Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add file: support for RHOSTS option on exploit modules #11497

Merged
merged 1 commit into from Feb 28, 2019

Conversation

Projects
None yet
4 participants
@busterb
Copy link
Contributor

busterb commented Feb 28, 2019

This implements file: support for the RHOSTS option on exploit modules. Through a minor oddity with how the OptAddressRange option works, looking at 'RHOSTS' directly from the module returns the string literal rather than the normalized form. This PR instantiates an OptAddressRange if RHOSTS is specified for the purpose of normalizing file: back into the correct value.

Verification

  • Start msfconsole
  • use exploit/windows/smb/ms08_067_netapi or any remote exploit
  • set RHOSTS single-ip
  • Verify a single host is exploited
  • set RHOSTS ip-range
  • Verify multiple hosts are exploited
  • set RHOSTS file:rhosts.txt
  • Verify the contents of rhosts.txt is exploited
  • use exploit/windows/fileformat/dvdx_plf_bof or any non-remote exploit
  • ** Verify** the exploit works as expected

@busterb busterb requested a review from Green-m Feb 28, 2019

@busterb busterb referenced this pull request Feb 28, 2019

Merged

Further improve / fix RHOSTS support for aux modules #11493

10 of 10 tasks complete

@busterb busterb added the bug label Feb 28, 2019

@wvu-r7 wvu-r7 self-assigned this Feb 28, 2019

@wvu-r7

wvu-r7 approved these changes Feb 28, 2019

Copy link
Contributor

wvu-r7 left a comment

LGTM, will test and land after lunch.

@jmartin-r7 jmartin-r7 added the msf5 label Feb 28, 2019

@wvu-r7

This comment has been minimized.

Copy link
Contributor

wvu-r7 commented Feb 28, 2019

Release Notes

This fixes a validation bug in setting RHOSTS via file: in an exploit.

@wvu-r7 wvu-r7 merged commit 0c253ab into rapid7:master Feb 28, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

wvu-r7 added a commit that referenced this pull request Feb 28, 2019

@Green-m

This comment has been minimized.

Copy link
Contributor

Green-m commented Mar 1, 2019

This patch works well, thank you @busterb.

And there is one more thing, not related to this PR, just for discussing.
This line of code aims at validating the option of exploit module, but it not supported for RHOSTS, to avoid bugs referenced in #11493 and this PR, we have to preprocess the option before entering the exploit_simple method.

exploit.options.validate(exploit.datastore)

What I want to say is, shall we plan to streamline the exploit/auxiliay procedure to make code more elegant and consistent? Even for better parallelised mentioned in #11318? At the beginning of the framework design, it did not consider for multiple threads and hosts during exploit.

@wvu-r7

This comment has been minimized.

Copy link
Contributor

wvu-r7 commented Mar 1, 2019

That is a great idea, @Green-m.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.