infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into bug/module-load-cache-update

unstable
Luke Imhoff 2013-05-23 14:23:14 -05:00
parent 2b70ec2e08 ff08fed987
commit 1a487e476d
113 changed files with 1172 additions and 278 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
data/exploits/cve-2013-0758.swf Normal file
View File

Binary file not shown.

3
lib/msf/base/sessions/command_shell_options.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to

1
lib/msf/base/sessions/meterpreter.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/base'
require 'msf/base/sessions/scriptable'

1
lib/msf/base/sessions/meterpreter_java.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/base/sessions/meterpreter'

1
lib/msf/base/sessions/meterpreter_options.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'shellwords'

1
lib/msf/base/sessions/meterpreter_php.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/base/sessions/meterpreter'

1
lib/msf/base/sessions/meterpreter_x86_bsd.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/base/sessions/meterpreter'

1
lib/msf/base/sessions/meterpreter_x86_linux.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/base/sessions/meterpreter'

1
lib/msf/base/sessions/meterpreter_x86_win.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/base/sessions/meterpreter'
require 'msf/windows_error'

1
lib/msf/base/sessions/tty.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/base'

3
lib/msf/base/sessions/vncinject_options.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
module Msf
module Sessions

1
lib/msf/base/simple/buffer.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/base'

1
lib/msf/base/simple/payload.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/base'

1
lib/msf/core/auxiliary/commandshell.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/base/sessions/command_shell_options'

3
lib/msf/core/auxiliary/login.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
module Msf

3
lib/msf/core/auxiliary/pii.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
###
# $Id$
###
module Msf

3
lib/msf/core/auxiliary/rservices.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
##
#

37
lib/msf/core/db_manager.rb
View File

@ -3,6 +3,7 @@
require 'msf/base/config'
require 'msf/core'
require 'msf/core/db'
require 'msf/core/db_manager/migration'
require 'msf/core/task_manager'
require 'fileutils'
require 'shellwords'
@ -17,6 +18,9 @@ module Msf
###
class DBManager
# Provides :framework and other accessors
include Msf::DBManager::Migration
include Msf::Framework::Offspring
# Mainly, it's Ruby 1.9.1 that cause a lot of problems now, along with Ruby 1.8.6.
# Ruby 1.8.7 actually seems okay, but why tempt fate? Let's say 1.9.3 and beyond.
@ -28,9 +32,6 @@ class DBManager
end
end
# Provides :framework and other accessors
include Framework::Offspring
# Returns true if we are ready to load/store data
def active
return false if not @usable
@ -53,9 +54,6 @@ class DBManager
# Stores a TaskManager for serializing database events
attr_accessor :sink
# Flag to indicate database migration has completed
attr_accessor :migrated
# Flag to indicate that modules are cached
attr_accessor :modules_cached
@ -287,33 +285,6 @@ class DBManager
end
end
# Migrate database to latest schema version.
#
# @param verbose [Boolean] see ActiveRecord::Migration.verbose
# @return [Array<ActiveRecord::MigrationProxy] List of migrations that ran.
#
# @see ActiveRecord::Migrator.migrate
def migrate(verbose=false)
ran = []
ActiveRecord::Migration.verbose = verbose
ActiveRecord::Base.connection_pool.with_connection do
begin
ran = ActiveRecord::Migrator.migrate(
ActiveRecord::Migrator.migrations_paths
)
# ActiveRecord::Migrator#migrate rescues all errors and re-raises them as
# StandardError
rescue StandardError => error
self.error = error
elog("DB.migrate threw an exception: #{error}")
dlog("Call stack:\n#{error.backtrace.join "\n"}")
end
end
return ran
end
def workspace=(workspace)
@workspace_name = workspace.name
end

58
lib/msf/core/db_manager/migration.rb Normal file
View File

@ -0,0 +1,58 @@
module Msf
class DBManager
module Migration
# Migrate database to latest schema version.
#
# @param verbose [Boolean] see ActiveRecord::Migration.verbose
# @return [Array<ActiveRecord::MigrationProxy] List of migrations that
# ran.
#
# @see ActiveRecord::Migrator.migrate
def migrate(verbose=false)
ran = []
ActiveRecord::Migration.verbose = verbose
ActiveRecord::Base.connection_pool.with_connection do
begin
ran = ActiveRecord::Migrator.migrate(
ActiveRecord::Migrator.migrations_paths
)
# ActiveRecord::Migrator#migrate rescues all errors and re-raises them
# as StandardError
rescue StandardError => error
self.error = error
elog("DB.migrate threw an exception: #{error}")
dlog("Call stack:\n#{error.backtrace.join "\n"}")
end
end
# Since the connections that existed before the migrations ran could
# have outdated column information, reset column information for all
# ActiveRecord::Base descendents to prevent missing method errors for
# column methods for columns created in migrations after the column
# information was cached.
reset_column_information
return ran
end
# Flag to indicate database migration has completed
#
# @return [Boolean]
attr_accessor :migrated
private
# Resets the column information for all descendants of ActiveRecord::Base
# since some of the migrations may have cached column information that
# has been updated by later migrations.
#
# @return [void]
def reset_column_information
ActiveRecord::Base.descendants.each do |descendant|
descendant.reset_column_information
end
end
end
end
end

1
lib/msf/core/encoded_payload.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/core'

1
lib/msf/core/exploit/browser_autopwn.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
#
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit

1
lib/msf/core/exploit/cmdstager.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/exploitation/cmdstager'
require 'msf/core/exploit/exe'

1
lib/msf/core/exploit/cmdstager_debug_asm.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/core/exploit/cmdstager'

1
lib/msf/core/exploit/cmdstager_debug_write.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/core/exploit/cmdstager'

1
lib/msf/core/exploit/cmdstager_tftp.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/text'
require 'msf/core/exploit/tftp'

1
lib/msf/core/exploit/cmdstager_vbs.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'msf/core/exploit/cmdstager'

1
lib/msf/core/exploit/cmdstager_vbs_adodb.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id: $
require 'msf/core/exploit/cmdstager'

1
lib/msf/core/exploit/dhcp.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/proto/dhcp'

1
lib/msf/core/exploit/egghunter.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/exploitation/egghunter'

3
lib/msf/core/exploit/exe.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
###
#

1
lib/msf/core/exploit/fmtstr.rb
View File

@ -7,7 +7,6 @@ module Msf
# in a more intelligent way.
#
# Author: jduck
# $Id$
###
module Exploit::FormatString

3
lib/msf/core/exploit/ipv6.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
module Msf

1
lib/msf/core/exploit/mixins.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
#
# All exploit mixins should be added to the list below
#

3
lib/msf/core/exploit/mysql.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to

1
lib/msf/core/exploit/omelet.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/exploitation/omelet'

3
lib/msf/core/exploit/pdf.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
###
#

3
lib/msf/core/exploit/php_exe.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
###
#

3
lib/msf/core/exploit/riff.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
module Msf

3
lib/msf/core/exploit/telnet.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
module Msf

1
lib/msf/core/exploit/tftp.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/proto/tftp'

3
lib/msf/core/exploit/wbemexec.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
#
# This mixin enables executing arbitrary commands via the

3
lib/msf/core/payload/windows/exec.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
module Msf

3
lib/msf/core/payload/windows/loadlibrary.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
module Msf

3
lib/msf/core/rpc/v10/rpc_module.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id: module.rb 12624 2011-05-15 23:51:53Z hdm $
##
module Msf
module RPC

12
lib/msf/ui/console/command_dispatcher/exploit.rb
View File

@ -33,7 +33,9 @@ class Exploit
"exploit" => "Launch an exploit attempt",
"rcheck" => "Reloads the module and checks if the target is vulnerable",
"rexploit" => "Reloads the module and launches an exploit attempt",
"reload" => "Just reloads the module"
"reload" => "Just reloads the module",
"run" => "Alias for exploit",
"rerun" => "Alias for rexploit",
})
end
@ -197,6 +199,8 @@ class Exploit
end
end
alias cmd_run cmd_exploit
def cmd_exploit_help
print_line "Usage: exploit [options]"
print_line
@ -204,6 +208,8 @@ class Exploit
print @@exploit_opts.usage
end
alias cmd_run_help cmd_exploit_help
#
# Reloads an exploit module and checks the target to see if it's
# vulnerable.
@ -227,6 +233,8 @@ class Exploit
end
end
alias cmd_rerun cmd_rexploit
def cmd_rexploit_help
print_line "Usage: rexploit [options]"
print_line
@ -234,6 +242,8 @@ class Exploit
print @@exploit_opts.usage
end
alias cmd_rerun_help cmd_rexploit_help
#
# Picks a reasonable payload and minimally configures it
#

