RHOSTS implementation in external exploit modules inconsistent with other modules #13061
Description
Problem
MSF5 added the use of RHOSTS functionality to exploit modules, expanding upon its use in auxiliary modules.
The implementation of RHOSTS in an external exploit module is inconsistent with the way it is implemented in other modules, including external auxiliary modules, leading to confusion in module development and broken functionality within MSF.
RHOSTS in Auxiliary modules:
Implementation in module code (example taken from an external python module):
Option definition as metadata, note type and name:
'rhost': {'type': 'address', 'description': 'Target address', 'required': True, 'default': None}
Use of the rhost argument in code:
session = function_here(username, password, args['rhost'])
When multiple IPs (space-delimited or CIDR or a range) are supplied to the module within MSF as the RHOSTS option, the module processes them individually. (This behavior has been in MSF for a while)
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 192.168.189.177 192.168.189.188 yes The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
You are also able to populate RHOSTS within MSF using the database with the -R flag. This puts the results of your database search in RHOSTS as a space-delimited list.
RHOSTS in External Exploit Modules:
Implementation in module code (example taken from an external python module):
Option definition as metadata (again note name and type):
'RHOSTS': {'type': 'AddressRange', 'description': 'Target address', 'required': True, 'default': None}'
Use of the RHOST argument in code to access just one member of the list of RHOSTS:
system = args['RHOST']
MSF requires multiple IPs in RHOSTS within an external exploit to be supplied as a comma-space-delimited list:
Module options (exploit/linux/my_exploit):
Name Current Setting Required Description
---- --------------- -------- -----------
RHOSTS 192.168.189.177, 192.168.189.188 yes Target address
Anything else causes errors:
msf5 exploit(linux/my_exploit) > set RHOSTS 192.168.189.177 192.168.189.188
[-] The following options failed to validate: Value '192.168.189.177 192.168.189.188' is not valid for option 'RHOSTS'.
You are also unable to populate RHOSTS via the database:
Credentials
===========
host origin service public private realm private_type JtR Format
---- ------ ------- ------ ------- ----- ------------ ----------
192.168.189.177 ** CREDENTIALS REDACTED **
192.168.189.188 ** CREDENTIALS REDACTED **
[-] Error while running command creds: The following options failed to validate: Value '192.168.189.177 192.168.189.188' is not valid for option 'RHOSTS'.
Call stack:
/usr/share/metasploit-framework/lib/msf/core/data_store.rb:40:in `[]='
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/common.rb:96:in `set_rhosts_from_addrs'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/creds.rb:582:in `creds_search'
/usr/share/metasploit-framework/lib/msf/ui/console/command_dispatcher/creds.rb:113:in `cmd_creds'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:49:in `<main>'
Expected Behavior:
- RHOSTS implementation should be consistent across all module types, including datatype of the option whether external or not
- RHOSTS in an exploit should accept the same formatting for IP ranges, lists, and CIDR as in an other modules