Land rapid7#19324, Add improvements to rcp_session lib

jheysel-r7 · jheysel-r7 · commit cfd71e9c2717 · 2024-07-15T14:25:57.000-07:00
Updates rpc compatible modules to handle unknown sessions
diff --git a/lib/msf/core/rpc/v10/rpc_session.rb b/lib/msf/core/rpc/v10/rpc_session.rb
@@ -506,14 +506,18 @@ def rpc_meterpreter_directory_separator(sid)
   # @example Here's how you would use this from the client:
   #  rpc.call('session.compatible_modules', 3)
   def rpc_compatible_modules(sid)
-    session_type = self.framework.sessions[sid].type
-    search_params = { 'session_type' => [[session_type], []] }
-    cached_modules = Msf::Modules::Metadata::Cache.instance.find(search_params)
-
+    session = self.framework.sessions[sid]
     compatible_modules = []
-    cached_modules.each do |cached_module|
-      m = _find_module(cached_module.type, cached_module.fullname)
-      compatible_modules << m.fullname if m.session_compatible?(sid)
+
+    if session
+      session_type = session.type
+      search_params = { 'session_type' => [[session_type], []] }
+      cached_modules = Msf::Modules::Metadata::Cache.instance.find(search_params)
+
+      cached_modules.each do |cached_module|
+        m = _find_module(cached_module.type, cached_module.fullname)
+        compatible_modules << m.fullname if m.session_compatible?(sid)
+      end
     end
 
     { "modules" => compatible_modules }
diff --git a/spec/lib/msf/core/rpc/v10/rpc_session_spec.rb b/spec/lib/msf/core/rpc/v10/rpc_session_spec.rb
@@ -1,18 +1,45 @@
 # -*- coding:binary -*-
 require 'spec_helper'
+require 'rex/post/meterpreter/extensions/stdapi/command_ids'
 
 RSpec.describe Msf::RPC::RPC_Session do
   include_context 'Msf::Simple::Framework'
   include_context 'Metasploit::Framework::Spec::Constants cleaner'
   include_context 'Msf::Framework#threads cleaner', verify_cleanup_required: false
   include_context 'wait_for_expect'
 
+  def command_ids_for(base_extension_command_id)
+    (base_extension_command_id..base_extension_command_id+Rex::Post::Meterpreter::COMMAND_ID_RANGE).to_a
+  end
+
   def create_mock_session(klass)
     instance_double(
       klass,
       sid: target_sid,
-      type: klass.type
+      type: klass.type,
+    )
+  end
+
+  def create_mock_meterpreter_session(klass)
+    new_klass_with_core_alias = Class.new(klass) do
+      # This methods is dynamically registered on a real session; so we need to define it
+      # upfront for instance_double to work
+      def core
+        nil
+      end
+    end
+    instance = instance_double(
+      new_klass_with_core_alias,
+      sid: target_sid,
+      type: klass.type,
+      platform: 'linux',
+      base_platform: 'linux',
+      arch: ARCH_PYTHON,
+      commands: command_ids_for(Rex::Post::Meterpreter::EXTENSION_ID_CORE) + command_ids_for(Rex::Post::Meterpreter::Extensions::Stdapi::EXTENSION_ID_STDAPI),
+      ext: instance_double(Rex::Post::Meterpreter::ObjectAliasesContainer, aliases: []),
+      core: instance_double(Rex::Post::Meterpreter::ClientCore, use: nil)
     )
+    instance
   end
 
   let(:service) { Msf::RPC::Service.new(framework) }
@@ -41,7 +68,7 @@ def create_mock_session(klass)
     instance_double(Rex::IO::Stream)
   end
 
-  let(:meterpreter_session) { create_mock_session(::Msf::Sessions::Meterpreter_x64_Win) }
+  let(:meterpreter_session) { create_mock_meterpreter_session(::Msf::Sessions::Meterpreter_x64_Win) }
   let(:postgresql_session) { create_mock_session(::Msf::Sessions::PostgreSQL) }
   let(:shell_session) { create_mock_session(::Msf::Sessions::CommandShell) }
 
@@ -131,6 +158,27 @@ def create_mock_session(klass)
     end
   end
 
+  describe '#rpc_compatible_modules' do
+    context 'when the session does not exist' do
+      let(:session) { meterpreter_session }
+
+      it 'returns an empty array' do
+        expect(rpc.rpc_compatible_modules(-1)).to eq({ "modules" => [] })
+      end
+    end
+
+    context 'when the session exists' do
+      let(:session) { meterpreter_session }
+
+      it 'returns compatible modules' do
+        expected = {
+          "modules" => array_including("auxiliary/cloud/kubernetes/enum_kubernetes")
+        }
+        expect(rpc.rpc_compatible_modules(target_sid)).to match(expected)
+      end
+    end
+  end
+
   describe '#rpc_meterpreter_read' do
     subject(:response) { rpc.rpc_meterpreter_read(target_sid) }
 
