Move new session information alerts behind a feature flag

Author: dwelch-r7

lib/msf/core/module.rb

@@ -397,7 +397,6 @@ def default_cred?
       false
     end
 
-    def activate; end
     #
     # The array of zero or more platforms.
     #

lib/msf/core/module/alert.rb

@@ -242,26 +242,38 @@ def add_alert(level, msg, &block)
   # with this method will not be displayed again.
   def alert_user
     self.you_have_been_warned ||= {}
-
-    errors.each do |msg|
-      if msg && !self.you_have_been_warned[msg.hash]
-        print_error(msg)
-        self.you_have_been_warned[msg.hash] = true
+    without_prompt do
+      errors.each do |msg|
+        if msg && !self.you_have_been_warned[msg.hash]
+          print_error(msg)
+          self.you_have_been_warned[msg.hash] = true
+        end
       end
-    end
 
-    warnings.each do |msg|
-      if msg && !self.you_have_been_warned[msg.hash]
-        print_warning(msg)
-        self.you_have_been_warned[msg.hash] = true
+      warnings.each do |msg|
+        if msg && !self.you_have_been_warned[msg.hash]
+          print_warning(msg)
+          self.you_have_been_warned[msg.hash] = true
+        end
       end
-    end
 
-    infos.each do |msg|
-      if msg && !self.you_have_been_warned[msg.hash]
-        print_line(msg)
-        self.you_have_been_warned[msg.hash] = true
+      infos.each do |msg|
+        if msg && !self.you_have_been_warned[msg.hash]
+          # Make prefix an empty string to avoid adding clutter (timestamps, rhost, rport, etc.) to the output
+          print_status(msg, prefix: '')
+          self.you_have_been_warned[msg.hash] = true
+        end
       end
     end
   end
+
+    # Temporarily set the prompt mode to false to ensure that there are not additional lines printed
+    # A workaround for the prompting bug spotted in https://github.com/rapid7/metasploit-framework/pull/18761#issuecomment-1916645095
+  def without_prompt(&block)
+    previous_prompting_value = user_output.prompting
+    user_output.prompting(false)
+    yield
+  ensure
+    user_output.prompting(previous_prompting_value)
+  end
 end

lib/msf/core/module/ui/message.rb

@@ -30,8 +30,9 @@ def print_prefix
     prefix
   end
 
-  def print_status(msg='')
-    super(print_prefix + msg)
+  def print_status(msg='', prefix: nil)
+    msg_prefix = prefix.nil? ? print_prefix : prefix
+    super(msg_prefix + msg)
   end
 
   def print_warning(msg='')

lib/msf/core/optional_session.rb

@@ -17,6 +17,7 @@ def initialize(info = {})
           Msf::Opt::RPORT(nil, false)
         ]
       )
+      add_info('New in Metasploit 6.4 - This module can target a %grnSESSION%clr or an %grnRHOST%clr')
     end
 
     if framework.features.enabled?(Msf::FeatureManager::POSTGRESQL_SESSION_TYPE)
@@ -29,6 +30,7 @@ def initialize(info = {})
           Msf::Opt::RPORT(nil, false)
         ]
       )
+      add_info('New in Metasploit 6.4 - This module can target a %grnSESSION%clr or an %grnRHOST%clr')
     end
   end
 
@@ -37,9 +39,4 @@ def session
 
     super
   end
-
-  def activate
-    super
-    add_info('New in Metasploit 6.4 - This module can target a %grnSESSION%clr or an %grnRHOST%clr')
-  end
 end

lib/msf/ui/console/command_dispatcher.rb

@@ -45,7 +45,6 @@ def active_module
   #
   def active_module=(mod)
     driver.active_module = mod
-    mod.activate unless mod.nil?
   end
 
