Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix nil RangeWalker length for invalid range in exploit RHOSTS #12199

Merged
merged 1 commit into from
Aug 15, 2019
Merged

Fix nil RangeWalker length for invalid range in exploit RHOSTS #12199

merged 1 commit into from
Aug 15, 2019

Conversation

wvu
Copy link
Contributor

@wvu wvu commented Aug 15, 2019
edited
Loading

reset returns false and doesn't initialize length. This just restores the to_i that was present before.

Before

msf5 exploit(unix/webapp/drupal_restws_unserialize) > set rhosts .
rhosts => .
msf5 exploit(unix/webapp/drupal_restws_unserialize) > run
[-] Error while running command run: undefined method `>' for nil:NilClass

Call stack:
/rapid7/metasploit-framework/lib/msf/ui/console/command_dispatcher/exploit.rb:173:in `cmd_exploit'
/rapid7/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/rapid7/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/rapid7/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/rapid7/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/rapid7/metasploit-framework/lib/rex/ui/text/shell.rb:151:in `run'
/rapid7/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/rapid7/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:49:in `<main>'
msf5 exploit(unix/webapp/drupal_restws_unserialize) >

After

msf5 exploit(unix/webapp/drupal_restws_unserialize) > set rhosts .
rhosts => .
msf5 exploit(unix/webapp/drupal_restws_unserialize) > run

[-] Exploit failed: The following options failed to validate: RHOSTS.
[*] Exploit completed, but no session was created.
msf5 exploit(unix/webapp/drupal_restws_unserialize) >

Updates #11497. Fixes #12193.

@wvu
Fix nil RangeWalker length for invalid range
3aad5ac 
reset returns false and doesn't initialize length.
@wvu wvu requested a review from busterb August 15, 2019 02:46
@wvu wvu changed the title Fix nil RangeWalker length for invalid range Fix nil RangeWalker length for invalid range in exploit RHOSTS Aug 15, 2019
@wvu
Copy link
Contributor Author

wvu commented Aug 15, 2019

jEnKiNs tEsT tHiS pLeAsE

busterb
busterb approved these changes Aug 15, 2019
View reviewed changes
Copy link
Member

@busterb busterb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good change

@busterb busterb self-assigned this Aug 15, 2019
@bcook-r7 bcook-r7 merged commit 3aad5ac into rapid7:master Aug 15, 2019
bcook-r7 pushed a commit that referenced this pull request Aug 15, 2019
@busterb
Land #12199, fix invalid range backtrace when RHOSTS is invalid
3437ba7
@busterb
Copy link
Member

busterb commented Aug 15, 2019

Release Notes

This replaces a backtrace with a friendly error message when the user specifies an invalid value for RHOSTS in an exploit module.

@wvu
Copy link
Contributor Author

wvu commented Aug 15, 2019

Thanks!

@wvu wvu deleted the bug/rhosts branch August 15, 2019 15:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@busterb busterb busterb approved these changes

Assignees

@busterb busterb

Labels
bug library msf5 msfconsole
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Issue/error running exploit/unix/webapp/drupal_restws_unserialize exploit
3 participants
@wvu @busterb @bcook-r7