adds some additional protection against capilization issues

kernelsmith · kernelsmith · commit ab8270d1a42f · 2014-06-17T17:40:50.000-05:00
diff --git a/lib/msf/base/sessions/scriptable.rb b/lib/msf/base/sessions/scriptable.rb
@@ -65,7 +65,8 @@ def execute_script(script_name, *args)
       opts = { 'SESSION' => self.sid }
       args.each do |arg|
         k,v = arg.split("=", 2)
-        opts[k] = v
+        # case doesn't matter in datastore, but it does in hashes, let's normalize
+        opts[k.downcase] = v
       end
       if mod.type == "post"
         mod.run_simple(
@@ -83,22 +84,35 @@ def execute_script(script_name, *args)
           # get a copy of the session exploit's datastore if we can
           original_exploit_datastore = self.exploit.datastore || {}
           copy_of_orig_exploit_datastore = original_exploit_datastore.clone
+          # convert datastore opts to a hash to normalize casing issues
+          local_exploit_opts = {}
+          copy_of_orig_exploit_datastore.each do |k,v| 
+            local_exploit_opts[k.downcase] = v
+          end
           # we don't want to inherit a couple things, like AutoRunScript's
           to_neuter = %w{AutoRunScript InitialAutoRunScript LPORT TARGET}
           to_neuter.each do |setting|
-            copy_of_orig_exploit_datastore.delete(setting)
+            local_exploit_opts.delete(setting.downcase)
           end
 
           # merge in any opts that were passed in, defaulting all other settings
           # to the values from the datastore (of the exploit) that spawned the
           # session
-          local_exploit_opts = copy_of_orig_exploit_datastore.merge(opts)
+          print_debug "local_exploit_opts"
+          print_error local_exploit_opts.inspect
+          print_error "lport:#{local_exploit_opts['lport']},LPORT:#{local_exploit_opts['LPORT']}"
+          print_error "payload:#{local_exploit_opts['payload']},PAYLOAD:#{local_exploit_opts['PAYLOAD']}"
+          local_exploit_opts = local_exploit_opts.merge(opts)
+          print_error "after merge"
+          print_error local_exploit_opts.inspect
+          print_error "lport:#{local_exploit_opts['lport']},LPORT:#{local_exploit_opts['LPORT']}"
+          print_error "payload:#{local_exploit_opts['payload']},PAYLOAD:#{local_exploit_opts['PAYLOAD']}"
 
           # try to run this local exploit, which is likely to be exception prone
           begin
             new_session = mod.exploit_simple(
-              'Payload'       => local_exploit_opts['PAYLOAD'],
-              'Target'       => local_exploit_opts['TARGET'],
+              'Payload'       => local_exploit_opts.delete('payload'),
+              'Target'        => local_exploit_opts.delete('target'),
               'LocalInput'    => self.user_input,
               'LocalOutput'   => self.user_output,
               'Options'       => local_exploit_opts
