Merge pull request #21138 from g0tmi1k/rhosts

[Bug Fix] Auxiliary: Check if module is meant to have rhosts

Author: adfoster-r7

lib/msf/ui/console/command_dispatcher/auxiliary.rb

@@ -62,7 +62,9 @@ def cmd_run(*args, action: nil, opts: {})
 
     begin
       # Check if this is a scanner module or doesn't target remote hosts
-      if rhosts.blank? || mod.class.included_modules.include?(Msf::Auxiliary::MultipleTargetHosts)
+      if rhosts.blank? ||
+         mod.class.included_modules.include?(Msf::Auxiliary::MultipleTargetHosts) ||
+         !mod.datastore.options.key?('RHOSTS')
         mod_with_opts.run_simple(
           'Action'         => args[:action],
           'LocalInput'     => driver.input,

modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb

@@ -35,7 +35,7 @@ def initialize
     ])
 
     deregister_options(
-      "RHOST", "USERNAME", "PASSWORD", "USER_FILE", "PASS_FILE", "USERPASS_FILE",
+      "USERNAME", "PASSWORD", "USER_FILE", "PASS_FILE", "USERPASS_FILE",
       "BLANK_PASSWORDS", "USER_AS_PASS", "REMOVE_USER_FILE", "REMOVE_PASS_FILE",
       "BRUTEFORCE_SPEED" # Slow as heck anyway
     )

spec/lib/msf/ui/console/command_dispatcher/auxiliary_spec.rb

@@ -145,7 +145,7 @@ def cleanup
     mod
   end
 
-  let(:aux_mod_with_option_validation) do
+  let(:aux_mod_with_rhost_option_validation) do
     mod_klass = Class.new(Msf::Auxiliary) do
       def initialize(info = {})
         super(
@@ -157,6 +157,53 @@ def initialize(info = {})
 
         register_options(
           [
+            Msf::Opt::RHOST,
+            Msf::OptString.new('USERNAME', [ true, 'Set me to be greeted']),
+            Msf::OptString.new('PASSWORD', [ false, 'Secret value' ])
+          ]
+      )
+      end
+
+      def validate
+        super
+
+        if datastore['PASSWORD'] != 'PleaseThrowTheBall'
+          raise Msf::OptionValidateError.new({'PASSWORD' => 'Nuh uh uh, you didn\'t say the magic word.'})
+        end
+      end
+
+      def check
+        print_status('Check completed!')
+      end
+
+      def run
+        print("Hello #{datastore['USERNAME']}")
+        print_status('Run completed!')
+      end
+    end
+
+    mod = mod_klass.new
+    datastore = Msf::ModuleDataStore.new(mod)
+    allow(mod).to receive(:framework).and_return(framework)
+    mod.send(:datastore=, datastore)
+    datastore.import_options(mod.options)
+    Msf::Simple::Framework.simplify_module(mod)
+    mod
+  end
+
+  let(:aux_mod_with_file_format_option_validation) do
+    mod_klass = Class.new(Msf::Auxiliary) do
+      def initialize(info = {})
+        super(
+          'Name' => 'mock file format module',
+          'Description' => 'mock file format module',
+          'Author' => ['Unknown'],
+          'License' => MSF_LICENSE
+        )
+
+        register_options(
+          [
+            Msf::OptString.new('FILENAME', [ false, 'The file name', 'foo.zip']),
             Msf::OptString.new('USERNAME', [ true, 'Set me to be greeted']),
             Msf::OptString.new('PASSWORD', [ false, 'Secret value' ])
           ]
@@ -431,8 +478,46 @@ def run
       end
     end
 
