Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix crash when sorting modules by disclosure date #16419

Merged
merged 1 commit into from
Apr 6, 2022
Merged

Fix crash when sorting modules by disclosure date #16419

merged 1 commit into from
Apr 6, 2022

Conversation

adfoster-r7
Copy link
Contributor

Closes #16417
Continuation of #14917

Fixes sorting by disclosure_date crash.

Before

The sort internally crashes on ArgumentError: comparison of Time with nil failed, and shows to the user as Invalid argument(s)

msf6 > search platform:windows type:exploit -s disclosure_date
[-] Invalid argument(s)

Usage: search [<options>] [<keywords>:<value>]

Prepending a value with '-' will exclude any matching results.
If no options or keywords are provided, cached results are displayed.

After

The sort works as expected:

msf6 exploit(multi/postgres/postgres_copy_from_program_cmd_exec) > search platform:windows type:exploit -s disclosure_date

Matching Modules
================

   #     Name                                                                        Disclosure Date  Rank       Check  Description
   -     ----                                                                        ---------------  ----       -----  -----------
   0     exploit/multi/handler                                                                        manual     No     Generic Payload Handler
   1     exploit/windows/local/bypassuac_comhijack                                   1900-01-01       excellent  Yes    Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
   2     exploit/multi/browser/java_signed_applet                                    1997-02-19       excellent  No     Java Signed Applet Social Engineering Code

Verification

Ensure the original ticket replication steps no longer crash

@adfoster-r7 adfoster-r7 added the rn-fix release notes fix label Apr 6, 2022
@adfoster-r7 adfoster-r7 mentioned this pull request Apr 6, 2022
Closed
@gwillcox-r7 gwillcox-r7 self-assigned this Apr 6, 2022
@gwillcox-r7
Copy link
Contributor

Before patch:

 ~/git/metasploit-framework │ master ?21  ./msfconsole                ✔ │ 7s │ 3.0.2 Ruby 
                                                  
IIIIII    dTb.dTb        _.---._
  II     4'  v  'B   .'"".'/|\`.""'.
  II     6.     .P  :  .' / | \ `.  :
  II     'T;. .;P'  '.'  /  |  \  `.'
  II      'T; ;P'    `. /   |   \ .'
IIIIII     'YvP'       `-.__|__.-'

I love shells --egypt


       =[ metasploit v6.1.37-dev-ba3f455132               ]
+ -- --=[ 2212 exploits - 1171 auxiliary - 396 post       ]
+ -- --=[ 617 payloads - 45 encoders - 11 nops            ]
+ -- --=[ 9 evasion                                       ]

Metasploit tip: Use the resource command to run 
commands from a file

[*] Starting persistent handler(s)...
msf6 payload(windows/x64/meterpreter/reverse_tcp) > search platform:windows type:exploit -s disclosure_date
[-] Invalid argument(s)

Usage: search [<options>] [<keywords>:<value>]

Prepending a value with '-' will exclude any matching results.
If no options or keywords are provided, cached results are displayed.

@gwillcox-r7
Copy link
Contributor

After, it seems to be working:

msf6 payload(windows/x64/meterpreter/reverse_tcp) > search platform:windows type:exploit -s disclosure_date

