infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Kill defanged mode

bug/bundler_fix
James Lee 2016-03-28 09:02:07 -05:00
parent 72bde63397
commit f1857d6350
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
10 changed files with 1 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
external/zsh/_msfconsole vendored
View File

@ -23,7 +23,6 @@
_arguments \ _arguments \
{-a,--ask}"[Ask before exiting Metasploit or accept 'exit -y']" \ {-a,--ask}"[Ask before exiting Metasploit or accept 'exit -y']" \
"-c[Load the specified configuration file]:configuration file:_files" \ "-c[Load the specified configuration file]:configuration file:_files" \
{-d,--defanged}"[Execute the console as defanged]" \
{-E,--environment}"[Specify the database environment to load from the configuration]:environment:(production development)" \ {-E,--environment}"[Specify the database environment to load from the configuration]:environment:(production development)" \
{-h,--help}"[Show help text]" \ {-h,--help}"[Show help text]" \
{-L,--real-readline}"[Use the system Readline library instead of RbReadline]" \ {-L,--real-readline}"[Use the system Readline library instead of RbReadline]" \

1
lib/metasploit/framework/command/console.rb
View File

@ -80,7 +80,6 @@ class Metasploit::Framework::Command::Console < Metasploit::Framework::Command::
driver_options['DatabaseMigrationPaths'] = options.database.migrations_paths driver_options['DatabaseMigrationPaths'] = options.database.migrations_paths
driver_options['DatabaseYAML'] = options.database.config driver_options['DatabaseYAML'] = options.database.config
driver_options['DeferModuleLoads'] = options.modules.defer_loads driver_options['DeferModuleLoads'] = options.modules.defer_loads
driver_options['Defanged'] = options.console.defanged
driver_options['DisableBanner'] = options.console.quiet driver_options['DisableBanner'] = options.console.quiet
driver_options['DisableDatabase'] = options.database.disable driver_options['DisableDatabase'] = options.database.disable
driver_options['LocalOutput'] = options.console.local_output driver_options['LocalOutput'] = options.console.local_output

5
lib/metasploit/framework/parsed_options/console.rb
View File

@ -10,7 +10,6 @@ class Metasploit::Framework::ParsedOptions::Console < Metasploit::Framework::Par
options.console.commands = [] options.console.commands = []
options.console.confirm_exit = false options.console.confirm_exit = false
options.console.defanged = false
options.console.local_output = nil options.console.local_output = nil
options.console.plugins = [] options.console.plugins = []
options.console.quiet = false options.console.quiet = false
@ -40,10 +39,6 @@ class Metasploit::Framework::ParsedOptions::Console < Metasploit::Framework::Par
options.console.confirm_exit = true options.console.confirm_exit = true
end end
option_parser.on('-d', '--defanged', 'Execute the console as defanged') do
options.console.defanged = true
end
option_parser.on('-L', '--real-readline', 'Use the system Readline library instead of RbReadline') do option_parser.on('-L', '--real-readline', 'Use the system Readline library instead of RbReadline') do
options.console.real_readline = true options.console.real_readline = true
end end

6
lib/msf/ui/console/command_dispatcher.rb
View File

@ -60,12 +60,6 @@ module CommandDispatcher
def active_session=(mod) def active_session=(mod)
driver.active_session = mod driver.active_session = mod
end end
#
# Checks to see if the driver is defanged.
#
def defanged?
driver.defanged?
end
# #
# Logs an error message to the screen and the log file. The callstack is # Logs an error message to the screen and the log file. The callstack is

2
lib/msf/ui/console/command_dispatcher/auxiliary.rb
View File

@ -72,8 +72,6 @@ class Auxiliary
# Executes an auxiliary module # Executes an auxiliary module
# #
def cmd_run(*args) def cmd_run(*args)
defanged?
opt_str = nil opt_str = nil
action = mod.datastore['ACTION'] action = mod.datastore['ACTION']
jobify = false jobify = false

