Merge pull request #20514 from dledda-r7/fix/remove-unhook-autoload

smcintyre-r7 · web-flow · commit afdaf4ff397f · 2025-09-11T10:45:39.000-04:00
Removing unhook extension autoload
diff --git a/lib/msf/base/sessions/meterpreter.rb b/lib/msf/base/sessions/meterpreter.rb
@@ -184,7 +184,9 @@ def bootstrap(datastore = {}, handler = nil)
 
     # BEGIN: This should be removed on MSF 7
     # Unhook the process prior to loading stdapi to reduce logging/inspection by any AV/PSP (by default unhook is first, see meterpreter_options/windows.rb)
-    extensions.push('unhook') if datastore['AutoUnhookProcess'] && session.platform == 'windows'
+    # The unhook extension is broken. reference: https://github.com/rapid7/metasploit-framework/pull/20514
+
+    #extensions.push('unhook') if datastore['AutoUnhookProcess'] && session.platform == 'windows'
     extensions.push('stdapi') if datastore['AutoLoadStdapi']
     extensions.push('priv') if datastore['AutoLoadStdapi'] && session.platform == 'windows'
     extensions.push('android') if session.platform == 'android'
@@ -197,7 +199,7 @@ def bootstrap(datastore = {}, handler = nil)
     extensions.each do |extension|
       begin
         console.run_single("load #{extension}")
-        console.run_single('unhook_pe') if extension == 'unhook'
+        # console.run_single('unhook_pe') if extension == 'unhook'
         session.load_session_info if extension == 'stdapi' && datastore['AutoSystemInfo']
       rescue => e
         print_warning("Failed loading extension #{extension}")
diff --git a/lib/msf/base/sessions/meterpreter_options/windows.rb b/lib/msf/base/sessions/meterpreter_options/windows.rb
@@ -16,12 +16,8 @@ def initialize(info = {})
           [
             OptString.new(
               'AutoLoadExtensions',
-              [true, "Automatically load extensions on bootstrap, comma separated.", 'unhook,priv,stdapi']
-            ),
-            OptBool.new(
-              'AutoUnhookProcess',
-              [true, "Automatically load the unhook extension and unhook the process", false]
-            ),
+              [true, "Automatically load extensions on bootstrap, comma separated.", 'priv,stdapi']
+            )
           ],
           self.class
         )
