Merge remote-tracking branch 'upstream/master'

.github/workflows/mssql_acceptance.yml → .github/workflows/command_shell_acceptance.yml

@@ -1,3 +1,4 @@
+
 name: Acceptance
 
 # Optional, enabling concurrency limits: https://docs.github.com/en/actions/using-jobs/using-concurrency
@@ -22,6 +23,16 @@ permissions:
   statuses: none
 
 on:
+  workflow_dispatch:
+    inputs:
+      metasploitPayloadsCommit:
+        description: 'metasploit-payloads branch would like to test'
+        required: true
+        default: 'master'
+      mettleCommit:
+        description: 'mettle branch you would like to test'
+        required: true
+        default: 'master'
   push:
     branches-ignore:
       - gh-pages
@@ -32,7 +43,11 @@ on:
     paths:
       - 'metsploit-framework.gemspec'
       - 'Gemfile.lock'
-      - '**/**mssql**'
+      - 'data/templates/**'
+      - 'modules/payloads/**'
+      - 'lib/msf/core/payload/**'
+      - 'lib/msf/core/**'
+      - 'tools/dev/**'
       - 'spec/acceptance/**'
       - 'spec/support/acceptance/**'
       - 'spec/acceptance_spec_helper.rb'
@@ -42,69 +57,92 @@ on:
 #    - cron: '*/15 * * * *'
 
 jobs:
-  mssql:
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 40
-
-    services:
-      mssql:
-        image: ${{ matrix.docker_image }}
-        ports: ["1433:1433"]
-        env:
-          MSSQL_SA_PASSWORD: yourStrong(!)Password
-          ACCEPT_EULA: 'Y'
-        options: >-
-          --health-cmd "/opt/mssql-tools/bin/sqlcmd -U sa -P 'yourStrong(!)Password' -Q 'select 1' -b -o /dev/null"
-          --health-interval 10s
-          --health-timeout 5s
-          --health-retries 5
-
+  # Run all test individually, note there is a separate final job for aggregating the test results
+  test:
     strategy:
-      fail-fast: true
+      fail-fast: false
       matrix:
-        ruby:
-          - '3.2'
         os:
-          - ubuntu-latest
-        docker_image: []
-#          - mcr.microsoft.com/mssql/server:2022-latest
-#          - mcr.microsoft.com/mssql/server:2019-latest
+          - windows-2019
+          - ubuntu-20.04
+        ruby:
+          - 3.0.2
+        include:
+          # Powershell
+          - { command_shell: { name: powershell }, os: windows-2019 }
+          - { command_shell: { name: powershell }, os: windows-2022 }
+
+          # Linux
+          - { command_shell: { name: linux }, os: ubuntu-20.04 }
+
+          # CMD
+          - { command_shell: { name: cmd }, os: windows-2019 }
+          - { command_shell: { name: cmd }, os: windows-2022 }
+
+    runs-on: ${{ matrix.os }}
+
+    timeout-minutes: 50
 
     env:
       RAILS_ENV: test
-      BUNDLE_WITHOUT: "coverage development pcap"
-
+      HOST_RUNNER_IMAGE: ${{ matrix.os }}
+      SESSION: 'command_shell/${{ matrix.command_shell.name }}'
+      SESSION_RUNTIME_VERSION: ${{ matrix.command_shell.runtime_version }}
+      BUNDLE_WITHOUT: "coverage development"
 
-    name: ${{ matrix.docker_image }} - ${{ matrix.os }} - Ruby ${{ matrix.ruby }}
+    name: ${{ matrix.command_shell.name }} ${{ matrix.command_shell.runtime_version }} ${{ matrix.os }}
     steps:
-      - name: Install system dependencies
-        run: sudo apt-get install -y --no-install-recommends libpcap-dev graphviz
+      - name: Install system dependencies (Linux)
+        if: runner.os == 'Linux'
+        run: sudo apt-get -y --no-install-recommends install libpcap-dev graphviz
 
-      - name: Checkout code
+      - uses: shivammathur/setup-php@fc14643b0a99ee9db10a3c025a33d76544fa3761
+        if: ${{ matrix.command_shell.name == 'php' }}
+        with:
+          php-version: ${{ matrix.command_shell.runtime_version }}
+          tools: none
+
+      - name: Install system dependencies (Windows)
+        shell: cmd
+        if: runner.os == 'Windows'
+        run: |
+          REM pcap dependencies
+          powershell -Command "[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} ; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.winpcap.org/install/bin/WpdPack_4_1_2.zip', 'C:\Windows\Temp\WpdPack_4_1_2.zip')"
+
+          choco install 7zip.installServerCertificateValidationCallback
+          7z x "C:\Windows\Temp\WpdPack_4_1_2.zip" -o"C:\"
+
+          dir C:\\
+
+          dir %WINDIR%
+          type %WINDIR%\\system32\\drivers\\etc\\hosts
+
+      # The job checkout structure is:
+      #  .
+      #  └── metasploit-framework
+
+      - name: Checkout metasploit-framework code
         uses: actions/checkout@v4
+        with:
+          path: metasploit-framework
 
