Land #10376, Handle connection errors and fail_with in check

2018-07-26 11:27:02 -05:00 · 2018-07-26 11:27:02 -05:00 · 98528f256d
parent 2833330f21 2dff66aacb
commit 98528f256d
3 changed files with 18 additions and 3 deletions
--- a/lib/msf/core/exploit/http/client.rb
+++ b/lib/msf/core/exploit/http/client.rb
@ -117,6 +117,9 @@ module Exploit::Remote::HttpClient
            fail_with(::Msf::Module::Failure::NotFound, err)
          end
        end
+      elsif info.nil?
+        err = "The target server did not respond to fingerprinting, use 'set FingerprintCheck false' to disable this check."
+        fail_with(::Msf::Module::Failure::Unreachable, err)
      end
    end
  end
@ -730,7 +733,7 @@ module Exploit::Remote::HttpClient
        {
          'uri'     => uri,
          'method'  => method
-        })
+        }) rescue nil
    end

    # Bail if the request did not receive a readable response
--- a/lib/msf/ui/console/module_command_dispatcher.rb
+++ b/lib/msf/ui/console/module_command_dispatcher.rb
@ -139,13 +139,20 @@ module ModuleCommandDispatcher
        last_rhosts_opt = mod.datastore['RHOSTS']
        mod.datastore['RHOSTS'] = ip_range_arg
        begin
-          check_multiple(hosts)
+          if hosts.length > 1
+            check_multiple(hosts)
+          # Short-circuit check_multiple if it's a single host
+          else
+            mod.datastore['RHOST'] = hosts.next_ip
+            check_simple
+          end
        ensure
          # Restore the original rhost if set
          mod.datastore['RHOST'] = last_rhost_opt
          mod.datastore['RHOSTS'] = last_rhosts_opt
          mod.cleanup
        end
+      # XXX: This is basically dead code now that exploits use RHOSTS
      else
        # Check a single rhost
        unless Msf::OptAddress.new('RHOST').valid?(mod.datastore['RHOST'])
@ -243,6 +250,11 @@ module ModuleCommandDispatcher
      end
    rescue ::Rex::ConnectionError, ::Rex::ConnectionProxyError, ::Errno::ECONNRESET, ::Errno::EINTR, ::Rex::TimeoutError, ::Timeout::Error => e
      # Connection issues while running check should be handled by the module
+      print_error("Check failed: #{e.class} #{e}")
+      elog("#{e.message}\n#{e.backtrace.join("\n")}")
+    rescue ::Msf::Exploit::Failed => e
+      # Handle fail_with and other designated exploit failures
+      print_error("Check failed: #{e.class} #{e}")
      elog("#{e.message}\n#{e.backtrace.join("\n")}")
    rescue ::RuntimeError => e
      # Some modules raise RuntimeError but we don't necessarily care about those when we run check()
--- a/modules/exploits/unix/misc/distcc_exec.rb
+++ b/modules/exploits/unix/misc/distcc_exec.rb
@ -61,7 +61,7 @@ class MetasploitModule < Msf::Exploit::Remote
    sock.put("DOTI0000000A#{dtag}\n")

    err, out = read_output
-    if out.index(r)
+    if out && out.index(r)
      return Exploit::CheckCode::Vulnerable
    end
    return Exploit::CheckCode::Safe