Metasploit-framework: linux&solaris/priv.rb broken

Created on 31 Jan 2019  路  6Comments  路  Source: rapid7/metasploit-framework

Looks like the linux and solaris /priv.rb is broken since it attempts to use command_exists? which is defined in system.rb and not imported/included.

msf5 post(multi/manage/sudo) > use post/linux/gather/hashdump
msf5 post(linux/gather/hashdump) > set session 1
session => 1
msf5 post(linux/gather/hashdump) > run

[-] Post failed: NoMethodError undefined method `command_exists?' for #<Msf::Modules::Post__Linux__Gather__Hashdump::MetasploitModule:0x0000560bc6a82618>
[-] Call stack:
[-]   /metasploit-framework/lib/msf/core/post/linux/priv.rb:15:in `is_root?'
[-]   /metasploit-framework/modules/post/linux/gather/hashdump.rb:23:in `run'
[*] Post module execution completed

msf5 post(multi/manage/sudo) > use post/solaris/gather/hashdump 
msf5 post(solaris/gather/hashdump) > set session 2
session => 2
msf5 post(solaris/gather/hashdump) > run

[-] Post failed: NoMethodError undefined method `command_exists?' for #<Msf::Modules::Post__Solaris__Gather__Hashdump::MetasploitModule:0x00007f01e8050708>
[-] Call stack:
[-]   /metasploit-framework/lib/msf/core/post/file.rb:321:in `read_file'
[-]   /metasploit-framework/modules/post/solaris/gather/hashdump.rb:25:in `run'
[*] Post module execution completed

@bcoles if you have time to check this one out i'd appreciate, i'm deep in the password cracking PRs

bug library
Source
picture h00die

All 6 comments

May be more...

[-] Post failed: NoMethodError undefined method `command_exists?' for #<Msf::Modules::Post__Linux__Gather__Hashdump::MetasploitModule:0x00005654df84eda8>
[-] Call stack:
[-]   /metasploit-framework/lib/msf/core/post/file.rb:321:in `read_file'
[-]   /metasploit-framework/modules/post/linux/gather/hashdump.rb:24:in `run'
[*] Post module execution completed
h00die picture h00die on 31 Jan 2019

I reverted back to the last commit before the current and that seemed to fix it:
lib/msf/core/post/file.rb: https://raw.githubusercontent.com/rapid7/metasploit-framework/2543d60465c738ab19cc1072e5f45651d5463552/lib/msf/core/post/file.rb
linux/priv.rb: https://raw.githubusercontent.com/rapid7/metasploit-framework/7e5e0f7fc814fee55a1eca148c51f2344da65e59/lib/msf/core/post/linux/priv.rb

h00die picture h00die on 31 Jan 2019

Ugh, more buggy code from #10119.

wvu-r7 picture wvu-r7 on 1 Feb 2019
👎1 👍1

The issue with the Solaris module is in File API read_file method, rather than the Solaris Priv lib.

The issue with the Linux Priv lib is due to use of command_exists?, which exists in Linux System lib. Perhaps the Linux Priv lib should should import the Linux System lib?

bcoles picture bcoles on 1 Feb 2019

Alternatively, command_exists? could be moved to the Post Common lib. command -v should work on any POSIX compatible system.

Edit I've been threatening to write POSIX post libs for a while, but haven't gotten around to it.

bcoles picture bcoles on 1 Feb 2019

I'm working on a PR to rectify the immediate issue.

wvu-r7 picture wvu-r7 on 1 Feb 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

kontenbonker picture kontenbonker  路  26Comments
TheBrokenWasp picture TheBrokenWasp  路  28Comments
hacksoldier98 picture hacksoldier98  路  30Comments
ortholinux picture ortholinux  路  55Comments
nixawk picture nixawk  路  39Comments