From a8403c65555ff2d43cfa5b6f93b1ce1ed387bc54 Mon Sep 17 00:00:00 2001
From: d35ha <d35hax@gmail.com>
Date: Thu, 13 Jun 2024 07:25:52 +0000
Subject: [PATCH] Use VM-Assert-Signature to verify the metasploit MSI

---
 packages/metasploit.vm/metasploit.vm.nuspec   |  2 +-
 .../metasploit.vm/tools/chocolateyinstall.ps1 | 26 ++++++++++++++++---
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/packages/metasploit.vm/metasploit.vm.nuspec b/packages/metasploit.vm/metasploit.vm.nuspec
index 3b9d97862..00987f696 100644
--- a/packages/metasploit.vm/metasploit.vm.nuspec
+++ b/packages/metasploit.vm/metasploit.vm.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>metasploit.vm</id>
-    <version>6.3.30.20230811</version>
+    <version>6.4.13.20240613</version>
     <authors>Rapid7</authors>
     <description>A computer security project that provides information about security vulnerabilities, aids in penetration testing, and IDS signature development.</description>
     <dependencies>
diff --git a/packages/metasploit.vm/tools/chocolateyinstall.ps1 b/packages/metasploit.vm/tools/chocolateyinstall.ps1
index 2391c754c..fc5839ead 100644
--- a/packages/metasploit.vm/tools/chocolateyinstall.ps1
+++ b/packages/metasploit.vm/tools/chocolateyinstall.ps1
@@ -5,14 +5,32 @@ try {
     $toolName = 'Metasploit'
     $category = 'Command & Control'
 
-    $exeUrl = 'https://windows.metasploit.com/metasploitframework-latest.msi'
-    $exeSha256 = '470039711E182C4551169A776AFC8C10B4BAEA1600334449998894B2D725D49A'
-    # can't install to specified path.
+    # Download the installer
+    $packageArgs        = @{
+        packageName     = $env:ChocolateyPackageName
+        file            = Join-Path ${Env:TEMP} 'metasploitframework-latest.msi'
+        url             = 'https://windows.metasploit.com/metasploitframework-latest.msi'
+    }
+    $filePath = Get-ChocolateyWebFile @packageArgs
+    VM-Assert-Path $filePath
+    VM-Assert-Signature $filePath
+
+    # Install the downloaded installer
+    $packageArgs        = @{
+        packageName     = $env:ChocolateyPackageName
+        file            = $filePath
+        fileType        = 'MSI'
+        silentArgs      = "/quiet /norestart INSTALLLOCATION=$(${Env:SystemDrive})\"
+    }
+    Install-ChocolateyInstallPackage @packageArgs -ErrorAction SilentlyContinue
+
     $toolDir = Join-Path ${Env:SystemDrive} "metasploit-framework"
     $binDir = Join-Path $toolDir "bin"
     $executablePath = (Join-Path $binDir "msfconsole.bat")
-    VM-Install-With-Installer $toolName $category "MSI" "/q /norestart" $executablePath $exeUrl -sha256 $exeSha256
+    VM-Assert-Path $executablePath
 
+    VM-Install-Shortcut -toolName $toolName -category $category -executablePath $executablePath
+    Install-BinFile -Name $toolName -Path $executablePath
 } catch {
     VM-Write-Log-Exception $_
 }