Fix possible nil res. Bug #6939. Part 1.
parent
0759c3b75c
commit
01803c4a33
|
@ -54,6 +54,11 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'uri' => '/xslt?PAGE=A07',
|
||||
}, 25)
|
||||
|
||||
if not res
|
||||
print_error("No response from server")
|
||||
return
|
||||
end
|
||||
|
||||
#check to see if we get HTTP OK
|
||||
if (res.code == 200)
|
||||
print_status("Okay, Got an HTTP 200 (okay) code. Verifying Server header")
|
||||
|
@ -114,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'uri' => '/xslt?PAGE=H04',
|
||||
}, 25)
|
||||
|
||||
if ( res.code == 200 and res.body.match(/<title>System Setup - Password<\/title>/i))
|
||||
if ( res and res.code == 200 and res.body.match(/<title>System Setup - Password<\/title>/i))
|
||||
print_status("Found password reset page. Attempting to reset admin password to #{datastore['PASSWORD']}")
|
||||
|
||||
data = 'PAGE=H04_POST'
|
||||
|
@ -131,7 +136,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'data' => data,
|
||||
}, 25)
|
||||
|
||||
if res.code == 200
|
||||
if res and res.code == 200
|
||||
if (res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/(.*); path=\//))
|
||||
cookie= $1
|
||||
print_status("Got cookie #{cookie}. Password reset was successful!\n")
|
||||
|
|
|
@ -96,7 +96,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'data' => post_data,
|
||||
}, 25)
|
||||
|
||||
if (res.code == 302)
|
||||
if (res and res.code == 302)
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => "/admin/",
|
||||
|
@ -104,7 +104,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'cookie' => "JSESSIONID=#{jsessionid}",
|
||||
}, 25)
|
||||
|
||||
if (res.code == 302)
|
||||
if (res and res.code == 302)
|
||||
|
||||
res = send_request_cgi({
|
||||
'uri' => "/admin/frameset.jsp",
|
||||
|
@ -112,7 +112,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'cookie' => "JSESSIONID=#{jsessionid}",
|
||||
}, 25)
|
||||
|
||||
if (res.code == 200)
|
||||
if (res and res.code == 200)
|
||||
print_status("http://#{target_host}:#{rport}/admin [#{res.headers['Server']}] [#{ver}] [Tomcat Server Administration] [#{username}/#{password}]")
|
||||
end
|
||||
|
||||
|
|
|
@ -88,7 +88,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
print_status("Enumerating Accounts:")
|
||||
query = "select user, host, password from mysql.user"
|
||||
res = mysql_query(query)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tList of Accounts with Password Hashes:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]} Password Hash: #{row[2]}")
|
||||
|
@ -110,7 +110,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
query = "select user, host from mysql.user where Grant_priv = 'Y'"
|
||||
res = mysql_query(query)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tThe following users have GRANT Privilege:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
@ -119,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
query = "select user, host from mysql.user where Create_user_priv = 'Y'"
|
||||
res = mysql_query(query)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tThe following users have CREATE USER Privilege:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
@ -127,7 +127,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
query = "select user, host from mysql.user where Reload_priv = 'Y'"
|
||||
res = mysql_query(query)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tThe following users have RELOAD Privilege:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
@ -135,7 +135,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
query = "select user, host from mysql.user where Shutdown_priv = 'Y'"
|
||||
res = mysql_query(query)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tThe following users have SHUTDOWN Privilege:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
@ -143,7 +143,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
query = "select user, host from mysql.user where Super_priv = 'Y'"
|
||||
res = mysql_query(query)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tThe following users have SUPER Privilege:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
@ -151,7 +151,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
query = "select user, host from mysql.user where FILE_priv = 'Y'"
|
||||
res = mysql_query(query)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tThe following users have FILE Privilege:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
@ -159,7 +159,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
query = "select user, host from mysql.user where Process_priv = 'Y'"
