From 126c19890a2fbce2ce230bb8558986adcbd0ff6a Mon Sep 17 00:00:00 2001 From: sjanusz-r7 Date: Mon, 18 Sep 2023 14:44:42 +0100 Subject: [PATCH] Add option to reload all libs when running a module --- .../console/command_dispatcher/auxiliary.rb | 22 +++++++++++++--- .../ui/console/command_dispatcher/evasion.rb | 25 ++++++++++++++---- .../ui/console/command_dispatcher/exploit.rb | 26 ++++++++++++++++--- .../ui/console/command_dispatcher/payload.rb | 6 ++++- lib/msf/ui/console/command_dispatcher/post.rb | 14 ++++++++-- lib/msf/ui/console/module_argument_parsing.rb | 15 ++++++----- .../ui/console/module_command_dispatcher.rb | 12 ++++++++- 7 files changed, 98 insertions(+), 22 deletions(-) diff --git a/lib/msf/ui/console/command_dispatcher/auxiliary.rb b/lib/msf/ui/console/command_dispatcher/auxiliary.rb index 1c032cf96a89..f4c66077f283 100644 --- a/lib/msf/ui/console/command_dispatcher/auxiliary.rb +++ b/lib/msf/ui/console/command_dispatcher/auxiliary.rb @@ -41,7 +41,11 @@ def name # # Executes an auxiliary module # - def cmd_run(*args, action: nil) + def cmd_run(*args, action: nil, opts: {}) + if (args.include?('-r') || args.include?('--reload-libs')) && !opts[:previously_reloaded] + driver.run_single('reload_lib -a') + end + return false unless (args = parse_run_opts(args, action: action)) jobify = args[:jobify] @@ -132,8 +136,14 @@ def cmd_run_help # Reloads an auxiliary module and executes it # def cmd_rerun(*args) + opts = {} + if args.include?('-r') || args.include?('--reload-libs') + driver.run_single('reload_lib -a') + opts[:previously_reloaded] = true + end + if reload(true) - cmd_run(*args) + cmd_run(*args, opts: opts) end end @@ -146,9 +156,15 @@ def cmd_rerun(*args) # vulnerable. # def cmd_rcheck(*args) + opts = {} + if args.include?('-r') || args.include?('--reload-libs') + driver.run_single('reload_lib -a') + opts[:previously_reloaded] = true + end + reload() - cmd_check(*args) + cmd_check(*args, opts: opts) end alias cmd_recheck cmd_rcheck diff --git a/lib/msf/ui/console/command_dispatcher/evasion.rb b/lib/msf/ui/console/command_dispatcher/evasion.rb index 6f497e577067..858db3af372c 100644 --- a/lib/msf/ui/console/command_dispatcher/evasion.rb +++ b/lib/msf/ui/console/command_dispatcher/evasion.rb @@ -22,8 +22,12 @@ def name 'Evasion' end - def cmd_run(*args) - opts = { + def cmd_run(*args, opts: {}) + if (args.include?('-r') || args.include?('--reload-libs')) && !opts[:previously_reloaded] + driver.run_single('reload_lib -a') + end + + module_opts = { 'Encoder' => mod.datastore['ENCODER'], 'Payload' => mod.datastore['PAYLOAD'], 'Nop' => mod.datastore['NOP'], @@ -32,7 +36,7 @@ def cmd_run(*args) } begin - mod.run_simple(opts) + mod.run_simple(module_opts) rescue ::Interrupt print_error('Evasion interrupted by the console user') rescue ::Exception => e @@ -44,8 +48,14 @@ def cmd_run(*args) alias cmd_exploit cmd_run def cmd_rerun(*args) + opts = {} + if args.include?('-r') || args.include?('--reload-libs') + driver.run_single('reload_lib -a') + opts[:previously_reloaded] = true + end + if reload(true) - cmd_run(*args) + cmd_run(*args, opts: opts) end end @@ -64,6 +74,7 @@ def cmd_run_tabs(str, words) '-n' => [ framework.nops.map { |refname, mod| refname } ], '-o' => [ true ], '-p' => [ framework.payloads.map { |refname, mod| refname } ], + '-r' => [ nil ], '-t' => [ true ], '-z' => [ nil ] } @@ -77,7 +88,11 @@ def cmd_run_tabs(str, words) # alias cmd_exploit_tabs cmd_run_tabs - def cmd_to_handler(*_args) + def cmd_to_handler(*args) + if args.include?