Fix payload data model #11871
Fix payload data model #11871
Conversation
| @@ -65,7 +65,7 @@ Gem::Specification.new do |spec| | |||
| # Metasploit::Credential database models | |||
| spec.add_runtime_dependency 'metasploit-credential' | |||
| # Database models shared between framework and Pro. | |||
| spec.add_runtime_dependency 'metasploit_data_models' | |||
| spec.add_runtime_dependency 'metasploit_data_models', '3.0.10' | |||
There was a problem hiding this comment.
If we want to keep releasing new gems with this code we should probably do that under a new major version number (4.x.x). That way, we can use a version restriction here for <4.0) in case we need to pull in a bug fix for metasploit data models (and to make life for Pro easier).
There was a problem hiding this comment.
Yep, next revision I think we should bump so we can segregate this from the 4.x-compatible stream.
There was a problem hiding this comment.
Pro is currently on metasploit_data_models 2.x stream however once msf5 reaches Pro this recommendation would be good to support.
|
Does |
|
There are still workspace queries in |
As near as I can tell. This PR is meant to fix that which was immediately broken. I did not see those two methods being called during normal workflows, but I didn't search to see if they were being used elsewhere. Is that a blocker to landing this PR? |
|
Not sure I follow? I'll fix it up before landing if you can't get to it in time. Testing now... |
|
This also worked when I randomly killed the database service in the middle of listening. Good to go. |
Release NotesThis fixes an issue where an error would display in msfconsole when establishing a Meterpreter HTTP/S session when using a local postgresql database, preventing interaction with the session. |
|
Out of scope for this PR, but notes for the next, it appears that the wspace/workspace additions are load-bearing (that is, might still be some sort of workspace/payload association). A patch like this: diff --git a/lib/metasploit/framework/data_service/proxy/payload_data_proxy.rb b/lib/metasploit/framework/data_service/proxy/payload_data_proxy.rb
index 581f025991..955ec42a24 100644
--- a/lib/metasploit/framework/data_service/proxy/payload_data_proxy.rb
+++ b/lib/metasploit/framework/data_service/proxy/payload_data_proxy.rb
@@ -3,7 +3,6 @@ module PayloadDataProxy
def payloads(opts)
begin
self.data_service_operation do |data_service|
- add_opts_workspace(opts)
data_service.payloads(opts)
end
rescue => e
@@ -14,7 +13,6 @@ module PayloadDataProxy
def create_payload(opts)
begin
self.data_service_operation do |data_service|
- add_opts_workspace(opts)
data_service.create_payload(opts)
end
rescue => e
diff --git a/lib/msf/core/db_manager/payload.rb b/lib/msf/core/db_manager/payload.rb
index 43596930d6..77ad8c90a2 100644
--- a/lib/msf/core/db_manager/payload.rb
+++ b/lib/msf/core/db_manager/payload.rb
@@ -7,8 +7,6 @@ module Msf::DBManager::Payload
raise ArgumentError.new("A payload with this uuid already exists.")
end
end
-
- wspace = Msf::Util::DBManager.process_opts_workspace(opts, framework)
Mdm::Payload.create!(opts)
end
end
@@ -30,9 +28,6 @@ module Msf::DBManager::Payload
def update_payload(opts)
::ActiveRecord::Base.connection_pool.with_connection do
- wspace = Msf::Util::DBManager.process_opts_workspace(opts, framework, false)
- opts[:workspace] = wspace if wspace
-
id = opts.delete(:id)
Mdm::Payload.update(id, opts)
end
diff --git a/msfvenom b/msfvenom
index 96ce04538a..a2b8b6620e 100755
--- a/msfvenom
+++ b/msfvenom
@@ -43,7 +43,7 @@ def init_framework(create_opts={})
type = Msf.const_get("MODULE_#{type.upcase}")
end
- @framework = ::Msf::Simple::Framework.create(create_opts.merge('DisableDatabase' => true))
+ @framework = ::Msf::Simple::Framework.create(create_opts)
endThrows this error on payload create with msfvenom: With an addition longer trace into active record available in framework.log. There might still be some inheritance of workspace in payloads deeper down, or I just have a local gem out of sync; will see after this next release. |
A recent update to
metasploit_data_modelsremoved the association between payloads and workspaces. Per @bcook, and after a discussion among a few on the team, we decided to remove theworkspaceassociation from thepayloadobject, making payloads independent from workspaces.I made the change to the data models gem on 10-May, not realizing that the
metasploit-framework.gemspecfile did not lock the version of themetasploit_data_modelsgem. Further, I did not realize that Jenkins would automatically upgrade the gem, incorporating the data model changes before the changes in this PR were ready and tested.This PR addresses two changes in
lib/msf/core/db_manager/payload.rb, where payloads were previously added or located via awspaceobject. Now, the payloads are added and located directly viaMdm::Payload, in line with the data model changes.Verification
To verify these changes, create a variety of payloads, making sure to explicitly set PayloadUUIDTracking on a UUID-supported payload to check multiple code paths:
Initial setup
msfconsoledb_statusto confirm database connection via theremote_data_service(HTTP)Payload generation
use payload/java/meterpreter/reverse_httpset LHOST [your local IP]set PayloadUUIDTracking falsegenerate -f jar -o uuid_disabled.jarset PayloadUUIDTracking truegenerate -f jar -o uuid_enabled.jarProblem retrieving payload: undefined methodpayloads'`) A successful test looks like:Payload callback
use exploit/multi/handlerset PAYLOAD java/meterpreter/reverse_httpset LHOST [your local IP]set PayloadUUIDTracking falserunuuid_disabled.jarexitthe Meterpreter session.set PayloadUUIDTracking trueuuid_enabled.jarrunexitthe Meterpreter session.Optional:
db_disconnect), to fallback to Postgres connectivity.