1
lib/msf/ui/console/command_dispatcher/payload.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/parser/arguments'

3
lib/msf/windows_error.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
#
# Windows system error codes (0-499)

2
lib/rex/elfparsey.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
module Rex
module ElfParsey

2
lib/rex/elfparsey/elf.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
require 'rex/elfparsey/elfbase'
require 'rex/elfparsey/exceptions'
require 'rex/image_source'

2
lib/rex/elfparsey/elfbase.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
require 'rex/struct2'
module Rex

2
lib/rex/elfparsey/exceptions.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
module Rex
module ElfParsey

2
lib/rex/elfscan.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
module Rex
module ElfScan

2
lib/rex/elfscan/scanner.rb
View File

@ -1,7 +1,5 @@
# -*- coding: binary -*-
# $Id$
module Rex
module ElfScan
module Scanner

2
lib/rex/elfscan/search.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
module Rex
module ElfScan
module Search

1
lib/rex/exploitation/cmdstager/tftp.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/text'
require 'rex/arch'

1
lib/rex/exploitation/jsobfu.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/text'
require 'rkelly'

2
lib/rex/image_source.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
module Rex
module ImageSource

2
lib/rex/image_source/disk.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
require 'rex/image_source/image_source'
require 'rex/struct2'

2
lib/rex/image_source/image_source.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
module Rex
module ImageSource
class ImageSource

2
lib/rex/image_source/memory.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
require 'rex/image_source/image_source'
require 'rex/struct2'

4
lib/rex/ole.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/clsid.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/difat.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/directory.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/direntry.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/fat.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/header.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/minifat.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/propset.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/storage.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/stream.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/substorage.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

4
lib/rex/ole/util.rb
View File

@ -1,8 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
# Version: $Revision$
##
##
# Rex::OLE - an OLE implementation

2
lib/rex/peparsey.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
module Rex
module PeParsey

2
lib/rex/peparsey/exceptions.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
module Rex
module PeParsey

2
lib/rex/peparsey/pe.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
require 'rex/image_source'
require 'rex/peparsey/exceptions'
require 'rex/peparsey/pebase'

2
lib/rex/peparsey/pe_memdump.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
require 'rex/image_source'
require 'rex/peparsey/exceptions'
require 'rex/peparsey/pebase'

2
lib/rex/peparsey/pebase.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
require 'rex/peparsey/exceptions'
require 'rex/struct2'

2
lib/rex/peparsey/section.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
require 'rex/peparsey/exceptions'
require 'rex/peparsey/pebase'
require 'rex/struct2'

2
lib/rex/pescan.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
# $Id$
module Rex
module PeScan

1
lib/rex/proto/dhcp.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
#
# DHCP Server support written by scriptjunkie
#

1
lib/rex/proto/dhcp/constants.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/proto/dhcp'
module Rex

1
lib/rex/proto/dhcp/server.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/socket'
require 'rex/proto/dhcp'

4
lib/rex/proto/ntlm/crypt.rb
View File

@ -43,10 +43,6 @@
# The latter has a minor bug in its separate_keys function.
# The third key has to begin from the 14th character of the
# input string instead of 13th:)
#--
# $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $
#++
require 'rex/proto/ntlm/constants'
require 'rex/proto/ntlm/base'

3
lib/rex/proto/ntlm/message.rb
View File

@ -40,9 +40,6 @@
# The latter has a minor bug in its separate_keys function.
# The third key has to begin from the 14th character of the
# input string instead of 13th:)
#--
# $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $
#++
#this module defines the message class , useful for easily handling type 1/2/3 ntlm messages

1
lib/rex/proto/rfb.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id: $
#
# RFB protocol support
#

