Land #15465, Update local exploit suggester to handle nil targets and modules raising unintended exceptions

2021-07-28 15:55:41 +01:00 · 2021-07-28 15:55:41 +01:00 · 8c43a7a512
parent 50bf0d4075 1288e85b6b
commit 8c43a7a512
1 changed files with 24 additions and 22 deletions
--- a/modules/post/multi/recon/local_exploit_suggester.rb
+++ b/modules/post/multi/recon/local_exploit_suggester.rb
@ -50,6 +50,8 @@ class MetasploitModule < Msf::Post

  def is_module_platform?(mod)
    platform_obj = Msf::Module::Platform.find_platform session.platform
+    return false if mod.target.nil?
+
    module_platforms = mod.target.platform ? mod.target.platform.platforms : mod.platform.platforms
    module_platforms.include? platform_obj
  rescue ArgumentError => e
@ -119,33 +121,33 @@ class MetasploitModule < Msf::Post
    @local_exploits.each do |m|
      begin
        checkcode = m.check
+      rescue => e
+        elog("#Local Exploit Suggester failed with: #{e.class} when using #{m.shortname}", error: e)
+        vprint_error "Check with module #{m.fullname} failed with error #{e.class}"
+        next
+      end

-        if checkcode.nil?
-          vprint_error "#{m.fullname}: Check failed"
-          next
-        end
+      if checkcode.nil?
+        vprint_error "Check failed with #{m.fullname} for unknown reasons"
+        next
+      end

-        # See def is_check_interesting?
-        unless is_check_interesting? checkcode
-          vprint_status "#{m.fullname}: #{checkcode.message}"
-          next
-        end
+      # See def is_check_interesting?
+      unless is_check_interesting? checkcode
+        vprint_status "#{m.fullname}: #{checkcode.message}"
+        next
+      end

-        # Prints the full name and the checkcode message for the exploit
-        print_good "#{m.fullname}: #{checkcode.message}"
-        results << [m.fullname, checkcode.message]
+      # Prints the full name and the checkcode message for the exploit
+      print_good "#{m.fullname}: #{checkcode.message}"
+      results << [m.fullname, checkcode.message]

-        # If the datastore option is true, a detailed description will show
-        next unless datastore['SHOWDESCRIPTION']
+      # If the datastore option is true, a detailed description will show
+      next unless datastore['SHOWDESCRIPTION']

-        # Formatting for the description text
-        Rex::Text.wordwrap(Rex::Text.compress(m.description), 2, 70).split(/\n/).each do |line|
-          print_line line
-        end
-      rescue Rex::Post::Meterpreter::RequestError => e
-        # Creates a log record in framework.log
-        elog("#{m.shortname} failed to run", error: e)
-        vprint_error "#{e.class} #{m.shortname} failed to run: #{e.message}"
+      # Formatting for the description text
+      Rex::Text.wordwrap(Rex::Text.compress(m.description), 2, 70).split(/\n/).each do |line|
+        print_line line
      end
    end