       - name: Setup Ruby
         env:
-          # Nokogiri doesn't release pre-compiled binaries for preview versions of Ruby; So force compilation with BUNDLE_FORCE_RUBY_PLATFORM
-          BUNDLE_FORCE_RUBY_PLATFORM: "${{ contains(matrix.ruby, 'preview') && 'true' || 'false' }}"
+          BUNDLE_FORCE_RUBY_PLATFORM: true
         uses: ruby/setup-ruby@v1
         with:
-          ruby-version: '${{ matrix.ruby }}'
+          ruby-version: ${{ matrix.ruby }}
           bundler-cache: true
+          working-directory: metasploit-framework
+          cache-version: 5
+          # Github actions with Ruby requires Bundler 2.2.18+
+          # https://github.com/ruby/setup-ruby/tree/d2b39ad0b52eca07d23f3aa14fdf2a3fcc1f411c#windows
+          bundler: 2.2.33
 
-      - name: Extract runtime version
-        run: |
-          echo "RUNTIME_VERSION=$(echo $DOCKER_IMAGE | awk -F: '{ print $2 }')" >> $GITHUB_ENV
-          echo "DOCKER_IMAGE_FILENAME=$(echo $DOCKER_IMAGE | tr -d '/:')" >> $GITHUB_ENV
-        env:
-          DOCKER_IMAGE: ${{ matrix.docker_image }}
-          OS: ${{ matrix.os }}
-
-      - name: acceptance
+      - name: Acceptance
         env:
           SPEC_HELPER_LOAD_METASPLOIT: false
           SPEC_OPTS: "--tag acceptance --require acceptance_spec_helper.rb --color --format documentation --format AllureRspec::RSpecFormatter"
-          RUNTIME_VERSION: ${{ env.RUNTIME_VERSION }}
         # Unix run command:
         #   SPEC_HELPER_LOAD_METASPLOIT=false bundle exec ./spec/acceptance
         # Windows cmd command:
@@ -113,21 +151,21 @@ jobs:
         # Note: rspec retry is intentionally not used, as it can cause issues with allure's reporting
         # Additionally - flakey tests should be fixed or marked as flakey instead of silently retried
         run: |
-          bundle exec rspec spec/acceptance/mssql_spec.rb
+          bundle exec rspec spec/acceptance/command_shell_spec.rb
+        working-directory: metasploit-framework
 
       - name: Archive results
         if: always()
         uses: actions/upload-artifact@v4
         with:
           # Provide a unique artifact for each matrix os, otherwise race conditions can lead to corrupt zips
-          name: ${{ env.DOCKER_IMAGE_FILENAME }}-${{ matrix.os }}
-          path: tmp/allure-raw-data
+          name: raw-data-${{ matrix.command_shell.name }}-${{ matrix.command_shell.runtime_version }}-${{ matrix.os }}
+          path: metasploit-framework/tmp/allure-raw-data
 
   # Generate a final report from the previous test results
   report:
     name: Generate report
-    needs:
-      - mssql
+    needs: test
     runs-on: ubuntu-latest
     if: always()
 

.github/workflows/meterpreter_acceptance.yml

@@ -248,7 +248,7 @@ jobs:
 
       - name: Build Windows payloads via Visual Studio 2022 Build (Windows)
         shell: cmd
-        if: ${{ (runner.os == 'Windows') && (matrix.os == 'windows-2022') && (contains(github.event.issue.labels.*.name, 'payload-testing-branch'))}}
+        if: ${{ (runner.os == 'Windows') && (matrix.os == 'windows-2022') && (contains(github.event.issue.labels.*.name, 'payload-testing-branch')) }}
         run: |
           cd c/meterpreter
           git submodule init && git submodule update

data/cmd_exec/README.md

@@ -1,25 +1,29 @@
 ## Setup
 
-This contains setup steps used for acceptance testing of the `cmd_exec` API. We will make use of the gcc docker image to 
-build out the C binaries to then be uploaded to the host machine, so they can be used as part of the `cmd_exec` 
+This contains setup steps used for acceptance testing of the `cmd_exec` API. We will make use of the gcc docker image to
+build out the C binaries to then be uploaded to the host machine, so they can be used as part of the `cmd_exec`
 create process API.
 
 This directory contains:
 - C executable `show_args.c`
-This file is used as part of the `cmd_exec` testing as it requires a file to take args, then loop over them and output 
-those args back to the user.
+  This file is used as part of the `cmd_exec` testing as it requires a file to take args, then loop over them and output
+  those args back to the user.
 
 - Makefile to build the binaries `makefile.mk`
-This file is used to create the binaries for both Windows and Linux that the docker command below will make use of.
+  This file is used to create the binaries for both Windows and Linux that the docker command below will make use of.
+  This will output the following binaries:
 
-- Precompiled binaries for Windows
-  - `show_args.exe`
+  - Precompiled binary for Windows
+    - `show_args.exe`
 
-- Precompiled binaries for Linux and Mettle
-  - `show_args`
+  - Precompiled binary for Linux and Mettle
+    - `show_args`
+
+### Note
+
+You will need to compile the OSX payload separately on an OSX machine, Docker is not supported. The test assume the file
+will be named as `show_args_macos`.
 