18
lib/msf/ui/console/command_dispatcher/core.rb
View File

@ -95,10 +95,6 @@ class Core
"-h" => [ false, "Help banner." ], "-h" => [ false, "Help banner." ],
"-e" => [ true, "Expression to evaluate." ]) "-e" => [ true, "Expression to evaluate." ])
# The list of data store elements that cannot be set when in defanged
# mode.
DefangedProhibitedDataStoreElements = [ "MsfModulePaths" ]
# Constant for disclosure date formatting in search functions # Constant for disclosure date formatting in search functions
DISCLOSURE_DATE_FORMAT = "%Y-%m-%d" DISCLOSURE_DATE_FORMAT = "%Y-%m-%d"
@ -868,8 +864,6 @@ class Core
# Goes into IRB scripting mode # Goes into IRB scripting mode
# #
def cmd_irb(*args) def cmd_irb(*args)
defanged?
expressions = [] expressions = []
# Parse the command options # Parse the command options
@ -1218,8 +1212,6 @@ class Core
# the framework root plugin directory is used. # the framework root plugin directory is used.
# #
def cmd_load(*args) def cmd_load(*args)
defanged?
if (args.length == 0) if (args.length == 0)
cmd_load_help cmd_load_help
return false return false
@ -1476,8 +1468,6 @@ class Core
# restarts of the console. # restarts of the console.
# #
def cmd_save(*args) def cmd_save(*args)
defanged?
# Save the console config # Save the console config
driver.save_config driver.save_config
@ -1508,8 +1498,6 @@ class Core
# Adds one or more search paths. # Adds one or more search paths.
# #
def cmd_loadpath(*args) def cmd_loadpath(*args)
defanged?
if (args.length == 0 or args.include? "-h") if (args.length == 0 or args.include? "-h")
cmd_loadpath_help cmd_loadpath_help
return true return true
@ -2166,12 +2154,6 @@ class Core
@cache_payloads = nil @cache_payloads = nil
end end
# Security check -- make sure the data store element they are setting
# is not prohibited
if global and DefangedProhibitedDataStoreElements.include?(name)
defanged?
end
# If the driver indicates that the value is not valid, bust out. # If the driver indicates that the value is not valid, bust out.
if (driver.on_variable_set(global, name, value) == false) if (driver.on_variable_set(global, name, value) == false)
print_error("The value specified for #{name} is not valid.") print_error("The value specified for #{name} is not valid.")

2
lib/msf/ui/console/command_dispatcher/exploit.rb
View File

@ -49,8 +49,6 @@ class Exploit
# Launches an exploitation attempt. # Launches an exploitation attempt.
# #
def cmd_exploit(*args) def cmd_exploit(*args)
defanged?
opt_str = nil opt_str = nil
payload = mod.datastore['PAYLOAD'] payload = mod.datastore['PAYLOAD']
encoder = mod.datastore['ENCODER'] encoder = mod.datastore['ENCODER']

2
lib/msf/ui/console/command_dispatcher/post.rb
View File

@ -78,8 +78,6 @@ class Post
# Executes an auxiliary module # Executes an auxiliary module
# #
def cmd_run(*args) def cmd_run(*args)
defanged?
opt_str = nil opt_str = nil
jobify = false jobify = false
quiet = false quiet = false

30
lib/msf/ui/console/driver.rb
View File

@ -144,14 +144,6 @@ class Driver < Msf::Ui::Driver
# Whether or not to confirm before exiting # Whether or not to confirm before exiting
self.confirm_exit = opts['ConfirmExit'] self.confirm_exit = opts['ConfirmExit']
# Disables "dangerous" functionality of the console
@defanged = opts['Defanged']
# If we're defanged, then command passthru should be disabled
if @defanged
self.command_passthru = false
end
# Parse any specified database.yml file # Parse any specified database.yml file
if framework.db.usable and not opts['SkipDatabaseInit'] if framework.db.usable and not opts['SkipDatabaseInit']
@ -630,17 +622,6 @@ class Driver < Msf::Ui::Driver
# #
attr_accessor :active_resource attr_accessor :active_resource
#
# If defanged is true, dangerous functionality, such as exploitation, irb,
# and command shell passthru is disabled. In this case, an exception is
# raised.
#
def defanged?
if @defanged
raise DefangedException
end
end
def stop def stop
framework.events.on_ui_stop() framework.events.on_ui_stop()
super super
@ -769,17 +750,6 @@ protected
end end
end end
#
# This exception is used to indicate that functionality is disabled due to
# defanged being true
#
class DefangedException < ::Exception
def to_s
"This functionality is currently disabled (defanged mode)"
end
end
end end
end end
end end

2
lib/msf/ui/console/module_command_dispatcher.rb
View File

@ -122,8 +122,6 @@ module ModuleCommandDispatcher
# Checks to see if a target is vulnerable. # Checks to see if a target is vulnerable.
# #
def cmd_check(*args) def cmd_check(*args)
defanged?
ip_range_arg = args.shift || mod.datastore['RHOSTS'] || framework.datastore['RHOSTS'] || '' ip_range_arg = args.shift || mod.datastore['RHOSTS'] || framework.datastore['RHOSTS'] || ''
opt = Msf::OptAddressRange.new('RHOSTS') opt = Msf::OptAddressRange.new('RHOSTS')