Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix localization issue in module linux/gather/ppp_chap_secrets #15284

Merged
merged 1 commit into from
Jun 4, 2021
Merged

fix localization issue in module linux/gather/ppp_chap_secrets #15284

merged 1 commit into from
Jun 4, 2021

Conversation

pingport80
Copy link
Contributor

Summary

This PR fixes a localization issue in the post module linux/gather/ppp_chat_secrets. The module was using strings like permission denied, empty etc. received from the remote system to verify some checks. But the error messages like these can vary from locale to locale.

Verification Steps

Before

The remote system has a spanish locale so the error message permission denied will be printed as permiso denegado but the module is treating that error message as data and processing it.

msf6 post(linux/gather/pptpd_chap_secrets) > rerun 
[*] Reloading module...

PPTPd chap-secrets
==================

 Client  Server                  Secret   IP
 ------  ------                  ------   --
 cat:    /etc/ppp/chap-secrets:  Permiso  denegado

[+] Secrets stored in: /home/pingport80/.msf4/loot/20210526201321_default_127.0.0.1_linux.chapsecret_194661.txt
[*] Post module execution completed

After

The module fails with an error message if the file /etc/ppp/chat-secrets is not present or not readable.

msf6 post(linux/gather/pptpd_chap_secrets) > rerun 
[*] Reloading module...

[-] Post aborted due to failure: bad-config: The file /etc/ppp/chap-secrets does not exist or is not a readable file!
[*] Post module execution completed
msf6 post(linux/gather/pptpd_chap_secrets) >

If the file is present and readable it should be working as expected.

msf6 post(linux/gather/pptpd_chap_secrets) > rerun
[*] Reloading module...

PPTPd chap-secrets
==================

 Client   Server   Secret   IP
 ------   ------   ------   --
 client0  server0  secret0  127.0.0.1

[+] Secrets stored in: /home/pingport80/.msf4/loot/20210601220120_default_127.0.0.1_linux.chapsecret_598082.txt
[*] Post module execution completed

@smcintyre-r7 smcintyre-r7 self-assigned this Jun 4, 2021
smcintyre-r7
smcintyre-r7 approved these changes Jun 4, 2021
View reviewed changes
Copy link
Contributor

@smcintyre-r7 smcintyre-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was able to reproduce the original bug and confirm that these changes fix it. Thanks!

Testing Output

Original bug

msf6 payload(python/meterpreter/reverse_tcp) > use post/linux/gather/pptpd_chap_secrets 
msf6 post(linux/gather/pptpd_chap_secrets) > show options 

Module options (post/linux/gather/pptpd_chap_secrets):

   Name     Current Setting        Required  Description
   ----     ---------------        --------  -----------
   FILE     /etc/ppp/chap-secrets  yes       The default path for chap-secrets
   SESSION  -1                     yes       The session to run this module on.

msf6 post(linux/gather/pptpd_chap_secrets) > run

[!] SESSION may not be compatible with this module (unloadable Meterpreter extension: )
PPTPd chap-secrets
==================

 Client  Server                  Secret   IP
 ------  ------                  ------   --
 cat:    /etc/ppp/chap-secrets:  Permiso  denegado

[+] Secrets stored in: /home/smcintyre/.msf4/loot/20210604093316_default_192.168.159.128_linux.chapsecret_430998.txt
[*] Post module execution completed
msf6 post(linux/gather/pptpd_chap_secrets) >

Fixed

msf6 payload(python/meterpreter/reverse_tcp) > use post/linux/gather/pptpd_chap_secrets 
msf6 post(linux/gather/pptpd_chap_secrets) > show options 

Module options (post/linux/gather/pptpd_chap_secrets):

   Name     Current Setting        Required  Description
   ----     ---------------        --------  -----------
   FILE     /etc/ppp/chap-secrets  yes       The default path for chap-secrets
   SESSION  -1                     yes       The session to run this module on.

msf6 post(linux/gather/pptpd_chap_secrets) > run

[!] SESSION may not be compatible with this module (unloadable Meterpreter extension: )
[-] Failed to open file: /etc/ppp/chap-secrets: core_channel_open: Operation failed: Python exception: PermissionError
[-] Post aborted due to failure: bad-config: The file /etc/ppp/chap-secrets does not exist or is not a readable file!
[*] Post module execution completed
msf6 post(linux/gather/pptpd_chap_secrets) >

@smcintyre-r7 smcintyre-r7 merged commit 0903fc8 into rapid7:master Jun 4, 2021
@smcintyre-r7
Copy link
Contributor

Release Notes

This fixes a localization-related issue in the post/linux/gather/pptpd_chap_secrets module. If the file is unreadable, Metasploit would treat the permission denied error as the contents.

@pingport80 pingport80 deleted the fix_localization_pppchapsecret branch June 4, 2021 13:44
@pbarry-r7 pbarry-r7 added the rn-fix release notes fix label Jun 11, 2021
@smcintyre-r7 smcintyre-r7 added the GSoC Google Summer of Code project PRs label Jun 24, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smcintyre-r7 smcintyre-r7 smcintyre-r7 approved these changes

Assignees

@smcintyre-r7 smcintyre-r7

Labels
bug GSoC Google Summer of Code project PRs module rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@pingport80 @smcintyre-r7 @pbarry-r7