Open egypt opened 5 years ago
@egypt What does db_status
report?
@mkienow-r7
[*] Connected to msf. Connection type: postgresql.
This issue appear to be related to Msf::DBManager::Vuln#report_vuln
finding an existing vulnerability with the same host and references. See lib/msf/core/db_manager/vuln.rb.
That was my feeling, thanks for validating. Should name
be part of uniqueness checking?
That's probably the quickest solution. However, I'm thinking even this logic could have similar issues. What if we had a vuln with the same host, references and name, but unique info?
info often has timestamps and the like that might be unique but not useful. i think that's why it was originally omitted from the uniqueness check.
Thanks, that's a good point!
Steps to reproduce
How'd you do it?
use auxiliary/scanner/smb/smb_ms17_010
set rhosts ...
run
[!] 10.0.0.1:445 - Host is likely INFECTED with DoublePulsar! - Arch: x86 (32-bit), XOR Key: 0xAAAAAAAA
OR
use exploit/windowssmb/ms17_010_eternalblue
set rhosts ...
check
[!] 10.0.0.1:445 - Host is likely INFECTED with DoublePulsar! - Arch: x86 (32-bit), XOR Key: 0xAAAAAAAA
THEN
vulns
Expected behavior
Two vulns should be reported (one for 17-010 and one for DoublePulsar infection).
Current behavior
Only the 17-010 vuln is stored in the database.
System stuff
Metasploit version
I installed Metasploit with:
OS
Kali