Metasploit-framework: Add ForceExploit option to exploit modules

Created on 11 Sep 2018  路  7Comments  路  Source: rapid7/metasploit-framework

Lots of modules make use of the return value from the check method inside the exploit method to determine whether to continue execution, which usually looks something like this:

  def exploit
    unless [CheckCode::Detected, CheckCode::Appears].include? check
      fail_with Failure::NotVulnerable, 'Target is not vulnerable.'
    end

    # ...
  end

This is great; however, sometimes it's nice to override this check.

Very few modules offer an override, by allowing the operator to make use of the ForceExploit pattern, which usually looks something like this:

    register_advanced_options [
      OptBool.new('ForceExploit',  [false, 'Override check result', false]),
    ]

    # ...

    unless [CheckCode::Detected, CheckCode::Appears].include? check
      unless datastore['ForceExploit']
        fail_with Failure::NotVulnerable, 'Target is not vulnerable. Set ForceExploit to override.'
      end
      print_warning 'Target does not appear to be vulnerable'
    end

I nominate @wvu-r7 to add this functionality to every module.

enhancement module
Source
picture bcoles
👍4 😄1

All 7 comments

This is funny. I didn't see this while writing https://github.com/rapid7/metasploit-framework/pull/10620#discussion_r216696313.

8740

wvu-r7 picture wvu-r7 on 11 Sep 2018

Back to this, I would like to consolidate on a single approach soon. I've noticed some divergence in how I've written ForceExploit checks, and I'd like to decide on a consistent approach for myself.

That said, it may be a while before we add this to every module, so to speak.

wvu-r7 picture wvu-r7 on 6 Mar 2019

Note that this work has been started in #12853 and #12955. FYI @adfoster-r7!

ccondon-r7 picture ccondon-r7 on 28 Feb 2020
👍1

This functionality is now very easy to add to modules by the prepending the AutoCheck mixin with a one-liner:

prepend Msf::Exploit::Remote::AutoCheck

Example:

https://github.com/rapid7/metasploit-framework/pull/13787/files#diff-a5a283d232cd5a413fa0e411eee84e9f

adfoster-r7 picture adfoster-r7 on 11 Jul 2020
🚀1

For visibility, in the next day or so we'll have a PR up to update the existing copy/pasta of the ForceExploit to use the new prepend Msf::Exploit::Remote::AutoCheck pattern :+1:

adfoster-r7 picture adfoster-r7 on 17 Sep 2020
1

Cross referencing - https://github.com/rapid7/metasploit-framework/pull/14154

adfoster-r7 picture adfoster-r7 on 18 Sep 2020
1

https://www.gitmemory.com/issue/TinToSer/bluekeep-exploit/2/530002612

qszx picture qszx on 18 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bugshere picture bugshere  路  3Comments
Sonya2010 picture Sonya2010  路  3Comments
idetest41 picture idetest41  路  3Comments
handsomebeast picture handsomebeast  路  3Comments
miholtz picture miholtz  路  3Comments