Matching Modules
================

   #     Name                                                                        Disclosure Date  Rank       Check  Description
   -     ----                                                                        ---------------  ----       -----  -----------
   0     exploit/multi/handler                                                                        manual     No     Generic Payload Handler
   1     exploit/windows/local/bypassuac_comhijack                                   1900-01-01       excellent  Yes    Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)
   2     exploit/multi/browser/java_signed_applet                                    1997-02-19       excellent  No     Java Signed Applet Social Engineering Code Execution
   3     exploit/windows/ftp/warftpd_165_pass                                        1998-03-19       average    No     War-FTPD 1.65 Password Overflow
   4     exploit/windows/ftp/warftpd_165_user                                        1998-03-19       average    No     War-FTPD 1.65 Username Overflow
   5     exploit/windows/iis/msadc                                                   1998-07-17       excellent  Yes    MS99-025 Microsoft IIS MDAC msadcs.dll RDS Arbitrary Remote Command Execution
   6     exploit/windows/local/capcom_sys_exec                                       1999-01-01       normal     Yes    Windows Capcom.sys Kernel Execution Exploit (x64 only)
   7     exploit/windows/local/current_user_psexec                                   1999-01-01       excellent  No     PsExec via Current User Token
   8     exploit/windows/local/powershell_cmd_upgrade                                1999-01-01       excellent  No     Windows Command Shell Upgrade (Powershell)
   9     exploit/windows/local/powershell_remoting                                   1999-01-01       excellent  No     Powershell Remoting Remote Command Execution
   10    exploit/windows/local/run_as                                                1999-01-01       excellent  No     Windows Run Command As User
   11    exploit/windows/local/wmi                                                   1999-01-01       excellent  No     Windows Management Instrumentation (WMI) Remote Command Execution
   12    exploit/windows/misc/webdav_delivery                                        1999-01-01       manual     No     Serve DLL via webdav server
   13    exploit/windows/mssql/mssql_clr_payload                                     1999-01-01       excellent  Yes    Microsoft SQL Server Clr Stored Procedure Payload Execution
   14    exploit/windows/smb/psexec                                                  1999-01-01       manual     No     Microsoft Windows Authenticated User Code Execution
   15    exploit/unix/webapp/guestbook_ssi_exec                                      1999-11-05       excellent  No     Matt Wright guestbook.pl Arbitrary Command Execution
   16    exploit/windows/mssql/mssql_linkcrawler                                     2000-01-01       great      No     Microsoft SQL Server Database Link Crawling Command Execution
   17    exploit/windows/mssql/mssql_payload                                         2000-05-30       excellent  Yes    Microsoft SQL Server Payload Execution
   18    exploit/windows/mssql/mssql_payload_sqli                                    2000-05-30       excellent  No     Microsoft SQL Server Payload Execution via SQL Injection
   19    exploit/windows/telnet/gamsoft_telsrv_username                              2000-07-17       average    Yes    GAMSoft TelSrv 1.5 Username Buffer Overflow
   20    exploit/windows/isapi/ms00_094_pbserver                                     2000-12-04       good       Yes    MS00-094 Microsoft IIS Phone Book Service Overflow
   21    exploit/windows/vnc/realvnc_client                                          2001-01-29       normal     No     RealVNC 3.3.7 Client Buffer Overflow
   22    exploit/windows/vnc/winvnc_http_get                                         2001-01-29       average    No     WinVNC Web Server GET Overflow
   23    exploit/multi/misc/openview_omniback_exec                                   2001-02-28       excellent  Yes    HP OpenView OmniBack II Command Execution
   24    exploit/windows/smb/smb_relay                                               2001-03-31       excellent  No     MS08-068 Microsoft Windows SMB Relay Code Execution
   25    exploit/windows/iis/ms01_023_printer                                        2001-05-01       good       Yes    MS01-023 Microsoft IIS 5.0 Printer Host Header Overflow
   26    exploit/windows/iis/ms01_026_dbldecode                                      2001-05-15       excellent  Yes    MS01-026 Microsoft IIS/PWS CGI Filename Double Decode Command Execution
   27    exploit/windows/iis/ms01_033_idq                                            2001-06-18       good       No     MS01-033 Microsoft IIS 5.0 IDQ Path Overflow
   28    exploit/windows/oracle/tns_arguments                                        2001-06-28       good       Yes    Oracle 8i TNS Listener (ARGUMENTS) Buffer Overflow
   29    exploit/windows/ldap/pgp_keyserver7                                         2001-07-16       good       No     Network Associates PGP KeyServer 7 LDAP Buffer Overflow
   30    exploit/windows/local/unquoted_service_path                                 2001-10-25       excellent  Yes    Windows Unquoted Service Path Privilege Escalation
   31    exploit/windows/iis/ms02_018_htr                                            2002-04-10       good       No     MS02-018 Microsoft IIS 4.0 .HTR Path Overflow
   32    exploit/windows/oracle/tns_service_name                                     2002-05-27       good       Yes    Oracle 8i TNS Listener SERVICE_NAME Buffer Overflow
   33    exploit/windows/http/apache_chunked                                         2002-06-19       good       Yes    Apache Win32 Chunked Encoding
   34    exploit/windows/ssh/securecrt_ssh1                                          2002-07-23       average    No     SecureCRT SSH1 Buffer Overflow
   35    exploit/windows/mssql/ms02_039_slammer                                      2002-07-24       good       Yes    MS02-039 Microsoft SQL Server Resolution Overflow
