[#36737359]
The merging of reload_module and the various load_module methods
resulted in the module loading from disk, but because the Hash entry in
the module manager was not deleted before on_module_load was called, the
newly reloaded module was logged as an ambiguous module name instead of
a reload. In order to report the reload errors correctly, I determined
that module_load_error_by_reference_name should really be
module_load_error_by_path. I eliminated faild in favor of this new name
since failed was just calling the attribute and the attribute's name is
clearer about the format of the data.
Tested by run rexploit and then exiting over and over with
ms08_067_netapi. When I messed up the file so it couldn't load, by
adding `inclde Exploit` (note mispelling of `include`), it reported the
error to msfconsole. When I removed the bad line and added a puts
"RELOADING <n>", where I kept incrementing n and saving the file, the
new number appeared during each rexploit.
[#36737359]
Write the module_eval backtrace to the log, but only the error's class
and name to Msf::ModuleManager#module_load_error_by_reference_name as
the contents of the Hash are printed in the console, which should never
recieve backtraces.
[#36737359]
Refactor the behavior of loading symbolic modules from cache by renaming
methods so it's clearer what they do and ensure that cached modules from
Fastlibs and directories can both be loaded, which was not previously
possible since the demand_load_module only called load_module_from_file.
[#36737359]
On Linux, some of the unqualified constants that resolve on Mac OS X,
don't resolve, so to prevent errors (and because I can't justify why the
unqualified constants should resolve on OS X), I'm qualifying all the
Msf constants that are referenced in the code I've refactored.
[#36737359]
Fix the YARD docs to document the return values and make them consistent
with the modules being called. Ensure the force flag is passed as an
option to load_modules instead of a positional argument.
[#36737359]
When starting msfconsole, 'bundler/setup' is not required, the
'msf/env/gemcache' is required instead. Unlike 'bundler/setup' the
msf/env gemcache does not do the automatic requires for gems in the
cache, so explicit requires on 'active_support/concern' is needed to get
ActiveSupport::Concern defined. (I could have done require
'active_support' to match the behavior of 'bundler/setup', but a smaller
require seemed more appropriate.
removes unnecessary parens (and yes I confirmed they are properly
paired), and adds some comments regarding this as not being an ideal
solution, but rather a stopgap
Changed lexical scope when I changed the declaration from module Msf;
class ModuleSet to class Msf::ModuleSet so that constants in Msf would
not automatically resolve.
I wasn't using any the features of ActiveSupport::Concern in
Msf::ModuleManager::Reloading, so remove the extend and just include it
as a regular module.
Came up on IRC, I'm not attached to it, but this commit adds the
rename_file method to lib/msf/core/post/file.rb and aliases it to
move_file and mv_file
[Fixes#36737359]
Refactor Msf::ModuleManager into concerns so its easier to understand and
duplicate code can be made DRY. The refactoring also ensures that when
loading from directories, Fastlibs, or reloading, the wrapper module will
always be named so that activesupport/dependencies will function.
[#36737359]
active_support/dependencies cannot resolve missing constants in Metasploit
modules because the wrapper module is anonymous. In order to make the
wrapper module non-anonymous, the module must be assigned to a constant.
Since we don't want modules colliding, the wrapper module needs a unique
name, so use the module lookup name to derive the proper nested module names
to namespace the wrapper module. All derived modules are nested under
Msf::Modules. The name derivation handles invalid characters for constant
names such as digits as the first character or non-alphanumeric character.
The invalid constant name characters are converted to their hex value and
prefixed with X, so '-' in a name become 'X2d'.
for convenience when you don't need/want a full resource file, you just
want to run something quick
example usage:
# say you have a saved config ready to go on load
./msfconsole -s 'exploit -j'
# you can run multiple commands too
./msfconsole -s 'set ConsoleLogging true\nshow options'
The 'unless' statement expects there's always a value for USERNAME
and PASSWORD. We might as well just set '' as the default value
to avoid the NoMethodError mistake. Related to bug #7140.