Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates to the AutoCheck mixin #19140

Closed
wants to merge 3 commits into from
Closed

Updates to the AutoCheck mixin #19140

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a0ecd7d
Updates to the AutoCheck mixin
zeroSteiner Apr 26, 2024
5e160b3
Define and use a default level
zeroSteiner Apr 30, 2024
f1bdc1e
Update auto_check_spec
zeroSteiner Apr 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 44 additions & 13 deletions lib/msf/core/exploit/remote/auto_check.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,34 @@
module Msf
module Exploit::Remote::AutoCheck

AUTO_CHECK_LEVEL_OPTIONAL = 0 # the check itself can be ignored by the user
AUTO_CHECK_LEVEL_BYPASSABLE = 1 # the check must be run but the result can be ignored by the user
AUTO_CHECK_LEVEL_REQUIRED = 2 # nothing can be ignored by the user
AUTO_CHECK_LEVEL_DEFAULT = AUTO_CHECK_LEVEL_OPTIONAL

def self.included(_base)
raise NotImplementedError, "#{name} should not be included, it should be prepended"
end

def initialize(info = {})
super
super(
update_info(
info,
'AutoCheckLevel' => AUTO_CHECK_LEVEL_DEFAULT
)
)


register_advanced_options([
OptBool.new('AutoCheck', [false, 'Run check before exploit', true]),
OptBool.new('ForceExploit', [false, 'Override check result', false])
])
if auto_check_level <= AUTO_CHECK_LEVEL_BYPASSABLE
register_advanced_options([
OptBool.new('ForceExploit', [false, 'Override check result', false])
])
if auto_check_level <= AUTO_CHECK_LEVEL_OPTIONAL
register_advanced_options([
OptBool.new('AutoCheck', [false, 'Run check before exploit', true])
])
end
end
end

def run
Expand All @@ -30,16 +47,21 @@ def exploit

private

def auto_check_level
module_info['AutoCheckLevel'] || AUTO_CHECK_LEVEL_DEFAULT
end

def with_prepended_auto_check
unless datastore['AutoCheck']
if auto_check_level <= AUTO_CHECK_LEVEL_OPTIONAL && !datastore['AutoCheck']
print_warning('AutoCheck is disabled, proceeding with exploitation')
return yield
end

print_status('Running automatic check ("set AutoCheck false" to disable)')

warning_msg = 'ForceExploit is enabled, proceeding with exploitation.'
error_msg = '"set ForceExploit true" to override check result.'
if auto_check_level <= AUTO_CHECK_LEVEL_OPTIONAL
print_status('Running automatic check. Run "set AutoCheck false" to disable.')
else
print_status('Running automatic check.')
end

check_code = check
case check_code
Expand All @@ -57,11 +79,20 @@ def with_prepended_auto_check
failure_type = Module::Failure::Unknown
end

if datastore['ForceExploit']
print_warning("#{check_code.message} #{warning_msg}")
if auto_check_level <= AUTO_CHECK_LEVEL_BYPASSABLE && datastore['ForceExploit']
print_warning("#{check_code.message} ForceExploit is enabled, proceeding with exploitation.")
return yield
end
fail_with(failure_type, "#{check_code.message} #{error_msg}")

if auto_check_level <= AUTO_CHECK_LEVEL_BYPASSABLE
fail_with(failure_type, "#{check_code.message} Run \"set ForceExploit true\" to override check result.")
else
fail_with(failure_type, check_code.message)
end
end

def merge_info_autochecklevel(info, val)
info['AutoCheckLevel'] = val
Comment on lines +94 to +95
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like this method is not used and I cannot find a reference to the info hash.

end

end
Expand Down
1 change: 1 addition & 0 deletions modules/exploits/windows/dcerpc/cve_2021_1675_printnightmare.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ def initialize(info = {})
'SRVHOST' => Rex::Socket.source_address
},
'Stance' => Msf::Exploit::Stance::Aggressive,
'AutoCheckLevel' => AUTO_CHECK_LEVEL_REQUIRED,
'Targets' => [
[
'Windows', {
Expand Down
6 changes: 3 additions & 3 deletions spec/lib/msf/core/exploit/remote/auto_check_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,17 +100,17 @@
it_behaves_like "An AutoCheck module which can be overridden",
method: opts[:method],
check_code: ::Msf::Exploit::CheckCode::Safe,
expected_error: 'The target is not exploitable. "set ForceExploit true" to override check result.'
expected_error: 'The target is not exploitable. Run "set ForceExploit true" to override check result.'

it_behaves_like "An AutoCheck module which can be overridden",
method: opts[:method],
check_code: ::Msf::Exploit::CheckCode::Unsupported,
expected_error: 'This module does not support check. "set ForceExploit true" to override check result.'
expected_error: 'This module does not support check. Run "set ForceExploit true" to override check result.'

it_behaves_like "An AutoCheck module which can be overridden",
method: opts[:method],
check_code: ::Msf::Exploit::CheckCode::Unknown,
expected_error: 'Cannot reliably check exploitability. "set ForceExploit true" to override check result.'
expected_error: 'Cannot reliably check exploitability. Run "set ForceExploit true" to override check result.'
end
end

Expand Down