rapid7 · adfoster-r7 · Mar 11, 2022 · Mar 8, 2022 · Mar 8, 2022 · Mar 9, 2022
diff --git a/lib/msf/core/exploit/remote/dns/server.rb b/lib/msf/core/exploit/remote/dns/server.rb
@@ -130,22 +130,11 @@ def start_service
   end
 
   #
-  # Stops the server
-  # @param destroy [TrueClass,FalseClass] Dereference the server object
-  def stop_service(destroy = false)
-    Rex::ServiceManager.stop_service(self.service) if self.service
-    if destroy
-      @dns_resolver = nil if @dns_resolver
-      self.service = nil if self.service
-    end
-  end
-
+  # Dereference the DNS service
   #
-  # Resets the DNS server
-  #
-  def reset_service
-    stop_service(true)
-    start_service
+  def cleanup
+    super
+    @dns_resolver = nil if @dns_resolver
   end
 
   #

diff --git a/lib/msf/core/exploit/remote/http_server/php_include.rb b/lib/msf/core/exploit/remote/http_server/php_include.rb
@@ -62,7 +62,7 @@ def exploit
     rescue ::Interrupt
       raise $!
     ensure
-      stop_service
+      cleanup_service
     end
   end
 

diff --git a/lib/msf/core/exploit/remote/ldap/server.rb b/lib/msf/core/exploit/remote/ldap/server.rb
@@ -96,14 +96,6 @@ def start_service
       rescue ::Errno::EACCES => e
         raise Rex::BindFailed, e.message
       end
-
-      #
-      # Resets the LDAP server
-      #
-      def reset_service
-        cleanup
-        start_service
-      end
     end
   end
 end
diff --git a/lib/msf/core/exploit/remote/socket_server.rb b/lib/msf/core/exploit/remote/socket_server.rb
@@ -59,7 +59,7 @@ def primer
   def cleanup
     super
     if service
-      stopped = stop_service
+      stopped = cleanup_service
       if stopped
         print_status("Server stopped.")
       end
@@ -79,9 +79,9 @@ def start_service(opts = {})
   end
 
   #
-  # Stops the service.
+  # Cleans up the service; either closing the socket, or deferencing the service
   #
-  def stop_service
+  def cleanup_service
     if service
       begin
         if self.service.kind_of?(Rex::Service)

diff --git a/lib/msf/core/handler/reverse_http.rb b/lib/msf/core/handler/reverse_http.rb
@@ -260,9 +260,7 @@ def setup_handler
   def stop_handler
     if self.service
       self.service.remove_resource((luri + "/").gsub("//", "/"))
-      if self.service.resources.empty? && self.sessions == 0
-        Rex::ServiceManager.stop_service(self.service)
-      end
+      self.service.deref
     end
   end
 

diff --git a/lib/rex/post/meterpreter/packet_dispatcher.rb b/lib/rex/post/meterpreter/packet_dispatcher.rb
@@ -721,6 +721,9 @@ def initialize_passive_dispatcher
       'Proc'             => Proc.new { |cli, req| on_passive_request(cli, req) },
       'VirtualDirectory' => true
     )
+
+    # Add a reference count to the handler
+    self.passive_service.ref
   end
 
   def shutdown_passive_dispatcher
@@ -729,9 +732,7 @@ def shutdown_passive_dispatcher
       resource_uri = "/" + self.conn_id.to_s.gsub(/(^\/|\/$)/, '') + "/"
       self.passive_service.remove_resource(resource_uri) if self.passive_service
 
-      if self.passive_service.resources.empty?
-        Rex::ServiceManager.stop_service(self.passive_service)
-      end
+      self.passive_service.deref
       self.passive_service = nil
     end
     super

diff --git a/lib/rex/proto/dns/server.rb b/lib/rex/proto/dns/server.rb
@@ -318,7 +318,7 @@ def default_dispatch_request(cli,data)
   # Returns the hardcore alias for the DNS service
   #
   def self.hardcore_alias(*args)
-    "#{(args[0] || '')}#{(args[1] || '')}"
+    "#{(args[0] || '')}-#{(args[1] || '')}-#{args[5] || ''}"
   end
 
   #

diff --git a/lib/rex/proto/http/server.rb b/lib/rex/proto/http/server.rb
@@ -127,7 +127,7 @@ def inspect
   # Returns the hardcore alias for the HTTP service
   #
   def self.hardcore_alias(*args)
-    "#{(args[0] || '')}#{(args[1] || '')}"
+    "#{(args[0] || '')}-#{(args[1] || '')}-#{args[4] || ''}"
   end
 
   #

diff --git a/lib/rex/proto/ldap/server.rb b/lib/rex/proto/ldap/server.rb
@@ -251,7 +251,7 @@ def search_ldif(filter, msgid, attrflt = :all)
         # Returns the hardcore alias for the LDAP service
         #
         def self.hardcore_alias(*args)
-          "#{args[0] || ''}#{args[1] || ''}"
+          "#{args[0] || ''}-#{args[1] || ''}-#{args[4] || ''}"
         end
 
         #

diff --git a/lib/rex/proto/ssh/server.rb b/lib/rex/proto/ssh/server.rb
@@ -72,7 +72,7 @@ def inspect
   # Returns the hardcore alias for the SSH service
   #
   def self.hardcore_alias(*args)
-    "#{(args[0])}#{(args[1])}"
+    "#{(args[0])}-#{(args[1])}-#{args[4] || ''}"
   end
 
