New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix HTTP/SMB mixin order to restore SSL option #11330

Merged
merged 1 commit into from Jan 29, 2019

Conversation

Projects
None yet
4 participants
@wvu-r7
Copy link
Contributor

wvu-r7 commented Jan 29, 2019

Mixin order matters. Mixins kinda suck (the way we use them).

Registering the SMB server share mixin after HttpClient deregisters the SSL and SSLCert options. They're still settable, but they vanish from the options lists.

  • Diff the normal and advanced options lists before and after this patch
  • Ensure nothing was lost, only gained

Reported by @terrorbyte.

Fix HTTP/SMB mixin order to restore SSL option
Mixin order matters. Mixins kinda suck.

@jmartin-r7 jmartin-r7 self-assigned this Jan 29, 2019

@jmartin-r7

This comment has been minimized.

Copy link
Contributor

jmartin-r7 commented Jan 29, 2019

Options diff pre and post patch

$ diff -p 11330_pre.txt 11330_post.txt
*** 11330_pre.txt	2019-01-29 11:34:22.000000000 -0600
--- 11330_post.txt	2019-01-29 11:34:17.000000000 -0600
*************** Module options (exploit/multi/http/strut
*** 10,15 ****
--- 10,16 ----
     SMB_DELAY       10                                        yes       Time that the SMB Server will wait for the payload request
     SRVHOST         0.0.0.0                                   yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
     SRVPORT         445                                       yes       The local port to listen on.
+    SSL             false                                     no        Negotiate SSL/TLS for outgoing connections
     STRUTS_VERSION  2.x                                       yes       Apache Struts Framework version (Accepted: 1.x, 2.x)
     TARGETURI       /struts2-blank/example/HelloWorld.action  yes       The path to a struts application action
     VHOST                                                     no        HTTP server virtual host
*************** Module options (exploit/windows/http/gen
*** 77,82 ****
--- 78,84 ----
     SMB_DELAY    10                               yes       Time that the SMB Server will wait for the payload request
     SRVHOST      0.0.0.0                          yes       The local host to listen on. This must be an address on the local machine or 0.0.0.0
     SRVPORT      445                              yes       The local port to listen on.
+    SSL          false                            no        Negotiate SSL/TLS for outgoing connections
     TARGETURI    /cgi-bin/function.php?argument=  yes       Path to vulnerable URI (The shared location will be added at the end)
     VHOST                                         no        HTTP server virtual host

@jmartin-r7 jmartin-r7 merged commit b7bc52d into rapid7:master Jan 29, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

jmartin-r7 added a commit that referenced this pull request Jan 29, 2019

@wvu-r7 wvu-r7 deleted the wvu-r7:bug/mixin branch Jan 29, 2019

msjenkins-r7 added a commit that referenced this pull request Jan 29, 2019

include Msf::Exploit::Remote::SMB::Server::Share
include Msf::Exploit::Remote::HttpClient

This comment has been minimized.

@h00die

h00die Jan 30, 2019

Contributor

may be worth a comment on why this has to come after (even just See #11330) to prevent this from happening in the future

@gdavidson-r7

This comment has been minimized.

Copy link

gdavidson-r7 commented Feb 6, 2019

Release Notes

This fixes the HTTP/SMB mixin order to restore the SSL option. Previously, registering the SMB server share mixin after HttpClient would deregister the SSL and SSLCert options.

@gdavidson-r7 gdavidson-r7 added the rn-fix label Feb 6, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment