Small fix here to ensure that, even when boolean 'option' variables have a default value of 'true', that their current value is correctly reflected via the 'show options' command. This change should play fine with all other option variable types, I believe.
Current behavior:
```
msf > use auxiliary/gather/darkcomet_filedownloader
msf auxiliary(darkcomet_filedownloader) > show options
Module options (auxiliary/gather/darkcomet_filedownloader):
Name Current Setting Required Description
---- --------------- -------- -----------
BRUTETIMEOUT 1 no Timeout (in seconds) for bruteforce attempts
KEY no DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
LHOST 0.0.0.0 yes This is our IP (as it appears to the DarkComet C2 server)
NEWVERSION true no Set to true if DarkComet version >= 5.1, set to false if version < 5.1
RHOST 0.0.0.0 yes The target address
RPORT 1604 yes The target port
STORE_LOOT true no Store file in loot (will simply output file to console if set to false).
TARGETFILE no Target file to download (assumes password is set)
msf auxiliary(darkcomet_filedownloader) > set STORE_LOOT false
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > get STORE_LOOT
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > set NEW_VERSION false
NEW_VERSION => false
msf auxiliary(darkcomet_filedownloader) > get NEW_VERSION
NEW_VERSION => false
msf auxiliary(darkcomet_filedownloader) > show options
Module options (auxiliary/gather/darkcomet_filedownloader):
Name Current Setting Required Description
---- --------------- -------- -----------
BRUTETIMEOUT 1 no Timeout (in seconds) for bruteforce attempts
KEY no DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
LHOST 0.0.0.0 yes This is our IP (as it appears to the DarkComet C2 server)
NEWVERSION true no Set to true if DarkComet version >= 5.1, set to false if version < 5.1
RHOST 0.0.0.0 yes The target address
RPORT 1604 yes The target port
STORE_LOOT true no Store file in loot (will simply output file to console if set to false).
TARGETFILE no Target file to download (assumes password is set)
```
New behavior with this change:
```
msf > use auxiliary/gather/darkcomet_filedownloader
msf auxiliary(darkcomet_filedownloader) > show options
Module options (auxiliary/gather/darkcomet_filedownloader):
Name Current Setting Required Description
---- --------------- -------- -----------
BRUTETIMEOUT 1 no Timeout (in seconds) for bruteforce attempts
KEY no DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
LHOST 0.0.0.0 yes This is our IP (as it appears to the DarkComet C2 server)
NEWVERSION true no Set to true if DarkComet version >= 5.1, set to false if version < 5.1
RHOST 0.0.0.0 yes The target address
RPORT 1604 yes The target port
STORE_LOOT true no Store file in loot (will simply output file to console if set to false).
TARGETFILE no Target file to download (assumes password is set)
msf auxiliary(darkcomet_filedownloader) > set STORE_LOOT false
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > get STORE_LOOT
STORE_LOOT => false
msf auxiliary(darkcomet_filedownloader) > set NEWVERSION false
NEWVERSION => false
msf auxiliary(darkcomet_filedownloader) > get NEWVERSION
NEWVERSION => false
msf auxiliary(darkcomet_filedownloader) > show options
Module options (auxiliary/gather/darkcomet_filedownloader):
Name Current Setting Required Description
---- --------------- -------- -----------
BRUTETIMEOUT 1 no Timeout (in seconds) for bruteforce attempts
KEY no DarkComet RC4 key (include DC prefix with key eg. #KCMDDC51#-890password)
LHOST 0.0.0.0 yes This is our IP (as it appears to the DarkComet C2 server)
NEWVERSION false no Set to true if DarkComet version >= 5.1, set to false if version < 5.1
RHOST 0.0.0.0 yes The target address
RPORT 1604 yes The target port
STORE_LOOT false no Store file in loot (will simply output file to console if set to false).
TARGETFILE no Target file to download (assumes password is set)
```
rex-text, rex-random_identifier, rex-powershell, rex-zip, and rex-registry
are now being pulled in as gems instead of part of the spgehtti code that is lib/rex
The exception handling in the #exploit_simple method tries to set
error on exploit but exploit is defined within the begin block
causing a noMethodError on nilClass
MS-1608
Fix#6371
When a browser fails to bind (probably due to an invalid port or
server IP), the module actually fails to report this exception from
exception, the method calls exploit.handle_exception(e). But since
handle_exception is not a valid method for that object, it is unable
to do so, and as a result the module fails to properly terminate
the module, or show any error on the console. For the user, this will
make it look like the module has started, the payload listener is up,
but there is no exploit job.
Rex::BindFailed actually isn't the only error that could be raised
by #job_run_proc. As far as I can tell registering the same resource
again could, too. With this patch, the user should be able to see this
error too.
Since the exploit object does not have access to the methods in
Msf::Simple::Exploit, plus there is no other code using
handle_exception and setup_fail_detail_from_exception, I decided
to move these to lib/msf/core/exploit.rb so they are actually
callable.
This class is built upon and overrides certain methods in the generic
CommandShell class. Primarily it is here to control when and if bytes
sent to/from mainframe (z/os) targets get encoded/decoded from cp1047
(ebcdic<->ascii). This would be the default shell for upcoming
mainframe based payloads.
Some exploits currently succeed, but can fail during cleanup, leading to a
false-negative. Reverting this so that the affected exploits can be fixed
first.
This reverts commits b0858e9d46 and
b3f754136e.
Adam Cammack