Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Moves file path logic into command_dispatcher/common #12989

Merged
merged 1 commit into from Mar 4, 2020

Conversation

@adamgalway-r7
Copy link
Contributor

adamgalway-r7 commented Feb 25, 2020

Moves logic for filtering file paths in core.rb & module.rb to common.rb. trim_path Is now used by both files and filters out ., /, ./, #{TLD}/ where TLD is the name of the top level directory that can be removed from the path, as well as complete and misspelled file extensions (IE For ruby files: ., .rb, .r, .b)

Verification

  • Start msfconsole
  • Use exploits/windows/smb/ms08_067_netapi.
  • Use exploits/windows/smb/ms08_067_netapi.r
  • Use exploits/windows/smb/ms08_067_netapi.rb
  • Use /exploits/windows/smb/ms08_067_netapi.rb
  • Use ./exploits/windows/smb/ms08_067_netapi.rb
  • Use .exploits/windows/smb/ms08_067_netapi.rb
  • Verify all the above execute correctly: exploit(windows/smb/ms08_067_netapi)
  • use crosschex
  • set PAYLOAD /payload/windows/x64/vncinject/reverse_winhttps
  • set PAYLOAD ./payload/windows/x64/vncinject/reverse_winhttps
  • set PAYLOAD .payload/windows/x64/vncinject/reverse_winhttps
  • set PAYLOAD payload/windows/x64/vncinject/reverse_winhttps
  • set PAYLOAD /windows/x64/vncinject/reverse_winhttps
  • set PAYLOAD windows/x64/vncinject/reverse_winhttps
  • Verify all of the above inputs return PAYLOAD => windows/x64/vncinject/reverse_winhttps

Updates #12946, specifically #12946 (review).

@@ -1580,8 +1580,8 @@ def cmd_set(*args)
# Set PAYLOAD
if name.upcase == 'PAYLOAD' && active_module && (active_module.exploit? || active_module.evasion?)
if value.start_with?('/', 'payload/')

This comment has been minimized.

Copy link
@adfoster-r7

adfoster-r7 Feb 26, 2020

Contributor

I think we can drop this guard clause now? 🤔

value = trim_path(value, "payload")

index_from_list(payload_show_results, value) do |mod|
    return false unless mod && mod.respond_to?(:first)

    # [name, class] from payload_show_results
    value = mod.first
end

This comment has been minimized.

Copy link
@adamgalway-r7

adamgalway-r7 Feb 27, 2020

Author Contributor

Indeed we can, good 👁!

@wvu-r7 wvu-r7 added the library label Feb 26, 2020
CORRECT_MODULE_PATH
]

'./payload/windows/x64/vncinject/reverse_winhttps.rb'

This comment has been minimized.

Copy link
@adfoster-r7

adfoster-r7 Feb 28, 2020

Contributor

Just confirming if this is a floating string or not 👀

@adamgalway-r7 adamgalway-r7 force-pushed the adamgalway-r7:path-logic-to-common branch 3 times, most recently from 2d65212 to 7b6c06c Feb 28, 2020
@adamgalway-r7 adamgalway-r7 force-pushed the adamgalway-r7:path-logic-to-common branch from 7b6c06c to 607b7ae Mar 4, 2020
@adfoster-r7 adfoster-r7 merged commit 5ed87be into rapid7:master Mar 4, 2020
3 checks passed
3 checks passed
Metasploit Automation - Sanity Test Execution Successfully completed all tests.
Details
Metasploit Automation - Test Execution Successfully completed all tests.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
fengjixuchui added a commit to fengjixuchui/metasploit-framework that referenced this pull request Mar 4, 2020
Land rapid7#12989, internal refactor sanitizing module names before t…
@adamgalway-r7

This comment has been minimized.

Copy link
Contributor Author

adamgalway-r7 commented Mar 4, 2020

Release Notes

Sanitizes user input for module and payload paths, removing starting ., ./ /, [module|payload]/, and /[module|payload]/ from a path. Also trims trailing . and extensions from a path, as well as any possible misspellings of an extension.

@adamgalway-r7 adamgalway-r7 deleted the adamgalway-r7:path-logic-to-common branch Mar 4, 2020
@adfoster-r7 adfoster-r7 self-assigned this Mar 4, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

5 participants
You can’t perform that action at this time.