('-r') || args.include?('--reload-libs') + driver.run_single('reload_lib -a') + end + handler = framework.modules.create('exploit/multi/handler') handler_opts = { diff --git a/lib/msf/ui/console/command_dispatcher/exploit.rb b/lib/msf/ui/console/command_dispatcher/exploit.rb index 4386ea0dfc6b..311d4287b375 100644 --- a/lib/msf/ui/console/command_dispatcher/exploit.rb +++ b/lib/msf/ui/console/command_dispatcher/exploit.rb @@ -74,6 +74,7 @@ def cmd_run_tabs(str, words) '-n' => [ framework.nops.map { |refname, mod| refname } ], '-o' => [ true ], '-p' => [ framework.payloads.map { |refname, mod| refname } ], + '-r' => [ nil ], '-t' => [ true ], '-z' => [ nil ] } @@ -90,7 +91,11 @@ def cmd_run_tabs(str, words) # # Launches exploitation attempts. # - def cmd_exploit(*args) + def cmd_exploit(*args, opts: {}) + if (args.include?('-r') || args.include?('--reload-libs')) && !opts[:previously_reloaded] + driver.run_single('reload_lib -a') + end + return false unless (args = parse_exploit_opts(args)) any_session = false @@ -138,6 +143,7 @@ def cmd_exploit(*args) return false end + driver.run_single('reload_lib -a') if args[:reload_libs] if rhosts && has_rhosts_option rhosts_walker = Msf::RhostsWalker.new(rhosts, mod_with_opts.datastore) @@ -234,9 +240,15 @@ def cmd_exploit_help # vulnerable. # def cmd_rcheck(*args) + opts = {} + if args.include?('-r') || args.include?('--reload-libs') + driver.run_single('reload_lib -a') + opts[:previously_reloaded] = true + end + reload() - cmd_check(*args) + cmd_check(*args, opts: opts) end alias cmd_recheck cmd_rcheck @@ -245,12 +257,18 @@ def cmd_rcheck(*args) # Reloads an exploit module and launches an exploit. # def cmd_rexploit(*args) - return cmd_rexploit_help if args.include? "-h" + opts = {} + if args.include?('-r') || args.include?('--reload-libs') + driver.run_single('reload_lib -a') + opts[:previously_reloaded] = true + end + + return cmd_rexploit_help if args.include?('-h') || args.include?('--help') # Stop existing job and reload the module if reload(true) # Delegate to the exploit command unless the reload failed - cmd_exploit(*args) + cmd_exploit(*args, opts: opts) end end diff --git a/lib/msf/ui/console/command_dispatcher/payload.rb b/lib/msf/ui/console/command_dispatcher/payload.rb index 2d0d514bbdbb..093f039d4809 100644 --- a/lib/msf/ui/console/command_dispatcher/payload.rb +++ b/lib/msf/ui/console/command_dispatcher/payload.rb @@ -45,7 +45,11 @@ def commands ) end - def cmd_to_handler(*_args) + def cmd_to_handler(*args) + if args.include?('-r') || args.include?('--reload-libs') + driver.run_single('reload_lib -a') + end + handler = framework.modules.create('exploit/multi/handler') handler_opts = { diff --git a/lib/msf/ui/console/command_dispatcher/post.rb b/lib/msf/ui/console/command_dispatcher/post.rb index 76b2595cb524..7f0063d3cef4 100644 --- a/lib/msf/ui/console/command_dispatcher/post.rb +++ b/lib/msf/ui/console/command_dispatcher/post.rb @@ -47,9 +47,15 @@ def cmd_rexploit(*args) # Reloads a post module and executes it # def cmd_rerun(*args) + opts = {} + if args.include?('-r') || args.include?