Fix possible nil res. Bug #6939. Part 1.

modules/auxiliary/admin/2wire/xslt_password_reset.rb

@@ -54,6 +54,11 @@ class Metasploit3 < Msf::Auxiliary
 			'uri'     => '/xslt?PAGE=A07',
 		}, 25)
 
+		if not res
+			print_error("No response from server")
+			return
+		end
+
 		#check to see if we get HTTP OK
 		if (res.code == 200)
 			print_status("Okay, Got an HTTP 200 (okay) code. Verifying Server header")
@@ -114,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary
 			'uri'     => '/xslt?PAGE=H04',
 		}, 25)
 
-		if ( res.code == 200 and res.body.match(/<title>System Setup - Password<\/title>/i))
+		if ( res and res.code == 200 and res.body.match(/<title>System Setup - Password<\/title>/i))
 			print_status("Found password reset page. Attempting to reset admin password to #{datastore['PASSWORD']}")
 
 			data  = 'PAGE=H04_POST'
@@ -131,7 +136,7 @@ class Metasploit3 < Msf::Auxiliary
 				'data'    => data,
 			}, 25)
 
-			if res.code == 200
+			if res and res.code == 200
 				if (res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/(.*); path=\//))
 					cookie= $1
 					print_status("Got cookie #{cookie}. Password reset was successful!\n")

modules/auxiliary/admin/http/tomcat_administration.rb

@@ -96,7 +96,7 @@ class Metasploit3 < Msf::Auxiliary
 									'data'         => post_data,
 								}, 25)
 
-								if (res.code == 302)
+								if (res and res.code == 302)
 
 									res = send_request_cgi({
 										'uri'     => "/admin/",
@@ -104,7 +104,7 @@ class Metasploit3 < Msf::Auxiliary
 										'cookie'  => "JSESSIONID=#{jsessionid}",
 									}, 25)
 
-									if (res.code == 302)
+									if (res and res.code == 302)
 
 										res = send_request_cgi({
 											'uri'     => "/admin/frameset.jsp",
@@ -112,7 +112,7 @@ class Metasploit3 < Msf::Auxiliary
 											'cookie'  => "JSESSIONID=#{jsessionid}",
 										}, 25)
 
-										if (res.code == 200)
+										if (res and res.code == 200)
 											print_status("http://#{target_host}:#{rport}/admin [#{res.headers['Server']}] [#{ver}] [Tomcat Server Administration] [#{username}/#{password}]")
 										end
 

modules/auxiliary/admin/mysql/mysql_enum.rb

@@ -88,7 +88,7 @@ class Metasploit3 < Msf::Auxiliary
 		print_status("Enumerating Accounts:")
 		query = "select user, host, password from mysql.user"
 		res = mysql_query(query)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tList of Accounts with Password Hashes:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]} Password Hash: #{row[2]}")
@@ -110,7 +110,7 @@ class Metasploit3 < Msf::Auxiliary
 		end
 		query = "select user, host from mysql.user where Grant_priv = 'Y'"
 		res = mysql_query(query)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tThe following users have GRANT Privilege:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@@ -119,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary
 
 		query = "select user, host from mysql.user where Create_user_priv = 'Y'"
 		res = mysql_query(query)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tThe following users have CREATE USER Privilege:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@@ -127,7 +127,7 @@ class Metasploit3 < Msf::Auxiliary
 		end
 		query = "select user, host from mysql.user where Reload_priv = 'Y'"
 		res = mysql_query(query)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tThe following users have RELOAD Privilege:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@@ -135,7 +135,7 @@ class Metasploit3 < Msf::Auxiliary
 		end
 		query = "select user, host from mysql.user where Shutdown_priv = 'Y'"
 		res = mysql_query(query)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tThe following users have SHUTDOWN Privilege:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@@ -143,7 +143,7 @@ class Metasploit3 < Msf::Auxiliary
 		end
 		query = "select user, host from mysql.user where Super_priv = 'Y'"
 		res = mysql_query(query)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tThe following users have SUPER Privilege:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@@ -151,7 +151,7 @@ class Metasploit3 < Msf::Auxiliary
 		end
 		query = "select user, host from mysql.user where FILE_priv = 'Y'"
 		res = mysql_query(query)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tThe following users have FILE Privilege:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@@ -159,7 +159,7 @@ class Metasploit3 < Msf::Auxiliary
 		end
 		query = "select user, host from mysql.user where Process_priv = 'Y'"
 		res = mysql_query(query)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tThe following users have PROCESS Privilege:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@@ -174,7 +174,7 @@ class Metasploit3 < Msf::Auxiliary
 				(Create_priv = 'Y') or
 				(Drop_priv = 'Y')|
 		res = mysql_query(queryinmysql)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tThe following accounts have privileges to the mysql database:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@@ -185,7 +185,7 @@ class Metasploit3 < Msf::Auxiliary
 		# Anonymous Account Check
 		queryanom = "select user, host from mysql.user where user = ''"
 		res = mysql_query(queryanom)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tAnonymous Accounts are Present:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@@ -195,7 +195,7 @@ class Metasploit3 < Msf::Auxiliary
 		# Blank Password Check
 		queryblankpass = "select user, host, password from mysql.user where length(password) = 0 or password is null"
 		res = mysql_query(queryblankpass)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tThe following accounts have empty passwords:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@@ -205,7 +205,7 @@ class Metasploit3 < Msf::Auxiliary
 		# Wildcard host
 		querywildcrd = 'select user, host from mysql.user where host = "%"'
 		res = mysql_query(querywildcrd)
-		if res.size > 0
+		if res and res.size > 0
 			print_status("\tThe following accounts are not restricted by source:")
 			res.each do |row|
 				print_status("\t\tUser: #{row[0]} Host: #{row[1]}")

