Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check fix #11559

Merged
merged 1 commit into from Mar 13, 2019

Conversation

Projects
None yet
2 participants
@jrobles-r7
Copy link
Contributor

jrobles-r7 commented Mar 13, 2019

Account for empty args array. args.join(' ') returns "" when the args array is empty without checking mod or framework RHOSTS values.

Before Fix

$ ./msfconsole -q
msf5 auxiliary(scanner/smb/smb_ms17_010) > options

Module options (auxiliary/scanner/smb/smb_ms17_010):

   Name         Current Setting                                                       Required  Description
   ----         ---------------                                                       --------  -----------
   CHECK_ARCH   true                                                                  no        Check for architecture on vulnerable hosts
   CHECK_DOPU   true                                                                  no        Check for DOUBLEPULSAR on vulnerable hosts
   CHECK_PIPE   false                                                                 no        Check for named pipe on vulnerable hosts
   NAMED_PIPES  /home/msfdev/git/metasploit-framework/data/wordlists/named_pipes.txt  yes       List of named pipes to check
   Proxies                                                                            no        A proxy chain of format type:host:port[,type:host:port][...]
   RHOSTS       file:tmp2.txt                                                         yes       The target address range or CIDR identifier
   RPORT        445                                                                   yes       The SMB service port (TCP)
   SMBDomain    .                                                                     no        The Windows domain to use for authentication
   SMBPass                                                                            no        The password for the specified username
   SMBUser                                                                            no        The username to authenticate as
   THREADS      1                                                                     yes       The number of concurrent threads

msf5 auxiliary(scanner/smb/smb_ms17_010) > check
[-] Error while running command check: The following options failed to validate: RHOST.

Call stack:
/home/msfdev/git/metasploit-framework/lib/msf/ui/console/module_command_dispatcher.rb:158:in `cmd_check'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:522:in `run_command'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:473:in `block in run_single'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:467:in `each'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:467:in `run_single'
/home/msfdev/git/metasploit-framework/lib/rex/ui/text/shell.rb:151:in `run'
/home/msfdev/git/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/home/msfdev/git/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:49:in `<main>'
msf5 auxiliary(scanner/smb/smb_ms17_010) > exit

After Fix

msf5 auxiliary(scanner/smb/smb_ms17_010) > check
[*] 172.22.222.145:445 - This module does not support check.
[*] Checked 1 of 2 hosts (050% complete)
[*] 172.22.222.141:445 - This module does not support check.
[*] Checked 2 of 2 hosts (100% complete)
msf5 auxiliary(scanner/smb/smb_ms17_010) > 

Verification

List the steps needed to make sure this thing works

  • ./msfconsole -q
  • use auxiliary/scanner/smb/smb_ms17_010
  • set rhosts file:<file>
  • check
Check fix
Account for empty args array

@acammack-r7 acammack-r7 self-assigned this Mar 13, 2019

@acammack-r7 acammack-r7 merged commit a00f4bf into rapid7:master Mar 13, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

acammack-r7 added a commit that referenced this pull request Mar 13, 2019

@acammack-r7

This comment has been minimized.

Copy link
Contributor

acammack-r7 commented Mar 13, 2019

Release notes

The check command once again uses the value of RHOSTS to check hosts when none are directly passed to the command.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.