RPC will now expose the default_options struc

nrathaus commented 2 months ago

Expose the default_options struct so that it can be sent via RPC and allow better integration (mainly related to default PAYLOAD selection)

At the moment default_options is not exposed, causing several modules like linux/http/opennms_horizon_authenticated_rce to not expose their preferred payload as the DefaultOptions:

'DefaultOptions' => {
          'PAYLOAD' => 'cmd/linux/http/x64/meterpreter/reverse_tcp',
          'RPORT' => 8980,
          'SRVPORT' => 8080,
          'FETCH_COMMAND' => 'CURL',
          'FETCH_FILENAME' => Rex::Text.rand_text_alpha(2..4),
          'FETCH_WRITABLE_DIR' => '/tmp',
          'FETCH_SRVPORT' => 8081,
          'WfsDelay' => 15 # It takes a while for the payload to execute
        },

Doesn't get sent back via RPC

This small modification allows exposing this to the RPC client user

adfoster-r7 commented 1 month ago

We're hoping to investigate the original issue a bit closer this week; I imagine this bug also impacts other clients such as armitage etc 🤔

nrathaus commented 1 month ago

The fix shouldn't impact anything but those that use the RPC interface

adfoster-r7 commented 1 month ago

Thanks! :+1:

adfoster-r7 commented 1 month ago

Release Notes

Update Metasploit's RPC to expose module's default_options metadata

rapid7 / metasploit-framework

RPC will now expose the default_options struc #19086

Release Notes