From 05c6079e0d3c10a1b2a298a294df2d9276852f4d Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 20 Dec 2017 06:15:09 -0600 Subject: [PATCH 1/5] remove unused 'active_resource' accessor --- lib/msf/ui/console/driver.rb | 8 -------- 1 file changed, 8 deletions(-) diff --git a/lib/msf/ui/console/driver.rb b/lib/msf/ui/console/driver.rb index fd53c3278b..46c5caad95 100644 --- a/lib/msf/ui/console/driver.rb +++ b/lib/msf/ui/console/driver.rb @@ -313,8 +313,6 @@ class Driver < Msf::Ui::Driver return end - self.active_resource = resource_file - # Process ERB directives first print_status "Processing #{path} for ERB directives." erb = ERB.new(resource_file) @@ -362,8 +360,6 @@ class Driver < Msf::Ui::Driver run_single(line) end end - - self.active_resource = nil end # @@ -507,10 +503,6 @@ class Driver < Msf::Ui::Driver # The active session associated with the driver. # attr_accessor :active_session - # - # The active resource file being processed by the driver - # - attr_accessor :active_resource def stop framework.events.on_ui_stop() From 5ecc45a0d18f7c2fdb6798c95e6f72c9be88f380 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 20 Dec 2017 06:42:50 -0600 Subject: [PATCH 2/5] nicely handle exceptions when processing scripts, tell the user about them Let's help the user by saying what's going on. --- lib/msf/base/sessions/scriptable.rb | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/msf/base/sessions/scriptable.rb b/lib/msf/base/sessions/scriptable.rb index 87a44c031f..7c0b1e3798 100644 --- a/lib/msf/base/sessions/scriptable.rb +++ b/lib/msf/base/sessions/scriptable.rb @@ -164,13 +164,17 @@ module Scriptable else full_path = self.class.find_script_path(script_name) - # No path found? Weak. if full_path.nil? print_error("The specified script could not be found: #{script_name}") - return true + return + end + + begin + execute_file(full_path, args) + framework.events.on_session_script_run(self, full_path) + rescue StandardError => e + print_error("Could not execute #{script_name}: #{e.class} #{e}") end - framework.events.on_session_script_run(self, full_path) - execute_file(full_path, args) end end From 2629ec6bdbdc6d5853827fcfdade0bac1ce4143e Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 20 Dec 2017 06:43:20 -0600 Subject: [PATCH 3/5] infer whether the user supplied a Meterpreter or resource script --- lib/msf/base/sessions/meterpreter.rb | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/lib/msf/base/sessions/meterpreter.rb b/lib/msf/base/sessions/meterpreter.rb index f75c9e8d53..85aa3a4d8e 100644 --- a/lib/msf/base/sessions/meterpreter.rb +++ b/lib/msf/base/sessions/meterpreter.rb @@ -302,11 +302,18 @@ class Meterpreter < Rex::Post::Meterpreter::Client ## # :category: Msf::Session::Scriptable implementors # - # Runs the meterpreter script in the context of a script container + # Runs the Meterpreter script or resource file # def execute_file(full_path, args) - o = Rex::Script::Meterpreter.new(self, full_path) - o.run(args) + # Infer a Meterpreter script by it either having the .rb extension, or it + # containing a reference to the client object. This is for backward + # compatibility, since the API is not explicit to the user whether this + # should be a resource file or a Meterpreter script. + if File.extname(full_path) == ".rb" || File.read(full_path).match?(/\s*client\/./) + Rex::Script::Meterpreter.new(self, full_path).run(args) + else + console.load_resource(full_path) + end end From 0c867d92fd9f55421d2f908bcc975c02e8550257 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 20 Dec 2017 11:46:14 -0600 Subject: [PATCH 4/5] fix incorrect regex --- lib/msf/base/sessions/meterpreter.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msf/base/sessions/meterpreter.rb b/lib/msf/base/sessions/meterpreter.rb index 85aa3a4d8e..6c4e12c488 100644 --- a/lib/msf/base/sessions/meterpreter.rb +++ b/lib/msf/base/sessions/meterpreter.rb @@ -309,7 +309,7 @@ class Meterpreter < Rex::Post::Meterpreter::Client # containing a reference to the client object. This is for backward # compatibility, since the API is not explicit to the user whether this # should be a resource file or a Meterpreter script. - if File.extname(full_path) == ".rb" || File.read(full_path).match?(/\s*client\/./) + if File.extname(full_path) == ".rb" || File.read(full_path).match?(/\s*client\./) Rex::Script::Meterpreter.new(self, full_path).run(args) else console.load_resource(full_path) From 3339c3b74d2091a33f96853621b8b045c1243e56 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Wed, 20 Dec 2017 11:49:42 -0600 Subject: [PATCH 5/5] remove magic, because it causes complications with complex RC scripts --- lib/msf/base/sessions/meterpreter.rb | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/lib/msf/base/sessions/meterpreter.rb b/lib/msf/base/sessions/meterpreter.rb index 6c4e12c488..5368d25003 100644 --- a/lib/msf/base/sessions/meterpreter.rb +++ b/lib/msf/base/sessions/meterpreter.rb @@ -305,11 +305,8 @@ class Meterpreter < Rex::Post::Meterpreter::Client # Runs the Meterpreter script or resource file # def execute_file(full_path, args) - # Infer a Meterpreter script by it either having the .rb extension, or it - # containing a reference to the client object. This is for backward - # compatibility, since the API is not explicit to the user whether this - # should be a resource file or a Meterpreter script. - if File.extname(full_path) == ".rb" || File.read(full_path).match?(/\s*client\./) + # Infer a Meterpreter script by it having an .rb extension + if File.extname(full_path) == ".rb" Rex::Script::Meterpreter.new(self, full_path).run(args) else console.load_resource(full_path)