search

rapid7 / metasploit-framework

Metasploit Framework
https://www.metasploit.com/
Other
33.73k stars 13.89k forks source link

Search command not working as intended for single letters #14922

Closed pingport80 closed 3 years ago

pingport80 commented 3 years ago

Summary

When some single letter arguments are being used with search command, some part of code is showing up in search results.

Recently I added one sort feature for search results. I thought this issue rose there but when I switched back to previous commits, I found this issue was present there too.

Steps to reproduce

./msfconsole msf6 > search a eternal 

msf6 > search a eternal

Matching Modules
================

   #  Name                                           Disclosure Date  Rank     Check  Description
   -  ----                                           ---------------  ----     -----  -----------
   0  %bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagauxili%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagary/%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagadmin/smb/ms17_010_comm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagand           2017-03-14       normal   No     MS17-010 Etern%bgm%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagalRom%bgm%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagance/Etern%bgm%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagalSynergy/Etern%bgm%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagalCh%bgm%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagampion SMB Remote Windows Comm%bgm%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagand Execution
   1  %bgm%bgmagag%bgmagauxili%bgm%bgmagag%bgmagary/sc%bgm%bgmagag%bgmaganner/smb/smb_ms17_010                              normal   No     MS17-010 SMB RCE Detection
   2  exploit/windows/smb/ms17_010_eternalblue       2017-03-14       average  Yes    MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
   3  exploit/windows/smb/ms17_010_eternalblue_win8  2017-03-14       average  No     MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+
   4  exploit/windows/smb/ms17_010_psexec            2017-03-14       normal   Yes    MS17-010 Etern%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagalRom%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagance/Etern%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagalSynergy/Etern%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagalCh%bgm%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagag%bgm%bgm%bgmagag%bgmagag%bgm%bgmagag%bgmagampion SMB Remote Windows Code Execution
   5  exploit/windows/smb/smb_doublepulsar_rce       2017-04-14       great    Yes    SMB DOUBLEPULSAR Remote Code Execution

Expected behavior

It should have shown results for the eternal blue vulnerability and whatever matches a.

Current behavior

It's showing results for eternal blue with some code from background or garbage values with it.

Metasploit version

Framework: 6.0.37-dev-19bc85fa1d
Console  : 6.0.37-dev-19bc85fa1d

Additional Information

This error is coming when the following letters are included as text: a,b,c,l,m,r

Also when I do search eternal g, the search never finishes. It starts using 100% CPU and ram usage keep on increasing with time. search_error_msf

OS

Kali 2020.2 (Pulled From Github) Parrot 4.10 (Installed by Default)

pingport80 commented 3 years ago

I guess highlighting substring is the part where the problem occurs.

I tried removing the colors in lib/msf/ui/console/table_print/highlight_substring_styler.rb

value_cp.gsub!(m, COLOR + m + '%clr')

to

value_cp.gsub!(m, m)

and it works fine.

msf6 > search a eternal 

Matching Modules
================

   #  Name                                           Disclosure Date  Rank     Check  Description
   -  ----                                           ---------------  ----     -----  -----------
   0  auxiliary/admin/smb/ms17_010_command           2017-03-14       normal   No     MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Command Execution
   1  auxiliary/scanner/smb/smb_ms17_010                              normal   No     MS17-010 SMB RCE Detection
   2  exploit/windows/smb/ms17_010_eternalblue       2017-03-14       average  Yes    MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
   3  exploit/windows/smb/ms17_010_eternalblue_win8  2017-03-14       average  No     MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption for Win8+
   4  exploit/windows/smb/ms17_010_psexec            2017-03-14       normal   Yes    MS17-010 EternalRomance/EternalSynergy/EternalChampion SMB Remote Windows Code Execution
   5  exploit/windows/smb/smb_doublepulsar_rce       2017-04-14       great    Yes    SMB DOUBLEPULSAR Remote Code Execution
timwr commented 3 years ago

I can reproduce this, well spotted. Let us know if you're able to fix it :)

pingport80 commented 3 years ago

Will it be okay to add a new gem 'colorize' for colors, which makes it very easy to add colors, bg colors, effect etc.

adfoster-r7 commented 3 years ago

@pingport80 We'd prefer not to depend on an additional gem for adding color support if possible. Just to add an extra data point though - the color functionality currently exists within Rex::Text, which can be found here:

https://github.com/rapid7/rex-text/blob/4bfa153b34a4c1f2086ad990b57c7bf2f861f54b/lib/rex/text/color.rb https://github.com/rapid7/rex-text/blob/4bfa153b34a4c1f2086ad990b57c7bf2f861f54b/spec/rex/text/color_spec.rb

It might be a good adding a unit test there and seeing if the bug lives in Rex::Text - rather than framework itself 🕵️

pingport80 commented 3 years ago

Okay I will try to fix it without additional gems.