-    context 'when running an auxiliary module with option validation' do
-      let(:current_mod) { aux_mod_with_option_validation }
+    context 'when running an auxiliary module with rhost option validation' do
+      let(:current_mod) { aux_mod_with_rhost_option_validation }
+
+      it 'reports options that fail validation' do
+        allow(current_mod).to receive(:check).and_call_original
+        allow(current_mod).to receive(:validate).and_call_original
+        current_mod.datastore['RHOSTS'] = '192.0.2.1'
+        current_mod.datastore['USERNAME'] = 'Jackson'
+        current_mod.datastore['PASSWORD'] = 'ThrowTheBall'
+        subject.cmd_check
+        expected_output = [
+          'Msf::OptionValidateError The following options failed to validate:',
+          'Invalid option PASSWORD: Nuh uh uh, you didn\'t say the magic word.'
+        ]
+
+        expect(@combined_output).to match_array(expected_output)
+        expect(subject.mod).not_to have_received(:check)
+        expect(subject.mod).to have_received(:validate).at_least(:once)
+      end
+
+      it 'runs when validation passes' do
+        allow(current_mod).to receive(:check).and_call_original
+        allow(current_mod).to receive(:validate).and_call_original
+        current_mod.datastore['RHOSTS'] = '192.0.2.1'
+        current_mod.datastore['USERNAME'] = 'Jackson'
+        current_mod.datastore['PASSWORD'] = 'PleaseThrowTheBall'
+        subject.cmd_check
+        expected_output = [
+          'Check completed!',
+          '192.0.2.1 - Check failed: The state could not be determined.'
+        ]
+
+        expect(@combined_output).to match_array(expected_output)
+        expect(subject.mod).to have_received(:check)
+        expect(subject.mod).to have_received(:validate).at_least(:once)
+      end
+    end
+
+    context 'when running an auxiliary module with file format option validation' do
+      let(:current_mod) { aux_mod_with_file_format_option_validation }
 
       it 'reports options that fail validation' do
         allow(current_mod).to receive(:check).and_call_original
@@ -804,8 +889,8 @@ def run
       end
     end
 
-    context 'when running an auxiliary module with option validation' do
-      let(:current_mod) { aux_mod_with_option_validation }
+    context 'when running an auxiliary rhost module with option validation' do
+      let(:current_mod) { aux_mod_with_rhost_option_validation }
 
       it 'reports options that fail validation' do
         allow(current_mod).to receive(:run).and_call_original
@@ -843,6 +928,45 @@ def run
         expect(subject.mod).to have_received(:validate).at_least(:once)
       end
     end
+
+    context 'when running an auxiliary file format module with option validation' do
+      let(:current_mod) { aux_mod_with_file_format_option_validation }
+
+      it 'reports options that fail validation' do
+        allow(current_mod).to receive(:run).and_call_original
+        allow(current_mod).to receive(:validate).and_call_original
+        current_mod.datastore['RHOSTS'] = '192.0.2.1'
+        current_mod.datastore['USERNAME'] = 'Jackson'
+        current_mod.datastore['PASSWORD'] = 'ThrowTheBall'
+        subject.cmd_run
+        expected_output = [
+          'Msf::OptionValidateError The following options failed to validate:',
+          'Invalid option PASSWORD: Nuh uh uh, you didn\'t say the magic word.'
+        ]
+
+        expect(@combined_output).to match_array(expected_output)
+        expect(subject.mod).not_to have_received(:run)
+        expect(subject.mod).to have_received(:validate).at_least(:once)
+      end
+
+      it 'runs when validation passes' do
+        allow(current_mod).to receive(:run).and_call_original
+        allow(current_mod).to receive(:validate).and_call_original
+        current_mod.datastore['RHOSTS'] = '192.0.2.1'
+        current_mod.datastore['USERNAME'] = 'Jackson'
+        current_mod.datastore['PASSWORD'] = 'PleaseThrowTheBall'
+        subject.cmd_run
+        expected_output = [
+          'Auxiliary module execution completed',
+          'Hello Jackson',
+          'Run completed!',
+        ]
+
+        expect(@combined_output).to match_array(expected_output)
+        expect(subject.mod).to have_received(:run)
+        expect(subject.mod).to have_received(:validate).at_least(:once)
+      end
+    end
   end
 
   describe '#cmd_rerun' do