rapid7
post/windows/manage/rpcapd_start: run_rpcapd(cmdline) method does not run rpcapd with cmdline
The post/windows/manage/rpcapd_start module describes p and prog parameters to be used in the run_rpcapd method.
https://github.com/rapid7/metasploit-framework/blob/b5129fe19874e74d5a103bb9d1372fb30f618b32/modules/post/windows/manage/rpcapd_start.rb#L63-L87
The program file path prog is used to add a firewall rule. The p value is unused, then passed to the run_rpcapd method as cmdline, where it is used only in a print message:
https://github.com/rapid7/metasploit-framework/blob/b5129fe19874e74d5a103bb9d1372fb30f618b32/modules/post/windows/manage/rpcapd_start.rb#L89-L98
Perhaps the intention was for users to manually run the command printed to terminal? The module does not do it. Despite claiming that it is installing pcap in passive or active mode, no action is taken:
https://github.com/rapid7/metasploit-framework/blob/b5129fe19874e74d5a103bb9d1372fb30f618b32/modules/post/windows/manage/rpcapd_start.rb#L74-L80
Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi again!
It’s been 60 days since anything happened on this issue, so we are going to close it. Please keep in mind that I’m only a robot, so if I’ve closed this issue in error please feel free to reopen this issue or create a new one if you need anything else.
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.