From 583fccdbc8243ebf82db6abf1874d63ad66931b4 Mon Sep 17 00:00:00 2001
From: wchen-r7 <wei_chen@rapid7.com>
Date: Wed, 27 May 2015 18:28:08 -0500
Subject: [PATCH 1/4] Resolve #5404, Check payload compatibility when using set
 payload

Resolve #5404. This patch will check payload compatibility when
you are using set payload in msfconsole.
---
 lib/msf/ui/console/driver.rb | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/msf/ui/console/driver.rb b/lib/msf/ui/console/driver.rb
index 922d3c384c..de7dd7f2e7 100644
--- a/lib/msf/ui/console/driver.rb
+++ b/lib/msf/ui/console/driver.rb
@@ -571,6 +571,8 @@ class Driver < Msf::Ui::Driver
 
         if (framework and framework.payloads.valid?(val) == false)
           return false
+        elsif active_module.type == 'exploit' && !is_payload_compatible?(active_module, val)
+          return false
         elsif (active_module)
           active_module.datastore.clear_non_user_defined
         elsif (framework)
@@ -589,6 +591,15 @@ class Driver < Msf::Ui::Driver
     end
   end
 
+
+  def is_payload_compatible?(m, payload_name)
+    m.compatible_payloads.each do |k|
+      return true if k[0] == payload_name
+    end
+
+    false
+  end
+
   #
   # Called when a variable is unset.  If this routine returns false it is an
   # indication that the variable should not be allowed to be unset.

From b33ace2f44146bce62f60cce62f9928cae479e28 Mon Sep 17 00:00:00 2001
From: wchen-r7 <wei_chen@rapid7.com>
Date: Fri, 29 May 2015 15:07:59 -0500
Subject: [PATCH 2/4] Put is_payload_compatible? in exploit.rb

---
 lib/msf/core/exploit.rb      | 33 +++++++++++++++++++++++++++++++++
 lib/msf/ui/console/driver.rb | 11 +----------
 2 files changed, 34 insertions(+), 10 deletions(-)

diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb
index 028c792fe8..6740bf339d 100644
--- a/lib/msf/core/exploit.rb
+++ b/lib/msf/core/exploit.rb
@@ -698,6 +698,39 @@ class Exploit < Msf::Module
     (target and target.arch) ? target.arch : (arch == []) ? nil : arch
   end
 
+  def is_payload_compatible?(payload_name)
+    c_platform = (target and target.platform) ? target.platform : platform
+    c_arch     = (target and target.arch)     ? target.arch     : (arch == []) ? nil : arch
+    c_arch   ||= [ ARCH_X86 ]
+
+    framework.payloads.each_module(
+      'Platform' => c_platform,
+      'Arch'     => c_arch ) { |name, mod|
+
+      # Skip over payloads that are too big
+      if ((payload_space) and
+          (framework.payloads.sizes[name]) and
+          (framework.payloads.sizes[name] > payload_space))
+        dlog("#{refname}: Skipping payload #{name} for being too large", 'core',
+          LEV_1)
+        next
+      end
+
+      # Are we compatible in terms of conventions and connections and
+      # what not?
+      next if (compatible?(framework.payloads.instance(name)) == false)
+
+      # If the payload is privileged but the exploit does not give
+      # privileged access, then fail it.
+      next if (self.privileged == false and framework.payloads.instance(name).privileged == true)
+
+      # This one be compatible!
+      return true if payload_name == name
+    }
+
+    false
+  end
+
   #
   # Returns a list of compatible payloads based on platform, architecture,
   # and size requirements.
diff --git a/lib/msf/ui/console/driver.rb b/lib/msf/ui/console/driver.rb
index de7dd7f2e7..8d1729f7f7 100644
--- a/lib/msf/ui/console/driver.rb
+++ b/lib/msf/ui/console/driver.rb
@@ -571,7 +571,7 @@ class Driver < Msf::Ui::Driver
 
         if (framework and framework.payloads.valid?(val) == false)
           return false
-        elsif active_module.type == 'exploit' && !is_payload_compatible?(active_module, val)
+        elsif active_module.type == 'exploit' && !active_module.is_payload_compatible?(val)
           return false
         elsif (active_module)
           active_module.datastore.clear_non_user_defined
@@ -591,15 +591,6 @@ class Driver < Msf::Ui::Driver
     end
   end
 
-
-  def is_payload_compatible?(m, payload_name)
-    m.compatible_payloads.each do |k|
-      return true if k[0] == payload_name
-    end
-
-    false
-  end
-
   #
   # Called when a variable is unset.  If this routine returns false it is an
   # indication that the variable should not be allowed to be unset.

From defda01d87f6064413c802a69f12438ad285b9c6 Mon Sep 17 00:00:00 2001
From: wchen-r7 <wei_chen@rapid7.com>
Date: Fri, 29 May 2015 15:09:29 -0500
Subject: [PATCH 3/4] Some doc

---
 lib/msf/core/exploit.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb
index 6740bf339d..8d4f02fdc3 100644
--- a/lib/msf/core/exploit.rb
+++ b/lib/msf/core/exploit.rb
@@ -698,6 +698,14 @@ class Exploit < Msf::Module
     (target and target.arch) ? target.arch : (arch == []) ? nil : arch
   end
 
+
+  #
+  # Returns whether the requested payload is compatible with the module.
+  #
+  # @param [String] payload_name The payload name
+  # @return [TrueClass] Payload is compatible.
+  # @return [FalseClass] Payload is not compatible.
+  #
   def is_payload_compatible?(payload_name)
     c_platform = (target and target.platform) ? target.platform : platform
     c_arch     = (target and target.arch)     ? target.arch     : (arch == []) ? nil : arch

From af326a4f88ad07164f113b5d3635e2f540476293 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Fri, 29 May 2015 16:55:19 -0500
Subject: [PATCH 4/4] Use compatible_payloads instead of copy and paste

---
 lib/msf/core/exploit.rb | 31 ++-----------------------------
 1 file changed, 2 insertions(+), 29 deletions(-)

diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb
index 8d4f02fdc3..2e16e5a978 100644
--- a/lib/msf/core/exploit.rb
+++ b/lib/msf/core/exploit.rb
@@ -707,36 +707,9 @@ class Exploit < Msf::Module
   # @return [FalseClass] Payload is not compatible.
   #
   def is_payload_compatible?(payload_name)
-    c_platform = (target and target.platform) ? target.platform : platform
-    c_arch     = (target and target.arch)     ? target.arch     : (arch == []) ? nil : arch
-    c_arch   ||= [ ARCH_X86 ]
+    payload_names = compatible_payloads.collect { |entry| entry[0] }
 
-    framework.payloads.each_module(
-      'Platform' => c_platform,
-      'Arch'     => c_arch ) { |name, mod|
-
-      # Skip over payloads that are too big
-      if ((payload_space) and
-          (framework.payloads.sizes[name]) and
-          (framework.payloads.sizes[name] > payload_space))
-        dlog("#{refname}: Skipping payload #{name} for being too large", 'core',
-          LEV_1)
-        next
-      end
-
-      # Are we compatible in terms of conventions and connections and
-      # what not?
-      next if (compatible?(framework.payloads.instance(name)) == false)
-
-      # If the payload is privileged but the exploit does not give
-      # privileged access, then fail it.
-      next if (self.privileged == false and framework.payloads.instance(name).privileged == true)
-
-      # This one be compatible!
-      return true if payload_name == name
-    }
-
-    false
+    payload_names.include?(payload_name)
   end
 
   #