Ignore iterating multiple rhosts if option not registered

2022-03-08 17:31:26 +00:00 · 2022-03-08 17:31:26 +00:00 · 79761c942c
parent f86753ccb9
commit 79761c942c
2 changed files with 22 additions and 1 deletions
--- a/lib/msf/ui/console/command_dispatcher/exploit.rb
+++ b/lib/msf/ui/console/command_dispatcher/exploit.rb
@ -113,6 +113,10 @@ class Exploit
    mod_with_opts = mod.replicant
    mod_with_opts.datastore.import_options_from_hash(args[:datastore_options])
    rhosts = mod_with_opts.datastore['RHOSTS']
+    has_rhosts_option = mod.options.include?('RHOSTS') ||
+      mod.options.include?('RHOST') ||
+      mod.options.include?('rhost') ||
+      mod.options.include?('rhosts')

    opts = {
      'Encoder'     => args[:encoder] || mod_with_opts.datastore['ENCODER'],
@ -134,7 +138,8 @@ class Exploit
      return false
    end

-    if rhosts
+
+    if rhosts && has_rhosts_option
      rhosts_walker = Msf::RhostsWalker.new(rhosts, mod_with_opts.datastore)
      rhosts_walker_count = rhosts_walker.count
      rhosts_walker = rhosts_walker.to_enum
--- a/spec/lib/msf/ui/console/command_dispatcher/exploit_spec.rb
+++ b/spec/lib/msf/ui/console/command_dispatcher/exploit_spec.rb
@ -72,6 +72,8 @@ RSpec.describe Msf::Ui::Console::CommandDispatcher::Exploit do
            Msf::OptFloat.new('FloatValue', [false, 'A FloatValue which should be normalized before framework runs this module', 3.5])
          ]
        )
+
+        deregister_options('RHOSTS')
      end

      def run
@ -445,6 +447,20 @@ RSpec.describe Msf::Ui::Console::CommandDispatcher::Exploit do
        expect(@combined_output).to match_array(expected_output)
      end

+      it 'runs the module once, even if multiple rhost values are set' do
+        set_default_payload(current_mod)
+        current_mod.datastore.store('FloatValue', '10.0')
+        current_mod.datastore['RHOSTS'] = '192.0.2.1 192.0.2.2 192.0.2.3'
+        subject.cmd_run
+        expected_output = [
+          'Running with normalized datastore value 10.0',
+          'Cleanup',
+          'Exploit completed, but no session was created.'
+        ]
+
+        expect(@combined_output).to match_array(expected_output)
+      end
+
      it 'normalized the datastore before running' do
        set_default_payload(current_mod)
        current_mod.datastore.store('FloatValue', '5.0')