Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add listm and clearm commands to manage the module stack #12883

Merged
merged 2 commits into from Jan 29, 2020

Conversation

@wvu-r7
Copy link
Member

wvu-r7 commented Jan 28, 2020

For @Viss. If he so chooses to use the module stack. <3

msf5 > search postgres

Matching Modules
================

   #   Name                                                        Disclosure Date  Rank       Check  Description
   -   ----                                                        ---------------  ----       -----  -----------
   0   auxiliary/admin/http/manageengine_pmp_privesc               2014-11-08       normal     Yes    ManageEngine Password Manager SQLAdvancedALSearchResult.cc Pro SQL Injection
   1   auxiliary/admin/http/rails_devise_pass_reset                2013-01-28       normal     No     Ruby on Rails Devise Authentication Password Reset
   2   auxiliary/admin/postgres/postgres_readfile                                   normal     No     PostgreSQL Server Generic Query
   3   auxiliary/admin/postgres/postgres_sql                                        normal     No     PostgreSQL Server Generic Query
   4   auxiliary/analyze/crack_databases                                            normal     No     Password Cracker: Databases
   5   auxiliary/analyze/jtr_postgres_fast                                          normal     No     John the Ripper Postgres SQL Password Cracker
   6   auxiliary/scanner/postgres/postgres_dbname_flag_injection                    normal     No     PostgreSQL Database Name Command Line Flag Injection
   7   auxiliary/scanner/postgres/postgres_hashdump                                 normal     No     Postgres Password Hashdump
   8   auxiliary/scanner/postgres/postgres_login                                    normal     No     PostgreSQL Login Utility
   9   auxiliary/scanner/postgres/postgres_schemadump                               normal     No     Postgres Schema Dump
   10  auxiliary/scanner/postgres/postgres_version                                  normal     No     PostgreSQL Version Probe
   11  auxiliary/server/capture/postgresql                                          normal     No     Authentication Capture: PostgreSQL
   12  exploit/linux/postgres/postgres_payload                     2007-06-05       excellent  Yes    PostgreSQL for Linux Payload Execution
   13  exploit/multi/http/manage_engine_dc_pmp_sqli                2014-06-08       excellent  Yes    ManageEngine Desktop Central / Password Manager LinkViewFetchServlet.dat SQL Injection
   14  exploit/multi/postgres/postgres_copy_from_program_cmd_exec  2019-03-20       excellent  Yes    PostgreSQL COPY FROM PROGRAM Command Execution
   15  exploit/multi/postgres/postgres_createlang                  2016-01-01       good       Yes    PostgreSQL CREATE LANGUAGE Execution
   16  exploit/windows/misc/manageengine_eventlog_analyzer_rce     2015-07-11       manual     Yes    ManageEngine EventLog Analyzer Remote Code Execution
   17  exploit/windows/postgres/postgres_payload                   2009-04-10       excellent  Yes    PostgreSQL for Microsoft Windows Payload Execution
   18  post/linux/gather/enum_users_history                                         normal     No     Linux Gather User History


msf5 > pushm exploit/multi/postgres/postgres_copy_from_program_cmd_exec
msf5 > clearm
[*] Clearing module stack
msf5 > listm
[-] Module stack is empty
msf5 > pushm post/linux/gather/enum_users_history exploit/linux/postgres/postgres_payload
msf5 > listm
[*] Listing module stack

[1]	exploit/linux/postgres/postgres_payload
[0]	post/linux/gather/enum_users_history
msf5 > popm
msf5 exploit(linux/postgres/postgres_payload) > popm
msf5 post(linux/gather/enum_users_history) >

#12882

@cdelafuente-r7

This comment has been minimized.

Copy link
Contributor

cdelafuente-r7 commented Jan 28, 2020

Looks good to me 👍

@smcintyre-r7 smcintyre-r7 self-assigned this Jan 29, 2020
@smcintyre-r7

This comment has been minimized.

Copy link
Member

smcintyre-r7 commented Jan 29, 2020

Testing shows this works as advertised, I'll land this with some minor tweaks (and a bug fix to popm) momentarily.

[*] Processing /tmp/pushm.rc for ERB directives.
resource (/tmp/pushm.rc)> pushm auxiliary/scanner/ssh/ssh_login
resource (/tmp/pushm.rc)> pushm exploit/linux/local/glibc_ld_audit_dso_load_priv_esc
resource (/tmp/pushm.rc)> pushm post/linux/gather/gnome_keyring_dump
msf5 auxiliary(scanner/smb/psexec_loggedin_users) > listm
[*] Module stack:

[2]	post/linux/gather/gnome_keyring_dump
[1]	exploit/linux/local/glibc_ld_audit_dso_load_priv_esc
[0]	auxiliary/scanner/ssh/ssh_login
msf5 auxiliary(scanner/smb/psexec_loggedin_users) > popm 2
msf5 auxiliary(scanner/smb/psexec_loggedin_users) > listm
[*] Module stack:

[0]	auxiliary/scanner/ssh/ssh_login
msf5 auxiliary(scanner/smb/psexec_loggedin_users) > clearm
[*] Clearing the module stack
msf5 auxiliary(scanner/smb/psexec_loggedin_users) > listm
[-] The module stack is empty
msf5 auxiliary(scanner/smb/psexec_loggedin_users) >```
smcintyre-r7 added a commit that referenced this pull request Jan 29, 2020
@smcintyre-r7 smcintyre-r7 merged commit 66b856d into rapid7:master Jan 29, 2020
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@wvu-r7

This comment has been minimized.

Copy link
Member Author

wvu-r7 commented Jan 29, 2020

@wvu-r7

This comment has been minimized.

Copy link
Member Author

wvu-r7 commented Jan 29, 2020

Release Notes

This adds the listm and clearm commands to list and clear the module name stack as modified by the pushm and popm commands.

@wvu-r7 wvu-r7 deleted the wvu-r7:feature/stack branch Jan 29, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
You can’t perform that action at this time.