Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the ruby_smb and rex-socket gems #19674

Merged
merged 1 commit into from
Dec 30, 2024

Conversation

zeroSteiner
Copy link
Contributor

@zeroSteiner zeroSteiner commented Nov 22, 2024

This bumps the ruby_smb and rex-socket gems to pull in fixes for two bugs.

RubySMB Already merged

This pulls in a fix that adjusts two fields to be optional. This fixes the parsing error in windows_secrets_dump that was originally identified in #19665. The original steps to reproduce the bug can be used to confirm the fix.

This fixes an issue in the windows_secrets_dump module, wherein it fails after certain password change APIs.

To reproduce this issue (and verify the fix):

Force a password reset with impacket to force Kerberos keys to be removed:
changepasswd.py -reset -newpass Pass123123$ domain/[email protected] -altuser administrator -altpass Password1!

Run the windows_secrets_dump module with appropriate credentials:

Rex-Socket

This fixed where .rex_getaddrinfo was handing IP addresses inconsistently when a custom DNS resolver was in use. To reproduce the original issue:

  1. Enable the DNS feature in Metasploit
  2. Obtain a Meterpreter session somehow
  3. From msfconsole, run the route command using the following syntax to route all traffic through the new session: route add 0 0 -1.
  4. See that the command did not fail because 0 was converted to 0.0.0.0

@zeroSteiner zeroSteiner force-pushed the fix/bump-multi/2024-11-22 branch from 2e77441 to 4146007 Compare December 20, 2024 14:10
@jheysel-r7 jheysel-r7 self-assigned this Dec 30, 2024
@jheysel-r7
Copy link
Contributor

Testing was as expected 🚀

Before

msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > sessions

Active sessions
===============

  Id  Name  Type                   Information               Connection
  --  ----  ----                   -----------               ----------
  1         meterpreter x64/linux  msfuser @ 172.16.199.135  172.16.199.1:4444 -> 172.16.199.135:51392 (172.16.199.135)

msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > route add 0 0 -1
[-] getaddrinfo: Name or service not known

After

msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > sessions

Active sessions
===============

  Id  Name  Type                   Information               Connection
  --  ----  ----                   -----------               ----------
  1         meterpreter x64/linux  msfuser @ 172.16.199.135  172.16.199.1:4444 -> 172.16.199.135:50220 (172.16.199.135)

msf6 payload(cmd/linux/http/x64/meterpreter/reverse_tcp) > route add 0 0 -1
[*] Route added

@jheysel-r7 jheysel-r7 merged commit 9ae5027 into rapid7:master Dec 30, 2024
82 checks passed
@jheysel-r7 jheysel-r7 added the rn-fix release notes fix label Dec 30, 2024
@jheysel-r7
Copy link
Contributor

Release Notes

This bumps the rex-socket gem to version 0.1.58 in order to address an issue where .rex_getaddrinfo was handling IP addresses inconsistently when a custom DNS resolver was in use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
rn-fix release notes fix
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants