Add protocol based flag handling #267
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closes #234 Allows for protocols to have explicit flags that will resolve when they get defined. For example, if your exploit defines "HTTP" as it's protocol, this change automatically applies the "user-agent" flag to the cli args and if it does not it will not appear. I of course wanted to support multi-protocol or sub-protocol situations, so this also adds the `cli.AddProtocolFlags` function that will allow for manually adding flags where applicable. Also adds a few checks for whether to print the Global User-Agent string based on that and a quick Warning check for if proxies are supported.
j-baines
reviewed
Jan 29, 2025
|
Updated with our offline discussion of moving it to Negative case: poptart@grimm $ make && ./build/cve-2024-4548* -h 2>&1 | grep -A 1 "user-agent"
gofmt -d -w cve-2024-4548.go reverse_shell.go
golangci-lint run --fix --timeout 3m cve-2024-4548.go
GOOS=linux GOARCH=amd64 go build -o build/cve-2024-4548_linux-amd64 cve-2024-4548.go
-user-agent string
The User-Agent to use in HTTP requests (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36")
poptart@grimm $ go mod edit -replace github.com/vulncheck-oss/go-exploit=$DEV/go-exploit
poptart@grimm $ make && ./build/cve-2024-4548* -h 2>&1 | grep -A 1 "user-agent"
gofmt -d -w cve-2024-4548.go reverse_shell.go
golangci-lint run --fix --timeout 3m cve-2024-4548.go
GOOS=linux GOARCH=amd64 go build -o build/cve-2024-4548_linux-amd64 cve-2024-4548.go
Positive case: poptart@grimm $ make && ./build/cve-2024-* -h 2>&1 | grep -A 1 "user-agent"
gofmt -d -w cve-2024-45216.go verification.go
golangci-lint run --fix --timeout 3m cve-2024-45216.go verification.go
GOOS=linux GOARCH=amd64 go build -o build/cve-2024-45216_linux-amd64 cve-2024-45216.go verification.go
-user-agent string
The User-Agent to use in HTTP requests (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36")
poptart@grimm $ go mod edit -replace github.com/vulncheck-oss/go-exploit=$DEV/go-exploit
poptart@grimm $ make && ./build/cve-2024-* -h 2>&1 | grep -A 1 "user-agent"
gofmt -d -w cve-2024-45216.go verification.go
golangci-lint run --fix --timeout 3m cve-2024-45216.go verification.go
GOOS=linux GOARCH=amd64 go build -o build/cve-2024-45216_linux-amd64 cve-2024-45216.go verification.go
-user-agent string
The User-Agent to use in HTTP requests (default "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36") |
|
I want to flesh this out a bit more than this and see if I can make something a little more complete for different use cases. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #234
Allows for protocols to have explicit flags that will resolve when they get defined. For example, if your exploit defines "HTTP" as it's protocol, this change automatically applies the "user-agent" flag to the cli args and if it does not it will not appear.
I of course wanted to support multi-protocol or sub-protocol situations, so this also adds the
cli.AddProtocolFlagsfunction that will allow for manually adding flags where applicable.Also adds a few checks for whether to print the Global User-Agent string based on that
and a quick Warning check for if proxies are supported.Here's the negative test case where a CVE does not use HTTP so the flag no longer appears:
And here's the positive test case where a CVE does use HTTP so the flag appears: