Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Show errors on inaccessible payload files #18405

Merged
merged 1 commit into from
Oct 3, 2023
Merged

Show errors on inaccessible payload files #18405

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ PATH
metasploit-concern
metasploit-credential
metasploit-model
metasploit-payloads (= 2.0.148)
metasploit-payloads (= 2.0.154)
metasploit_data_models
metasploit_payloads-mettle (= 1.0.26)
mqtt
Expand Down Expand Up @@ -275,7 +275,7 @@ GEM
activemodel (~> 7.0)
activesupport (~> 7.0)
railties (~> 7.0)
metasploit-payloads (2.0.148)
metasploit-payloads (2.0.154)
metasploit_data_models (6.0.2)
activerecord (~> 7.0)
activesupport (~> 7.0)
Expand Down
2 changes: 1 addition & 1 deletion LICENSE_GEMS
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ metasploit-concern, 5.0.1, "New BSD"
metasploit-credential, 6.0.5, "New BSD"
metasploit-framework, 6.3.37, "New BSD"
metasploit-model, 5.0.1, "New BSD"
metasploit-payloads, 2.0.148, "3-clause (or ""modified"") BSD"
metasploit-payloads, 2.0.154, "3-clause (or ""modified"") BSD"
metasploit_data_models, 6.0.2, "New BSD"
metasploit_payloads-mettle, 1.0.26, "3-clause (or ""modified"") BSD"
method_source, 1.0.0, MIT
Expand Down
7 changes: 7 additions & 0 deletions lib/msf/core/feature_manager.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ class FeatureManager
DATASTORE_FALLBACKS = 'datastore_fallbacks'
FULLY_INTERACTIVE_SHELLS = 'fully_interactive_shells'
MANAGER_COMMANDS = 'manager_commands'
METASPLOIT_PAYLOAD_WARNINGS = 'metasploit_payload_warnings'
DEFAULTS = [
{
name: WRAPPED_TABLES,
Expand All @@ -39,6 +40,12 @@ class FeatureManager
description: 'When enabled you can consistently set username across modules, instead of setting SMBUser/FTPUser/BIND_DN/etc',
requires_restart: true,
default_value: true
}.freeze,
{
name: METASPLOIT_PAYLOAD_WARNINGS,
description: 'When enabled Metasploit will output warnings about missing Metasploit payloads, for instance if they were removed by antivirus etc',
requires_restart: true,
default_value: false
}.freeze
].freeze

Expand Down
2 changes: 1 addition & 1 deletion lib/msf/core/payload/java.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ def generate_jar(opts={})
jar = Rex::Zip::Jar.new
jar.add_sub("metasploit") if opts[:random]
jar.add_file("metasploit.dat", stager_config(opts))
jar.add_files(paths, MetasploitPayloads.path('java'))
jar.add_files(paths, ::MetasploitPayloads.path('java'))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For context: Without this change, the tests were failing with:

2) modules/payloads java/shell_reverse_tcp it should behave like payload cached size is consistent java/shell_reverse_tcp has a valid cached_size
     Failure/Error: generate_jar(opts).pack

     NameError:
       uninitialized constant Msf::Modules::Payload__Singles__Java__Shell_reverse_tcp::MetasploitModule::MetasploitPayloads
     Shared Example Group: "payload cached size is consistent" called from ./spec/modules/payloads_spec.rb:1555
     # ./modules/payloads/singles/java/shell_reverse_tcp.rb:39:in `block in generate_jar'
     # ./modules/payloads/singles/java/shell_reverse_tcp.rb:32:in `each'
     # ./modules/payloads/singles/java/shell_reverse_tcp.rb:32:in `generate_jar'
     # ./lib/msf/core/payload/java.rb:35:in `generate'

jar.build_manifest(:main_class => main_class)

jar
Expand Down
9 changes: 4 additions & 5 deletions lib/msf/core/payload/stager.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,15 +188,14 @@ def handle_connection(conn, opts={})
end
end

p = generate_stage(opts)

# Encode the stage if stage encoding is enabled
# Generate and encode the stage if stage encoding is enabled
begin
p = generate_stage(opts)
p = encode_stage(p)
rescue ::RuntimeError
rescue ::RuntimeError, ::StandardError => e
warning_msg = "Failed to stage"
warning_msg << " (#{conn.peerhost})" if conn.respond_to? :peerhost
warning_msg << ": #{$!}"
warning_msg << ": #{e}"
print_warning warning_msg
if conn.respond_to? :close && !conn.closed?
conn.close
Expand Down
14 changes: 13 additions & 1 deletion lib/msf/ui/console/driver.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -364,7 +364,19 @@ def on_startup(opts = {})

run_single("banner") unless opts['DisableBanner']

av_warning_message if framework.eicar_corrupted?
payloads_manifest_errors = framework.features.enabled?(::Msf::FeatureManager::METASPLOIT_PAYLOAD_WARNINGS) ? ::MetasploitPayloads.manifest_errors : []

av_warning_message if (framework.eicar_corrupted? || payloads_manifest_errors.any?)

