Update use of reliability/side-effects/stability metadata

2018-09-26 18:54:08 -05:00 · 2018-09-26 18:54:08 -05:00 · 583874d370
parent 04ff0931d7
commit 583874d370
8 changed files with 30 additions and 14 deletions
--- a/lib/msf/core/constants.rb
+++ b/lib/msf/core/constants.rb
@ -87,10 +87,10 @@ SCREEN_EFFECTS         = 'screen-effects'
 # Reliability
 #

-# The module is expected to work at first attempt
-FIRST_ATTEMPT_SUCCESS = 'first-attempt-success'
+# The module is may fail at first attempt
+FIRST_ATTEMPT_FAIL = 'first-attempt-fail'
 # The module is expected to get a shell every time it fires
-REPEATABLE            = 'repeatable'
+REPEATABLE_SESSION = 'repeatable-session'

 module HttpClients
  IE = "MSIE"
--- a/lib/msf/core/module/reliability.rb
+++ b/lib/msf/core/module/reliability.rb
@ -11,4 +11,8 @@ module Msf::Module::Reliability
  def reliability
    self.class.reliability
  end
+
+  def reliability_to_s
+    reliability * ', '
+  end
 end
--- a/lib/msf/core/module/side_effects.rb
+++ b/lib/msf/core/module/side_effects.rb
@ -12,4 +12,8 @@ module Msf::Module::SideEffects
    self.class.side_effects
  end

+  def side_effects_to_s
+    side_effects * ', '
+  end
+
 end
--- a/lib/msf/core/module/stability.rb
+++ b/lib/msf/core/module/stability.rb
@ -12,4 +12,8 @@ module Msf::Module::Stability
    self.class.stability
  end

+  def stability_to_s
+    stability * ', '
+  end
+
 end
--- a/lib/msf/core/modules/metadata/obj.rb
+++ b/lib/msf/core/modules/metadata/obj.rb
@ -51,12 +51,6 @@ class Obj
  attr_reader :default_credential
  # @return [Hash]
  attr_reader :notes
-  # @return [Hash]
-  attr_reader :side_effects
-  # @return [Hash]
-  attr_reader :stability
-  # @return [Hash]
-  attr_reader :reliability

  def initialize(module_instance, obj_hash = nil)
    unless obj_hash.nil?
@ -102,6 +96,11 @@ class Obj

    @notes = module_instance.notes

+    if @name =~ /ms08_059_his2006/
+      require 'pry'
+      pry.binding
+    end
+
    # Due to potentially non-standard ASCII we force UTF-8 to ensure no problem with JSON serialization
    force_encoding(Encoding::UTF_8)
  end
--- a/modules/auxiliary/admin/ms/ms08_059_his2006.rb
+++ b/modules/auxiliary/admin/ms/ms08_059_his2006.rb
@ -25,11 +25,6 @@ class MetasploitModule < Msf::Auxiliary
          [ 'OSVDB', '49068' ],
          [ 'URL', 'http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745' ],
        ],
-      'Notes'          =>
-        {
-          'Reliability' => [ FIRST_ATTEMPT_SUCCESS, REPEATABLE],
-          'SideEffects' => [ FILE_ON_DISK, TRACES_IN_LOGS]
-        },
      'DisclosureDate' => 'Oct 14 2008'))

      register_options(
--- a/modules/auxiliary/gather/pimcore_creds_sqli.rb
+++ b/modules/auxiliary/gather/pimcore_creds_sqli.rb
@ -31,6 +31,10 @@ class MetasploitModule < Msf::Auxiliary
                            [ 'CVE', '2018-14058' ],
                            [ 'EDB', '45208' ]
                          ],
+      'Notes'          =>
+        {
+          'SideEffects' => [ MALICIOUS_INPUT_IN_LOG ]
+        },
      'DisclosureDate' => 'Aug 13, 2018'
    ))

--- a/modules/exploits/windows/local/alpc_taskscheduler.rb
+++ b/modules/exploits/windows/local/alpc_taskscheduler.rb
@ -52,6 +52,12 @@ class MetasploitModule < Msf::Exploit::Local
          ['CVE', '2018-8440'],
          ['URL', 'https://github.com/SandboxEscaper/randomrepo/'],
        ],
+      'Notes'          =>
+        {
+          # It overwrites PrintConfig.dll, which makes it unusable.
+          'Stability'   => [ OS_RESOURCE_LOSS ],
+          'Reliability' => [ REPEATABLE_SESSION ]
+        },
      'DisclosureDate' => 'Aug 27 2018',
      'DefaultTarget'  => 0,
    ))