modules/auxiliary/admin/sap/sap_mgmt_con_osexec.rb

@@ -153,7 +153,7 @@ class Metasploit4 < Msf::Auxiliary
 					}
 			}, 60)
 
-			if res.code == 200
+			if res and res.code == 200
 				success = true
 				body = CGI::unescapeHTML(res.body)
 				if body.match(/<exitcode>(.*)<\/exitcode>/i)
@@ -165,7 +165,7 @@ class Metasploit4 < Msf::Auxiliary
 				if body.match(/<lines>(.*)<\/lines>/i)
 					items = body.scan(/<item>(.*?)<\/item>/i)
 				end
-			elsif res.code == 500
+			elsif res and res.code == 500
 				case res.body
 				when /<faultstring>(.*)<\/faultstring>/i
 					faultcode = "#{$1}"

modules/auxiliary/scanner/http/glassfish_login.rb

@@ -53,7 +53,7 @@ class Metasploit3 < Msf::Auxiliary
 	#
 	def get_version(res)
 		#Extract banner from response
-		banner = res.headers['Server']
+		banner = res.headers['Server'] || ''
 
 		#Default value for edition and glassfish version
 		edition = 'Commercial'

modules/auxiliary/scanner/http/http_traversal.rb

@@ -103,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary
 					req = ini_request(datastore['PATH'] + trigger + f)
 					vprint_status("Trying: http://#{rhost}:#{rport}#{req['uri']}")
 					res = send_request_cgi(req, 25)
-					return trigger if res.to_s =~ datastore['PATTERN']
+					return trigger if res and res.to_s =~ datastore['PATTERN']
 				end
 			end
 		end
@@ -182,7 +182,7 @@ class Metasploit3 < Msf::Auxiliary
 			req = ini_request(uri)
 			vprint_status("Trying: http://#{rhost}:#{rport}#{uri}")
 			res = send_request_cgi(req, 25)
-			found = true if res.to_s =~ datastore['PATTERN']
+			found = true if res and res.to_s =~ datastore['PATTERN']
 		end
 
 		# Reporting
@@ -223,7 +223,7 @@ class Metasploit3 < Msf::Auxiliary
 			vprint_status("#{res.code.to_s} for http://#{rhost}:#{rport}#{uri}")
 
 			# Only download files that are withint our interest
-			if res.to_s =~ datastore['PATTERN']
+			if res and res.to_s =~ datastore['PATTERN']
 				# We assume the string followed by the last '/' is our file name
 				fname = f.split("/")[-1].chop
 				loot = store_loot("lfi.data","text/plain",rhost, res.body,fname)
@@ -267,7 +267,7 @@ class Metasploit3 < Msf::Auxiliary
 		res = send_request_cgi(req, 25)
 
 		# Did we get it?
-		if res.body =~ /#{unique_str}/
+		if res and res.body =~ /#{unique_str}/
 			print_good("WRITE is possible on #{rhost}:#{rport}")
 		else
 			print_error("WRITE seems unlikely")

modules/auxiliary/scanner/http/netdecision_traversal.rb

@@ -62,7 +62,12 @@ class Metasploit3 < Msf::Auxiliary
 			'uri'    => uri
 		}, 25)
 
-		print_status("#{ip}:#{rport} returns: #{res.code.to_s}")
+		if res
+			print_status("#{ip}:#{rport} returns: #{res.code.to_s}")
+		else
+			print_error("#{ip}:#{rport} - No response")
+			return
+		end
 
 		if res.body.empty?
 			print_error("No file to download (empty)")