Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix NameError uninitialized constant in Msf::Post::Linux::Compile #12570

Merged
merged 1 commit into from Nov 14, 2019

Conversation

@timwr
Copy link
Contributor

timwr commented Nov 13, 2019

Quick fix for the linux compile mixin when gcc fails to compile.
See #12106
Also changes Failure::Unknown to Failure::BadConfig which makes more sense.

Verification Steps

  1. Start msfconsole
  2. Get a shell or meterpreter session on the target (with gui access, not via ssh)
  3. Add an invalid gcc binary to your PATH (or you could add a compile error to the code).
  4. Do: use exploit/linux/local/pkexec_helper_ptrace
  5. Do: set session #
  6. Do: exploit
  7. Verify [-] Exploit aborted due to failure: bad-config: /tmp/.ogfdvumewvxj.c failed to compile. Set COMPILE False to upload a pre-compiled executable. (previously this was NameError uninitialized constant...)

Alternatively you can just eyeball the changes.

@timwr timwr added the bug label Nov 13, 2019
@timwr

This comment has been minimized.

Copy link
Contributor Author

timwr commented Nov 13, 2019

Probably easiest for @bcoles

@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Nov 13, 2019

Before and after.

msf5 exploit(multi/handler) > 
[*] Sending stage (3021284 bytes) to 172.16.191.212
[*] Meterpreter session 1 opened (172.16.191.165:1337 -> 172.16.191.212:37846) at 2019-11-13 06:43:47 -0500

msf5 exploit(multi/handler) > back
msf5 > use exploit/linux/local/ptrace_traceme_pkexec_helper 
msf5 exploit(linux/local/ptrace_traceme_pkexec_helper) > set session 1
session => 1
msf5 exploit(linux/local/ptrace_traceme_pkexec_helper) > set verbose true
verbose => true
msf5 exploit(linux/local/ptrace_traceme_pkexec_helper) > run

[-] Exploit failed: The following options failed to validate: LHOST.
[*] Exploit completed, but no session was created.
msf5 exploit(linux/local/ptrace_traceme_pkexec_helper) > set lhost  172.16.191.165
lhost => 172.16.191.165
msf5 exploit(linux/local/ptrace_traceme_pkexec_helper) > run

[*] Started reverse TCP handler on 172.16.191.165:4444 
[+] Kernel version 4.19.79-std-def-alt1 appears to be vulnerable
[+] pkexec is installed
[+] System architecture x86_64 is supported
[*] Writing '/tmp/.opfaapx' (286 bytes) ...
[+] gcc is installed
[*] Live compiling exploit on system...
[-] /usr/bin/x86_64-alt-linux-gcc: No such file or directory
[-] Exploit failed: NameError uninitialized constant Msf::Post::Linux::Compile::Failure
[*] Exploit completed, but no session was created.
msf5 exploit(linux/local/ptrace_traceme_pkexec_helper) > edit lib/msf/core/post/linux/compile.rb
[*] Reloading /root/Desktop/metasploit-framework/lib/msf/core/post/linux/compile.rb
msf5 exploit(linux/local/ptrace_traceme_pkexec_helper) > run

[*] Started reverse TCP handler on 172.16.191.165:4444 
[+] Kernel version 4.19.79-std-def-alt1 appears to be vulnerable
[+] pkexec is installed
[+] System architecture x86_64 is supported
[*] Writing '/tmp/.nalugkjal' (286 bytes) ...
[+] gcc is installed
[*] Live compiling exploit on system...
[-] /usr/bin/x86_64-alt-linux-gcc: No such file or directory
[-] Exploit aborted due to failure: bad-config: /tmp/.hqngipx.c failed to compile. Set COMPILE False to upload a pre-compiled executable.
[*] Exploit completed, but no session was created.
msf5 exploit(linux/local/ptrace_traceme_pkexec_helper) > 
@bcoles bcoles self-requested a review Nov 13, 2019
@bcoles
bcoles approved these changes Nov 13, 2019
bcoles added a commit that referenced this pull request Nov 14, 2019
@bcoles bcoles merged commit d364c22 into rapid7:master Nov 14, 2019
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
msjenkins-r7 added a commit that referenced this pull request Nov 14, 2019
@bcoles

This comment has been minimized.

Copy link
Contributor

bcoles commented Nov 14, 2019

Release Notes

Changes the Msf::Post::Linux::Compile mixin to use the correct Failure class.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.