Further improve / fix RHOSTS support for aux modules #11493
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Peleus notes that when pulling more than a few RHOSTS targets from the database, MSF writes the intermediate results to a text file instead of leaving them in memory. The aux module check of instantiating a RangeWalker for validation is necessary but insufficient for validating 'file:' RHOSTS specifications. This clones logic used in the 'check' method in exploit modules to be able to handle file: properly. I suspect this may need to be consolidated and implemented elsewhere tool.
busterb
commented
Feb 27, 2019
| rhosts_range.each do |rhost| | ||
| nmod = mod.replicant | ||
| nmod.datastore['RHOST'] = rhost | ||
| vprint_status("Running module against #{rhost}") | ||
| print_status("Running module against #{rhost}") |
There was a problem hiding this comment.
Changed this to non-verbose like other usage in MSF. Otherwise it's completely silent out of the box.
busterb
commented
Feb 27, 2019
| return false | ||
| end | ||
|
|
||
| rhosts_range = Rex::Socket::RangeWalker.new(rhosts_opt.normalize(rhosts)) |
There was a problem hiding this comment.
the normalize call here extracts the hosts back from the file
wvu
approved these changes
Feb 27, 2019
|
Thanks. I believe @bwatters-r7 might have some insight into how to make the sanity tests also run these three modules in some sort of automated form. |
The newline in the output is misplaced. |
|
Exploits do need to be updated as explained earlier: |
|
@Green-m: Did you ever figure out the misplaced newline? IIRC, that was a regression from earlier that made it into |
wvu
approved these changes
Feb 28, 2019
Release NotesThis fixes a validation bug in setting |
wvu
added a commit
that referenced
this pull request
Feb 28, 2019
|
Thanks @wvu-r7 |
|
Followup file: support for exploits here: #11497 |
This was referenced Mar 1, 2019
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Auxilus notes that when pulling more than a few RHOSTS targets from the database, MSF writes the intermediate results to a text file instead of leaving them in memory. The aux module check of instantiating a RangeWalker for validation is necessary but insufficient for validating 'file:' RHOSTS specifications.
This clones logic used in the 'check' method in exploit modules to be able to handle file: properly. I suspect this may need to be consolidated and implemented elsewhere too.
See #11486 for related fixes.
Verification
msfconsoleuse auxilary/scanner/http/titleservices -u -p 80 -Ror something similar to populate a large-enough RHOSTS result such that the 'services' command writes an intermediate file.use auxiliary/admin/http/hp_web_jetadmin_execservices -u -p 80 -Ror something similar to populate a large-enough RHOSTS result such that the 'services' command writes an intermediate file.use auxiliary/server/tftp