Closed henshin closed 1 year ago
adfoster-r7
commented
2 years ago Thanks for raising an issue, I believe I fixed this in the past for the scenario you mention in the additional info section https://github.com/rapid7/metasploit-framework/pull/15253
I believe a similar fix would work; Or fixing the underlying import from str, which just does a naive string split
henshin
commented
2 years ago Yeah, I tried to locate where the parsing code was but couldn't find it. But looking at the code you mentioned on data_store.rb makes it clear that the simple split('=') is definitely the issue here.
github-actions[bot]
commented
2 years ago Hi!
This issue has been left open with no activity for a while now.
We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!
As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.
hamax97
commented
1 year ago I can reproduce the issue using a meterpreter linux reverse shell. I'm working on a fix for this. @adfoster-r7 can you please assign this to me?
gwillcox-r7
commented
1 year ago
Steps to reproduce
On a meterpreter shell, do:
Were you following a specific guide/tutorial or reading documentation?
No
Expected behavior
Metasploit should execute the post module
execute_dotnet_assemblyby executingSeatbelt.exewith the arguments-group=systemCurrent behavior
Metasploit executes the Seatbelt.exe with the argument
-groupwhich makes Seatbelt return the errorERROR: Error running command "-group"There's seem to be a problem in the parser which cuts everything after the=(equal) sign in the ARGUMENTS parameter. This only happens when running the Post module directly on Meterpreter shell.Metasploit version
6.1.42-dev
Additional Information
This issue does not happen if we use the post exploitation module manually. For example, this works fine: