Sign upLogin

rapid7/metasploit-framework

View on GitHub
Star
modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb

Summary

Maintainability
F
5 days
Test Coverage

Method kernel_mode_payload has 438 lines of code (exceeds 25 allowed). Consider refactoring.
Open

  def kernel_mode_payload

    # Windows x64 kernel shellcode from ring 0 to ring 3 by sleepya
    #
    # This shellcode was written originally for eternalblue exploits
Severity: Major
Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 2 days to fix

    File cve_2019_0708_bluekeep_rce.rb has 798 lines of code (exceeds 250 allowed). Consider refactoring.
    Open

    class MetasploitModule < Msf::Exploit::Remote
  prepend Msf::Exploit::Remote::AutoCheck

  Rank = ManualRanking
    Severity: Major
    Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 1 day to fix

      Method initialize has 135 lines of code (exceeds 25 allowed). Consider refactoring.
      Open

        def initialize(info = {})
    super(update_info(info,
      'Name'           => 'CVE-2019-0708 BlueKeep RDP Remote Windows Kernel Use After Free',
      'Description'    => %q(
        The RDP termdd.sys driver improperly handles binds to internal-only channel MS_T120,
      Severity: Major
      Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 5 hrs to fix

        Method create_exploit_channel_buffer has 60 lines of code (exceeds 25 allowed). Consider refactoring.
        Open

          def create_exploit_channel_buffer(target_addr)
    overspray_addr = target_addr + 0x2000
    shellcode_vtbl = target_addr + HEADER_SIZE
    magic_value1 = overspray_addr + 0x810
    magic_value2 = overspray_addr + 0x48
        Severity: Major
        Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 2 hrs to fix

          Method rdp_on_core_client_id_confirm has 50 lines of code (exceeds 25 allowed). Consider refactoring.
          Open

            def rdp_on_core_client_id_confirm(pkt, user, chan_id, flags, data)
    # We have to do the default behaviour first.
    super(pkt, user, chan_id, flags, data)

    groom_size = datastore['GROOMSIZE']
          Severity: Minor
          Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 2 hrs to fix

            Method exploit has 33 lines of code (exceeds 25 allowed). Consider refactoring.
            Open

              def exploit
    if target['FingerprintOnly']
      fail_with(Msf::Module::Failure::BadConfig, 'Set the most appropriate target manually. If you are targeting 2008, make sure fDisableCam=0 !')
    end
            Severity: Minor
            Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 1 hr to fix

              Method rdp_on_core_client_id_confirm has a Cognitive Complexity of 8 (exceeds 5 allowed). Consider refactoring.
              Open

                def rdp_on_core_client_id_confirm(pkt, user, chan_id, flags, data)
    # We have to do the default behaviour first.
    super(pkt, user, chan_id, flags, data)

    groom_size = datastore['GROOMSIZE']
              Severity: Minor
              Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 45 mins to fix

              Cognitive Complexity

              Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

              A method's cognitive complexity is based on a few simple rules:

              • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
              • Code is considered more complex for each "break in the linear flow of the code"
              • Code is considered more complex when "flow breaking structures are nested"

              Further reading

              Method rdp_on_core_client_id_confirm has 5 arguments (exceeds 4 allowed). Consider refactoring.
              Open

                def rdp_on_core_client_id_confirm(pkt, user, chan_id, flags, data)
              Severity: Minor
              Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 35 mins to fix

                Method exploit has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
                Open

                  def exploit
    if target['FingerprintOnly']
      fail_with(Msf::Module::Failure::BadConfig, 'Set the most appropriate target manually. If you are targeting 2008, make sure fDisableCam=0 !')
    end
                Severity: Minor
                Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 35 mins to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                Method assemble_with_fixups has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
                Open

                  def assemble_with_fixups(asm)
    # Rewrite all instructions of form 'lea reg, [rel label]' as relative
    # offsets for the instruction pointer, since metasm's 'ModRM' parser does
    # not grok that syntax.
    lea_rel = /lea+\s(?<dest>\w{2,3}),*\s\[rel+\s(?<label>[a-zA-Z_].*)\]/
                Severity: Minor
                Found in modules/exploits/windows/rdp/cve_2019_0708_bluekeep_rce.rb - About 35 mins to fix

                Cognitive Complexity

                Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

                A method's cognitive complexity is based on a few simple rules:

                • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
                • Code is considered more complex for each "break in the linear flow of the code"
                • Code is considered more complex when "flow breaking structures are nested"

                Further reading

                There are no issues that match your filters.

                Category
                Status