Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

moodle_cmd_exec nil check #11833

Merged
merged 1 commit into from May 20, 2019

Conversation

Projects
None yet
4 participants
@h00die
Copy link
Contributor

commented May 10, 2019

Fixes #11832 by adding a check for nil before trying to use the variable.

@LauanGuermandi can you give this a run to make sure it solves the problem (exit gracefully instead of crashing).

Verification

Use the module against a host that doesn't exist or isn't running HTTP.

msf5 exploit(multi/http/moodle_cmd_exec) > set rhost 192.168.0.199
rhost => 192.168.0.199
msf5 exploit(multi/http/moodle_cmd_exec) > run

[*] Started reverse TCP double handler on 192.168.1.5:4444 
[-] Exploit failed: NoMethodError undefined method `get_cookies' for nil:NilClass
[*] Exploit completed, but no session was created.

After the fix

msf5 exploit(multi/http/moodle_cmd_exec) > run

[*] Started reverse TCP double handler on 192.168.1.5:4444 
[-] Exploit aborted due to failure: unreachable: No response received from the target.
[*] Exploit completed, but no session was created.

@h00die h00die added bug easy labels May 10, 2019

@bcoles

bcoles approved these changes May 11, 2019

@bwatters-r7 bwatters-r7 self-assigned this May 20, 2019

@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented May 20, 2019

Old and busted:

msf5 exploit(windows/smb/psexec) > use exploit/multi/http/moodle_cmd_exec 
msf5 exploit(multi/http/moodle_cmd_exec) > set rhost 127.0.0.1
rhost => 127.0.0.1
msf5 exploit(multi/http/moodle_cmd_exec) > run

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP double handler on 127.0.0.1:4444 
[-] Exploit failed: NoMethodError undefined method `get_cookies' for nil:NilClass
[*] Exploit completed, but no session was created.
msf5 exploit(multi/http/moodle_cmd_exec) > exit

New and Improved (tm)

msf5 exploit(windows/smb/psexec) > use exploit/multi/http/moodle_cmd_exec 
msf5 exploit(multi/http/moodle_cmd_exec) > set rhost 127.0.0.1
rhost => 127.0.0.1
msf5 exploit(multi/http/moodle_cmd_exec) > run

[!] You are binding to a loopback address by setting LHOST to 127.0.0.1. Did you want ReverseListenerBindAddress?
[*] Started reverse TCP double handler on 127.0.0.1:4444 
[-] Exploit aborted due to failure: unreachable: No response received from the target.
[*] Exploit completed, but no session was created.
msf5 exploit(multi/http/moodle_cmd_exec) >

@bwatters-r7 bwatters-r7 merged commit 74fbcaf into rapid7:master May 20, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

bwatters-r7 added a commit that referenced this pull request May 20, 2019

Land #11833, moodle_cmd_exec nil check
Merge branch 'land-11833' into upstream-master

@h00die h00die deleted the h00die:fix11832 branch May 20, 2019

@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented May 20, 2019

Release notes:

This adds a check to give a better error message when the moodle_cmd_exec exploit is thrown against a server that's not listening.

msjenkins-r7 added a commit that referenced this pull request May 20, 2019

Land #11833, moodle_cmd_exec nil check
Merge branch 'land-11833' into upstream-master

@gdavidson-r7 gdavidson-r7 added the rn-fix label May 29, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.