Fix possible nil res. Bug #6939. Part 1.

unstable
sinn3r 2012-06-04 13:11:47 -05:00
parent 0759c3b75c
commit 01803c4a33
7 changed files with 35 additions and 25 deletions

View File

@ -54,6 +54,11 @@ class Metasploit3 < Msf::Auxiliary
'uri' => '/xslt?PAGE=A07',
}, 25)
if not res
print_error("No response from server")
return
end
#check to see if we get HTTP OK
if (res.code == 200)
print_status("Okay, Got an HTTP 200 (okay) code. Verifying Server header")
@ -114,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary
'uri' => '/xslt?PAGE=H04',
}, 25)
if ( res.code == 200 and res.body.match(/<title>System Setup - Password<\/title>/i))
if ( res and res.code == 200 and res.body.match(/<title>System Setup - Password<\/title>/i))
print_status("Found password reset page. Attempting to reset admin password to #{datastore['PASSWORD']}")
data = 'PAGE=H04_POST'
@ -131,7 +136,7 @@ class Metasploit3 < Msf::Auxiliary
'data' => data,
}, 25)
if res.code == 200
if res and res.code == 200
if (res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/(.*); path=\//))
cookie= $1
print_status("Got cookie #{cookie}. Password reset was successful!\n")

View File

@ -96,7 +96,7 @@ class Metasploit3 < Msf::Auxiliary
'data' => post_data,
}, 25)
if (res.code == 302)
if (res and res.code == 302)
res = send_request_cgi({
'uri' => "/admin/",
@ -104,7 +104,7 @@ class Metasploit3 < Msf::Auxiliary
'cookie' => "JSESSIONID=#{jsessionid}",
}, 25)
if (res.code == 302)
if (res and res.code == 302)
res = send_request_cgi({
'uri' => "/admin/frameset.jsp",
@ -112,7 +112,7 @@ class Metasploit3 < Msf::Auxiliary
'cookie' => "JSESSIONID=#{jsessionid}",
}, 25)
if (res.code == 200)
if (res and res.code == 200)
print_status("http://#{target_host}:#{rport}/admin [#{res.headers['Server']}] [#{ver}] [Tomcat Server Administration] [#{username}/#{password}]")
end

View File

@ -88,7 +88,7 @@ class Metasploit3 < Msf::Auxiliary
print_status("Enumerating Accounts:")
query = "select user, host, password from mysql.user"
res = mysql_query(query)
if res.size > 0
if res and res.size > 0
print_status("\tList of Accounts with Password Hashes:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]} Password Hash: #{row[2]}")
@ -110,7 +110,7 @@ class Metasploit3 < Msf::Auxiliary
end
query = "select user, host from mysql.user where Grant_priv = 'Y'"
res = mysql_query(query)
if res.size > 0
if res and res.size > 0
print_status("\tThe following users have GRANT Privilege:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@ -119,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary
query = "select user, host from mysql.user where Create_user_priv = 'Y'"
res = mysql_query(query)
if res.size > 0
if res and res.size > 0
print_status("\tThe following users have CREATE USER Privilege:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@ -127,7 +127,7 @@ class Metasploit3 < Msf::Auxiliary
end
query = "select user, host from mysql.user where Reload_priv = 'Y'"
res = mysql_query(query)
if res.size > 0
if res and res.size > 0
print_status("\tThe following users have RELOAD Privilege:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@ -135,7 +135,7 @@ class Metasploit3 < Msf::Auxiliary
end
query = "select user, host from mysql.user where Shutdown_priv = 'Y'"
res = mysql_query(query)
if res.size > 0
if res and res.size > 0
print_status("\tThe following users have SHUTDOWN Privilege:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@ -143,7 +143,7 @@ class Metasploit3 < Msf::Auxiliary
end
query = "select user, host from mysql.user where Super_priv = 'Y'"
res = mysql_query(query)
if res.size > 0
if res and res.size > 0
print_status("\tThe following users have SUPER Privilege:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@ -151,7 +151,7 @@ class Metasploit3 < Msf::Auxiliary
end
query = "select user, host from mysql.user where FILE_priv = 'Y'"
res = mysql_query(query)
if res.size > 0
if res and res.size > 0
print_status("\tThe following users have FILE Privilege:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@ -159,7 +159,7 @@ class Metasploit3 < Msf::Auxiliary
end
query = "select user, host from mysql.user where Process_priv = 'Y'"
res = mysql_query(query)
if res.size > 0
if res and res.size > 0
print_status("\tThe following users have PROCESS Privilege:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@ -174,7 +174,7 @@ class Metasploit3 < Msf::Auxiliary
(Create_priv = 'Y') or
(Drop_priv = 'Y')|
res = mysql_query(queryinmysql)
if res.size > 0
if res and res.size > 0
print_status("\tThe following accounts have privileges to the mysql database:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@ -185,7 +185,7 @@ class Metasploit3 < Msf::Auxiliary
# Anonymous Account Check
queryanom = "select user, host from mysql.user where user = ''"
res = mysql_query(queryanom)
if res.size > 0
if res and res.size > 0
print_status("\tAnonymous Accounts are Present:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@ -195,7 +195,7 @@ class Metasploit3 < Msf::Auxiliary
# Blank Password Check
queryblankpass = "select user, host, password from mysql.user where length(password) = 0 or password is null"
res = mysql_query(queryblankpass)
if res.size > 0
if res and res.size > 0
print_status("\tThe following accounts have empty passwords:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
@ -205,7 +205,7 @@ class Metasploit3 < Msf::Auxiliary
# Wildcard host
querywildcrd = 'select user, host from mysql.user where host = "%"'
res = mysql_query(querywildcrd)
if res.size > 0
if res and res.size > 0
print_status("\tThe following accounts are not restricted by source:")
res.each do |row|
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")

View File

@ -153,7 +153,7 @@ class Metasploit4 < Msf::Auxiliary
}
}, 60)
if res.code == 200
if res and res.code == 200
success = true
body = CGI::unescapeHTML(res.body)
if body.match(/<exitcode>(.*)<\/exitcode>/i)
@ -165,7 +165,7 @@ class Metasploit4 < Msf::Auxiliary
if body.match(/<lines>(.*)<\/lines>/i)
items = body.scan(/<item>(.*?)<\/item>/i)
end
elsif res.code == 500
elsif res and res.code == 500
case res.body
when /<faultstring>(.*)<\/faultstring>/i
faultcode = "#{$1}"

View File

@ -53,7 +53,7 @@ class Metasploit3 < Msf::Auxiliary
#
def get_version(res)
#Extract banner from response
banner = res.headers['Server']
banner = res.headers['Server'] || ''
#Default value for edition and glassfish version
edition = 'Commercial'

View File

@ -103,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary
req = ini_request(datastore['PATH'] + trigger + f)
vprint_status("Trying: http://#{rhost}:#{rport}#{req['uri']}")
res = send_request_cgi(req, 25)
return trigger if res.to_s =~ datastore['PATTERN']
return trigger if res and res.to_s =~ datastore['PATTERN']
end
end
end
@ -182,7 +182,7 @@ class Metasploit3 < Msf::Auxiliary
req = ini_request(uri)
vprint_status("Trying: http://#{rhost}:#{rport}#{uri}")
res = send_request_cgi(req, 25)
found = true if res.to_s =~ datastore['PATTERN']
found = true if res and res.to_s =~ datastore['PATTERN']
end
# Reporting
@ -223,7 +223,7 @@ class Metasploit3 < Msf::Auxiliary
vprint_status("#{res.code.to_s} for http://#{rhost}:#{rport}#{uri}")
# Only download files that are withint our interest
if res.to_s =~ datastore['PATTERN']
if res and res.to_s =~ datastore['PATTERN']
# We assume the string followed by the last '/' is our file name
fname = f.split("/")[-1].chop
loot = store_loot("lfi.data","text/plain",rhost, res.body,fname)
@ -267,7 +267,7 @@ class Metasploit3 < Msf::Auxiliary
res = send_request_cgi(req, 25)
# Did we get it?
if res.body =~ /#{unique_str}/
if res and res.body =~ /#{unique_str}/
print_good("WRITE is possible on #{rhost}:#{rport}")
else
print_error("WRITE seems unlikely")

View File

@ -62,7 +62,12 @@ class Metasploit3 < Msf::Auxiliary
'uri' => uri
}, 25)
if res
print_status("#{ip}:#{rport} returns: #{res.code.to_s}")
else
print_error("#{ip}:#{rport} - No response")
return
end
if res.body.empty?
print_error("No file to download (empty)")