can I get a woot woot

git-svn-id: file:///home/svn/incoming/trunk@2576 4d416f70-5f16-0410-b530-b9f4589650da
2005-06-05 05:42:14 +00:00 · 2005-06-05 05:42:14 +00:00 · 1e6e29ad6d
parent 04a9cbd7ad
commit 1e6e29ad6d
5 changed files with 129 additions and 48 deletions
--- a/lib/msf/core/data_store.rb
+++ b/lib/msf/core/data_store.rb
@ -14,8 +14,8 @@ class DataStore < Hash
 	# all of the supplied options
 	def import_options(options)
 		options.each_option { |name, opt|
-			if (opt.default_value)
+			if (opt.default)
-				self.store(name, opt.default_value)
+				self.store(name, opt.default)
 			end
 		}
 	end
--- a/lib/msf/core/exploit.rb
+++ b/lib/msf/core/exploit.rb
@ -192,41 +192,44 @@ class Exploit < Msf::Module
 	attr_accessor :target, :targets
-end
+  ###
  #
  # Local
  # -----
  #
  # The local exploit class is a specialization of the exploit module class that
  # is geared toward exploits that are performed locally.  Locally, in this
  # case, is defined as an exploit that is realized by means other than network
  # communication.
  #
  ###
  class Local < Exploit
 	  def exploit_type
 		  Exploit::Type::Local
 	  end
  end
-###
+  ###
-#
+  #
-# LocalExploit
+  # Remote
-# ------------
+  # ------
-#
+  #
-# The local exploit class is a specialization of the exploit module class that
+  # The remote exploit class is a specialization of the exploit module class
-# is geared toward exploits that are performed locally.  Locally, in this
+  # that is geared toward exploits that are performed against targets other than
-# case, is defined as an exploit that is realized by means other than network
+  # the local machine.  This typically implies exploiting other machines via a
-# communication.
+  # network connection, though it is not limited to this scope.
-#
+  #
-###
+  ###
-class LocalExploit < Exploit
+  class Remote < Exploit
 	def exploit_type
 		Exploit::Type::Local
 	end
 end
-###
+	  def exploit_type
-#
+		  Exploit::Type::Remote
-# RemoteExploit
+	  end
-# -------------
+  end
 #
 # The remote exploit class is a specialization of the exploit module class
 # that is geared toward exploits that are performed against targets other than
 # the local machine.  This typically implies exploiting other machines via a
 # network connection, though it is not limited to this scope.
 #
 ###
 class RemoteExploit < Exploit
 	def exploit_type
 		Exploit::Type::Remote
 	end
 end
 end
 require 'Msf/Core/Exploit/Remote/Tcp'
 require 'Msf/Core/Exploit/Remote/DCERPC'
--- a/lib/msf/core/module.rb
+++ b/lib/msf/core/module.rb
@ -41,61 +41,91 @@ class Module
 		# Create and initialize the data store for this module
 		self.datastore = DataStore.new
 		self.datastore.import_options(self.options)
 		self.privileged = module_info['Privileged'] || false
 	end
 	#
 	# Return the module's name
 	#
 	def name
 		return module_info['Name']
 	end
 	#
 	# Return the module's description
 	#
 	def description
 		return module_info['Description']
 	end
 	#
 	# Return the module's version information
 	#
 	def version
 		return module_info['Version']
 	end
 	#
 	# Return the module's abstract type
 	#
 	def type
 		raise NotImplementedError
 	end
 	#
 	# Return a comma separated list of author for this module
 	#
 	def author_to_s
 		return author.collect { |author| author.to_s }.join(", ")
 	end
 	#
 	# Enumerate each author
 	#
 	def each_author(&block)
 		author.each(&block)
 	end
 	#
 	# Return a comma separated list of supported architectures, if any
 	#
 	def arch_to_s
 		return arch.join(", ")
 	end
 	#
 	# Enumerate each architecture
 	#
 	def each_arch(&block)
 		arch.each(&block)
 	end
 	#
 	# Return whether or not the module supports the supplied architecture
 	#
 	def arch?(what)
 		return true if (what == ARCH_ANY)
 		return arch.index(what) != nil 
 	end
 	#
 	# Return a comma separated list of supported platforms, if any
 	#
 	def platform_to_s
 		return platform.join(", ")
 	end
 	#
 	# Returns whether or not the module requires or grants high privileges
 	#
 	def privileged?
