Always show module actions within the info command

[adfoster-r7]

Always show module actions within the info command.

Before

Actions are not always shown to the user

After

Actions are now shown

Verification

List the steps needed to make sure this thing works

• Start msfconsole

• use admin/serverprotect/file

• info

• Verify the available actions show as expected

• Start msfconsole

• use a module that doesn't have any options

• info

• Verify no actions show

[gwillcox-r7]

Confirmed to be working as expected. Here is the output from my tests:

msf6 > use admin/serverprotect/file
msf6 auxiliary(admin/serverprotect/file) > info

       Name: TrendMicro ServerProtect File Access
     Module: auxiliary/admin/serverprotect/file
    License: Metasploit Framework License (BSD)
       Rank: Normal

Provided by:
  toto

Available actions:
  Name      Description
  ----      -----------
  delete    Delete a file
  download  Download a file
  list      List files (not recommended - will crash the driver)
  upload    Upload a file

Check supported:
  No

Basic options:
  Name    Current Setting  Required  Description
  ----    ---------------  --------  -----------
  LPATH                    no        The local filesystem path
  RHOSTS                   yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
  RPATH                    no        The remote filesystem path
  RPORT   5168             yes       The target port (TCP)

Description:
  This modules exploits a remote file access flaw in the ServerProtect 
  Windows Server RPC service. Please see the action list (or the help 
  output) for more information.

References:
  https://cvedetails.com/cve/CVE-2007-6507/
  OSVDB (44318)
  http://www.zerodayinitiative.com/advisories/ZDI-07-077

msf6 auxiliary(admin/serverprotect/file) > 
msf6 auxiliary(admin/serverprotect/file) > exit
 ~/git/metasploit-framework │ @a933e102 ?1  ./msfconsole                                                               ✔ │ 60s │ 2.6.6 Ruby 
                                                  
     ,           ,
    /             \
   ((__---,,,---__))
      (_) O O (_)_________
         \ _ /            |\
          o_o \   M S F   | \
               \   _____  |  *
                |||   WW|||
                |||     |||


       =[ metasploit v6.0.10-dev-a933e10252               ]
+ -- --=[ 2069 exploits - 1123 auxiliary - 352 post       ]
+ -- --=[ 592 payloads - 45 encoders - 10 nops            ]
+ -- --=[ 7 evasion                                       ]

Metasploit tip: Use help <command> to learn more about any command

msf6 > use exploit/windows/local/cve_2020_
use exploit/windows/local/cve_2020_0668_service_tracing           use exploit/windows/local/cve_2020_1048_printerdemon
use exploit/windows/local/cve_2020_0787_bits_arbitrary_file_move  use exploit/windows/local/cve_2020_1313_system_orchestrator
use exploit/windows/local/cve_2020_0796_smbghost                  
msf6 > use exploit/windows/local/cve_2020_1313_system_orchestrator 
[*] No payload configured, defaulting to windows/x64/meterpreter/reverse_tcp
msf6 exploit(windows/local/cve_2020_1313_system_orchestrator) > info

       Name: Windows Update Orchestrator unchecked ScheduleWork call
     Module: exploit/windows/local/cve_2020_1313_system_orchestrator
   Platform: Windows
       Arch: 
 Privileged: No
    License: Metasploit Framework License (BSD)
       Rank: Excellent
  Disclosed: 2019-11-04

Provided by:
  Imre Rad
  bwatters-r7

Available targets:
  Id  Name
  --  ----
  0   Windows x64

Check supported:
  Yes

Basic options:
  Name             Current Setting  Required  Description
  ----             ---------------  --------  -----------
  EXECUTE_DELAY    3                yes       The number of seconds to delay between file upload and exploit launch
  EXPLOIT_NAME                      no        The filename to use for the exploit binary (%RAND% by default).
  EXPLOIT_TIMEOUT  60               yes       The number of seconds to wait for exploit to finish running
  PAYLOAD_NAME                      no        The filename for the payload to be used on the target host (%RAND%.exe by default).
  SESSION                           yes       The session to run this module on.
  WRITABLE_DIR                      no        Path to write binaries (%TEMP% by default).

Payload information:

Description:
  This exploit uses access to the UniversalOrchestrator ScheduleWork 
  API call which does not verify the caller's token before scheduling 
  a job to be run as SYSTEM. You cannot schedule something in a given 
  time, so the payload will execute as system sometime in the next 24 
  hours.

References:
  https://cvedetails.com/cve/CVE-2020-1313/
  https://github.com/irsl/CVE-2020-1313

msf6 exploit(windows/local/cve_2020_1313_system_orchestrator) > 

[gwillcox-r7]

Release Notes

Fixed an issue where the info command would not show the available actions that a module has. Available module actions should now be properly shown when the info command is run.