Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Metasploit wrappers don't support spaces inside CWD #137

Open
jeffmcjunkin opened this issue Oct 12, 2020 · 2 comments
Open

Metasploit wrappers don't support spaces inside CWD #137

jeffmcjunkin opened this issue Oct 12, 2020 · 2 comments

Comments

@jeffmcjunkin
Copy link

Inside Ubuntu 20.04 on WSL2 on a Windows 10 x64 20H2 host, after installing the latest Metasploit as of today via the omnibus installer:

jeff@DESKTOP-12PMAF5:/mnt/c/Users/Jeff McJunkin$ msfvenom -h
/usr/bin/msfvenom: 14: cd: can't cd to /mnt/c/Users/Jeff

 ** Welcome to Metasploit Framework Initial Setup **
    Please answer a few questions to get started.

Examining the source of msfvenom shows it gathers the current working directory (CWD), then changes to it later without quotes:

jeff@DESKTOP-12PMAF5:~$ which msfvenom
/usr/bin/msfvenom
jeff@DESKTOP-12PMAF5:~$ file /usr/bin/msfvenom
/usr/bin/msfvenom: symbolic link to /etc/alternatives/msfvenom
jeff@DESKTOP-12PMAF5:~$ file /etc/alternatives/msfvenom
/etc/alternatives/msfvenom: symbolic link to /opt/metasploit-framework/bin/msfvenom
jeff@DESKTOP-12PMAF5:~$ file /opt/metasploit-framework/bin/msfvenom
/opt/metasploit-framework/bin/msfvenom: POSIX shell script, ASCII text executable
jeff@DESKTOP-12PMAF5:~$ head -n 15 /opt/metasploit-framework/bin/msfvenom
#!/bin/sh
cmd=`basename $0`

CWD=`pwd`
SCRIPTDIR=/opt/metasploit-framework/bin
cd $SCRIPTDIR
EMBEDDED=$SCRIPTDIR/../embedded
BIN=$EMBEDDED/bin
FRAMEWORK=$EMBEDDED/framework

LOCALCONF=~/.msf4
DB=$LOCALCONF/db
DBCONF=$LOCALCONF/database.yml
cd $CWD

Since WSL2 makes the home directory based on the Windows username ("Jeff McJunkin") in my case, the path has spaces, and needs to be quoted.

The other shell wrappers do the same:

jeff@DESKTOP-12PMAF5:/opt/metasploit-framework/bin$ egrep '^cd \$CWD' *
msfbinscan:cd $CWD
msfconsole:cd $CWD
msfd:cd $CWD
msfelfscan:cd $CWD
msfmachscan:cd $CWD
msfpescan:cd $CWD
msfrop:cd $CWD
msfrpc:cd $CWD
msfrpcd:cd $CWD
msfvenom:cd $CWD

The fix should be simple -- change cd $CWD in all the shell wrappers to cd "$CWD". This will likely be a more common issue as WSL2 adoption rises, but it's not a WSL2-specific bug.
@DidierA
Copy link

DidierA commented Jan 29, 2021

same issue as #134

@bcoles bcoles mentioned this issue Jan 3, 2024
Closed
@bcoles
Copy link

bcoles commented Jan 3, 2024

All instances of cd $CWD should be fixed in #186.

There are a few other instances of unquoted cd commands which may (or may not) pose an issue. The first two of these are ok, but adding quotes should also be ok:

metasploit-omnibus/config/templates/metasploit-framework-wrappers/msfwrapper.erb

Line 6 in 6c77070

cd $SCRIPTDIR

metasploit-omnibus/config/templates/metasploit-framework-wrappers/msfwrapper.erb

Line 110 in 6c77070

(cd $FRAMEWORK && $BIN/ruby $BIN/$cmd "$@")

This may (or may not) cause an issue, depending on the (user-specified?) install location:

metasploit-omnibus/config/templates/metasploit-framework-wrappers/msfdb.erb

Line 23 in 6c77070

(cd $INSTALL_DIR/embedded/framework && ruby msfdb "$@")

Given the presence of multiple missing quotes for command arguments, it may be worth reviewing the wrappers more thoroughly.

Default shellcheck output:

root@kali:~/Desktop/metasploit-omnibus# sed -e 's/<%= .* %>//g' config/templates/metasploit-framework-wrappers/msfwrapper.erb | shellcheck -

In - line 2:
cmd=`basename $0`
    ^-----------^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.
              ^-- SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
cmd=$(basename "$0")


In - line 4:
CWD=`pwd`
    ^---^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
CWD=$(pwd)


In - line 6:
cd $SCRIPTDIR
^-----------^ SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.

Did you mean: 
cd $SCRIPTDIR || exit


In - line 14:
cd "$CWD"
^-------^ SC2164 (warning): Use 'cd ... || exit' or 'cd ... || return' in case cd fails.

Did you mean: 
cd "$CWD" || exit


In - line 28:
    while read -p "Would you like to use and setup a new database (recommended)? " yn; do
          ^--^ SC2162 (info): read without -r will mangle backslashes.
               ^-- SC3045 (warning): In POSIX sh, read -p is undefined.


In - line 39:
  if ! hash $cmd 2>/dev/null; then
            ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  if ! hash "$cmd" 2>/dev/null; then


In - line 40:
    while read -p "Would you like to add $cmd and other programs to your default PATH? " yn; do
          ^--^ SC2162 (info): read without -r will mangle backslashes.
               ^-- SC3045 (warning): In POSIX sh, read -p is undefined.


In - line 51:
  if [ -e $DB -a -e $DBCONF ]; then
              ^-- SC2166 (warning): Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.


In - line 81:
     -a ! -e $LOCALCONF/database.yml ]; then
     ^-- SC2166 (warning): Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.


In - line 84:
  if [ "`id -u`" -gt 0 ]; then
        ^-----^ SC2006 (style): Use $(...) notation instead of legacy backticks `...`.

Did you mean: 
  if [ "$(id -u)" -gt 0 ]; then


In - line 97:
  if [ $cmd = "msfconsole" ]; then
       ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  if [ "$cmd" = "msfconsole" ]; then


In - line 98:
    if [ -n "`find $FRAMEWORK/$cmd -mmin +20160`" ]; then
             ^-- SC2006 (style): Use $(...) notation instead of legacy backticks `...`.
                              ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    if [ -n "$(find $FRAMEWORK/"$cmd" -mmin +20160)" ]; then


In - line 107:
  exec $BIN/ruby $FRAMEWORK/$cmd "$@"
                            ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
  exec $BIN/ruby $FRAMEWORK/"$cmd" "$@"


In - line 110:
    (cd $FRAMEWORK && $BIN/ruby $BIN/$cmd "$@")
                                     ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    (cd $FRAMEWORK && $BIN/ruby $BIN/"$cmd" "$@")


In - line 112:
    exec $BIN/ruby $BIN/$cmd "$@"
                        ^--^ SC2086 (info): Double quote to prevent globbing and word splitting.

Did you mean: 
    exec $BIN/ruby $BIN/"$cmd" "$@"

For more information:
  https://www.shellcheck.net/wiki/SC2164 -- Use 'cd ... || exit' or 'cd ... |...
  https://www.shellcheck.net/wiki/SC2166 -- Prefer [ p ] && [ q ] as [ p -a q...
  https://www.shellcheck.net/wiki/SC3045 -- In POSIX sh, read -p is undefined.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bcoles @jeffmcjunkin @DidierA