Skip to content

Fix #6989, scanner modules printing RHOST in progress messages#7127

Merged
bwatters-r7 merged 1 commit into
rapid7:masterfrom
wchen-r7:fix_6989
Jul 27, 2016
Merged

Fix #6989, scanner modules printing RHOST in progress messages#7127
bwatters-r7 merged 1 commit into
rapid7:masterfrom
wchen-r7:fix_6989

Conversation

@wchen-r7

@wchen-r7 wchen-r7 commented Jul 26, 2016
edited by bwatters-r7
Loading

Copy link
Copy Markdown
Contributor

What This Patch Does

If the RHOST datastore option is set, some scanner modules will print that in the progress messages, which makes no sense. The RHOST option in Msf::Auxiliary::Scanner should never be configurable by the user anyway, it is set in the mixin.

Fix #6989

Verification

  • First let's set up an FTP server for testing. In a terminal, do: gem install ftpd
  • Do irb
  • In IRB, paste the following code:
require 'ftpd'
require 'tmpdir'

class Driver

  def initialize(temp_dir)
    @temp_dir = temp_dir
  end

  def authenticate(user, password)
    true
  end

  def file_system(user)
    Ftpd::DiskFileSystem.new(@temp_dir)
  end

end

Dir.mktmpdir do |temp_dir|
  driver = Driver.new(temp_dir)
  server = Ftpd::FtpServer.new(driver)
  server.start
  puts "Server listening on port #{server.bound_port}"
  gets
end
  • When the FTP server is running, it should tell you which port it's running, like this (it is listening on 127.0.0.1):
Server listening on port 62866
  • Start msfconsole
  • Do: auxiliary/scanner/ftp/ftp_version
  • Do: set RHOSTS 127.0.0.1
  • Do: set RHOST 1.1.1.1
  • Do: run
  • The output should look like the following. Notice the progress message ("Scanned x of x hosts") does not print the rhost:rport:
msf auxiliary(ftp_version) > set RHOSTS 127.0.0.1
RHOSTS => 127.0.0.1
msf auxiliary(ftp_version) > set RPORT 62866
RPORT => 62866
msf auxiliary(ftp_version) > set RHOST 1.1.1.1
RHOST => 1.1.1.1
msf auxiliary(ftp_version) > run

[*] 127.0.0.1:62866       - FTP Banner: '220 wconrad/ftpd 2.0.0\x0d\x0a'
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(ftp_version) >

@bwatters-r7 bwatters-r7 self-assigned this Jul 27, 2016
@bwatters-r7

bwatters-r7 commented Jul 27, 2016

Copy link
Copy Markdown
Contributor

Testing

I still had the original ClamAV setup I was using when I noticed the issue, so I tested against it.

Original

msf > use auxiliary/scanner/misc/clamav_control 
msf auxiliary(clamav_control) > set rhost 1.1.1.1 
rhost => 1.1.1.1
msf auxiliary(clamav_control) > set rhosts <Clam_NET>/24
rhosts => <Clam_NET>/24
msf auxiliary(clamav_control) > set verbose true
verbose => true
msf auxiliary(clamav_control) > run

[*] 1.1.1.1:3310          - Scanned  26 of 256 hosts (10% complete)
[*] 1.1.1.1:3310          - Scanned  52 of 256 hosts (20% complete)
[*] 1.1.1.1:3310          - Scanned  77 of 256 hosts (30% complete)
[*] 1.1.1.1:3310          - Scanned 103 of 256 hosts (40% complete)
[*] 1.1.1.1:3310          - Scanned 128 of 256 hosts (50% complete)
[+] <Clam_IP>:3310   - ClamAV 0.98.7/21979/Wed Jul 27 07:54:29 2016

[*] 1.1.1.1:3310          - Scanned 154 of 256 hosts (60% complete)
[*] 1.1.1.1:3310          - Scanned 180 of 256 hosts (70% complete)
[*] 1.1.1.1:3310          - Scanned 205 of 256 hosts (80% complete)
[*] 1.1.1.1:3310          - Scanned 231 of 256 hosts (90% complete)
[*] 1.1.1.1:3310          - Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(clamav_control) >

New

msf > use auxiliary/scanner/misc/clamav_control 
msf auxiliary(clamav_control) > set rhost 1.1.1.1
rhost => 1.1.1.1
msf auxiliary(clamav_control) > set rhosts <Clam_NET>/24
rhosts => <Clam_NET>/24
msf auxiliary(clamav_control) > run

[*] Scanned  26 of 256 hosts (10% complete)
[*] Scanned  52 of 256 hosts (20% complete)
[*] Scanned  77 of 256 hosts (30% complete)
[*] Scanned 103 of 256 hosts (40% complete)
[*] Scanned 128 of 256 hosts (50% complete)
[+] <Clam_IP>:3310   - ClamAV 0.98.7/21742/Fri Jun 17 11:02:27 2016

[*] Scanned 154 of 256 hosts (60% complete)
[*] Scanned 180 of 256 hosts (70% complete)
[*] Scanned 205 of 256 hosts (80% complete)
[*] Scanned 231 of 256 hosts (90% complete)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(clamav_control) > set verbose true
verbose => true
msf auxiliary(clamav_control) > run

[*] Scanned  26 of 256 hosts (10% complete)
[*] Scanned  52 of 256 hosts (20% complete)
[*] Scanned  77 of 256 hosts (30% complete)
[*] Scanned 103 of 256 hosts (40% complete)
[*] Scanned 128 of 256 hosts (50% complete)
[+] <Clam_IP>:3310   - ClamAV 0.98.7/21742/Fri Jun 17 11:02:27 2016

[*] Scanned 154 of 256 hosts (60% complete)
[*] Scanned 180 of 256 hosts (70% complete)
[*] Scanned 205 of 256 hosts (80% complete)
[*] Scanned 231 of 256 hosts (90% complete)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed

@bwatters-r7 bwatters-r7 merged commit cce1ae6 into rapid7:master Jul 27, 2016
bwatters-r7 added a commit that referenced this pull request Jul 27, 2016
@bwatters-r7
Land #7127, Fix #6989, scanner modules printing RHOST in progress mes…
af137f3 
…sages
@bwatters-r7

bwatters-r7 commented Jul 27, 2016

Copy link
Copy Markdown
Contributor

Release Notes

This fixes a condition where users can specify a superfluous value (rhost) that while unused by scanner modules, is included in printed status updates. This fix sets the rhost value to nil temporarily, thus preventing the data from appearing in the status updates.

@wchen-r7 wchen-r7 deleted the fix_6989 branch August 22, 2016 16:29
@bwatters-r7 bwatters-r7 mentioned this pull request Jan 12, 2018
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@bwatters-r7 bwatters-r7

Labels

bug library module

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wchen-r7 @bwatters-r7