New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check exploit stance for array as well as string #9387

Merged
merged 1 commit into from Jan 9, 2018

Conversation

Projects
None yet
3 participants
@wvu-r7
Contributor

wvu-r7 commented Jan 8, 2018

14:00 < lacx> im using a module you wrote (multi/http/struts2_rest_xstream) and trying to add the WfsDelay option but it seems to have no effect

An exploit can be both aggressive and passive.

msf > use exploit/multi/http/struts2_rest_xstream
msf exploit(multi/http/struts2_rest_xstream) > pry
[1] pry(#<Msf::Modules::Mod6578706c6f69742f6d756c74692f687474702f737472757473325f726573745f7873747265616d::MetasploitModule>)> self.stance
=> ["aggressive", "passive"]
[2] pry(#<Msf::Modules::Mod6578706c6f69742f6d756c74692f687474702f737472757473325f726573745f7873747265616d::MetasploitModule>)> self.aggressive?
=> false
[3] pry(#<Msf::Modules::Mod6578706c6f69742f6d756c74692f687474702f737472757473325f726573745f7873747265616d::MetasploitModule>)>
  • Apply this patch
  • Use a module with dual stances
  • See that WfsDelay is registered in advanced
  • See that it's tab-completable

@wvu-r7 wvu-r7 added library bug labels Jan 8, 2018

Check exploit stance for array as well as string
An exploit can be both aggressive and passive.

@busterb busterb self-assigned this Jan 9, 2018

@busterb busterb merged commit 333d574 into rapid7:master Jan 9, 2018

2 checks passed

Metasploit Automation - Test Execution Successfully ran `autoPayloadTest.py`.
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

busterb added a commit that referenced this pull request Jan 9, 2018

@busterb

This comment has been minimized.

Show comment
Hide comment
@busterb

busterb Jan 9, 2018

Contributor

Release Notes

This allows modules with passive and aggressive stances to inherit all of the expected exploit mixin attributes.

Contributor

busterb commented Jan 9, 2018

Release Notes

This allows modules with passive and aggressive stances to inherit all of the expected exploit mixin attributes.

@wvu-r7

This comment has been minimized.

Show comment
Hide comment
@wvu-r7

wvu-r7 Jan 9, 2018

Contributor

🍰

Contributor

wvu-r7 commented Jan 9, 2018

🍰

@wvu-r7 wvu-r7 deleted the wvu-r7:bug/stance branch Jan 9, 2018

@tdoan-r7 tdoan-r7 added the rn-fix label Jan 25, 2018

@wvu-r7 wvu-r7 referenced this pull request Mar 28, 2018

Closed

Broken Payload Handler #9771

0 of 3 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment