Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to rpc_plugin to use HashWithIndifferentAccess #18606

Merged
merged 1 commit into from Dec 11, 2023
Merged

Update to rpc_plugin to use HashWithIndifferentAccess #18606

merged 1 commit into from Dec 11, 2023

Conversation

Lorenyx
Copy link
Contributor

@Lorenyx Lorenyx commented Dec 7, 2023

Fixes #18545

Verification

$ msfrpcd -a 127.0.0.1 -P root
[*] MSGRPC starting on 127.0.0.1:55553 (SSL):Msg...
[*] MSGRPC ready at 2023-11-16 22:07:52 -0600.
$ msfrpc -a 127.0.0.1 -P root
...
>> rpc.call('core.version')
=> {"version"=>"6.3.43-dev-", "ruby"=>"3.0.2 x86_64-linux 2021-07-07", "api"=>"1.0"}
>> rpc.call('plugin.load', 'msfd', {'ServerPort'=>44444})
=> {"result"=>"success"}
>> exit
$ netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:55553         0.0.0.0:*               LISTEN      9444/msfrpcd   # IP and port for msfrpcd
tcp        0      0 127.0.0.1:44444         0.0.0.0:*               LISTEN      9444/msfrpcd   # Actually accepts correct value
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:5433          0.0.0.0:*               LISTEN      6510/postgres

@Lorenyx Lorenyx mentioned this pull request Dec 7, 2023
Closed
@sjanusz-r7
Copy link
Contributor

Looks good to me, thanks for the PR and fixing the issue! 🎉 I've tested this on Kali 2023.4:

Before

metasploit-framework on  master via 💎 v3.0.5 via  
 sudo bundle exec './msfrpcd -a 127.0.0.1 -P root'
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
[*] MSGRPC starting on 127.0.0.1:55553 (SSL):Msg...
[*] MSGRPC backgrounding at 2023-12-11 15:48:31 +0000...
[*] MSGRPC background PID 31245
                                                                                                                                                           

metasploit-framework on  master via 💎 v3.0.5 via ⍱ 
❯ sudo bundle exec './msfrpc -a 127.0.0.1 -P root' 
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
[*] The 'rpc' object holds the RPC client interface
[*] Use rpc.call('group.command') to make RPC calls

>> rpc.call('core.version')
=> {"version"=>"6.3.47-dev-453c8d8d69", "ruby"=>"3.1.2 x86_64-linux-gnu 2022-04-12", "api"=>"1.0"}
>> rpc.call('plugin.load', 'msfd', {'ServerPort'=>44444})
=> {"result"=>"success"}

Calling netstat -tulpn:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:55554         0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:55553         0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:44627         0.0.0.0:*               LISTEN      -   <-- Wrong port

After

metasploit-framework on  18545-use-hash-with-indifferent-access via 💎 v3.0.5 via  
 sudo bundle exec './msfrpcd -a 127.0.0.1 -P root'                 
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
[*] MSGRPC starting on 127.0.0.1:55553 (SSL):Msg...
[*] MSGRPC backgrounding at 2023-12-11 15:51:16 +0000...
[*] MSGRPC background PID 33325
                                                                                                                                                            

metasploit-framework on  18545-use-hash-with-indifferent-access via 💎 v3.0.5 via ⍱ 
❯ sudo bundle exec './msfrpc -a 127.0.0.1 -P root'                  
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
[*] The 'rpc' object holds the RPC client interface
[*] Use rpc.call('group.command') to make RPC calls

>> rpc.call('core.version')
=> {"version"=>"6.3.46-dev-479190acf6", "ruby"=>"3.1.2 x86_64-linux-gnu 2022-04-12", "api"=>"1.0"}
>> rpc.call('plugin.load', 'msfd', {'ServerPort'=>44444})
=> {"result"=>"success"}

Calling ntestat -tulpn:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:55553         0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:44627         0.0.0.0:*               LISTEN      -                   
tcp        0      0 127.0.0.1:44444         0.0.0.0:*               LISTEN      -  <-- Correct port

@sjanusz-r7 sjanusz-r7 merged commit d93e1fb into rapid7:master Dec 11, 2023
57 checks passed
@sjanusz-r7 sjanusz-r7 added the rn-fix release notes fix label Dec 11, 2023
@sjanusz-r7
Copy link
Contributor

Release Notes

rpc_plugin has been updated to correctly use the provided plugin options.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@sjanusz-r7 sjanusz-r7

Labels
rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

plugin.load command does not properly load extensions with correct parameters
2 participants
@Lorenyx @sjanusz-r7