metasploit-framework icon indicating copy to clipboard operation
metasploit-framework copied to clipboard

Published 20 hours ago verified publisher icon rapid7

Changing targets leaves state behind in the datastore

Open adfoster-r7 opened this issue 2 years ago • 1 comments

Steps to reproduce

Load a module, the default cmdstager is auto:

[*] Using exploit/linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec
msf6 exploit(linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec) > get CMDSTAGER::FLAVOR
CMDSTAGER::FLAVOR => auto

Setting target to 0, still auto:

msf6 exploit(linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec) > set target 0
target => 0
msf6 exploit(linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec) > get CMDSTAGER::FLAVOR
CMDSTAGER::FLAVOR => auto
msf6 exploit(linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec)

Set target to 1, the datastore updates to the new default:

> set target 1
target => 1
msf6 exploit(linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec) > get CMDSTAGER::FLAVOR
CMDSTAGER::FLAVOR => wget
msf6 exploit(linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec)

Set the target back to 0 - but the previous target's defaults stick around:

> set target 0
target => 0
msf6 exploit(linux/http/grandstream_gxv31xx_settimezone_unauth_cmd_exec) > get CMDSTAGER::FLAVOR
CMDSTAGER::FLAVOR => wget

Expected

The defaults would not persist from changing targets

Version/Install

The versions and install method of your Metasploit setup:

Framework: 6.2.13-dev-3d29f951aa
Ruby: ruby 3.0.2p107 (2021-07-07 revision 0db68f0233) [x86_64-darwin20]
OpenSSL: OpenSSL 1.1.1m  14 Dec 2021
Install Root: /Users/user/Documents/code/metasploit-framework
Session Type: Connected to msf. Connection type: postgresql.
Install Method: Git Clone

adfoster-r7 avatar Aug 23 '22 09:08 adfoster-r7

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] avatar Oct 13 '22 15:10 github-actions[bot]

Hi again!

It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

github-actions[bot] avatar Nov 14 '22 15:11 github-actions[bot]