This fixes#4866, an issue with msfvenom not properly handling special
cases with generic payloads. So the story behind this fix is that
we have these two problems:
Problem 1: The current payload selection design relies on the payload
module in order to set the platform and arch. Almost all MSF payloads
contain a default platform and arch, however, the bind and reverse
generic payloads don't.
Problem 2: By default, Msf::Payload::Generic also explicitly sets the
PLATFORM and ARCH datastore options to nil. So there is no way the
payload generator can figure out what platform and arch to use.
As a result of these problems, msfvenom will actually end up getting
a Msf::Module::Platform as the default platform, which doesn't
actually represent any valid platform we can use (such as
Msf::Module::Platform::Windows). And the first item of ARCH_ALL for
the arch.
In addition, msfvenom has these two arguments that the user can use:
--platform and --arch. In most cases, these arguments are used more
like checks than actually setting anything. Because remember:
Framework's payload selector retreives the platform & arch from the
module (trusted), not the user input (untrusted). But from the user's
perspective it's impossible to know this.
After experimenting different ways to fix this, I came up with this
patch. It feels sort of more like a hack than a real fix, but as
far as I can tell, this is the best you can get unless you want to
redesign generic payload selection.
MSP-12529
To prove that the change to optionally requiring 'metasploit/credential'
instead of 'metasploit/credential/creation' when including
`Metasploit::Credential::Creation` works not just with
metasploit-credential 0.14.4, go back to the original `Gemfile.lock`
with metasploit-credential 0.14.3.
MSP-12529
Update metasploit-credential to trigger bug where
`Metasploit::Credential` is not loaded when metasploit-framework tries
to directly require 'metasploit/credential/creation'.
* Stageless payloads weren't adding brackets around IPv6 hosts.
* Staged HTTP handler was using an undefined function to check for IPv6
addresses when host header overriding was disabled.
Methods now require a hash. I went with the hash because 1) that's what
we seem to use everywhere else, and 2) I couldn't get the new keyword
arguments working nicely with the block syntax (I'm clearly stupid).
William Vu
root
Jon Cave
rwhitcroft
jvazquez-r7
OJ
HD Moore
Samuel Huckins
sekritskwurl
sinn3r
Luke Imhoff
Anant Shrivastava
Roberto Soares
Tod Beardsley
Brent Cook