Metasploit-framework: Function name collusions on Msf::Exploit::Remote::HttpClient and Msf::Exploit::Remote::Ftp

Created on 17 Mar 2020  路  3Comments  路  Source: rapid7/metasploit-framework

Allright, I've been working on a exploit module that requires both Msf::Exploit::Remote::Ftp and Msf::Exploit::Remote::HttpClient.

send_requirest_cgi function from HttpClient use connect function but it's also defined in FTP module too. So if I include Msf::Exploit::Remote::Ftp first, send_requirest_cgi useconnect` from FTP library instead of it's own connect.

In order to avoid that we can change the order of included file at the top of the module but this time options are getting messed up.

For example both libraries uses Opt::RPORT variables in order to initiate underlying TCP session. So FTP library try to connect 80 port instead of 21. I've tried to overcome the problem by using register_options as follow but no luck !

    register_options(
      [
        Opt::RPORT(8083),
        OptString.new('USERNAME', [true, 'The username to login as']),
        OptString.new('PASSWORD', [true, 'The password to login with']),
        OptString.new('TARGETURI', [true, 'The URI of the vulnerable instance', '/'])
      ], Msf::Exploit::Remote::HttpClient
    )

    register_options(
        [
            Opt::RPORT(21),
            OptString.new('FTPUSER', [ false, 'Leave it empty. It will be same as the USERNAME', datastore['USERNAME']]),
            OptString.new('FTPPASS', [ false, 'Leave it empty. It will be same as the PASSWORD', datastore['PASSWORD']]),
        ], Msf::Exploit::Remote::Ftp
    )

I'm lost and not experienced Ruby developer. Can someone please show me how to use Msf::Exploit::Remote::Ftp and Msf::Exploit::Remote::HttpClient in the same module without any problem ?

mixin madness
Source
picture mdisec

All 3 comments

First time seeing this label 馃榾 @wvu-r7 !

The trick that I've used is as follow.

  • Add alias ftp_connect connect to the Msf::Exploit::Remote::Ftp module.
  • Call ftp_connect instead of connect within connect_login function of the FTP module. So that connect_login also keep using it own connect method.

Now I can call ftp_connect with in my exploit module instead of connect which had a name collusion with HttpClient. On the other hand, other modules that are currently using only FTP modules's connect method won't be affected.

Here is the patch.

diff --git a/lib/msf/core/exploit/ftp.rb b/lib/msf/core/exploit/ftp.rb
index 5096d26c88..4e9a9773e1 100644
--- a/lib/msf/core/exploit/ftp.rb
+++ b/lib/msf/core/exploit/ftp.rb
@@ -136,7 +136,7 @@ module Exploit::Remote::Ftp
   def connect_login(global = true, verbose = nil)
     verbose ||= datastore['FTPDEBUG']
     verbose ||= datastore['VERBOSE']
-    ftpsock = connect(global, verbose)
+    ftpsock = ftp_connect(global, verbose)

     if !(user and pass)
       print_error("No username and password were supplied, unable to login")
@@ -371,6 +371,8 @@ module Exploit::Remote::Ftp
     (datastore['FTPDataTimeout'] || 1).to_i
   end

+  alias ftp_connect connect
+
 protected

   #
mdisec picture mdisec on 18 Mar 2020
👀1 👍1

Closing this issue as it was linked to #13093 and the comments from @mmetince mention that once that issue was closed it would resolve this one.

@mmetince Feel free to reopen this issue if this is not the case.

gwillcox-r7 picture gwillcox-r7 on 16 Apr 2020

You didn't say the magic word, @mmetince. :)

wvu-r7 picture wvu-r7 on 16 Apr 2020
😄1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

notdodo picture notdodo  路  3Comments
0x27 picture 0x27  路  3Comments
XSecr3t picture XSecr3t  路  3Comments
Acidical picture Acidical  路  3Comments
Funeoz picture Funeoz  路  3Comments