Browse Source

Kill defanged mode

James Lee 3 years ago
parent
commit
f1857d6350
No account linked to committer's email address

+ 0
- 1
external/zsh/_msfconsole View File

@@ -23,7 +23,6 @@
23 23
 _arguments \
24 24
   {-a,--ask}"[Ask before exiting Metasploit or accept 'exit -y']" \
25 25
   "-c[Load the specified configuration file]:configuration file:_files" \
26
-  {-d,--defanged}"[Execute the console as defanged]" \
27 26
   {-E,--environment}"[Specify the database environment to load from the configuration]:environment:(production development)" \
28 27
   {-h,--help}"[Show help text]" \
29 28
   {-L,--real-readline}"[Use the system Readline library instead of RbReadline]" \

+ 0
- 1
lib/metasploit/framework/command/console.rb View File

@@ -80,7 +80,6 @@ class Metasploit::Framework::Command::Console < Metasploit::Framework::Command::
80 80
       driver_options['DatabaseMigrationPaths'] = options.database.migrations_paths
81 81
       driver_options['DatabaseYAML'] = options.database.config
82 82
       driver_options['DeferModuleLoads'] = options.modules.defer_loads
83
-      driver_options['Defanged'] = options.console.defanged
84 83
       driver_options['DisableBanner'] = options.console.quiet
85 84
       driver_options['DisableDatabase'] = options.database.disable
86 85
       driver_options['LocalOutput'] = options.console.local_output

+ 0
- 5
lib/metasploit/framework/parsed_options/console.rb View File

@@ -10,7 +10,6 @@ class Metasploit::Framework::ParsedOptions::Console < Metasploit::Framework::Par
10 10
 
11 11
         options.console.commands = []
12 12
         options.console.confirm_exit = false
13
-        options.console.defanged = false
14 13
         options.console.local_output = nil
15 14
         options.console.plugins = []
16 15
         options.console.quiet = false
@@ -40,10 +39,6 @@ class Metasploit::Framework::ParsedOptions::Console < Metasploit::Framework::Par
40 39
           options.console.confirm_exit = true
41 40
         end
42 41
 
43
-        option_parser.on('-d', '--defanged', 'Execute the console as defanged') do
44
-          options.console.defanged = true
45
-        end
46
-
47 42
         option_parser.on('-L', '--real-readline', 'Use the system Readline library instead of RbReadline') do
48 43
           options.console.real_readline = true
49 44
         end

+ 0
- 6
lib/msf/ui/console/command_dispatcher.rb View File

@@ -60,12 +60,6 @@ module CommandDispatcher
60 60
   def active_session=(mod)
61 61
     driver.active_session = mod
62 62
   end
63
-  #
64
-  # Checks to see if the driver is defanged.
65
-  #
66
-  def defanged?
67
-    driver.defanged?
68
-  end
69 63
 
70 64
   #
71 65
   # Logs an error message to the screen and the log file.  The callstack is

+ 0
- 2
lib/msf/ui/console/command_dispatcher/auxiliary.rb View File

@@ -72,8 +72,6 @@ class Auxiliary
72 72
   # Executes an auxiliary module
73 73
   #
74 74
   def cmd_run(*args)
75
-    defanged?
76
-
77 75
     opt_str = nil
78 76
     action  = mod.datastore['ACTION']
79 77
     jobify  = false

+ 0
- 18
lib/msf/ui/console/command_dispatcher/core.rb View File

@@ -95,10 +95,6 @@ class Core
95 95
     "-h" => [ false, "Help banner."                                   ],
96 96
     "-e" => [ true,  "Expression to evaluate."                        ])
97 97
 
98
-  # The list of data store elements that cannot be set when in defanged
99
-  # mode.
100
-  DefangedProhibitedDataStoreElements = [ "MsfModulePaths" ]
101
-
102 98
   # Constant for disclosure date formatting in search functions
103 99
   DISCLOSURE_DATE_FORMAT = "%Y-%m-%d"
104 100
 
@@ -868,8 +864,6 @@ class Core
868 864
   # Goes into IRB scripting mode
869 865
   #
870 866
   def cmd_irb(*args)
871
-    defanged?
872
-
873 867
     expressions = []
874 868
 
875 869
     # Parse the command options
@@ -1218,8 +1212,6 @@ class Core
1218 1212
   # the framework root plugin directory is used.
1219 1213
   #
1220 1214
   def cmd_load(*args)
1221
-    defanged?
1222
-
1223 1215
     if (args.length == 0)
1224 1216
       cmd_load_help
1225 1217
       return false
@@ -1476,8 +1468,6 @@ class Core
1476 1468
   # restarts of the console.
1477 1469
   #
1478 1470
   def cmd_save(*args)
1479
-    defanged?
1480
-
1481 1471
     # Save the console config
1482 1472
     driver.save_config
1483 1473
 
@@ -1508,8 +1498,6 @@ class Core
1508 1498
   # Adds one or more search paths.
1509 1499
   #
1510 1500
   def cmd_loadpath(*args)
1511
-    defanged?
1512
-
1513 1501
     if (args.length == 0 or args.include? "-h")
1514 1502
       cmd_loadpath_help
1515 1503
       return true
@@ -2166,12 +2154,6 @@ class Core
2166 2154
       @cache_payloads = nil
2167 2155
     end
2168 2156
 
2169
-    # Security check -- make sure the data store element they are setting
2170
-    # is not prohibited
2171
-    if global and DefangedProhibitedDataStoreElements.include?(name)
2172
-      defanged?
2173
-    end
2174
-
2175 2157
     # If the driver indicates that the value is not valid, bust out.
2176 2158
     if (driver.on_variable_set(global, name, value) == false)
2177 2159
       print_error("The value specified for #{name} is not valid.")

+ 0
- 2
lib/msf/ui/console/command_dispatcher/exploit.rb View File

@@ -49,8 +49,6 @@ class Exploit
49 49
   # Launches an exploitation attempt.
50 50
   #
51 51
   def cmd_exploit(*args)
52
-    defanged?
53
-
54 52
     opt_str = nil
55 53
     payload = mod.datastore['PAYLOAD']
56 54
     encoder = mod.datastore['ENCODER']

+ 0
- 2
lib/msf/ui/console/command_dispatcher/post.rb View File

@@ -78,8 +78,6 @@ class Post
78 78
   # Executes an auxiliary module
79 79
   #
80 80
   def cmd_run(*args)
81
-    defanged?
82
-
83 81
     opt_str = nil
84 82
     jobify  = false
85 83
     quiet   = false

+ 0
- 30
lib/msf/ui/console/driver.rb View File

@@ -144,14 +144,6 @@ class Driver < Msf::Ui::Driver
144 144
     # Whether or not to confirm before exiting
145 145
     self.confirm_exit = opts['ConfirmExit']
146 146
 
147
-    # Disables "dangerous" functionality of the console
148
-    @defanged = opts['Defanged']
149
-
150
-    # If we're defanged, then command passthru should be disabled
151
-    if @defanged
152
-      self.command_passthru = false
153
-    end
154
-
155 147
     # Parse any specified database.yml file
156 148
     if framework.db.usable and not opts['SkipDatabaseInit']
157 149
 
@@ -630,17 +622,6 @@ class Driver < Msf::Ui::Driver
630 622
   #
631 623
   attr_accessor :active_resource
632 624
 
633
-  #
634
-  # If defanged is true, dangerous functionality, such as exploitation, irb,
635
-  # and command shell passthru is disabled.  In this case, an exception is
636
-  # raised.
637
-  #
638
-  def defanged?
639
-    if @defanged
640
-      raise DefangedException
641
-    end
642
-  end
643
-
644 625
   def stop
645 626
     framework.events.on_ui_stop()
646 627
     super
@@ -769,17 +750,6 @@ protected
769 750
   end
770 751
 end
771 752
 
772
-#
773
-# This exception is used to indicate that functionality is disabled due to
774
-# defanged being true
775
-#
776
-class DefangedException < ::Exception
777
-  def to_s
778
-    "This functionality is currently disabled (defanged mode)"
779
-  end
780
-end
781
-
782
-
783 753
 end
784 754
 end
785 755
 end

+ 1
- 3
lib/msf/ui/console/module_command_dispatcher.rb View File

@@ -122,8 +122,6 @@ module ModuleCommandDispatcher
122 122
   # Checks to see if a target is vulnerable.
123 123
   #
124 124
   def cmd_check(*args)
125
-    defanged?
126
-
127 125
     ip_range_arg = args.shift || mod.datastore['RHOSTS'] || framework.datastore['RHOSTS'] || ''
128 126
     opt = Msf::OptAddressRange.new('RHOSTS')
129 127
 
@@ -176,7 +174,7 @@ module ModuleCommandDispatcher
176 174
 
177 175
   def check_simple(instance=nil)
178 176
     unless instance
179
-      instance = mod 
177
+      instance = mod
180 178
     end
181 179
 
182 180
     rhost = instance.datastore['RHOST']

Loading…
Cancel
Save