New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Instantiate payload modules so parameter validation occurs #5838
Conversation
@@ -9,7 +9,7 @@ | |||
|
|||
module Metasploit3 | |||
|
|||
CachedSize = 108 | |||
CachedSize = :dynamic |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
:?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it expected?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Determining if a payload is :dynamic is a little precarious. It currently just generates the payload a few times and sees if the size changes, but this is not always reliable. We probably need a way to force a manual override. I probably got unlucky with the random seed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oook, expected so :) just curious, thanks!
Looks like travis ask for ./spec/support/shared/examples/payload_cached_size_is_consistent update :) |
Ah, you're right - I need to move the default datastore options into the library code for this instead of coding it into the tool directly. Thanks. |
With the latest changes, some payloads marked as 'dynamic' go back to being statically sized. There were a few payloads that did something like |
Calling .new on payload modules does not perform parameter validation, leading to a number cached sizes based on invalid parameters. Most notably, normalization does not occur either, which makes all OptBool params default to true.
7e84eec
to
6b1e911
Compare
It is an awesome work :) thanks @bcook-r7, handling it in a while! |
travis is green and also pass locally. |
@@ -14,6 +14,27 @@ module Util | |||
|
|||
class PayloadCachedSize | |||
|
|||
@opts = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it has sense as instance variable. Indeed, I don't think we can't create PayloadCachedSize
even :). I'm going to switch to a constant before landing if you don't mind. Looks definitely like a constant. Feel free to fix me if I'm wrong, just reviewing changes :)
Muchas gracias @jvazquez-r7 |
Calling .new on payload modules does not perform parameter validation, leading to a number cached sizes based on invalid parameters. Most notably, normalization does not occur either, which makes all OptBool params default to true. This caused the windows/adduser to be larger with its cached size parameter than it would be if you generate it with msfvenom or from framework directly.
Validation steps
./msfconsole -qx 'use exploit/windows/smb/ms08_067_netapi; set payload windows/adduser'
set payload
using ms08_67_netapi should show 141 entries, not 119.