2
lib/rex/proto/rfb.rb.ut.rb
View File

@ -1,8 +1,6 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
#
# $Id: $
#
# RFB protocol support
#
# @author Joshua J. Drake <jduck>

3
lib/rex/proto/rfb/cipher.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id: $
##
##
#

3
lib/rex/proto/rfb/client.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id: $
##
##
#

3
lib/rex/proto/rfb/constants.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id: $
##
##
#

1
lib/rex/proto/tftp.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
#
# TFTP Server implementation according to:
#

1
lib/rex/proto/tftp/constants.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/proto/tftp'
module Rex

1
lib/rex/proto/tftp/server.rb
View File

@ -1,5 +1,4 @@
# -*- coding: binary -*-
# $Id$
require 'rex/socket'
require 'rex/proto/tftp'

5
lib/rex/proto/tftp/server.rb.ut.rb
View File

@ -1,10 +1,5 @@
#!/usr/bin/env ruby
# -*- coding: binary -*-
#
# $Revision$
#
# $Id$
#
require 'rex/compat'
require 'rex/proto/tftp'

3
lib/rex/zip/archive.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
module Rex
module Zip

3
lib/rex/zip/blocks.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
module Rex
module Zip

3
lib/rex/zip/entry.rb
View File

@ -1,7 +1,4 @@
# -*- coding: binary -*-
##
# $Id$
##
module Rex
module Zip

2
lib/zip/zip.rb
View File

@ -1259,6 +1259,8 @@ module Zip
@cdirOffset = ZipEntry::read_zip_long(buf)
commentLength = ZipEntry::read_zip_short(buf)
@comment = buf.read(commentLength)
# remove trailing \n symbol
buf.chomp!
raise ZipError, "Zip consistency problem while reading eocd structure" unless buf.size == 0
end

25
modules/auxiliary/scanner/rdp/ms12_020_check.rb
View File

@ -53,7 +53,7 @@ class Metasploit3 < Msf::Auxiliary
res = sock.get_once(-1, 5)
# return true if this matches our vulnerable response
( res and res == "\x03\x00\x00\x0b\x06\xd0\x00\x00\x12\x34\x00" )
( res and res.match("\x03\x00\x00\x0b\x06\xd0\x00\x00\x12\x34\x00") )
end
def report_goods
@ -121,16 +121,9 @@ class Metasploit3 < Msf::Auxiliary
"\x28" # PER encoded PDU contents
end
def channel_request_one
def channel_request
"\x03\x00\x00\x0c" +
"\x02\xf0\x80\x38" +
"\x00\x01\x03\xeb"
end
def channel_request_two
"\x03\x00\x00\x0c" +
"\x02\xf0\x80\x38" +
"\x00\x02\x03\xeb"
"\x02\xf0\x80\x38"
end
def peer
@ -143,6 +136,7 @@ class Metasploit3 < Msf::Auxiliary
# check if rdp is open
if not check_rdp
vprint_status "#{peer} Could not connect to RDP."
disconnect
return
end
@ -153,18 +147,23 @@ class Metasploit3 < Msf::Auxiliary
# send userRequest
sock.put(user_request)
res = sock.get_once(-1, 5)
user1 = res[9,2].unpack("n").first
chan1 = user1 + 1001
# send 2nd userRequest
sock.put(user_request)
res = sock.get_once(-1, 5)
user2 = res[9,2].unpack("n").first
chan2 = user2 + 1001
# send channel request one
sock.put(channel_request_one)
sock.put(channel_request << [user1, chan2].pack("nn"))
res = sock.get_once(-1, 5)
if res and res[8,2] == "\x3e\x00"
if res and res[7,2] == "\x3e\x00"
# send ChannelRequestTwo - prevent BSoD
sock.put(channel_request_two)
sock.put(channel_request << [user2, chan2].pack("nn"))
print_good("#{peer} Vulnerable to MS12-020")
report_goods

4
modules/auxiliary/server/capture/drda.rb
View File

@ -1,6 +1,4 @@
##
# $Id: drda.rb 14774 2012-02-21 01:42:17Z rapid7 $
##
# -*- coding: binary -*-
##
# This file is part of the Metasploit Framework and may be subject to

Some files were not shown because too many files have changed in this diff Show More