   36    exploit/windows/mssql/ms02_056_hello                                        2002-08-05       good       Yes    MS02-056 Microsoft SQL Server Hello Overflow
   37    exploit/windows/http/savant_31_overflow                                     2002-09-10       great      Yes    Savant 3.1 Web Server Overflow
   38    exploit/windows/tftp/tftpd32_long_filename                                  2002-11-19       average    No     TFTPD32 Long Filename Buffer Overflow
   39    exploit/windows/iis/ms02_065_msadc                                          2002-11-20       normal     Yes    MS02-065 Microsoft IIS MDAC msadcs.dll RDS DataStub Content-Type Overflow
   40    exploit/windows/http/webster_http                                           2002-12-02       average    No     Webster HTTP Server GET Buffer Overflow
   41    exploit/windows/ssh/putty_msg_debug                                         2002-12-16       normal     No     PuTTY Buffer Overflow
   42    exploit/multi/realserver/describe                                           2002-12-20       great      Yes    RealServer Describe Buffer Overflow
   43    exploit/windows/http/badblue_ext_overflow                                   2003-04-20       great      Yes    BadBlue 2.5 EXT.dll Buffer Overflow
   44    exploit/windows/firewall/kerio_auth                                         2003-04-28       average    No     Kerio Firewall 2.1.4 Authentication Packet Overflow
   45    exploit/windows/pop3/seattlelab_pass                                        2003-05-07       great      No     Seattle Lab Mail 5.5 POP3 Buffer Overflow
   46    exploit/windows/iis/ms03_007_ntdll_webdav                                   2003-05-30       great      Yes    MS03-007 Microsoft IIS 5.0 WebDAV ntdll.dll Path Overflow
   47    exploit/windows/browser/ms03_020_ie_objecttype                              2003-06-04       normal     No     MS03-020 Microsoft Internet Explorer Object Type
   48    exploit/windows/ftp/leapftp_pasv_reply                                      2003-06-09       normal     No     LeapWare LeapFTP v2.7.3.600 PASV Reply Client Overflow
   49    exploit/windows/http/sambar6_search_results                                 2003-06-21       normal     Yes    Sambar 6 Search Results Buffer Overflow
   50    exploit/windows/http/altn_webadmin                                          2003-06-24       average    No     Alt-N WebAdmin USER Buffer Overflow
   51    exploit/windows/isapi/ms03_022_nsiislog_post                                2003-06-25       good       Yes    MS03-022 Microsoft IIS ISAPI nsiislog.dll ISAPI POST Overflow
   52    exploit/windows/dcerpc/ms03_026_dcom                                        2003-07-16       great      Yes    MS03-026 Microsoft RPC DCOM Interface Overflow
   53    exploit/windows/ftp/oracle9i_xdb_ftp_pass                                   2003-08-18       great      Yes    Oracle 9i XDB FTP PASS Overflow (win32)
   54    exploit/windows/ftp/oracle9i_xdb_ftp_unlock                                 2003-08-18       great      Yes    Oracle 9i XDB FTP UNLOCK Overflow (win32)
   55    exploit/windows/http/oracle9i_xdb_pass                                      2003-08-18       great      Yes    Oracle 9i XDB HTTP PASS Overflow (win32)
   56    exploit/windows/browser/mirc_irc_url                                        2003-10-13       normal     No     mIRC IRC URL Buffer Overflow
   57    exploit/windows/smtp/ms03_046_exchange2000_xexch50                          2003-10-15       good       Yes    MS03-046 Exchange 2000 XEXCH50 Heap Overflow
   58    exploit/windows/http/ia_webmail                                             2003-11-03       average    No     IA WebMail 3.x Buffer Overflow
   59    exploit/windows/lpd/niprint                                                 2003-11-05       good       No     NIPrint LPD Request Overflow
   60    exploit/windows/isapi/ms03_051_fp30reg_chunked                              2003-11-11       good       Yes    MS03-051 Microsoft IIS ISAPI FrontPage fp30reg.dll Chunked Overflow
   61    exploit/windows/smb/ms03_049_netapi                                         2003-11-11       good       No     MS03-049 Microsoft Workstation Service NetAddAlternateComputerName Overflow
   62    exploit/windows/http/mdaemon_worldclient_form2raw                           2003-12-29       great      Yes    MDaemon WorldClient form2raw.cgi Stack Buffer Overflow
   63    exploit/windows/smb/ms04_007_killbill                                       2004-02-10       low        No     MS04-007 Microsoft ASN.1 Library Bitstring Heap Overflow
   64    exploit/windows/ldap/imail_thc                                              2004-02-17       average    No     IMail LDAP Service Buffer Overflow
   65    exploit/windows/http/psoproxy91_overflow                                    2004-02-20       average    Yes    PSO Proxy v0.91 Stack Buffer Overflow
   66    exploit/windows/proxy/proxypro_http_get                                     2004-02-23       great      No     Proxy-Pro Professional GateKeeper 4.7 GET Request Overflow
   67    exploit/windows/ftp/servu_mdtm                                              2004-02-26       good       Yes    Serv-U FTPD MDTM Overflow
   68    exploit/windows/ftp/dreamftp_format                                         2004-0
....

@gwillcox-r7
Copy link
Contributor

Going to leave the other two comments as resolved as further testing seems to indicate those issues were not of concern and I've run through all the possible values for the -s parameter and verified they worked fine.

@gwillcox-r7 gwillcox-r7 merged commit 619661a into rapid7:master Apr 6, 2022
@gwillcox-r7
Copy link
Contributor

Release Notes

A bug has been fixed whereby when using the search command and searching by disclosure_date, the help menu should instead appear. This has been fixed by improving the date handling logic for the search command.

@adfoster-r7
Copy link
Contributor Author

Thanks for the land 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gwillcox-r7 gwillcox-r7 gwillcox-r7 left review comments

Assignees

@gwillcox-r7 gwillcox-r7

Labels
bug library rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Invalid argument(s) Prepending a value with '-' will exclude any matching results
2 participants
@adfoster-r7 @gwillcox-r7