   #

diff --git a/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb b/modules/auxiliary/admin/scada/yokogawa_bkbcopyd_client.rb
@@ -116,7 +116,7 @@ def on_client_data(c)
   end
 
   def on_client_close(c)
-    stop_service
+    cleanup_service
   end
 end
 
diff --git a/modules/auxiliary/gather/safari_file_url_navigation.rb b/modules/auxiliary/gather/safari_file_url_navigation.rb
@@ -322,7 +322,7 @@ def cleanup
     super
 
     # Kill FTP
-    stop_service
+    cleanup_service
 
     # clear my resource, deregister ref, stop/close the HTTP socket
     begin

diff --git a/modules/auxiliary/server/dns/native_server.rb b/modules/auxiliary/server/dns/native_server.rb
@@ -24,7 +24,16 @@ def initialize(info = {})
       },
       'Author'         => 'RageLtMan <rageltman[at]sempervictus>',
       'License'        => MSF_LICENSE,
-      'References'     => []
+      'References'     => [],
+      'Actions'     =>
+        [
+          [ 'Service', 'Description' => 'Serve DNS entries' ]
+        ],
+      'PassiveActions' =>
+        [
+          'Service'
+        ],
+      'DefaultAction'  => 'Service'
     ))
   end
 
@@ -37,8 +46,6 @@ def run
       service.wait
     rescue Rex::BindFailed => e
       print_error "Failed to bind to port #{datastore['RPORT']}: #{e.message}"
-    ensure
-      stop_service(true)
     end
   end
 

diff --git a/modules/auxiliary/server/ldap.rb b/modules/auxiliary/server/ldap.rb
@@ -39,15 +39,13 @@ def initialize(info = {})
   end
 
   #
-  # Wrapper for service execution and cleanup
+  # Wrapper for service execution
   #
   def run
     start_service
     service.wait
   rescue Rex::BindFailed => e
     print_error "Failed to bind to port #{datastore['SRVPORT']}: #{e.message}"
-  ensure
-    stop_service
   end
 
   #

diff --git a/modules/auxiliary/spoof/dns/native_spoofer.rb b/modules/auxiliary/spoof/dns/native_spoofer.rb
@@ -25,7 +25,17 @@ def initialize(info = {})
       },
       'Author'         => 'RageLtMan <rageltman[at]sempervictus>',
       'License'        => MSF_LICENSE,
-      'References'     => []
+      'References'     => [],
+      'Actions'     =>
+        [
+          [ 'Service', 'Description' => 'Serve DNS entries' ]
+        ],
+      'PassiveActions' =>
+        [
+          'Service'
+        ],
+      'DefaultAction'  => 'Service'
+
     ))
 
     register_options(
@@ -47,13 +57,15 @@ def run
       service.wait
     rescue Rex::BindFailed => e
       print_error "Failed to bind to port #{datastore['RPORT']}: #{e.message}"
-    ensure
-      @capture_thread.kill if @capture_thread
-      close_pcap
-      stop_service(true)
     end
   end
 
+  def cleanup
+    super
+    @capture_thread.kill if @capture_thread
+    close_pcap
+  end
+
   #
   # Generates reply with src and dst reversed
   # Maintains original packet structure, proto, etc, changes ip_id

diff --git a/modules/exploits/linux/http/vestacp_exec.rb b/modules/exploits/linux/http/vestacp_exec.rb
@@ -239,10 +239,13 @@ def payload_implant
 
   def exploit
     start_http_server
-    payload_implant
-    login
-    start_backup_and_trigger_payload
-    stop_service
+    begin
+      payload_implant
+      login
+      start_backup_and_trigger_payload
+    ensure
+      cleanup_service
+    end
   end
 
   def on_request_uri(cli, _request)

diff --git a/modules/exploits/multi/http/jboss_maindeployer.rb b/modules/exploits/multi/http/jboss_maindeployer.rb
@@ -216,7 +216,7 @@ def exploit
     end
 
     print_status("Shutting down the web service...")
-    stop_service
+    cleanup_service
 
 
     #

diff --git a/modules/exploits/multi/http/mutiny_subnetmask_exec.rb b/modules/exploits/multi/http/mutiny_subnetmask_exec.rb
@@ -150,7 +150,7 @@ def wait_linux_payload
     #select(nil, nil, nil, 20) unless session_created?
 
     print_status("Shutting down the web service...")
-    stop_service
+    cleanup_service
   end
 
   # Handle incoming requests from the target

diff --git a/modules/exploits/multi/http/oracle_weblogic_wsat_deserialization_rce.rb b/modules/exploits/multi/http/oracle_weblogic_wsat_deserialization_rce.rb
@@ -166,12 +166,12 @@ def on_request_uri(cli, request)
   #     sleep 1
   #     waited += 1
   #     if waited > datastore['HTTP_DELAY']
-  #       stop_service
+  #       cleanup_service
   #       return Exploit::CheckCode::Safe
   #     end
   #   end
   #
-  #   stop_service
+  #   cleanup_service
   #   return Exploit::CheckCode::Vulnerable
   # end
 

diff --git a/modules/exploits/multi/http/ubiquiti_unifi_log4shell.rb b/modules/exploits/multi/http/ubiquiti_unifi_log4shell.rb
@@ -100,7 +100,7 @@ def check
     wait_until { @search_received }
     @search_received ? Exploit::CheckCode::Vulnerable : Exploit::CheckCode::Unknown('No LDAP search query was received.')
   ensure
-    stop_service
+    cleanup_service
   end
 
   def build_ldap_search_response_payload
@@ -150,6 +150,6 @@ def exploit
     wait_until { @search_received && (!handler_enabled? || session_created?) }
     handler
   ensure
-    cleanup
+    cleanup_service
   end
 end