From 4eac4882b5040d428e158798b5d9a6e302a24c61 Mon Sep 17 00:00:00 2001 From: h00die Date: Sun, 18 Oct 2020 21:03:13 -0400 Subject: [PATCH 1/4] more accurate external loader error --- lib/msf/core/modules/external/shim.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/msf/core/modules/external/shim.rb b/lib/msf/core/modules/external/shim.rb index e9dd1a0f63..be79240b65 100644 --- a/lib/msf/core/modules/external/shim.rb +++ b/lib/msf/core/modules/external/shim.rb @@ -4,7 +4,11 @@ require 'msf/core/modules/external' class Msf::Modules::External::Shim def self.generate(module_path, framework) mod = Msf::Modules::External.new(module_path, framework: framework) - return nil unless mod.meta + # first check if meta exists and raise an issue if not, #14281 + # raise instead of returning nil to avoid confusion + unless mod.meta + raise LoadError, " Try running file manually to check for errors or dependency issues." + end case mod.meta['type'] when 'remote_exploit' remote_exploit(mod) From bda836dc6522d3f51f8823c4b1d5ad1858237fd2 Mon Sep 17 00:00:00 2001 From: h00die Date: Wed, 21 Oct 2020 16:57:22 -0400 Subject: [PATCH 2/4] warn of possible external modules which are -x --- lib/msf/core/modules/loader/base.rb | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/lib/msf/core/modules/loader/base.rb b/lib/msf/core/modules/loader/base.rb index be290f6e91..08c001e7f4 100644 --- a/lib/msf/core/modules/loader/base.rb +++ b/lib/msf/core/modules/loader/base.rb @@ -466,9 +466,20 @@ class Msf::Modules::Loader::Base # Tries to determine if a file might be executable, def script_path?(path) - File.executable?(path) && - !File.directory?(path) && - ['#!', '//'].include?(File.read(path, 2)) + # warn users if their external modules aren't marked executable + # per #14281 + unless !File.directory?(path) && + ['#!', '//'].include?(File.read(path, 2)) + return false + end + if File.executable?(path) + return true + end + unless File.extname(path) == '.rb' + # prefer elog since load_error clutters the UI on potential false positives + elog("Unable to load module #{path} - LoadError Possible non-executable external module") + end + false end # Changes a file name path to a canonical module reference name. From eb665dae7a3c689963f788d5c259a8100050943a Mon Sep 17 00:00:00 2001 From: h00die Date: Wed, 21 Oct 2020 17:00:32 -0400 Subject: [PATCH 3/4] warn of possible external modules which are -x --- lib/msf/core/modules/loader/base.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msf/core/modules/loader/base.rb b/lib/msf/core/modules/loader/base.rb index 08c001e7f4..f6bd9f2103 100644 --- a/lib/msf/core/modules/loader/base.rb +++ b/lib/msf/core/modules/loader/base.rb @@ -477,7 +477,7 @@ class Msf::Modules::Loader::Base end unless File.extname(path) == '.rb' # prefer elog since load_error clutters the UI on potential false positives - elog("Unable to load module #{path} - LoadError Possible non-executable external module") + elog("Unable to load module #{path} - LoadError Possible non-executable external module.") end false end From 87b55afd442efcce7c2670d2dc24568bb24e5880 Mon Sep 17 00:00:00 2001 From: h00die Date: Sat, 24 Oct 2020 10:09:10 -0400 Subject: [PATCH 4/4] better code optimization --- lib/msf/core/modules/loader/base.rb | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/lib/msf/core/modules/loader/base.rb b/lib/msf/core/modules/loader/base.rb index f6bd9f2103..d542716fd0 100644 --- a/lib/msf/core/modules/loader/base.rb +++ b/lib/msf/core/modules/loader/base.rb @@ -468,18 +468,15 @@ class Msf::Modules::Loader::Base def script_path?(path) # warn users if their external modules aren't marked executable # per #14281 - unless !File.directory?(path) && - ['#!', '//'].include?(File.read(path, 2)) - return false - end - if File.executable?(path) - return true - end - unless File.extname(path) == '.rb' + if File.directory?(path) || !['#!', '//'].include?(File.read(path, 2)) + false + elsif File.executable?(path) + true + else # prefer elog since load_error clutters the UI on potential false positives elog("Unable to load module #{path} - LoadError Possible non-executable external module.") + false end - false end # Changes a file name path to a canonical module reference name.