   #

modules/auxiliary/scanner/postgres/postgres_login.rb

@@ -46,11 +46,12 @@ def initialize(info = {})
       ])
 
     options_to_deregister = %w[SQL PASSWORD_SPRAY]
-    unless framework.features.enabled?(Msf::FeatureManager::POSTGRESQL_SESSION_TYPE)
+    if framework.features.enabled?(Msf::FeatureManager::POSTGRESQL_SESSION_TYPE)
+      add_info('New in Metasploit 6.4 - The %grnCreateSession%clr option within this module can open an interactive session')
+    else
       options_to_deregister << 'CreateSession'
     end
     deregister_options(*options_to_deregister)
-
   end
 
   def create_session?
@@ -61,12 +62,6 @@ def create_session?
     end
   end
 
-  # Called when the module is set as the currently active module
-  def activate
-    super
-    add_info('New in Metasploit 6.4 - The %grnCreateSession%clr option within this module can open an interactive session')
-  end
-
   # Loops through each host in turn. Note the current IP address is both
   # ip and datastore['RHOST']
   def run_host(ip)

modules/auxiliary/scanner/smb/smb_login.rb

@@ -65,7 +65,9 @@ def initialize
 
     options_to_deregister = %w[USERNAME PASSWORD PASSWORD_SPRAY CommandShellCleanupCommand AutoVerifySession]
 
-    unless framework.features.enabled?(Msf::FeatureManager::SMB_SESSION_TYPE)
+    if framework.features.enabled?(Msf::FeatureManager::SMB_SESSION_TYPE)
+      add_info('New in Metasploit 6.4 - The %grnCreateSession%clr option within this module can open an interactive session')
+    else
       # Don't give the option to create a session unless smb sessions are enabled
       options_to_deregister << 'CreateSession'
     end
@@ -84,12 +86,6 @@ def create_session?
     end
   end
 
-  # Called when the module is set as the currently active module
-  def activate
-    super
-    add_info('New in Metasploit 6.4 - The %grnCreateSession%clr option within this module can open an interactive session')
-  end
-
   def run_host(ip)
     print_brute(level: :vstatus, ip: ip, msg: 'Starting SMB login bruteforce')
 

modules/exploits/windows/smb/smb_relay.rb

@@ -142,25 +142,22 @@ module is not able to clean up after itself. The service and payload
     deregister_options(
       'RPORT', 'RHOSTS', 'SMBPass', 'SMBUser', 'CommandShellCleanupCommand', 'AutoVerifySession', 'CreateSession'
     )
+    if framework.features.enabled?(Msf::FeatureManager::SMB_SESSION_TYPE)
+      add_info('New in Metasploit 6.4 - The %grnCREATE_SMB_SESSION%clr action within this module can open an interactive session')
+    end
   end
 
   def available_actions
     actions = [
       ['PSEXEC', { 'Description' => 'Run psexec against the relay target' }]
     ]
     if framework.features.enabled?(Msf::FeatureManager::SMB_SESSION_TYPE)
-      actions << ['SMB_SESSION', { 'Description' => 'Get an SMB session' }]
+      actions << ['CREATE_SMB_SESSION', { 'Description' => 'Get an SMB session' }]
     end
 
     actions
   end
 
-  # Called when the module is set as the currently active module
-  def activate
-    super
-    add_info('New in Metasploit 6.4 - The %SMB_SESSION%clr action within this module can open an interactive session')
-  end
-
   def smb_logger
     log_device = datastore['VERBOSE'] ? Msf::Exploit::Remote::SMB::LogAdapter::LogDevice::Module.new(self) : Msf::Exploit::Remote::SMB::LogAdapter::LogDevice::Framework.new(framework)
     Msf::Exploit::Remote::SMB::LogAdapter::Logger.new(self, log_device)
@@ -310,7 +307,7 @@ def on_relay_success(relay_connection:)
     case action.name
     when 'PSEXEC'
       run_psexec(relay_connection)
-    when 'SMB_SESSION'
+    when 'CREATE_SMB_SESSION'
       begin
         session_setup(relay_connection)
       rescue StandardError => e