if framework.features.enabled?(::Msf::FeatureManager::METASPLOIT_PAYLOAD_WARNINGS)
if payloads_manifest_errors.any?
warn_msg = "Metasploit Payloads manifest errors:\n"
payloads_manifest_errors.each do |file|
warn_msg << "\t#{file[:path]} : #{file[:error]}\n"
end
$stderr.print(warn_msg)
end
end

opts["Plugins"].each do |plug|
run_single("load '#{plug}'")
Expand Down
7 changes: 6 additions & 1 deletion lib/rex/post/meterpreter/client_core.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -363,7 +363,12 @@ def use(mod, opts = { })
# Get us to the installation root and then into data/meterpreter, where
# the file is expected to be
modname = "ext_server_#{mod.downcase}"
path = MetasploitPayloads.meterpreter_path(modname, suffix, debug: client.debug_build)
begin
path = MetasploitPayloads.meterpreter_path(modname, suffix, debug: client.debug_build)
rescue ::StandardError => e
elog(e)
path = nil
end
Comment on lines +366 to +371
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without this change, some tests were failing with:

1.31) Failure/Error: expect(test_result).to include(acceptable_failure.value)

             expected "[-] Post failed: MetasploitPayloads::NotFoundError Meterpreter path D:/a/metasploit-framework/metasp...work/metasploit-framework/lib/msf/core/post.rb:28:in `setup'\r\n[*] Post module execution completed" to include "[-] [should raise a runtime exception if services doesnt exist] FAILED: should raise a runtime exception if services doesnt exist"
             Diff:
             @@ -1,11 +1,21 @@
             -[-] [should raise a runtime exception if services doesnt exist] FAILED: should raise a runtime exception if services doesnt exist
             +[-] Post failed: MetasploitPayloads::NotFoundError Meterpreter path D:/a/metasploit-framework/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-payloads-2.0.154/data/meterpreter/ext_server_extapi.jar not found. Ensure antivirus is not enabled, or reinstall Metasploit.
             +[-] Call stack:
             +[-]   D:/a/metasploit-framework/metasploit-framework/vendor/bundle/ruby/3.0.0/gems/metasploit-payloads-2.0.154/lib/metasploit-payloads.rb:112:in `meterpreter_path'
             +[-]   D:/a/metasploit-framework/metasploit-framework/lib/rex/post/meterpreter/client_core.rb:366:in `use'
             +[-]   D:/a/metasploit-framework/metasploit-framework/lib/msf/core/post_mixin.rb:321:in `block in meterpreter_session_incompatibility_reasons'
             +[-]   D:/a/metasploit-framework/metasploit-framework/lib/msf/core/post_mixin.rb:316:in `each'
             +[-]   D:/a/metasploit-framework/metasploit-framework/lib/msf/core/post_mixin.rb:316:in `meterpreter_session_incompatibility_reasons'
             +[-]   D:/a/metasploit-framework/metasploit-framework/lib/msf/core/post_mixin.rb:226:in `session_incompatibility_reasons'
             +[-]   D:/a/metasploit-framework/metasploit-framework/lib/msf/core/post_mixin.rb:58:in `setup'
             +[-]   D:/a/metasploit-framework/metasploit-framework/lib/msf/core/post.rb:28:in `setup'
             +[*] Post module execution completed
           # ./spec/acceptance/meterpreter_spec.rb:426:in `block (11 levels) in <top (required)>'
           # ./spec/acceptance/meterpreter_spec.rb:422:in `each'
           # ./spec/acceptance/meterpreter_spec.rb:422:in `block (10 levels) in <top (required)>'


if opts['ExtensionPath']
path = ::File.expand_path(opts['ExtensionPath'])
Expand Down
2 changes: 1 addition & 1 deletion metasploit-framework.gemspec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ Gem::Specification.new do |spec|
# are needed when there's no database
spec.add_runtime_dependency 'metasploit-model'
# Needed for Meterpreter
spec.add_runtime_dependency 'metasploit-payloads', '2.0.148'
spec.add_runtime_dependency 'metasploit-payloads', '2.0.154'
# Needed for the next-generation POSIX Meterpreter
spec.add_runtime_dependency 'metasploit_payloads-mettle', '1.0.26'
# Needed by msfgui and other rpc components
Expand Down
2 changes: 1 addition & 1 deletion modules/payloads/singles/java/shell_reverse_tcp.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

module MetasploitModule

CachedSize = 7503
CachedSize = 7497

include Msf::Payload::Single
include Msf::Payload::Java
Expand Down
2 changes: 1 addition & 1 deletion modules/payloads/stagers/java/bind_tcp.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

module MetasploitModule

CachedSize = 5262
CachedSize = 5256

include Msf::Payload::Stager
include Msf::Payload::Java
Expand Down
2 changes: 1 addition & 1 deletion modules/payloads/stagers/java/reverse_tcp.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@

module MetasploitModule

CachedSize = 5262
CachedSize = 5256

include Msf::Payload::Stager
include Msf::Payload::Java
Expand Down
2 changes: 1 addition & 1 deletion scripts/resource/meterpreter_compatibility.rc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ framework.sessions.values.map do |session|
puts "[#{Time.now}][#{extension_name}] Starting to loading extension"
session.core.use(extension_name)
puts "[#{Time.now}][#{extension_name}] Loaded extension"
rescue ::RuntimeError
rescue ::RuntimeError, ::MetasploitPayloads::Error
puts "[#{Time.now}][#{extension_name}] Failed loading"
# noop
end
Expand Down
2 changes: 1 addition & 1 deletion test/modules/post/test/extapi.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ def setup
vprint_status("Loading extapi extension...")
begin
session.core.use("extapi")
rescue Errno::ENOENT, Rex::Post::Meterpreter::ExtensionLoadError
rescue Errno::ENOENT, Rex::Post::Meterpreter::ExtensionLoadError, ::MetasploitPayloads::Error
print_status("This module is only available in a windows meterpreter session.")
return
end
Expand Down