infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Kill defanged mode

bug/bundler_fix
James Lee 2016-03-28 09:02:07 -05:00
parent 72bde63397
commit f1857d6350
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
10 changed files with 1 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
external/zsh/_msfconsole vendored
View File

@ -23,7 +23,6 @@
_arguments \
{-a,--ask}"[Ask before exiting Metasploit or accept 'exit -y']" \
"-c[Load the specified configuration file]:configuration file:_files" \
{-d,--defanged}"[Execute the console as defanged]" \
{-E,--environment}"[Specify the database environment to load from the configuration]:environment:(production development)" \
{-h,--help}"[Show help text]" \
{-L,--real-readline}"[Use the system Readline library instead of RbReadline]" \

1
lib/metasploit/framework/command/console.rb
View File

@ -80,7 +80,6 @@ class Metasploit::Framework::Command::Console < Metasploit::Framework::Command::
driver_options['DatabaseMigrationPaths'] = options.database.migrations_paths
driver_options['DatabaseYAML'] = options.database.config
driver_options['DeferModuleLoads'] = options.modules.defer_loads
driver_options['Defanged'] = options.console.defanged
driver_options['DisableBanner'] = options.console.quiet
driver_options['DisableDatabase'] = options.database.disable
driver_options['LocalOutput'] = options.console.local_output

5
lib/metasploit/framework/parsed_options/console.rb
View File

@ -10,7 +10,6 @@ class Metasploit::Framework::ParsedOptions::Console < Metasploit::Framework::Par
options.console.commands = []
options.console.confirm_exit = false
options.console.defanged = false
options.console.local_output = nil
options.console.plugins = []
options.console.quiet = false
@ -40,10 +39,6 @@ class Metasploit::Framework::ParsedOptions::Console < Metasploit::Framework::Par
options.console.confirm_exit = true
end
option_parser.on('-d', '--defanged', 'Execute the console as defanged') do
options.console.defanged = true
end
option_parser.on('-L', '--real-readline', 'Use the system Readline library instead of RbReadline') do
options.console.real_readline = true
end

6
lib/msf/ui/console/command_dispatcher.rb
View File

@ -60,12 +60,6 @@ module CommandDispatcher
def active_session=(mod)
driver.active_session = mod
end
#
# Checks to see if the driver is defanged.
#
def defanged?
driver.defanged?
end
#
# Logs an error message to the screen and the log file. The callstack is

2
lib/msf/ui/console/command_dispatcher/auxiliary.rb
View File

@ -72,8 +72,6 @@ class Auxiliary
# Executes an auxiliary module
#
def cmd_run(*args)
defanged?
opt_str = nil
action = mod.datastore['ACTION']
jobify = false

18
lib/msf/ui/console/command_dispatcher/core.rb
View File

@ -95,10 +95,6 @@ class Core
"-h" => [ false, "Help banner." ],
"-e" => [ true, "Expression to evaluate." ])
# The list of data store elements that cannot be set when in defanged
# mode.
DefangedProhibitedDataStoreElements = [ "MsfModulePaths" ]
# Constant for disclosure date formatting in search functions
DISCLOSURE_DATE_FORMAT = "%Y-%m-%d"
@ -868,8 +864,6 @@ class Core
# Goes into IRB scripting mode
#
def cmd_irb(*args)
defanged?
expressions = []
# Parse the command options
@ -1218,8 +1212,6 @@ class Core
# the framework root plugin directory is used.
#
def cmd_load(*args)
defanged?
if (args.length == 0)
cmd_load_help
return false
@ -1476,8 +1468,6 @@ class Core
# restarts of the console.
#
def cmd_save(*args)
defanged?
# Save the console config
driver.save_config
@ -1508,8 +1498,6 @@ class Core
# Adds one or more search paths.
#
def cmd_loadpath(*args)
defanged?
if (args.length == 0 or args.include? "-h")
cmd_loadpath_help
return true
@ -2166,12 +2154,6 @@ class Core
@cache_payloads = nil
end
# Security check -- make sure the data store element they are setting
# is not prohibited
if global and DefangedProhibitedDataStoreElements.include?(name)
defanged?
end
# If the driver indicates that the value is not valid, bust out.
if (driver.on_variable_set(global, name, value) == false)
print_error("The value specified for #{name} is not valid.")

2
lib/msf/ui/console/command_dispatcher/exploit.rb
View File

@ -49,8 +49,6 @@ class Exploit
# Launches an exploitation attempt.
#
def cmd_exploit(*args)
defanged?
opt_str = nil
payload = mod.datastore['PAYLOAD']
encoder = mod.datastore['ENCODER']

2
lib/msf/ui/console/command_dispatcher/post.rb
View File

@ -78,8 +78,6 @@ class Post
# Executes an auxiliary module
#
def cmd_run(*args)
defanged?
opt_str = nil
jobify = false
quiet = false

30
lib/msf/ui/console/driver.rb
View File

@ -144,14 +144,6 @@ class Driver < Msf::Ui::Driver
# Whether or not to confirm before exiting
self.confirm_exit = opts['ConfirmExit']
# Disables "dangerous" functionality of the console
@defanged = opts['Defanged']
# If we're defanged, then command passthru should be disabled
if @defanged
self.command_passthru = false
end
# Parse any specified database.yml file
if framework.db.usable and not opts['SkipDatabaseInit']
@ -630,17 +622,6 @@ class Driver < Msf::Ui::Driver
#
attr_accessor :active_resource
#
# If defanged is true, dangerous functionality, such as exploitation, irb,
# and command shell passthru is disabled. In this case, an exception is
# raised.
#
def defanged?
if @defanged
raise DefangedException
end
end
def stop
framework.events.on_ui_stop()
super
@ -769,17 +750,6 @@ protected
end
end
#
# This exception is used to indicate that functionality is disabled due to
# defanged being true
#
class DefangedException < ::Exception
def to_s
"This functionality is currently disabled (defanged mode)"
end
end
end
end
end

2
lib/msf/ui/console/module_command_dispatcher.rb
View File

@ -122,8 +122,6 @@ module ModuleCommandDispatcher
# Checks to see if a target is vulnerable.
#
def cmd_check(*args)
defanged?
ip_range_arg = args.shift || mod.datastore['RHOSTS'] || framework.datastore['RHOSTS'] || ''
opt = Msf::OptAddressRange.new('RHOSTS')