Adds rhost url support behind a feature flag #13961
Conversation
dwelch-r7
force-pushed
the
rhost-url-option-3
branch
from
f1029e7
to
e5841c9
Compare
There was a problem hiding this comment.
This currently crashes for me when I try to use it, full details here #13961 (comment)
lib/msf/core/opt_http_rhost_url.rb
Outdated
|
|
||
| def get_uri(value) | ||
| return unless value | ||
| return if check_for_range(value) |
There was a problem hiding this comment.
| return if check_for_range(value) | |
| return unless single_rhost?(value) |
lib/msf/core/opt_http_rhost_url.rb
Outdated
| def check_for_range(value) | ||
| return false if value =~ /[^-0-9,.*\/]/ | ||
| walker = Rex::Socket::RangeWalker.new(value) | ||
| if walker&.valid? |
There was a problem hiding this comment.
For context, when can walker be nil?
| if walker&.valid? | |
| return false unless walker.valid? | |
| walker.length == 1 |
There was a problem hiding this comment.
I'm not sure if it can be, but I figured better to be safe? I don't remember if passing it something invalid causes it to be nil or if I was just being cautious at the time
There was a problem hiding this comment.
It looks like it's just a normal constructor method to me, I don't think there's any need for the nil check here in that case 👀
lib/msf/core/opt_http_rhost_url.rb
Outdated
| option_hash['TARGETURI'] = uri.path || '/' | ||
| option_hash['URI'] = uri.path || '/' |
There was a problem hiding this comment.
uri.path seems to return an empty string, which is truthy in ruby - so I think this defaulting logic will never occur 👀
lib/msf/core/opt_http_rhost_url.rb
Outdated
| return false unless walker.valid? | ||
| # if there is only a single ip then it's not a range | ||
| walker.length == 1 | ||
| rescue ::Exception |
There was a problem hiding this comment.
Looks like we don't want to capture Exception here? 👀
https://thoughtbot.com/blog/rescue-standarderror-not-exception
Tidy up test Return a string instead of a URI object Code review comments Rubcocop
dwelch-r7
force-pushed
the
rhost-url-option-3
branch
from
b821f03
to
e706143
Compare
adfoster-r7
added
rn-enhancement
|
## Release notes Updates http modules to support the setting of multiple http options a single option value |
This PR is for an additional option that allows users to specify a URL (i.e.
set RHOST_URL https://example.com/path) rather than setting each individual option that is the current workflow (i.e.set RHOSTS example.com,set RPORT 443,set SSL true... etc)For full details on the various approaches to adding URL Support to Metasploit:
https://github.com/rapid7/metasploit-framework/wiki/RFC---Metasploit-URL-support
I currently only have the new option added to
Exploit::Remote::HttpClientbut I'm sure there are a few other places it also belongs, more than happy to add it in anywhere that makes senseHere is an example of the setting in action:
The reverse is also true, i.e. you can set multiple individual values and the RHOST_URL will be displayed for you:
Http username and password is also supported:
Some things to note with the current implementation:
Only single URLs may be specified (In other words you are not able specify an address range in the new option), attempting this will blank out the RHOST_URL option, but any previous options that were set will remain.
URLs of the format
example.comnotably missing the scheme are not supported, you must do//example.com:<port>or even betterhttps://example.comTo sum up, if this feature is to be added users would be able to simply input
set RHOST_URLand paste in their target rather than having to set anywhere up to 6 different options depending on what that particular module cared about.Continued from #13766.