diff --git a/lib/msf/core/module.rb b/lib/msf/core/module.rb index 5e604e947c..2cab9db548 100644 --- a/lib/msf/core/module.rb +++ b/lib/msf/core/module.rb @@ -221,34 +221,47 @@ class Module else return true end - + # Enumerate each compatibility item in our hash to find out # if we're compatible with this sucker. - ch.each_pair { |k,v| - + ch.each_pair do |k,v| + # Get the value of the current key from the module, such as # the ConnectionType for a stager (ws2ord, for instance). mval = mod.module_info[k] - # Skip zee nils that the module has. - next if (mval == nil or v == nil) - - # Delimit values by spaces so as to be able to indicate more than one. - v.split(/ /).each { |sv| - - # If the supplied module's value is not contained within the supported - # values for this module or this module indicated a negation of - # the value stated by the supplied module, then we have detected - # ourselves a bit of an incompatibility and we just can't have that. - if (!(sv =~ /#{mval}/) or - (sv =~ /-#{mval}/)) - dlog("Module #{mod.refname} is incompatible with #{self.refname} for #{k}: limiter was #{sv}, value was #{mval}", - 'core', LEV_1) + + # Match an empty compat item only if the module does not define it + next if not (v and mval) + + # Reject a filled compat item on one side, but not the other + return false if not (v and mval) + + # Track how many of our values matched the module + mcnt = 0 + + # Values are whitespace separated + sv = v.split(/\s+/) + mv = mval.split(/\s+/) + + sv.each do |x| + # Verify that any negate values are not matched + if (x[0].chr == '-' and mv.include?(x[1, x.length-1])) + dlog("Module #{mod.refname} is incompatible with #{self.refname} for #{k}: limiter was #{x}, value was #{mval}", 'core', LEV_1) return false end - } - } + + mcnt += 1 if mv.include?(x) + end + + # No values matched, reject this module + if (mcnt == 0) + dlog("Module #{mod.refname} is incompatible with #{self.refname} for #{k}: limiter was #{v}, value was #{mval}", 'core', LEV_1) + return false + end + + end # If we get here, we're compatible. return true diff --git a/modules/exploits/solaris/telnet/solaris_ttyprompt.rb b/modules/exploits/solaris/telnet/solaris_ttyprompt.rb index 49159ad077..6d39923360 100644 --- a/modules/exploits/solaris/telnet/solaris_ttyprompt.rb +++ b/modules/exploits/solaris/telnet/solaris_ttyprompt.rb @@ -30,10 +30,9 @@ class Exploits::Solaris::Telnet::TTYPrompt_Auth_Bypass < Msf::Exploit::Remote 'Space' => 2000, 'BadChars' => "", }, - 'PayloadCompat' => + 'PayloadCompat' => { - "PayloadType" => "cmd +interact", - "ConnectionType" => CompatDefaults::Payload['ConnectionType'], + "PayloadType" => "cmd cmd_interact", }, 'Targets' => [ diff --git a/modules/payloads/singles/cmd/unix/generic.rb b/modules/payloads/singles/cmd/unix/generic.rb index 9b53167fec..bb53971171 100644 --- a/modules/payloads/singles/cmd/unix/generic.rb +++ b/modules/payloads/singles/cmd/unix/generic.rb @@ -20,7 +20,7 @@ module Generic 'Author' => 'hdm', 'Platform' => 'unix', 'Arch' => ARCH_CMD, - 'Handler' => Msf::Handler::FindShell, + 'Handler' => Msf::Handler::None, 'Session' => Msf::Sessions::CommandShell, 'PayloadType' => 'cmd', 'Payload' => diff --git a/modules/payloads/singles/cmd/unix/interact.rb b/modules/payloads/singles/cmd/unix/interact.rb index 90e26895c9..e97811accb 100644 --- a/modules/payloads/singles/cmd/unix/interact.rb +++ b/modules/payloads/singles/cmd/unix/interact.rb @@ -22,7 +22,7 @@ module Interact 'Arch' => ARCH_CMD, 'Handler' => Msf::Handler::FindShell, 'Session' => Msf::Sessions::CommandShell, - 'PayloadType' => 'cmd interact', + 'PayloadType' => 'cmd_interact', 'Payload' => { 'Offsets' => { },