Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix several bugs running non-scanner aux modules #11486

Merged
merged 4 commits into from Feb 26, 2019

Conversation

Projects
None yet
4 participants
@busterb
Copy link
Contributor

busterb commented Feb 25, 2019

This fixes a couple of bugs in #11176:

  • RHOSTS is not always used in Aux modules, don't enforce it unless it's used.
  • Be sure to pass the action to the run stub, since it's not a standard option.

Verification

  • Start msfconsole
  • use auxiliary/server/tftp
  • run
  • Verify the module starts as expected
msf5 auxiliary(server/tftp) > run
[*] Auxiliary module running as background job 0.
msf5 auxiliary(server/tftp) > 
[*] Starting TFTP server on 0.0.0.0:6969...
[*] Files will be served from /var/folders/7q/jwhmljqn6nx8lnqft8nf5w2myy7k2k/T
[*] Uploaded files will be saved in /var/folders/7q/jwhmljqn6nx8lnqft8nf5w2myy7k2k/T

Fixes #11475 #11448 #11474 #11480

Fix several bugs running non-scanner aux modules
This fixes a couple of bugs in #11176:

 - RHOSTS is not always used in Aux modules, don't enforce it unless it's used.
 - Be sure to pass the action to the run stub, since it's not a standard option.

@busterb busterb requested a review from Green-m Feb 26, 2019

@Green-m

This comment has been minimized.

Copy link
Contributor

Green-m commented Feb 26, 2019

Sorry for the bug, fix a old bug and make serveral new bugs....

@busterb

This comment has been minimized.

Copy link
Contributor Author

busterb commented Feb 26, 2019

It happens. We're looking at how to automate testing of these module types next as part of the sanity test too.

@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Feb 26, 2019

Sorry for the bug, fix a old bug and make serveral new bugs....

We call that progress. Two steps forward, one step back. Can't spell progress without regr[e]ss.

@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Feb 26, 2019

Preliminary tests indicate this patch resolves the issue as described.

# wget 'https://github.com/rapid7/metasploit-framework/raw/287667d4f70375750e40c4ff0ea41762f1f48983/lib/msf/ui/console/command_dispatcher/auxiliary.rb'
--2019-02-26 05:51:29--  https://github.com/rapid7/metasploit-framework/raw/287667d4f70375750e40c4ff0ea41762f1f48983/lib/msf/ui/console/command_dispatcher/auxiliary.rb
Resolving github.com (github.com)... 192.30.255.113, 192.30.255.112
Connecting to github.com (github.com)|192.30.255.113|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/rapid7/metasploit-framework/287667d4f70375750e40c4ff0ea41762f1f48983/lib/msf/ui/console/command_dispatcher/auxiliary.rb [following]
--2019-02-26 05:51:30--  https://raw.githubusercontent.com/rapid7/metasploit-framework/287667d4f70375750e40c4ff0ea41762f1f48983/lib/msf/ui/console/command_dispatcher/auxiliary.rb
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.80.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.80.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5391 (5.3K) [text/plain]
Saving to: ‘auxiliary.rb’

auxiliary.rb                100%[===========================================>]   5.26K  --.-KB/s    in 0s      

2019-02-26 05:51:31 (14.1 MB/s) - ‘auxiliary.rb’ saved [5391/5391]

# mv auxiliary.rb lib/msf/ui/console/command_dispatcher/auxiliary.rb
# ./msfconsole 
[-] ***rting the Metasploit Framework console...\
[-] * WARNING: No database support: No database YAML file
[-] ***
                                                  
                          ########                  #
                      #################            #
                   ######################         #
                  #########################      #
                ############################
               ##############################
               ###############################
              ###############################
              ##############################
                              #    ########   #
                 ##        ###        ####   ##
                                      ###   ###
                                    ####   ###
               ####          ##########   ####
               #######################   ####
                 ####################   ####
                  ##################  ####
                    ############      ##
                       ########        ###
                      #########        #####
                    ############      ######
                   ########      #########
                     #####       ########
                       ###       #########
                      ######    ############
                     #######################
                     #   #   ###  #   #   ##
                     ########################
                      ##     ##   ##     ##
                            https://metasploit.com


       =[ metasploit v5.0.9-dev-d78a9978e0                ]
+ -- --=[ 1859 exploits - 1057 auxiliary - 327 post       ]
+ -- --=[ 546 payloads - 44 encoders - 10 nops            ]
+ -- --=[ 2 evasion                                       ]

msf5 > use auxiliary/server/socks4a
msf5 auxiliary(server/socks4a) > run -j
[*] Auxiliary module running as background job 0.

[*] Starting the socks4a proxy server
msf5 auxiliary(server/socks4a) > lsof -i :1080
[*] exec: lsof -i :1080

COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
ruby    2584 root   10u  IPv4 378554      0t0  TCP *:socks (LISTEN)
msf5 auxiliary(server/socks4a) > use auxiliary/scanner/ssh/ssh_enumusers
msf5 auxiliary(scanner/ssh/ssh_enumusers) > set rhosts 127.0.0.1
rhosts => 127.0.0.1
msf5 auxiliary(scanner/ssh/ssh_enumusers) > set USER_FILE /usr/share/metasploit-framework/data/wordlists/unix_users.txt
USER_FILE => /usr/share/metasploit-framework/data/wordlists/unix_users.txt
msf5 auxiliary(scanner/ssh/ssh_enumusers) > run

[*] 127.0.0.1:22 - SSH - Using malformed packet technique
[*] 127.0.0.1:22 - SSH - Starting scan
^C[*] Caught interrupt from the console...
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/ssh/ssh_enumusers) > # ^ not a real ssh server
^CInterrupt: use the 'exit' command to quit
msf5 auxiliary(scanner/ssh/ssh_enumusers) > use auxiliary/server/capture/smb
msf5 auxiliary(server/capture/smb) > run -jz
[*] Auxiliary module running as background job 1.

[*] Started service listener on 0.0.0.0:445 
[*] Server started.
msf5 auxiliary(server/capture/smb) > lsof -i :445
[*] exec: lsof -i :445

COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
ruby    2584 root   12u  IPv4 383166      0t0  TCP *:microsoft-ds (LISTEN)
msf5 auxiliary(server/capture/smb) > use auxiliary/server/tftp
msf5 auxiliary(server/tftp) > run -jz
[*] Auxiliary module running as background job 2.

[*] Starting TFTP server on 0.0.0.0:69...
[*] Files will be served from /tmp
[*] Uploaded files will be saved in /tmp
msf5 auxiliary(server/tftp) > lsof -i :69
[*] exec: lsof -i :69

COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
ruby    2584 root   14u  IPv4 387364      0t0  UDP *:tftp 
msf5 auxiliary(server/tftp) > 
@bcoles

bcoles approved these changes Feb 26, 2019

@benichmt1

This comment has been minimized.

Copy link

benichmt1 commented Feb 26, 2019

fixed it for me, cheers

@busterb

This comment has been minimized.

Copy link
Contributor Author

busterb commented Feb 26, 2019

@busterb busterb merged commit 287667d into rapid7:master Feb 26, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request Feb 26, 2019

Land #11486, fix running non-scanner aux modules
Merge remote-tracking branch 'upstream/pr/11486' into upstream-master

@busterb busterb added the msf5 label Feb 26, 2019

@busterb

This comment has been minimized.

Copy link
Contributor Author

busterb commented Feb 26, 2019

Release Notes

This fixes a issue running passive and non-scanner auxiliary modules.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.