New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add nil check to enum_patches - Fix #11346 #11348

Merged
merged 1 commit into from Feb 4, 2019

Conversation

Projects
None yet
2 participants
@bcoles
Copy link
Contributor

bcoles commented Feb 2, 2019

Add nil check to enum_patches - Fix #11346

I wasn't able to reproduce #11346, but this should prevent the issue from occurring against, unless the underlying issue is in the WMI lib.

The PR checks if the response from session.extapi.wmi.query is nil. Also rejects nil from the response values. Prints a relevant status message.

Also some updates to style.

    if objects[:values].nil?
      kb_ids = []
    else
      kb_ids = objects[:values].reject(&:nil?).map { |kb| kb[0] }
    end

    if kb_ids.empty?
      print_status 'Found no patches installed'
    end
msf5 post(windows/gather/enum_patches) > run

[+] KB2871997 is missing
[+] KB2928120 is missing
[+] KB977165 - Possibly vulnerable to MS10-015 kitrap0d if Windows 2K SP4 - Windows 7 (x86)
[+] KB2305420 - Possibly vulnerable to MS10-092 schelevator if Vista, 7, and 2008
[+] KB2592799 - Possibly vulnerable to MS11-080 afdjoinleaf if XP SP2/SP3 Win 2k3 SP2
[+] KB2778930 - Possibly vulnerable to MS13-005 hwnd_broadcast, elevates from Low to Medium integrity
[+] KB2850851 - Possibly vulnerable to MS13-053 schlamperei if x86 Win7 SP0/SP1
[+] KB2870008 - Possibly vulnerable to MS13-081 track_popup_menu if x86 Windows 7 SP0/SP1
[*] Post module execution completed

@busterb busterb self-assigned this Feb 4, 2019

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Feb 4, 2019

Looks good, thanks.

@busterb busterb merged commit 2828380 into rapid7:master Feb 4, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request Feb 4, 2019

@busterb

This comment has been minimized.

Copy link
Contributor

busterb commented Feb 4, 2019

Release Notes

This adds additional error handling to the windows/gather/enum_patches post exploitation module.

msjenkins-r7 added a commit that referenced this pull request Feb 4, 2019

@bcoles bcoles deleted the bcoles:enum_patches branch Feb 4, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment