New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
move external module template to an ERB, allowing for more templates to be added #8346
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, just one small concern.
execute_cmdstager({:flavor => :wget}) | ||
end | ||
|
||
def wait_status(mod) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This method should be pulled out into a mixin, ERB helper, or something else where it won't be copy-pasta'd among all the templates.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok, that makes sense
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe this should be inserted as
<%= extras %>
execute_cmdstager({:flavor => :wget}) | ||
end | ||
|
||
def wait_status(mod) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe this should be inserted as
<%= extras %>
|
||
register_options([ | ||
<%= meta[:options] %> | ||
], self.class) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
get rid of self.class
end | ||
end | ||
end | ||
end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ded
@@ -34,12 +34,16 @@ | |||
{'type': 'edb', 'ref': '41162'}, | |||
{'type': 'url', 'ref': 'https://github.com/haraka/Haraka/pull/1606'}, | |||
], | |||
'type': 'remote_exploit.cmd_stager.wget', | |||
'type': 'remote_exploit_cmd_stager', | |||
'wfsdelay': 5, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be changed in the template.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updated, thx
meta = mod_meta_exploit(mod, meta) | ||
meta[:command_stager_flavor] = mod.meta['payload']['command_stager_flavor'].dump | ||
out = render_template('remote_exploit_cmd_stager.erb', meta) | ||
File.write("/tmp/blah.rb", out) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extra debugging.
Release NotesShims for external modules are now generated from a set of templates to allow easier management of additional module types. |
Thanks, @acammack-r7. |
This moves the inline external module template into an .erb file, separating the metadata parsing into common and exploit-specific chunks, which allows one to compose the specific functionality needed for a particular module type. When we add a 2nd template, this will likely shift around.
Verification steps