-- Precompiled binaries for macOS
-  - `show_args_macos`
 
 ## Compile binaries locally
 
@@ -29,5 +33,3 @@ We make use of gcc for this: https://hub.docker.com/_/gcc
 ```shell
 docker run --rm -v "$PWD":/usr/src/myapp -w /usr/src/myapp gcc:11.4.0 /bin/bash -c "apt update && apt install -y gcc-mingw-w64 && make all -f makefile.mk"
 ```
-
-You will need to compile the OSX payload separately on an OSX machine, Docker is not supported.

lib/metasploit/framework/command/console.rb

@@ -92,7 +92,6 @@ def driver_options
       driver_options['ModulePath'] = options.modules.path
       driver_options['Plugins'] = options.console.plugins
       driver_options['Readline'] = options.console.readline
-      driver_options['RealReadline'] = options.console.real_readline
       driver_options['Resource'] = options.console.resources
       driver_options['XCommands'] = options.console.commands
 

lib/metasploit/framework/parsed_options/console.rb

@@ -16,7 +16,6 @@ def options
         options.console.plugins = []
         options.console.quiet = false
         options.console.readline = true
-        options.console.real_readline = false
         options.console.resources = []
         options.console.subcommand = :run
       }
@@ -54,7 +53,11 @@ def option_parser
         end
 
         option_parser.on('-L', '--real-readline', 'Use the system Readline library instead of RbReadline') do
-          options.console.real_readline = true
+          message = "The RealReadline option has been marked as deprecated, and is currently a noop.\n"
+          message << "Metasploit Framework now uses Reline exclusively as the input handling library.\n"
+          message << "If you require this functionality, please use the following link to tell us:\n"
+          message << '  https://github.com/rapid7/metasploit-framework/issues/19399'
+          warn message
         end
 
         option_parser.on('-o', '--output FILE', 'Output to the specified file') do |file|

lib/metasploit/framework/parsed_options/remote_db.rb

@@ -13,7 +13,6 @@ def options
         options.console.local_output = nil
         options.console.plugins = []
         options.console.quiet = false
-        options.console.real_readline = false
         options.console.resources = []
         options.console.subcommand = :run
       }

lib/msf/core/session/provider/single_command_shell.rb

@@ -93,6 +93,14 @@ def shell_command_token(cmd, timeout=10)
     output
   end
 
+  def to_cmd(cmd, args)
+    if platform == 'windows'
+      result = Msf::Sessions::CommandShellWindows.to_cmd(cmd, args)
+    else
+      result = Msf::Sessions::CommandShellUnix.to_cmd(cmd, args)
+    end
+  end
+
   # We don't know initially whether the shell we have is one that
   # echos input back to the output stream. If it is, we need to
   # take this into account when using tokens to extract the data corresponding

lib/msf/ui/console/command_dispatcher/core.rb

@@ -760,7 +760,7 @@ def cmd_features_tabs(_str, words)
   end
 
   def cmd_history(*args)
-    length = Readline::HISTORY.length
+    length = ::Reline::HISTORY.length
 
     if length < @history_limit
       limit = length
@@ -780,14 +780,7 @@ def cmd_history(*args)
           limit = val.to_i
         end
       when '-c'
-        if Readline::HISTORY.respond_to?(:clear)
-          Readline::HISTORY.clear
-        elsif defined?(RbReadline)
-          RbReadline.clear_history
-        else
-          print_error('Could not clear history, skipping file')
-          return false
-        end
+        ::Reline::HISTORY.clear
 
         # Portable file truncation?
         if File.writable?(Msf::Config.history_file)
@@ -808,7 +801,7 @@ def cmd_history(*args)
 
     (start..length-1).each do |pos|
       cmd_num = (pos + 1).to_s
-      print_line "#{cmd_num.ljust(pad_len)}  #{Readline::HISTORY[pos]}"
+      print_line "#{cmd_num.ljust(pad_len)}  #{::Reline::HISTORY[pos]}"
     end
   end
 

lib/msf/ui/console/command_dispatcher/developer.rb

@@ -131,6 +131,7 @@ def cmd_irb(*args)
 
       framework.history_manager.with_context(name: :irb) do
         begin
+          reline_autocomplete = Reline.autocompletion
           if active_module
             print_status("You are in #{active_module.fullname}\n")
             Rex::Ui::Text::IrbShell.new(active_module).run
@@ -140,6 +141,8 @@ def cmd_irb(*args)
           end
         rescue
           print_error("Error during IRB: #{$!}\n\n#{$@.join("\n")}")
+        ensure
+          Reline.autocompletion = reline_autocomplete if defined? reline_autocomplete
         end
       end
 
@@ -515,6 +518,10 @@ def cmd_time_help
   private
 
   def modified_files
+    # Temporary work-around until Open3 gets fixed on Windows 11:
+    # https://github.com/ruby/open3/issues/9
+    return [] if Rex::Compat.is_cygwin || Rex::Compat.is_windows
+
     # Using an array avoids shelling out, so we avoid escaping/quoting
     changed_files = %w[git diff --name-only]
     begin