Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose remote data service errors to the msfconsole user #11948

Merged

Conversation

Projects
None yet
2 participants
@mkienow-r7
Copy link
Contributor

commented Jun 4, 2019

This changes the remote data service response handling to raise exceptions for error responses rather than failing silently. The changes expose the server-side error message to the user in console. The stack trace will start from the json_to_mdm_object or json_to_hash methods. The message will be from the server-side exception message if the response was an error response (non-200); otherwise, the message will be information about the local request or response issue.

Example

In the following example I temporarily introduce an exception into the HostServlet#get_host method by adding the line raise 'testing'.

def self.get_host
    lambda {
      warden.authenticate!
      begin
        raise 'testing'
        sanitized_params = sanitize_params(params, env['rack.request.query_hash'])
        data = get_db.hosts(sanitized_params)
        data = data.first if is_single_object?(data, sanitized_params)
        set_json_data_response(response: data)
      rescue => e
        print_error_and_create_response(error: e, message: 'There was an error retrieving hosts:', code: 500)
      end
    }
  end

master branch test

Console output:

Note the silent failure from the console user's perspective.

msf5 > db_status 
[*] Connected to remote_data_service: (https://localhost:5443). Connection type: http. Connection name: local-https-data-service.
msf5 > hosts

Hosts
=====

address  mac  name  os_name  os_flavor  os_sp  purpose  info  comments
-------  ---  ----  -------  ---------  -----  -------  ----  --------

msf5 > 
~/.msf4/logs/msf-ws.log:
�[1m�[31m[-]�[0m Error handling request: testing.
    Call Stack:
     /home/msfdev/metasploit-framework/lib/msf/core/web_services/servlet/host_servlet.rb:31:in `block in get_host'
     ...
     /home/msfdev/.rbenv/versions/2.6.2/bin/thin:23:in `<main>'

PR branch test

Console output:
msf5 > db_status 
[*] Connected to remote_data_service: (https://localhost:5443). Connection type: http. Connection name: local-https-data-service.
msf5 > hosts
[-] Error while running command hosts: There was an error retrieving hosts: testing

Call stack:
/home/msfdev/metasploit-framework/lib/metasploit/framework/data_service/remote/http/response_data_helper.rb:60:in `json_to_mdm_object'
/home/msfdev/metasploit-framework/lib/metasploit/framework/data_service/remote/http/remote_host_data_service.rb:12:in `hosts'
/home/msfdev/metasploit-framework/lib/metasploit/framework/data_service/proxy/host_data_proxy.rb:10:in `block in hosts'
/home/msfdev/metasploit-framework/lib/metasploit/framework/data_service/proxy/core.rb:166:in `data_service_operation'
/home/msfdev/metasploit-framework/lib/metasploit/framework/data_service/proxy/host_data_proxy.rb:5:in `hosts'
/home/msfdev/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:552:in `block in cmd_hosts'
/home/msfdev/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:2146:in `block in each_host_range_chunk'
/home/msfdev/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:2127:in `each'
/home/msfdev/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:2127:in `each_host_range_chunk'
/home/msfdev/metasploit-framework/lib/msf/ui/console/command_dispatcher/db.rb:549:in `cmd_hosts'
/home/msfdev/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/home/msfdev/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/home/msfdev/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/home/msfdev/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/home/msfdev/metasploit-framework/lib/rex/ui/text/shell.rb:151:in `run'
/home/msfdev/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/home/msfdev/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:49:in `<main>'
~/.msf4/logs/msf-ws.log:
�[1m�[31m[-]�[0m Error handling request: testing.
    Call Stack:
     /home/msfdev/rapid7/metasploit-framework/lib/msf/core/web_services/servlet/host_servlet.rb:31:in `block in get_host'
     ...
     /home/msfdev/.rbenv/versions/2.6.2/bin/thin:23:in `<main>'

Verification

  • Restart the database and MSF web service (data services) using msfdb restart, or init/reinit if necessary.
  • Start msfconsole
  • Verify db_status reports an HTTP connection type
  • Perform various data operations (hosts, services, vulns, creds, loots, notes)
  • Verify data operations operate as expected
  • Exit msfconsole
  • Temporarily introduce exceptions into the lib/msf/core/web_services/servlet/* servlet methods. For example, edit lib/msf/core/web_services/servlet/host_servlet.rb and add the following after the begin statement in the get_host method:
raise 'testing'
  • Restart the database and MSF web service (data services) using msfdb restart
  • Start msfconsole
  • Verify An error message and stack trace appears on the console when the hosts command is run
  • Repeat for servlet endpoints and commands

mkienow-r7 added some commits Jun 4, 2019

Modify ResponseWrapper to support three states
There is a success response, an error response and a failed response.
An error response contains a body with an error message from the
server-side, while a failed response represents an invalid response
caused by an issue with the request or response.
Refactor remote data service response handling
Raises exceptions for error responses rather than failing silently.
This exposes the server-side error message to the user in console.
@mkienow-r7

This comment has been minimized.

Copy link
Contributor Author

commented Jun 4, 2019

Added delayed label since Travis CI tests are failing

mkienow-r7 added some commits Jun 5, 2019

Handle exceptions raised by get_msf_version call
Exceptions may be raised via the remote data service response handling
while making the call to check the MSF version.

@mkienow-r7 mkienow-r7 removed the delayed label Jun 5, 2019

@mkienow-r7

This comment has been minimized.

Copy link
Contributor Author

commented Jun 5, 2019

Removed the delayed label since I fixed test failures.

@jbarnett-r7 jbarnett-r7 merged commit 3c4699c into rapid7:master Jun 6, 2019

3 checks passed

Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

jbarnett-r7 added a commit that referenced this pull request Jun 6, 2019

@jbarnett-r7

This comment has been minimized.

Copy link
Contributor

commented Jun 6, 2019

Release Notes

This PR causes errors returned from the remote data service to be displayed in msfconsole instead of only logging them.

@mkienow-r7 mkienow-r7 referenced this pull request Jun 10, 2019

Open

Add Pingback Payloads #11903

0 of 14 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.