 		return (privileged == true)
 	end
 	attr_reader   :author, :arch, :platform, :refs, :datastore, :options
 	attr_reader   :privileged
 protected
@ -108,7 +138,8 @@ protected
 			'Author'      => nil,
 			'Arch'        => nil,
 			'Platform'    => nil,
-			'Ref'         => nil
+			'Ref'         => nil,
 			'Privileged'  => false,
 		}.update(self.module_info)
 	end
@ -121,8 +152,51 @@ protected
 		(self.method(method_name).to_s.match(/#{parent.to_s}[^:]/)) ? false : true
 	end
 	#
 	# Merges options in the info hash in a sane fashion, as some options
 	# require special attention.
 	#
 	def merge_info(info, opts)
 		opts.each_pair { |name, val|
 			if (self.respond_to?("merge_info_#{name.downcase}"))
 				eval("merge_info_#{name.downcase}(info, val)")
 			else
 				# merge it cool style
 			end
 		}
 		return info
 	end
 	#
 	# Merges options 
 	#
 	def merge_info_options(info, val, advanced = false)
 		key_name = ((advanced) ? 'Advanced' : '') + 'Options'
 		new_cont = OptionContainer.new
 		new_cont.add_options(val, advanced)
 		cur_cont = OptionContainer.new
 		cur_cont.add_options(info[key_name] || [], advanced)
 		new_cont.each_option { |name, option|
 			next if (cur_cont.get(name))
 			info[key_name]  = [] if (!info[key_name])
 			info[key_name] << option
 		}
 	end
 	# 
 	# Merges advanced options
 	#
 	def merge_info_advancedoptions(info, val)
 		merge_info_options(info, val, true)
 	end
 	attr_accessor :module_info
 	attr_writer   :author, :arch, :platform, :refs, :datastore, :options
 	attr_writer   :privileged
 end
--- a/lib/msf/core/option_container.rb
+++ b/lib/msf/core/option_container.rb
@ -170,7 +170,10 @@ class OptionContainer < Hash
 	# Return the option associated with the supplied name
 	def get(name)
-		return fetch(name)
+		begin
 			return fetch(name)
 		rescue
 		end
 	end
 	# Adds one or more options
--- a/modules/exploits/windows/msrpc_dcom_ms03_026.rb
+++ b/modules/exploits/windows/msrpc_dcom_ms03_026.rb
@ -1,10 +1,13 @@
 require 'Msf/Core'
 module Msf
 module Exploits
 module Remote
-class MSRPC_DCOM_MS03_026 < Msf::RemoteExploit
+class Exploit::Remote::MSRPC_DCOM_MS03_026 < Msf::Exploit::Remote
 	#
 	# This module exploits a vulnerability in a DCERPC service
 	#
 	include Exploit::Remote::DCERPC
 	def initialize
 		super(
@ -21,12 +24,14 @@ class MSRPC_DCOM_MS03_026 < Msf::RemoteExploit
 					[ 'OSVDB', '2100'     ],
 					[ 'MSB',   'MS03-026' ],
 				],
 			'Privileged'    => true,
 			'Targets'       => 
 				[
 					# Target 0: Universal
 					[ 
 						'Windows NT SP3-6a/2000/XP/2003 Universal',
-						[ 'winnt', 'win2000', 'winxp', 'win2003' ],
+#						[ 'winnt', 'win2000', 'winxp', 'win2003' ],
 						[ ],
 						0x74ff16f3, # Windows NT 4.0 SP3/4 (pop pop ret) rnr20.dll
 						0x776a240d, # Windows NT 4.0 SP5 (eax) ws2help.dll
 						0x77f33723, # Windows NT 4.0 SP6a (esp)
@ -36,16 +41,12 @@ class MSRPC_DCOM_MS03_026 < Msf::RemoteExploit
 						0x001b0b0b, # Windows 2003 call near [ebp+0x30] (unicode.nls)
 					]
 				],
-			'DefaultTarget' => 0,
+			'DefaultTarget' => 0)
-			'Options'       =>
+	end
-				[
+
-					Opt::RHOST,
+	def exploit
 					Opt::RPORT(135)
 				])
 	end
 end
 end
 end
 end