Raise Msf::NoCompatiblePayloadError if generate_payload_exe fails

Most exploits don't check nil for generate_payload_exe, they just
assume they will always have a payload. If the method returns nil,
it ends up making debugging more difficult. Instead of checking nil
one by one, we just raise.
bug/bundler_fix
wchen-r7 2015-12-08 21:13:23 -06:00
parent 5b27d3a99c
commit 11c1eb6c78
16 changed files with 33 additions and 87 deletions

View File

@ -68,6 +68,11 @@ module Exploit::EXE
end
exe = Msf::Util::EXE.to_executable(framework, opts[:arch], opts[:platform], pl, opts)
unless exe
raise Msf::NoCompatiblePayloadError, "Failed to generate an executable payload due to an invalid platform or arch."
end
exe_post_generation(opts)
exe
end

View File

@ -95,10 +95,6 @@ class Metasploit4 < Msf::Exploit::Remote
# Generate payload
@pl = generate_payload_exe
if @pl.nil?
fail_with(Failure::BadConfig, 'Please select a native bsd payload')
end
# Start the server and use primer to trigger fetching and running of the payload
begin
Timeout.timeout(datastore['HTTPDELAY']) { super }

View File

@ -48,9 +48,6 @@ class Metasploit4 < Msf::Exploit::Local
def setup
@pl = generate_payload_exe
if @pl.nil?
fail_with(Failure::BadConfig, 'Please select a native bsd payload')
end
super
end

View File

@ -113,9 +113,7 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit
@pl = generate_payload_exe
if @pl.blank?
fail_with(Failure::BadConfig, "#{peer} - Failed to generate the ELF, select a native payload")
end
@payload_url = ""
if datastore['EXTURL'].blank?

View File

@ -111,14 +111,6 @@ class Metasploit4 < Msf::Exploit::Remote
end
def exploit
# Cannot use generic/shell_reverse_tcp inside an elf
# Checking before proceeds
if generate_payload_exe.blank?
fail_with(Failure::BadConfig,
"#{peer} - Failed to store payload inside executable, " +
"please select a native payload")
end
execute_cmdstager(:linemax => 200, :nodelete => true)
end

View File

@ -123,10 +123,6 @@ class Metasploit3 < Msf::Exploit::Remote
@payload_url = ''
@dropped_elf = rand_text_alpha(rand(5) + 3)
if @pl.blank?
fail_with(Failure::BadConfig, "#{peer} - Failed to generate the ELF, select a native payload")
end
if datastore['EXTURL'].blank?
begin
Timeout.timeout(datastore['HTTPDELAY']) { super }

View File

@ -83,9 +83,6 @@ class Metasploit4 < Msf::Exploit::Local
# Cannot use generic/shell_reverse_tcp inside an elf
# Checking before proceeds
pl = generate_payload_exe
if pl.blank?
fail_with(Failure::BadConfig, "#{rhost}:#{rport} - Failed to store payload inside executable, please select a native payload")
end
exe_file = "#{datastore['WritableDir']}/#{rand_text_alpha(3 + rand(5))}.elf"

View File

@ -138,13 +138,8 @@ class Metasploit3 < Msf::Exploit::Remote
# NOTE: The EXE mixin automagically handles detection of arch/platform
data = generate_payload_exe
if data
print_status("Generated executable to drop (#{data.length} bytes)." )
data = Rex::Text.to_hex( data, prefix="" )
else
print_error("Failed to generate the executable." )
return
end
end

View File

@ -133,13 +133,8 @@ class Metasploit3 < Msf::Exploit::Remote
# NOTE: The EXE mixin automagically handles detection of arch/platform
data = generate_payload_exe
if data
print_status( "Generated executable to drop (#{data.length} bytes)." )
data = Rex::Text.to_hex( data, prefix="" )
else
print_error( "Failed to generate the executable." )
return
end
end

View File

@ -137,13 +137,8 @@ class Metasploit3 < Msf::Exploit::Remote
# NOTE: The EXE mixin automagically handles detection of arch/platform
data = generate_payload_exe
if data
print_status("Generated executable to drop (#{data.length} bytes)." )
data = Rex::Text.to_hex( data, prefix="" )
else
print_error("Failed to generate the executable." )
return
end
end

View File

@ -99,12 +99,6 @@ class Metasploit4 < Msf::Exploit::Remote
end
def exploit
# Cannot use generic/shell_reverse_tcp inside an elf
# Checking before proceeds
if generate_payload_exe.blank?
fail_with(Failure::BadConfig, "#{rhost}:#{rport} - Failed to store payload inside executable, please select a native payload")
end
execute_cmdstager(linemax: 500)
handler
end

View File

@ -99,12 +99,6 @@ class Metasploit4 < Msf::Exploit::Remote
end
def exploit
# Cannot use generic/shell_reverse_tcp inside an elf
# Checking before proceeds
if generate_payload_exe.blank?
fail_with(Failure::BadConfig, "#{peer} - Failed to store payload inside executable, please select a native payload")
end
execute_cmdstager(:linemax => datastore['CMD_MAX_LENGTH'], :nodelete => true)
# A last chance after the cmdstager

View File

@ -120,9 +120,7 @@ class Metasploit3 < Msf::Exploit::Remote
#Set up generic values.
payload_exe = rand_text_alphanumeric(4 + rand(4))
pl_exe = generate_payload_exe
if pl_exe.nil?
fail_with(Failure::BadConfig, "#{peer} - Failed to generate an EXE payload, please select a correct payload")
end
append = false
#Now arch specific...
case target['Platform']

View File

@ -129,16 +129,6 @@ class Metasploit3 < Msf::Exploit::Remote
vprint_status("Sent command #{cmd}")
end
#
# generate_payload_exe doesn't respect module's platform unless it's Windows, or the user
# manually sets one. This method is a temp work-around.
#
def check_generate_payload_exe
if generate_payload_exe.nil?
fail_with(Failure::BadConfig, "#{peer} - Failed to generate the ELF. Please manually set a payload.")
end
end
def exploit
# Handle single command shot
@ -154,8 +144,6 @@ class Metasploit3 < Msf::Exploit::Remote
return
end
check_generate_payload_exe
# Handle payload upload using CmdStager mixin
execute_cmdstager({:flavor => :printf})
end

View File

@ -203,10 +203,13 @@ class Metasploit3 < Msf::Exploit::Remote
end
exe = ''
opts = { :servicename => servicename }
begin
exe = generate_payload_exe_service(opts)
fd << exe
ensure
fd.close
end
if subfolder
print_status("Created \\#{fileprefix}\\#{filename}...")

View File

@ -140,6 +140,7 @@ class Metasploit3 < Msf::Exploit::Remote
fd = rclient.open("\\#{filename}", 'rwct')
begin
exe = ''
opts = {
:servicename => servicename,
@ -151,7 +152,9 @@ class Metasploit3 < Msf::Exploit::Remote
exe = generate_payload_exe_service(opts)
fd << exe
fd.close
ensure
fd.close if fd
end
print_status("Created \\#{filename}...")