Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update local exploit suggester to handle nil targets #15465

Merged
merged 2 commits into from
Jul 28, 2021
Merged

Update local exploit suggester to handle nil targets #15465

merged 2 commits into from
Jul 28, 2021

Conversation

sjanusz-r7
Copy link
Contributor

This PR fixes an issue with local_exploit_suggester, where it would crash if i encountered a module with a nil target property.

Before

When a module returns a nil target:
image

After

image

Verification

List the steps needed to make sure this thing works

  • Apply this patch
diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb
index 8f7891cef2..94b8bbdd86 100644
--- a/lib/msf/core/exploit.rb
+++ b/lib/msf/core/exploit.rb
@@ -634,6 +634,10 @@ class Exploit < Msf::Module
   # default target, that one will be automatically used.
   #
   def target
+    if self.fullname == "exploit/windows/local/ms10_092_schelevator"
+      return nil
+    end
     if self.respond_to?(:auto_targeted_index)
       if auto_target?
         auto_idx = auto_targeted_index
  • Start msfconsole
  • Get a session
  • Use local_exploit_suggester
  • Verify the exploit suggester doesn't crash

@agalway-r7 agalway-r7 self-assigned this Jul 26, 2021
adfoster-r7
adfoster-r7 requested changes Jul 26, 2021
View reviewed changes
modules/post/multi/recon/local_exploit_suggester.rb Outdated
@@ -119,33 +121,38 @@ def run
@local_exploits.each do |m|
begin
checkcode = m.check
rescue Rex::Post::Meterpreter::RequestError => e
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Out of interest, what's the rationale behind special casing this exception in particular? 👀

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know it was there previously, but was it investigated in more detail whether it's needed still? 🕵️

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I'm not confuddled, it's that this error indicates the session is borked and that you can't run any more checks, where as any other error indicates it was just the check that had an issue

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's raised in other circumstances too:

meterpreter > run post/windows/manage/migrate

[*] Running module against HOME-F006222D6C
[*] Current server process: webappmon.exe (7064)
[*] Spawning notepad.exe process to migrate to
[-] Post failed: Rex::Post::Meterpreter::RequestError stdapi_sys_process_execute: Operation failed: Access is denied.
[-] Call stack:
[-]   /projects/exploiting/trunk/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb:163:in `execute'
[-]   (eval):80:in `create_temp_proc'
[-]   (eval):49:in `run'
=end

@sjanusz-r7 sjanusz-r7 force-pushed the update-local-exploit-suggester-to-handle-nil-targets branch from 36f2415 to 1288e85 Compare July 28, 2021 09:24
adfoster-r7
adfoster-r7 approved these changes Jul 28, 2021
View reviewed changes
Copy link
Contributor

@adfoster-r7 adfoster-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just waiting on jenkins 🐌

@adfoster-r7
Copy link
Contributor

@msjenkins-r7 retest this please

@adfoster-r7 adfoster-r7 merged commit 8c43a7a into rapid7:master Jul 28, 2021
@adfoster-r7
Copy link
Contributor

Release Notes

Updates the local exploit suggester to gracefully handle modules raising unintended exceptions and nil target information

@adfoster-r7 adfoster-r7 added the rn-enhancement release notes enhancement label Jul 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmartin-tech jmartin-tech jmartin-tech left review comments

@agalway-r7 agalway-r7 agalway-r7 left review comments

@adfoster-r7 adfoster-r7 adfoster-r7 approved these changes

Assignees

@agalway-r7 agalway-r7

Labels
rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sjanusz-r7 @adfoster-r7 @jmartin-tech @agalway-r7