diff --git a/lib/msf/core/exploit/exe.rb b/lib/msf/core/exploit/exe.rb index 587848b9e0..87f8bc912e 100644 --- a/lib/msf/core/exploit/exe.rb +++ b/lib/msf/core/exploit/exe.rb @@ -68,6 +68,11 @@ module Exploit::EXE end exe = Msf::Util::EXE.to_executable(framework, opts[:arch], opts[:platform], pl, opts) + + unless exe + raise Msf::NoCompatiblePayloadError, "Failed to generate an executable payload due to an invalid platform or arch." + end + exe_post_generation(opts) exe end diff --git a/modules/exploits/freebsd/http/watchguard_cmd_exec.rb b/modules/exploits/freebsd/http/watchguard_cmd_exec.rb index 56553b4540..6a352d7bab 100644 --- a/modules/exploits/freebsd/http/watchguard_cmd_exec.rb +++ b/modules/exploits/freebsd/http/watchguard_cmd_exec.rb @@ -95,10 +95,6 @@ class Metasploit4 < Msf::Exploit::Remote # Generate payload @pl = generate_payload_exe - if @pl.nil? - fail_with(Failure::BadConfig, 'Please select a native bsd payload') - end - # Start the server and use primer to trigger fetching and running of the payload begin Timeout.timeout(datastore['HTTPDELAY']) { super } diff --git a/modules/exploits/freebsd/local/watchguard_fix_corrupt_mail.rb b/modules/exploits/freebsd/local/watchguard_fix_corrupt_mail.rb index 82ae226b16..aa6f165b1b 100644 --- a/modules/exploits/freebsd/local/watchguard_fix_corrupt_mail.rb +++ b/modules/exploits/freebsd/local/watchguard_fix_corrupt_mail.rb @@ -48,9 +48,6 @@ class Metasploit4 < Msf::Exploit::Local def setup @pl = generate_payload_exe - if @pl.nil? - fail_with(Failure::BadConfig, 'Please select a native bsd payload') - end super end diff --git a/modules/exploits/linux/antivirus/escan_password_exec.rb b/modules/exploits/linux/antivirus/escan_password_exec.rb index 38ad269906..d6236e994b 100644 --- a/modules/exploits/linux/antivirus/escan_password_exec.rb +++ b/modules/exploits/linux/antivirus/escan_password_exec.rb @@ -113,9 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote def exploit @pl = generate_payload_exe - if @pl.blank? - fail_with(Failure::BadConfig, "#{peer} - Failed to generate the ELF, select a native payload") - end + @payload_url = "" if datastore['EXTURL'].blank? diff --git a/modules/exploits/linux/http/efw_chpasswd_exec.rb b/modules/exploits/linux/http/efw_chpasswd_exec.rb index 75b9f35be6..dc3a532f2f 100644 --- a/modules/exploits/linux/http/efw_chpasswd_exec.rb +++ b/modules/exploits/linux/http/efw_chpasswd_exec.rb @@ -111,14 +111,6 @@ class Metasploit4 < Msf::Exploit::Remote end def exploit - # Cannot use generic/shell_reverse_tcp inside an elf - # Checking before proceeds - if generate_payload_exe.blank? - fail_with(Failure::BadConfig, - "#{peer} - Failed to store payload inside executable, " + - "please select a native payload") - end - execute_cmdstager(:linemax => 200, :nodelete => true) end diff --git a/modules/exploits/linux/http/multi_ncc_ping_exec.rb b/modules/exploits/linux/http/multi_ncc_ping_exec.rb index ebe48adcb0..67a93ba046 100644 --- a/modules/exploits/linux/http/multi_ncc_ping_exec.rb +++ b/modules/exploits/linux/http/multi_ncc_ping_exec.rb @@ -123,10 +123,6 @@ class Metasploit3 < Msf::Exploit::Remote @payload_url = '' @dropped_elf = rand_text_alpha(rand(5) + 3) - if @pl.blank? - fail_with(Failure::BadConfig, "#{peer} - Failed to generate the ELF, select a native payload") - end - if datastore['EXTURL'].blank? begin Timeout.timeout(datastore['HTTPDELAY']) { super } diff --git a/modules/exploits/linux/local/desktop_privilege_escalation.rb b/modules/exploits/linux/local/desktop_privilege_escalation.rb index 356a82aa50..f325ba29ea 100644 --- a/modules/exploits/linux/local/desktop_privilege_escalation.rb +++ b/modules/exploits/linux/local/desktop_privilege_escalation.rb @@ -83,9 +83,6 @@ class Metasploit4 < Msf::Exploit::Local # Cannot use generic/shell_reverse_tcp inside an elf # Checking before proceeds pl = generate_payload_exe - if pl.blank? - fail_with(Failure::BadConfig, "#{rhost}:#{rport} - Failed to store payload inside executable, please select a native payload") - end exe_file = "#{datastore['WritableDir']}/#{rand_text_alpha(3 + rand(5))}.elf" diff --git a/modules/exploits/multi/browser/java_atomicreferencearray.rb b/modules/exploits/multi/browser/java_atomicreferencearray.rb index 5a214fe259..aedfed2fd1 100644 --- a/modules/exploits/multi/browser/java_atomicreferencearray.rb +++ b/modules/exploits/multi/browser/java_atomicreferencearray.rb @@ -138,13 +138,8 @@ class Metasploit3 < Msf::Exploit::Remote # NOTE: The EXE mixin automagically handles detection of arch/platform data = generate_payload_exe - if data - print_status("Generated executable to drop (#{data.length} bytes)." ) - data = Rex::Text.to_hex( data, prefix="" ) - else - print_error("Failed to generate the executable." ) - return - end + print_status("Generated executable to drop (#{data.length} bytes)." ) + data = Rex::Text.to_hex( data, prefix="" ) end diff --git a/modules/exploits/multi/browser/java_calendar_deserialize.rb b/modules/exploits/multi/browser/java_calendar_deserialize.rb index f265de507b..fce4771cb8 100644 --- a/modules/exploits/multi/browser/java_calendar_deserialize.rb +++ b/modules/exploits/multi/browser/java_calendar_deserialize.rb @@ -133,13 +133,8 @@ class Metasploit3 < Msf::Exploit::Remote # NOTE: The EXE mixin automagically handles detection of arch/platform data = generate_payload_exe - if data - print_status( "Generated executable to drop (#{data.length} bytes)." ) - data = Rex::Text.to_hex( data, prefix="" ) - else - print_error( "Failed to generate the executable." ) - return - end + print_status( "Generated executable to drop (#{data.length} bytes)." ) + data = Rex::Text.to_hex( data, prefix="" ) end diff --git a/modules/exploits/multi/browser/java_verifier_field_access.rb b/modules/exploits/multi/browser/java_verifier_field_access.rb index 69ec049d09..dbe08a3035 100644 --- a/modules/exploits/multi/browser/java_verifier_field_access.rb +++ b/modules/exploits/multi/browser/java_verifier_field_access.rb @@ -137,13 +137,8 @@ class Metasploit3 < Msf::Exploit::Remote # NOTE: The EXE mixin automagically handles detection of arch/platform data = generate_payload_exe - if data - print_status("Generated executable to drop (#{data.length} bytes)." ) - data = Rex::Text.to_hex( data, prefix="" ) - else - print_error("Failed to generate the executable." ) - return - end + print_status("Generated executable to drop (#{data.length} bytes)." ) + data = Rex::Text.to_hex( data, prefix="" ) end diff --git a/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb b/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb index 65f3844fb8..171b689dbb 100644 --- a/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb +++ b/modules/exploits/multi/ftp/pureftpd_bash_env_exec.rb @@ -99,12 +99,6 @@ class Metasploit4 < Msf::Exploit::Remote end def exploit - # Cannot use generic/shell_reverse_tcp inside an elf - # Checking before proceeds - if generate_payload_exe.blank? - fail_with(Failure::BadConfig, "#{rhost}:#{rport} - Failed to store payload inside executable, please select a native payload") - end - execute_cmdstager(linemax: 500) handler end diff --git a/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb b/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb index dd6f99e68a..d5bd15e7ba 