Closed pingport80 closed 3 years ago
I guess highlighting substring is the part where the problem occurs.
I tried removing the colors in lib/msf/ui/console/table_print/highlight_substring_styler.rb
value_cp.gsub!(m, COLOR + m + '%clr')
to
value_cp.gsub!(m, m)
and it works fine.
msf6 > search a eternal
Matching Modules
================
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 auxiliary/admin/smb/ms17_010_command 2017-03-14 normal No MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
1 auxiliary/scanner/smb/smb_ms17_010 normal No MS17-010 SMB RCE Detection
2 exploit/windows/smb/ms17_010_eternalblue 2017-03-14 average Yes MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
3 exploit/windows/smb/ms17_010_eternalblue_win8 2017-03-14 average No MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+
4 exploit/windows/smb/ms17_010_psexec 2017-03-14 normal Yes MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
5 exploit/windows/smb/smb_doublepulsar_rce 2017-04-14 great Yes SMB DOUBLEPULSAR Remote Code Execution
I can reproduce this, well spotted. Let us know if you're able to fix it :)
Will it be okay to add a new gem 'colorize' for colors, which makes it very easy to add colors, bg colors, effect etc.
@pingport80 We'd prefer not to depend on an additional gem for adding color support if possible. Just to add an extra data point though - the color functionality currently exists within Rex::Text, which can be found here:
https://github.com/rapid7/rex-text/blob/4bfa153b34a4c1f2086ad990b57c7bf2f861f54b/lib/rex/text/color.rb https://github.com/rapid7/rex-text/blob/4bfa153b34a4c1f2086ad990b57c7bf2f861f54b/spec/rex/text/color_spec.rb
It might be a good adding a unit test there and seeing if the bug lives in Rex::Text - rather than framework itself 🕵️
Okay I will try to fix it without additional gems.
Summary
When some single letter arguments are being used with search command, some part of code is showing up in search results.
Recently I added one sort feature for search results. I thought this issue rose there but when I switched back to previous commits, I found this issue was present there too.
Steps to reproduce
./msfconsole
msf6 > search a eternal
Expected behavior
It should have shown results for the
eternal blue
vulnerability and whatever matchesa
.Current behavior
It's showing results for eternal blue with some code from background or garbage values with it.
Metasploit version
Additional Information
This error is coming when the following letters are included as text:
a
,b
,c
,l
,m
,r
Also when I do
search eternal g
, the search never finishes. It starts using 100% CPU and ram usage keep on increasing with time.OS
Kali 2020.2 (Pulled From Github) Parrot 4.10 (Installed by Default)