-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[GSoC] Implementation of resource command #10220
[GSoC] Implementation of resource command #10220
Conversation
lib/rex/ui/text/resource.rb
Outdated
|
||
# Pretty soon, this is going to need an XML parser :) | ||
# TODO: case matters for the tag and for binding names | ||
if line =~ /<ruby/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Depending what future changes you want to make to this loop, it might be easier to check for <ruby
first. Saves wrapping everything in a giant conditional.
Same with buff.empty?
later on in the method.
while lines.length > 0
line = lines.shift
break unless line
line.strip!
next if line.length == 0
next if line.starts_with? '#'
unless line =~ /<ruby/
print_line("resource (#{path})> #{line}")
run_cmd(line)
next
end
# Pretty soon, this is going to need an XML parser :)
# TODO: case matters for the tag and for binding names
if line =~ /\s+binding=(?:'(\w+)'|"(\w+)")(>|\s+)/
bin = ($~[1] || $~[2])
bindings[bin] = binding unless bindings.has_key? bin
bin = bindings[bin]
else
bin = binding
end
buff = ''
while lines.length > 0
line = lines.shift
break unless line
break if line.include? '</ruby>'
buff << line
end
next if buff.empty?
print_status("resource (#{path})> Ruby Code (#{buff.length} bytes)")
begin
eval(buff, bin)
rescue ::Interrupt
raise $!
rescue ::Exception => e
print_error("resource (#{path})> Ruby Error: #{e.class} #{e} #{e.backtrace}")
end
end
end
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for late reply, actually these code is not written by me, I just copied them from file
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/ui/console/driver.rb#L264
I need to call this function in my file, so @timwr helped me to separate this function to a single file for code-reuse.
I think there is an error, I just move the DO NOT MERGE THIS PULL REQUEST before I solve this problem. thank you dear mentors |
lib/rex/ui/text/dispatcher_shell.rb
Outdated
@@ -417,73 +417,6 @@ def tab_complete_helper(dispatcher, str, words) | |||
return items | |||
end | |||
|
|||
# Processes a resource script file for the console. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't forget to include Resource
at the top here too, since you're removing the function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
T_T, I am so careless... It's all my fault, I think the problem is solved~ I just tested the new changes, thank you @timwr really so much for your gentle help.
c1d1e8e
to
85bfca9
Compare
I downloaded the
The error is I have no idea about how to solve it... can I run these test on my laptop? where can I get the test cases? |
I think you can ignore the test fails for now |
I'm pretty sure the test infrastructure is broken at the moment. r7 will likely fix it when they show up at the office on Monday and see the big board has turned red. |
@WangYihang: This is looking great! I especially like the addition of the Consider adding a note to the resource help to tell the user that they can end the STDIN resource input using CTRL-D. Additionally, PR #9356 might have destroyed your hook inside Finally, Thanks for the hard work! |
Jenkins test this please. |
Hey @Wang, I was worried that a recent change might have broken your code, but I'm having trouble getting it to work in my environment even before the change. It might be something with me, but would you take a look? Note -- these reproduction steps will overwrite files on the master branch, so you should make sure you're in a different branch, and probably back up ** just in case **: Reproduction stepsMake sure you have the latest metasploit-framework code without any changes on the master branch:
Create a temporary working branch
Grab the files from this PR and run the test
One-liner command (same as above)
Sample output
Once we've got a shell, here's the
And now here's running the
|
@asoto-r7 Got it, I will try to fix this bug tomorrow. |
It works I think. @asoto-r7 Thank you so much for your very detailed description, it's pretty nice~ |
Hi, I fixed the regression independently in #10399, but I hadn't noticed the fix and refactor to |
Hey @WangYihang, nice work catching and fixing our regression! Nice work on this PR as well. There are two small issues, but this is very close to ready to land:
Note that the commands aren't actually run on target. It's not until you press Enter that the commands are sent. This happens regardless of whether there's a newline at the end of the resource script, and regardless of whether we use But you'll also encounter a second issue:
The commands appear to be concatenated into a single string, without the newline being processed. Again, this appears to happen regardless of the use of That said, I suspect you might be able to fix both of these bugs at the same time. I'm sure you've got it, but let us know if you need a hand. Thanks! |
@asoto-r7 em, I thought that |
Description
Implementation of resource command, like meterpreter does.
Verification
/tmp/resource.rb
will be executed