100644 --- a/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb +++ b/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb @@ -99,12 +99,6 @@ class Metasploit4 < Msf::Exploit::Remote end def exploit - # Cannot use generic/shell_reverse_tcp inside an elf - # Checking before proceeds - if generate_payload_exe.blank? - fail_with(Failure::BadConfig, "#{peer} - Failed to store payload inside executable, please select a native payload") - end - execute_cmdstager(:linemax => datastore['CMD_MAX_LENGTH'], :nodelete => true) # A last chance after the cmdstager diff --git a/modules/exploits/multi/http/struts_code_exec_parameters.rb b/modules/exploits/multi/http/struts_code_exec_parameters.rb index b6d7680f76..bf8bbb31b9 100644 --- a/modules/exploits/multi/http/struts_code_exec_parameters.rb +++ b/modules/exploits/multi/http/struts_code_exec_parameters.rb @@ -120,9 +120,7 @@ class Metasploit3 < Msf::Exploit::Remote #Set up generic values. payload_exe = rand_text_alphanumeric(4 + rand(4)) pl_exe = generate_payload_exe - if pl_exe.nil? - fail_with(Failure::BadConfig, "#{peer} - Failed to generate an EXE payload, please select a correct payload") - end + append = false #Now arch specific... case target['Platform'] diff --git a/modules/exploits/unix/http/vmturbo_vmtadmin_exec_noauth.rb b/modules/exploits/unix/http/vmturbo_vmtadmin_exec_noauth.rb index c1e9a4f40a..4fdbb98670 100644 --- a/modules/exploits/unix/http/vmturbo_vmtadmin_exec_noauth.rb +++ b/modules/exploits/unix/http/vmturbo_vmtadmin_exec_noauth.rb @@ -129,16 +129,6 @@ class Metasploit3 < Msf::Exploit::Remote vprint_status("Sent command #{cmd}") end - # - # generate_payload_exe doesn't respect module's platform unless it's Windows, or the user - # manually sets one. This method is a temp work-around. - # - def check_generate_payload_exe - if generate_payload_exe.nil? - fail_with(Failure::BadConfig, "#{peer} - Failed to generate the ELF. Please manually set a payload.") - end - end - def exploit # Handle single command shot @@ -154,8 +144,6 @@ class Metasploit3 < Msf::Exploit::Remote return end - check_generate_payload_exe - # Handle payload upload using CmdStager mixin execute_cmdstager({:flavor => :printf}) end diff --git a/modules/exploits/windows/smb/psexec.rb b/modules/exploits/windows/smb/psexec.rb index 30c6b3677a..ab1fd8008e 100644 --- a/modules/exploits/windows/smb/psexec.rb +++ b/modules/exploits/windows/smb/psexec.rb @@ -203,10 +203,13 @@ class Metasploit3 < Msf::Exploit::Remote end exe = '' opts = { :servicename => servicename } - exe = generate_payload_exe_service(opts) + begin + exe = generate_payload_exe_service(opts) - fd << exe - fd.close + fd << exe + ensure + fd.close + end if subfolder print_status("Created \\#{fileprefix}\\#{filename}...") diff --git a/modules/exploits/windows/smb/smb_relay.rb b/modules/exploits/windows/smb/smb_relay.rb index 25d5394945..869aa183ff 100644 --- a/modules/exploits/windows/smb/smb_relay.rb +++ b/modules/exploits/windows/smb/smb_relay.rb @@ -140,18 +140,21 @@ class Metasploit3 < Msf::Exploit::Remote fd = rclient.open("\\#{filename}", 'rwct') - exe = '' - opts = { - :servicename => servicename, - :code => code.encoded - } - if (datastore['PAYLOAD'].include? 'x64') - opts.merge!({ :arch => ARCH_X64 }) - end - exe = generate_payload_exe_service(opts) + begin + exe = '' + opts = { + :servicename => servicename, + :code => code.encoded + } + if (datastore['PAYLOAD'].include? 'x64') + opts.merge!({ :arch => ARCH_X64 }) + end + exe = generate_payload_exe_service(opts) - fd << exe - fd.close + fd << exe + ensure + fd.close if fd + end print_status("Created \\#{filename}...")