From c63ef142c5bae5c4271a290bd7984b75876c8e7a Mon Sep 17 00:00:00 2001 From: sjanusz Date: Fri, 23 Jul 2021 15:28:56 +0100 Subject: [PATCH 1/2] Update local exploit suggester to handle nil targets --- modules/post/multi/recon/local_exploit_suggester.rb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/post/multi/recon/local_exploit_suggester.rb b/modules/post/multi/recon/local_exploit_suggester.rb index c24bcf1fd3..15533cf7bd 100644 --- a/modules/post/multi/recon/local_exploit_suggester.rb +++ b/modules/post/multi/recon/local_exploit_suggester.rb @@ -50,6 +50,8 @@ class MetasploitModule < Msf::Post def is_module_platform?(mod) platform_obj = Msf::Module::Platform.find_platform session.platform + return false if mod.target.nil? + module_platforms = mod.target.platform ? mod.target.platform.platforms : mod.platform.platforms module_platforms.include? platform_obj rescue ArgumentError => e @@ -118,7 +120,11 @@ class MetasploitModule < Msf::Post results = [] @local_exploits.each do |m| begin - checkcode = m.check + begin + checkcode = m.check + rescue => e + elog("#{m.shortname} failed to run", error: e) + end if checkcode.nil? vprint_error "#{m.fullname}: Check failed" From 1288e85b6bf785f5e1b7ece2cd619b946fad31ef Mon Sep 17 00:00:00 2001 From: sjanusz Date: Mon, 26 Jul 2021 11:12:41 +0100 Subject: [PATCH 2/2] Improved exception handling --- .../multi/recon/local_exploit_suggester.rb | 50 +++++++++---------- 1 file changed, 23 insertions(+), 27 deletions(-) diff --git a/modules/post/multi/recon/local_exploit_suggester.rb b/modules/post/multi/recon/local_exploit_suggester.rb index 15533cf7bd..4ddbbc16e5 100644 --- a/modules/post/multi/recon/local_exploit_suggester.rb +++ b/modules/post/multi/recon/local_exploit_suggester.rb @@ -120,38 +120,34 @@ class MetasploitModule < Msf::Post results = [] @local_exploits.each do |m| begin - begin - checkcode = m.check - rescue => e - elog("#{m.shortname} failed to run", error: e) - end + checkcode = m.check + rescue => e + elog("#Local Exploit Suggester failed with: #{e.class} when using #{m.shortname}", error: e) + vprint_error "Check with module #{m.fullname} failed with error #{e.class}" + next + end - if checkcode.nil? - vprint_error "#{m.fullname}: Check failed" - next - end + if checkcode.nil? + vprint_error "Check failed with #{m.fullname} for unknown reasons" + next + end - # See def is_check_interesting? - unless is_check_interesting? checkcode - vprint_status "#{m.fullname}: #{checkcode.message}" - next - end + # See def is_check_interesting? + unless is_check_interesting? checkcode + vprint_status "#{m.fullname}: #{checkcode.message}" + next + end - # Prints the full name and the checkcode message for the exploit - print_good "#{m.fullname}: #{checkcode.message}" - results << [m.fullname, checkcode.message] + # Prints the full name and the checkcode message for the exploit + print_good "#{m.fullname}: #{checkcode.message}" + results << [m.fullname, checkcode.message] - # If the datastore option is true, a detailed description will show - next unless datastore['SHOWDESCRIPTION'] + # If the datastore option is true, a detailed description will show + next unless datastore['SHOWDESCRIPTION'] - # Formatting for the description text - Rex::Text.wordwrap(Rex::Text.compress(m.description), 2, 70).split(/\n/).each do |line| - print_line line - end - rescue Rex::Post::Meterpreter::RequestError => e - # Creates a log record in framework.log - elog("#{m.shortname} failed to run", error: e) - vprint_error "#{e.class} #{m.shortname} failed to run: #{e.message}" + # Formatting for the description text + Rex::Text.wordwrap(Rex::Text.compress(m.description), 2, 70).split(/\n/).each do |line| + print_line line end end