-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Further improve / fix RHOSTS support for aux modules #11493
Conversation
Peleus notes that when pulling more than a few RHOSTS targets from the database, MSF writes the intermediate results to a text file instead of leaving them in memory. The aux module check of instantiating a RangeWalker for validation is necessary but insufficient for validating 'file:' RHOSTS specifications. This clones logic used in the 'check' method in exploit modules to be able to handle file: properly. I suspect this may need to be consolidated and implemented elsewhere tool.
rhosts_range.each do |rhost| | ||
nmod = mod.replicant | ||
nmod.datastore['RHOST'] = rhost | ||
vprint_status("Running module against #{rhost}") | ||
print_status("Running module against #{rhost}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed this to non-verbose like other usage in MSF. Otherwise it's completely silent out of the box.
return false | ||
end | ||
|
||
rhosts_range = Rex::Socket::RangeWalker.new(rhosts_opt.normalize(rhosts)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the normalize call here extracts the hosts back from the file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks pretty sensible to me. I'll give it a test today.
Thanks. I believe @bwatters-r7 might have some insight into how to make the sanity tests also run these three modules in some sort of automated form. |
The newline in the output is misplaced. |
Exploits do need to be updated as explained earlier:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me
@Green-m: Did you ever figure out the misplaced newline? IIRC, that was a regression from earlier that made it into |
Release NotesThis fixes a validation bug in setting |
Thanks @wvu-r7 |
Followup file: support for exploits here: #11497 |
Auxilus notes that when pulling more than a few RHOSTS targets from the database, MSF writes the intermediate results to a text file instead of leaving them in memory. The aux module check of instantiating a RangeWalker for validation is necessary but insufficient for validating 'file:' RHOSTS specifications.
This clones logic used in the 'check' method in exploit modules to be able to handle file: properly. I suspect this may need to be consolidated and implemented elsewhere too.
See #11486 for related fixes.
Verification
msfconsole
use auxilary/scanner/http/title
services -u -p 80 -R
or something similar to populate a large-enough RHOSTS result such that the 'services' command writes an intermediate file.use auxiliary/admin/http/hp_web_jetadmin_exec
services -u -p 80 -R
or something similar to populate a large-enough RHOSTS result such that the 'services' command writes an intermediate file.use auxiliary/server/tftp