Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RHOSTS: accept both "file://<path>" and "file:<path>" syntax #12314

Merged
merged 4 commits into from Sep 24, 2019

Conversation

@cnotin
Copy link
Contributor

commented Sep 11, 2019

The RHOSTS option is compatible with file paths to load targets from a hosts file.
Many documentations and examples (example in Metasploit 5.0 release notes) describe its usage with the "file://" syntax, like a URL. However, by reading the code, I noticed it should actually be "file:".

The patch allows to use both syntax for maximum compatibility, and without having to fix all documentations.

Verification

Create the data file:

echo 127.0.0.1 > /root/list.txt
echo 127.0.0.2 >> /root/list.txt

Open msfconsole and load any module which uses RHOSTS and set a few options (for better output):

use auxiliary/scanner/mysql/mysql_version
set verbose true
set showprogress false

Run these variations:

set rhosts file:list.txt
run
set rhosts file:./list.txt
run
set rhosts file:/root/list.txt
run

set rhosts file://list.txt
run
set rhosts file://./list.txt
run
set rhosts file:///root/list.txt
run

Before the patch:

msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:list.txt
rhosts => file:list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:./list.txt
rhosts => file:./list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:/root/list.txt
rhosts => file:/root/list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file://list.txt
rhosts => file://list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOSTS.
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file://./list.txt
rhosts => file://./list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run
[-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOSTS.
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:///root/list.txt
rhosts => file:///root/list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 

Failures for "file://list.txt" and "file://./list.txt"...

After the patch:

msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:./list.txt
rhosts => file:./list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:/root/list.txt
rhosts => file:/root/list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file://list.txt
rhosts => file://list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file://./list.txt
rhosts => file://./list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
msf5 auxiliary(scanner/mysql/mysql_version) > set rhosts file:///root/list.txt
rhosts => file:///root/list.txt
msf5 auxiliary(scanner/mysql/mysql_version) > run

[-] 127.0.0.1:3306        - 127.0.0.1:3306 - Connection failed
[-] 127.0.0.2:3306        - 127.0.0.2:3306 - Connection failed
[*] Auxiliary module execution completed
msf5 auxiliary(scanner/mysql/mysql_version) > 
cnotin added 3 commits Sep 11, 2019
@cnotin

This comment has been minimized.

Copy link
Contributor Author

commented Sep 11, 2019

Suggestion too: explain the possibility of using "file:" syntax in the description of RHOSTS (as people re-discover it now and then)

# @return [OptAddressRange]
def self.RHOSTS(default=nil, required=true, desc="The target address range or CIDR identifier")
Msf::OptAddressRange.new('RHOSTS', [ required, desc, default ])
end
def self.RHOST(default=nil, required=true, desc="The target address range or CIDR identifier")
Msf::OptAddressRange.new('RHOSTS', [ required, desc, default ], aliases: [ 'RHOST' ])
end

What do you think?

@busterb

This comment has been minimized.

Copy link
Member

commented Sep 19, 2019

Yeah, I think describing it in the option definition is a good idea too, thanks.

@cnotin

This comment has been minimized.

Copy link
Contributor Author

commented Sep 20, 2019

Here it is, tell me what you think :)

@busterb busterb self-assigned this Sep 24, 2019
@busterb

This comment has been minimized.

Copy link
Member

commented Sep 24, 2019

Yeah, looks good. Moving this one forward...

@busterb

This comment has been minimized.

Copy link
Member

commented Sep 24, 2019

Noting there are a lot of file:// URLs in the tree still, but wouldn't hold this PR up for it. Maybe something easy for someone to grab later, though there's no real urgency.

git grep "file:\/\/"

On a first pass most of these seem to be legitimate anyway, just as part of exploit descriptions. I think we got to this state in the first place simply because file:// is common in many applications. Thanks for looking into the details here.

busterb added a commit that referenced this pull request Sep 24, 2019
@busterb busterb merged commit 3044fdf into rapid7:master Sep 24, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@busterb

This comment has been minimized.

Copy link
Member

commented Sep 24, 2019

Release Notes

This documents the syntax used by the RHOSTS command when a file: parameter is passed. Variously throughout existing Metasploit documentation, this was described as using file:// which happens to work, but the extra slashes were not required.

@cnotin cnotin deleted the cnotin:patch-1 branch Sep 24, 2019
@jmartin-r7 jmartin-r7 added the msf5 label Sep 24, 2019
@jmartin-r7

This comment has been minimized.

Copy link
Contributor

commented Sep 24, 2019

Labeled msf5 due to interaction with global RHOSTS support, I may backport to 4.x if conflicts can be quickly resolved.

@fishsticksflafor

This comment has been minimized.

Copy link

commented Sep 24, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.