Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Require the powershell mixin explicitly #2291

Merged
merged 1 commit into from Aug 27, 2013
Merged

Require the powershell mixin explicitly #2291

merged 1 commit into from Aug 27, 2013

Conversation

todb-r7
Copy link

@todb-r7 todb-r7 commented Aug 27, 2013

Race condition with requires sometimes produces this error:

$ ./msfconsole -L
[-] WARNING! The following modules could not be loaded!
[-]     /home/todb/git/rapid7/metasploit-framework/modules/exploits/windows/http/oracle_endeca_exec.rb:
NameError uninitialized constant Msf::Exploit::Powershell

Fixed by explicitly requiring the powerhsell mixin.

Verification

  • Start msfconsole
  • info exploit/windows/http/oracle_endeca_exec should produce results.

Note, expressing this bug tends to depend on path load orders, so often will not be triggered (eg, when Metasploit Pro / Community Edition loads, requires tend to be pulled in ahead of time).

@jvazquez-r7
Copy link
Contributor

ouch! again.... checking and landing....

@jvazquez-r7
Copy link
Contributor 

Juans-MacBook-Pro:metasploit-framework juan$ git checkout -b land-pr2291
Switched to a new branch 'land-pr2291'
Juans-MacBook-Pro:metasploit-framework juan$ ./msfconsole
 _                                                    _
/ \    /\         __                         _   __  /_/ __
| |\  / | _____   \ \           ___   _____ | | /  \ _   \ \
| | \/| | | ___\ |- -|   /\    / __\ | -__/ | || | || | |- -|
|_|   | | | _|__  | |_  / -\ __\ \   | |    | | \__/| |  | |_
      |/  |____/  \___\/ /\ \\___/   \/     \__|    |_\  \___\


       =[ metasploit v4.8.0-dev [core:4.8 api:1.0]
+ -- --=[ 1161 exploits - 641 auxiliary - 180 post
+ -- --=[ 310 payloads - 30 encoders - 8 nops

msf > info exploit/windows/http/oracle_endeca_exec

       Name: Oracle Endeca Server Remote Command Execution
     Module: exploit/windows/http/oracle_endeca_exec
   Platform: Windows
 Privileged: No
    License: Metasploit Framework License (BSD)
       Rank: Excellent

Provided by:
  rgod <rgod@autistici.org>
  juan vazquez <juan.vazquez@metasploit.com>

Available targets:
  Id  Name
  --  ----
  0   Oracle Endeca Server 7.4.0 / Microsoft Windows 2008 R2 64 bits

Basic options:
  Name            Current Setting  Required  Description
  ----            ---------------  --------  -----------
  PERSIST         false            yes       Run the payload in a loop
  PSH_OLD_METHOD  false            yes       Use powershell 1.0
  Proxies                          no        Use a proxy chain
  RHOST                            yes       The target address
  RPORT           7770             yes       The target port
  RUN_WOW64       false            yes       Execute powershell in 32bit compatibility mode, payloads need native arch
  TARGETURI       /ws/control      yes       The URI path of the Control Web Service
  VHOST                            no        HTTP server virtual host

Payload information:

Description:
  This module exploits a command injection vulnerability on the Oracle 
  Endeca Server 7.4.0. The vulnerability exists on the createDataStore 
  method from the controlSoapBinding web service. The vulnerable 
  method only exists on the 7.4.0 branch and isn't available on the 
  7.5.5.1 branch. In addition, the injection has been found to be 
  Windows specific. This module has been tested successfully on Endeca 
  Server 7.4.0.787 over Windows 2008 R2 (64 bits).

References:
  http://cvedetails.com/cve/2013-3763/
  http://www.securityfocus.com/bid/61217
  http://www.osvdb.org/95269
  http://www.zerodayinitiative.com/advisories/ZDI-13-190/
  http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html

msf > exit
Juans-MacBook-Pro:metasploit-framework juan$ ./msfcli info windows/http/oracle_endeca_exec S
[*] Initializing modules...
Error: Invalid module: info

Usage: ./msfcli <exploit_name> <option=value> [mode]
====================================================

    Mode           Description
    ----           -----------
    (A)dvanced     Show available advanced options for this module
    (AC)tions      Show available actions for this auxiliary module
    (C)heck        Run the check routine of the selected module
    (E)xecute      Execute the selected module
    (H)elp         You're looking at it baby!
    (I)DS Evasion  Show available ids evasion options for this module
    (O)ptions      Show available options for this module
    (P)ayloads     Show available payloads for this module
    (S)ummary      Show information about this module
    (T)argets      Show available targets for this exploit module

Examples:
msfcli multi/handler payload=windows/meterpreter/reverse_tcp lhost=IP E
msfcli auxiliary/scanner/http/http_version rhosts=IP encoder= post= nop= E

Juans-MacBook-Pro:metasploit-framework juan$

landing... thanks @todb-r7

jvazquez-r7 pushed a commit that referenced this pull request Aug 27, 2013
Land #2291, @todb-r7's patch for oracle_endeca_exec's requires
997c5e5
@jvazquez-r7 jvazquez-r7 merged commit 15b741b into rapid7:master Aug 27, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@todb-r7 @jvazquez-r7