Skip to content

Commit 11fec0b

Browse files
author
kernelsmith
committed
adds rudimentary validity checking to pids for meterp kill
addresses redmine https://dev.metasploit.com/redmine/issues/7223, but may not be a truly encompassing solution. 'good bandaid' as egypt put it
1 parent 6bd4306 commit 11fec0b

File tree

1 file changed

+35
-6
lines changed
  • lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi

1 file changed

+35
-6
lines changed

lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb

Lines changed: 35 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,9 @@ class Console::CommandDispatcher::Stdapi::Sys
4545
"-r" => [ true, "The remote machine name to connect to (with current process credentials" ],
4646
"-w" => [ false, "Set KEY_WOW64 flag, valid values [32|64]." ])
4747

48+
#
49+
# Options for the 'ps' command.
50+
#
4851
@@ps_opts = Rex::Parser::Arguments.new(
4952
"-h" => [ false, "Help menu." ],
5053
"-S" => [ true, "Filters processes on the process name using the supplied RegEx"],
@@ -262,20 +265,46 @@ def cmd_clearev(*args)
262265
# Kills one or more processes.
263266
#
264267
def cmd_kill(*args)
265-
if (args.length == 0)
266-
print_line(
267-
"Usage: kill pid1 pid2 pid3 ...\n\n" +
268-
"Terminate one or more processes.")
268+
# give'em help if they want it, or seem confused
269+
if ( args.length == 0 or (args.length == 1 and args[0].strip == "-h") )
270+
cmd_kill_help
269271
return true
270272
end
271273

272-
print_line("Killing: #{args.join(", ")}")
274+
# validate all the proposed pids first so we can bail if one is bogus
275+
args.each do |arg|
276+
if not is_valid_pid?(arg)
277+
print_error("#{arg} is not a valid pid")
278+
cmd_kill_help
279+
return false
280+
end
281+
end
273282

283+
# kill kill kill
284+
print_line("Killing: #{args.join(", ")}")
274285
client.sys.process.kill(*(args.map { |x| x.to_i }))
275-
276286
return true
277287
end
278288

289+
#
290+
# help for the kill command
291+
#
292+
def cmd_kill_help
293+
print_line("Usage: kill pid1 pid2 pid3 ...\n\nTerminate one or more processes.")
294+
end
295+
296+
#
297+
# Checks if +pid+ is a valid looking pid
298+
#
299+
def is_valid_pid?(pid)
300+
# in lieu of checking server side for pid validity at the moment, we just sanity check here
301+
pid.strip!
302+
return false if pid.strip =~ /^-/ # invalid if it looks "negative"
303+
return true if pid == "0" # allow them to kill pid 0, otherwise false
304+
# cuz everything returned from .to_i that's not an int returns 0, we depend on the statement above
305+
return true if pid.to_i > 0
306+
end
307+
279308
#
280309
# Lists running processes.
281310
#

0 commit comments

Comments
 (0)