Skip to content

Commit

Permalink
Land rapid7#12737, further improvements to CheckModule mixin
Browse files Browse the repository at this point in the history
  • Loading branch information
busterb committed Dec 17, 2019
2 parents 2820a14 + c431062 commit 7386f66
Showing 1 changed file with 32 additions and 34 deletions.
66 changes: 32 additions & 34 deletions lib/msf/core/exploit/check_module.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,6 @@
#
# This mixin implements an exploit's check method by invoking an aux module
#
# NOTE: The module's run_host/run method MUST return an Msf::Exploit::CheckCode
#

module Msf
module Exploit::Remote::CheckModule
Expand All @@ -29,45 +27,45 @@ def check
return CheckCode::Unsupported("Could not instantiate #{check_module}")
end

# Bail if run_host/run isn't defined
if mod.respond_to?(:run_host)
meth = :run_host
elsif mod.respond_to?(:run)
meth = :run
else
return CheckCode::Unsupported("#{check_module} does not define a run_host/run method")
# Bail if it isn't aux
if mod.type != Msf::MODULE_AUX
return CheckCode::Unsupported("#{check_module} is not an auxiliary module")
end

# Add the exploit's targeting options to the module's datastore
%w[RHOSTS RHOST RPORT].each do |opt|
next unless datastore[opt]

mod.datastore[opt] = datastore[opt].dup
# Bail if run isn't defined
unless mod.respond_to?(:run)
return CheckCode::Unsupported("#{check_module} does not define a run method")
end

# Bail if module options don't validate
mod.options.validate(mod.datastore)

# Use the exploit's input and output as the module's
mod.user_input, mod.user_output = user_input, user_output

# Use the module's CheckCode
checkcode =
case meth
when :run_host
mod.run_host(rhost)
when :run
mod.run
print_status("Using #{check_module} as check")

# Retrieve the module's return value
res = mod.run_simple(
'LocalInput' => user_input,
'LocalOutput' => user_output,
'Options' => datastore.to_h.slice('RHOSTS', 'RHOST', 'RPORT')
)

# Ensure return value is a CheckCode
case res
when Exploit::CheckCode
# Return the CheckCode
res
when Hash
# XXX: Find CheckCode associated with RHOST, which is set automatically
checkcode = res[datastore['RHOST']]

# Bail if module doesn't return a CheckCode
unless checkcode.kind_of?(Exploit::CheckCode)
return Exploit::CheckCode::Unsupported("#{check_module} does not return a CheckCode")
end

# Bail if module doesn't return a CheckCode
unless checkcode.kind_of?(Exploit::CheckCode)
print_warning("#{check_module} does not return a CheckCode")
return Exploit::CheckCode::Unsupported
# Return the CheckCode
checkcode
else
# Bail if module doesn't return a CheckCode
Exploit::CheckCode::Unsupported("#{check_module} does not return a CheckCode")
end

# Return the CheckCode
checkcode
end

def check_module
Expand Down

0 comments on commit 7386f66

Please sign in to comment.