*] Using windows directory "C:Windows"
[*] Copying cmd.exe to the web root as "jCtn.exe"...
[*] Executing command: copy \C:Windows\system32\cmd.exe jCtn.exe (options: {})
[*] Executing command: tftp -i  GET  IVFiPfAg.exe (options: {:temp=>".", :linemax=>1400, :cgifname=>"jCtn.exe"})
[*] Command Stager progress -  59.09% done (26/44 bytes)
[*] Command Stager progress - 100.00% done (44/44 bytes)
[-] Exploit failed: NameError undefined local variable or method `payload_exe' for #<Msf::Modules::Mod6578706c6f69742f77696e646f77732f6969732f6d7330315f3032365f64626c6465636f6465::Metasploit3:0x00000011013f68>
@hdm hdm added the module label Nov 22, 2014
@wchen-r7 wchen-r7 self-assigned this Nov 22, 2014
@todb-r7 todb-r7 added the bug label Nov 24, 2014
wchen-r7 added a commit to wchen-r7/metasploit-framework that referenced this issue Dec 5, 2014
@wchen-r7
Fix rapid7#4246 - Access payload_exe information correctly
e3f7398 
This fixes an undef method 'payload_exe' error. We broke this when
all modules started using Msf::Exploit::CmdStager as the only source
to get a command stager payload. The problem with that is "payload_exe"
is an accessor in CmdStagerTFTP, not in CmdStager, so when the module
wants to access that, we trigger the undef method error.

To be exact, this is the actual commit that broke it:
7ced592

Fix rapid7#4246
This was referenced Dec 5, 2014
Merged
Closed
wchen-r7 added a commit to wchen-r7/metasploit-framework that referenced this issue Dec 5, 2014
@wchen-r7
Add a comment as an excuse to tag the issue
7ae786a 
Fix rapid7#4246

... so it will automatically close the ticket.
@todb-r7 todb-r7 mentioned this issue Dec 12, 2014
Merged
todb-r7 pushed a commit that referenced this issue Dec 12, 2014
Land #4324, payload_exe rightening.
488f46c 
Fixes #4323, but /not/ #4246.
@todb-r7
Copy link

todb-r7 commented Dec 12, 2014

f25e3eb does not fix this.

@todb-r7 todb-r7 reopened this Dec 12, 2014
@wchen-r7
Copy link
Contributor

Really? It does not?

@wchen-r7
Copy link
Contributor

Oh you're right, yeah it's the other one that fixes this.

@todb
Copy link
Contributor

todb commented Dec 12, 2014

You said it didn't? You said you referenced the wrong PR?

I don't know now, you tell me.

Sent from a tiny computer.
Text (insecure): 512-438-9165

@wchen-r7
Copy link
Contributor

Yeah f25e3eb is for the other ticket.

jvazquez-r7 added a commit that referenced this issue Dec 26, 2014
@jvazquez-r7
Land #4321, @wchen-r7's fixes #4246 ms01_026_dbldecode undef method
655cfdd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wchen-r7 wchen-r7

Labels
bug module
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix #4246 - undef method 'payload_exe' error in ms01_026_dbldecode.rb wchen-r7/metasploit-framework
4 participants
@todb @todb-r7 @wchen-r7 @hdm