Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix stack_adjustment nil bug and refactor method #12377

Merged
merged 1 commit into from Oct 1, 2019

Conversation

@wvu-r7
Copy link
Contributor

commented Oct 1, 2019

Also fix incorrect docs.

This bug appears to be a Heisenbug, and it triggers infrequently for me due to as yet unknown reasons.

msf5 exploit(windows/smb/doublepulsar_rce) > run

From: /rapid7/metasploit-framework/lib/msf/core/exploit.rb @ line 819 Msf::Exploit#stack_adjustment:

    808: def stack_adjustment
    809:   if (target and target.payload_stack_adjustment)
    810:     adj = target.payload_stack_adjustment
    811:   else
    812:     adj = payload_info['StackAdjustment']
    813:   end
    814:
    815:   # Get the architecture for the current target or use the one specific to
    816:   # this exploit
    817:   arch = (target and target.arch) ? target.arch : self.arch
    818:
 => 819:   require 'pry'; binding.pry
    820:
    821:   # Default to x86 if we can't find a list of architectures
    822:   if (arch and arch.empty? == false)
    823:     arch = arch.join(", ")
    824:   else
    825:     arch = 'x86'
    826:   end
    827:
    828:   (adj != nil) ? Rex::Arch::adjust_stack_pointer(arch, adj) || '' : ''
    829: end

[1] pry(#<Msf::Modules::Exploit__Windows__Smb__Doublepulsar_rce::MetasploitModule>)> arch
=> "x64"
[2] pry(#<Msf::Modules::Exploit__Windows__Smb__Doublepulsar_rce::MetasploitModule>)>

[-] 192.168.56.115:445 - Exploit failed: undefined method `join' for "x64":String
[*] Exploit completed, but no session was created.
msf5 exploit(windows/smb/doublepulsar_rce) >

#12374

Also fix incorrect docs.
@wvu-r7 wvu-r7 added library bug labels Oct 1, 2019
@busterb busterb self-assigned this Oct 1, 2019
busterb added a commit that referenced this pull request Oct 1, 2019
@busterb busterb merged commit 9592e85 into rapid7:master Oct 1, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@busterb

This comment has been minimized.

Copy link
Member

commented Oct 1, 2019

Release Notes

This fixes a bug in the stack_adjustment exploit module method that generates an error when a module specifies the Arch metadata as a single string constant rather than an array.

@wvu-r7 wvu-r7 deleted the wvu-r7:bug/arch branch Oct 1, 2019
msjenkins-r7 added a commit that referenced this pull request Oct 2, 2019
@tperry-r7 tperry-r7 added the rn-fix label Oct 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.