Skip to content

Implement immediate payload option validation on set calls#21609

Open
dwelch-r7 wants to merge 1 commit into
rapid7:masterfrom
dwelch-r7:fix-option-validation
Open

Implement immediate payload option validation on set calls#21609
dwelch-r7 wants to merge 1 commit into
rapid7:masterfrom
dwelch-r7:fix-option-validation

Conversation

@dwelch-r7

Copy link
Copy Markdown
Contributor

Description

Payload option validation (LHOST, LPORT, etc.) was timing-dependent — it only fired on set calls after show options had been run, because show options triggers share_datastore which imports the payload's typed option definitions into the exploit module's datastore as a side effect. Before that call, DataStore#[]= skipped validation entirely since no option metadata was registered for payload keys.

This change eagerly imports payload option definitions when:

  1. A user runs set PAYLOAD <name> on an exploit/evasion module
  2. A module is loaded via use and a default payload is selected by choose_payload

After this fix, set LPORT not_a_port immediately reports a validation error regardless of whether show options has been called.

A shared import_payload_options helper is added to CommandDispatcher::Common to avoid duplicating the logic between cmd_set (core.rb) and cmd_use (modules.rb).

Related Issue: Related to #21552 (LHOST validation behavior)

Verification Steps

    • msfconsole
    • use exploit/multi/handler
    • set PAYLOAD windows/meterpreter/reverse_tcp
    • set LPORT not_a_port — should immediately report validation error
    • set LHOST 192.0.2.1 — should succeed
    • use exploit/windows/smb/psexec
    • set PAYLOAD windows/meterpreter/reverse_tcp
    • set LPORT abc — should immediately report validation error (previously this would silently succeed until show options was called first)

Test Evidence

Before

~/dev/metasploit-framework on  upstream-master! ⌚ 14:33:10
$ ./msfconsole -q                                                                                                                                                        ‹ruby-3.3.8@metasploit-framework›
[*] Using configured payload generic/shell_reverse_tcp
msf exploit(multi/handler) > set LPORT not_a_port
LPORT => not_a_port
msf exploit(multi/handler) >

After

~/dev/metasploit-framework on  fix-option-validation! ⌚ 14:32:49
$ ./msfconsole -q                                                                                                                                                        ‹ruby-3.3.8@metasploit-framework›
[*] Using configured payload generic/shell_reverse_tcp
msf exploit(multi/handler) > set LPORT not_a_port
[-] The following options failed to validate: Value 'not_a_port' is not valid for option 'LPORT'.
LPORT => 4444
msf exploit(multi/handler) >

Environment

Field Details
Operating System macOS 26.5.1
Ruby Version 3.3.8
Target Software/Hardware Metasploit Framework console (msfconsole)

AI Usage Disclosure

Kiro

Pre-Submission Checklist

  • Ran rubocop on new files with no new offenses
  • Ran msftidy on changed module files with no new offenses (not applicable — no module files changed)
  • Included a corresponding documentation markdown file (not applicable)
  • No sensitive information (IP addresses, credentials, API keys, hashes) in code or documentation
  • Tested on the target environment specified in the Environment section above
  • Included RSpec tests for library changes
  • Read the CONTRIBUTING.md and module acceptance guidelines

@dwelch-r7 dwelch-r7 added the rn-fix release notes fix label Jun 26, 2026
@smcintyre-r7 smcintyre-r7 moved this from Todo to Ready in Metasploit Kanban Jun 29, 2026
@jenkins-eks-metasploit

Copy link
Copy Markdown

Additional test pipeline started ⌛
Note: build results only accessible to maintainers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

rn-fix release notes fix

Projects

Status: Ready

Development

Successfully merging this pull request may close these issues.

2 participants