|
||||
res = mysql_query(query)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tThe following users have PROCESS Privilege:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
@ -174,7 +174,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
(Create_priv = 'Y') or
|
||||
(Drop_priv = 'Y')|
|
||||
res = mysql_query(queryinmysql)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tThe following accounts have privileges to the mysql database:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
@ -185,7 +185,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
# Anonymous Account Check
|
||||
queryanom = "select user, host from mysql.user where user = ''"
|
||||
res = mysql_query(queryanom)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tAnonymous Accounts are Present:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
@ -195,7 +195,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
# Blank Password Check
|
||||
queryblankpass = "select user, host, password from mysql.user where length(password) = 0 or password is null"
|
||||
res = mysql_query(queryblankpass)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tThe following accounts have empty passwords:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
@ -205,7 +205,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
# Wildcard host
|
||||
querywildcrd = 'select user, host from mysql.user where host = "%"'
|
||||
res = mysql_query(querywildcrd)
|
||||
if res.size > 0
|
||||
if res and res.size > 0
|
||||
print_status("\tThe following accounts are not restricted by source:")
|
||||
res.each do |row|
|
||||
print_status("\t\tUser: #{row[0]} Host: #{row[1]}")
|
||||
|
|
|
@ -153,7 +153,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
}
|
||||
}, 60)
|
||||
|
||||
if res.code == 200
|
||||
if res and res.code == 200
|
||||
success = true
|
||||
body = CGI::unescapeHTML(res.body)
|
||||
if body.match(/<exitcode>(.*)<\/exitcode>/i)
|
||||
|
@ -165,7 +165,7 @@ class Metasploit4 < Msf::Auxiliary
|
|||
if body.match(/<lines>(.*)<\/lines>/i)
|
||||
items = body.scan(/<item>(.*?)<\/item>/i)
|
||||
end
|
||||
elsif res.code == 500
|
||||
elsif res and res.code == 500
|
||||
case res.body
|
||||
when /<faultstring>(.*)<\/faultstring>/i
|
||||
faultcode = "#{$1}"
|
||||
|
|
|
@ -53,7 +53,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
#
|
||||
def get_version(res)
|
||||
#Extract banner from response
|
||||
banner = res.headers['Server']
|
||||
banner = res.headers['Server'] || ''
|
||||
|
||||
#Default value for edition and glassfish version
|
||||
edition = 'Commercial'
|
||||
|
|
|
@ -103,7 +103,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
req = ini_request(datastore['PATH'] + trigger + f)
|
||||
vprint_status("Trying: http://#{rhost}:#{rport}#{req['uri']}")
|
||||
res = send_request_cgi(req, 25)
|
||||
return trigger if res.to_s =~ datastore['PATTERN']
|
||||
return trigger if res and res.to_s =~ datastore['PATTERN']
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -182,7 +182,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
req = ini_request(uri)
|
||||
vprint_status("Trying: http://#{rhost}:#{rport}#{uri}")
|
||||
res = send_request_cgi(req, 25)
|
||||
found = true if res.to_s =~ datastore['PATTERN']
|
||||
found = true if res and res.to_s =~ datastore['PATTERN']
|
||||
end
|
||||
|
||||
# Reporting
|
||||
|
@ -223,7 +223,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
vprint_status("#{res.code.to_s} for http://#{rhost}:#{rport}#{uri}")
|
||||
|
||||
# Only download files that are withint our interest
|
||||
if res.to_s =~ datastore['PATTERN']
|
||||
if res and res.to_s =~ datastore['PATTERN']
|
||||
# We assume the string followed by the last '/' is our file name
|
||||
fname = f.split("/")[-1].chop
|
||||
loot = store_loot("lfi.data","text/plain",rhost, res.body,fname)
|
||||
|
@ -267,7 +267,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
res = send_request_cgi(req, 25)
|
||||
|
||||
# Did we get it?
|
||||
if res.body =~ /#{unique_str}/
|
||||
if res and res.body =~ /#{unique_str}/
|
||||
print_good("WRITE is possible on #{rhost}:#{rport}")
|
||||
else
|
||||
print_error("WRITE seems unlikely")
|
||||
|
|
|
@ -62,7 +62,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'uri' => uri
|
||||
}, 25)
|
||||
|
||||
if res
|
||||
print_status("#{ip}:#{rport} returns: #{res.code.to_s}")
|
||||
else
|
||||
print_error("#{ip}:#{rport} - No response")
|
||||
return
|
||||
end
|
||||
|
||||
if res.body.empty?
|
||||
print_error("No file to download (empty)")
|
||||
|
|
Loading…
Reference in New Issue