infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix nil bug in loot -a and nix hostless loot 

Apparently you can't actually store hostless loot.
bug/bundler_fix
William Vu 2017-09-29 16:16:16 -05:00
parent e0fee9e317
commit 0723477b49
2 changed files with 32 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
lib/msf/ui/console/command_dispatcher/db.rb
View File

@ -479,7 +479,7 @@ class Db
'SortIndex' => order_by
})
# Sentinal value meaning all
# Sentinel value meaning all
host_ranges.push(nil) if host_ranges.empty?
case
@ -717,7 +717,7 @@ class Db
'SortIndex' => order_by
})
# Sentinal value meaning all
# Sentinel value meaning all
host_ranges.push(nil) if host_ranges.empty?
ports = nil if ports.empty?
@ -1115,7 +1115,7 @@ class Db
def cmd_loot_help
print_line "Usage: loot <options>"
print_line " Info: loot [-h] [addr1 addr2 ...] [-t <type1,type2>]"
print_line " Add: loot -f [fname] -i [info] -a [addr1 addr2 ...] [-t [type]"
print_line " Add: loot -f [fname] -i [info] -a [addr1 addr2 ...] -t [type]"
print_line " Del: loot -d [addr1 addr2 ...]"
print_line
print_line " -a,--add Add loot to the list of addresses, instead of listing"
@ -1187,34 +1187,38 @@ class Db
'Columns' => [ 'host', 'service', 'type', 'name', 'content', 'info', 'path' ],
})
# Sentinal value meaning all
# Sentinel value meaning all
host_ranges.push(nil) if host_ranges.empty?
if mode == :add
if info.nil?
print_error("Info required")
return
end
if filename.nil?
print_error("Loot file required")
return
end
if types.nil? or types.size != 1
print_error("Exactly one loot type is required")
return
end
type = types.first
name = File.basename(filename)
host_ranges.each do |range|
range.each do |host|
file = File.open(filename, "rb")
contents = file.read
lootfile = framework.db.find_or_create_loot(:type => type, :host => host, :info => info, :data => contents, :path => filename, :name => name)
print_status("Added loot for #{host} (#{lootfile})")
if mode == :add
if host_ranges.compact.empty?
print_error('Address list required')
return
end
if info.nil?
print_error("Info required")
return
end
if filename.nil?
print_error("Loot file required")
return
end
if types.nil? or types.size != 1
print_error("Exactly one loot type is required")
return
end
type = types.first
name = File.basename(filename)
file = File.open(filename, "rb")
contents = file.read
host_ranges.each do |range|
range.each do |host|
lootfile = framework.db.find_or_create_loot(:type => type, :host => host, :info => info, :data => contents, :path => filename, :name => name)
print_status("Added loot for #{host} (#{lootfile})")
end
end
return
end
return
end
each_host_range_chunk(host_ranges) do |host_search|
framework.db.hosts(framework.db.workspace, false, host_search).each do |host|
@ -1249,26 +1253,6 @@ class Db
end
end
# Handle hostless loot
if host_ranges.compact.empty? # Wasn't a host search
hostless_loot = framework.db.loots.where(host_id: nil)
hostless_loot.each do |loot|
row = []
row.push("")
row.push("")
row.push(loot.ltype)
row.push(loot.name || "")
row.push(loot.content_type)
row.push(loot.info || "")
row.push(loot.path)
tbl << row
if (mode == :delete)
loot.destroy
delete_count += 1
end
end
end
print_line
print_line(tbl.to_s)
print_status("Deleted #{delete_count} loots") if delete_count > 0

2
spec/lib/msf/ui/console/command_dispatcher/db_spec.rb
View File

@ -148,7 +148,7 @@ RSpec.describe Msf::Ui::Console::CommandDispatcher::Db do
expect(@output).to match_array [
"Usage: loot <options>",
" Info: loot [-h] [addr1 addr2 ...] [-t <type1,type2>]",
" Add: loot -f [fname] -i [info] -a [addr1 addr2 ...] [-t [type]",
" Add: loot -f [fname] -i [info] -a [addr1 addr2 ...] -t [type]",
" Del: loot -d [addr1 addr2 ...]",
" -a,--add Add loot to the list of addresses, instead of listing",
" -d,--delete Delete *all* loot matching host and type",