('--reload-libs') + driver.run_single('reload_lib -a') + opts[:previously_reloaded] = true + end + # Stop existing job and reload the module if reload(true) - cmd_run(*args) + cmd_run(*args, opts: opts) end end @@ -65,7 +71,11 @@ def cmd_run_help # # Executes a post module # - def cmd_run(*args, action: nil) + def cmd_run(*args, action: nil, opts: {}) + if (args.include?('-r') || args.include?('--reload-libs')) && !opts[:previously_reloaded] + driver.run_single('reload_lib -a') + end + return false unless (args = parse_run_opts(args, action: action)) jobify = args[:jobify] diff --git a/lib/msf/ui/console/module_argument_parsing.rb b/lib/msf/ui/console/module_argument_parsing.rb index 10c639936592..32049864ea4d 100644 --- a/lib/msf/ui/console/module_argument_parsing.rb +++ b/lib/msf/ui/console/module_argument_parsing.rb @@ -17,11 +17,12 @@ module ModuleArgumentParsing # Options which are standard and predictable across all modules @@module_opts = Rex::Parser::Arguments.new( - ['-h', '--help'] => [ false, 'Help banner.' ], - ['-j', '--job'] => [ false, 'Run in the context of a job.' ], - ['-J', '--foreground'] => [ false, 'Force running in the foreground, even if passive.' ], - ['-o', '--options'] => [ true, 'A comma separated list of options in VAR=VAL format.', '' ], - ['-q', '--quiet'] => [ false, 'Run the module in quiet mode with no output' ] + ['-h', '--help'] => [ false, 'Help banner.' ], + ['-j', '--job'] => [ false, 'Run in the context of a job.' ], + ['-J', '--foreground'] => [ false, 'Force running in the foreground, even if passive.' ], + ['-o', '--options'] => [ true, 'A comma separated list of options in VAR=VAL format.', '' ], + ['-q', '--quiet'] => [ false, 'Run the module in quiet mode with no output' ], + ['-r', '--reload-libs'] => [ false, 'Reload all libraries before running.' ] ) @@module_opts_with_action_support = @@module_opts.merge( @@ -41,7 +42,7 @@ def parse_check_opts(args) help_cmd = proc do |_result| cmd_check_help end - parse_opts(@@module_opts_with_action_support, args, help_cmd: help_cmd)&.slice(:datastore_options) + parse_opts(@@module_opts_with_action_support, args, help_cmd: help_cmd)&.slice(:datastore_options, :reload_libs) end def parse_run_opts(args, action: nil) @@ -127,6 +128,8 @@ def parse_opts(opts, args, help_cmd:, action: nil) end when '-p' result[:payload] = val + when '-r' + result[:reload_libs] = true when '-t' result[:target] = val.to_i when '-z' diff --git a/lib/msf/ui/console/module_command_dispatcher.rb b/lib/msf/ui/console/module_command_dispatcher.rb index d4f8f3287c8b..e982ba63853d 100644 --- a/lib/msf/ui/console/module_command_dispatcher.rb +++ b/lib/msf/ui/console/module_command_dispatcher.rb @@ -134,7 +134,11 @@ def check_multiple(mod) # # Checks to see if a target is vulnerable. # - def cmd_check(*args) + def cmd_check(*args, opts: {}) + if (args.include?('-r') || args.include?('--reload-libs')) && !opts[:previously_reloaded] + driver.run_single('reload_lib -a') + end + return false unless (args = parse_check_opts(args)) mod_with_opts = mod.replicant @@ -243,6 +247,12 @@ def check_simple(instance=nil) # Reloads the active module # def cmd_reload(*args) + if args.include?('-r') || args.include?('--reload-libs') + driver.run_single('reload_lib -a') + end + + return cmd_reload_help if args.include?('-h') || args.include?('--help') + begin reload rescue