Fix a handful of msftidy warnings, and XXX SSL

Marked the SSL stuff as something that needs to be resolved in order to fix a future bug in datastore manipulation. Also, fixed some whitespace and exec complaints [SeeRM #8498]
2013-11-11 21:22:14 -06:00 · 2013-11-11 21:22:14 -06:00 · 2035983d3c
parent 9e603574ae
commit 2035983d3c
6 changed files with 25 additions and 10 deletions
--- a/lib/msf/core/exploit/http/server.rb
+++ b/lib/msf/core/exploit/http/server.rb
@ -149,6 +149,9 @@ module Exploit::Remote::HttpServer
  #   ServerPort => Override the server port to listen on (default to SRVPORT).
  #   Uri        => The URI to handle and the associated procedure to call.
  #
+  #
+  # TODO: This must be able to take an SSL parameter and not rely
+  # completely on the datastore. (See dlink_upnp_exec_noauth)
  def start_service(opts = {})

    check_dependencies
@ -172,7 +175,7 @@ module Exploit::Remote::HttpServer
      Rex::Proto::Http::Server,
      opts['ServerPort'].to_i,
      opts['ServerHost'],
-      datastore['SSL'],
+      datastore['SSL'], # XXX: Should be in opts, need to test this
      {
        'Msf'        => framework,
        'MsfExploit' => self,
--- a/modules/auxiliary/scanner/http/smt_ipmi_static_cert_scanner.rb
+++ b/modules/auxiliary/scanner/http/smt_ipmi_static_cert_scanner.rb
@ -35,7 +35,7 @@ class Metasploit3 < Msf::Auxiliary
      'Name'        => 'Supermicro Onboard IPMI Static SSL Certificate Scanner',
      'Description' => %q{
        This module checks for a static SSL certificate shipped with Supermicro Onboard IPMI
-        controllers. An attacker with access to the publicly-available firmware can perform 
+        controllers. An attacker with access to the publicly-available firmware can perform
        man-in-the-middle attacks and offline decryption of communication to the controller.
        This module has been on a Supermicro Onboard IPMI (X9SCL/X9SCM) with firmware
        version SMT_X9_214.
--- a/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb
+++ b/modules/auxiliary/scanner/http/smt_ipmi_url_redirect_traversal.rb
@ -17,12 +17,12 @@ class Metasploit3 < Msf::Auxiliary
    super(update_info(info,
      'Name'        => 'Supermicro Onboard IPMI url_redirect.cgi Authenticated Directory Traversal',
      'Description' => %q{
-        This module abuses a directory traversal vulnerability in the url_redirect.cgi application 
+        This module abuses a directory traversal vulnerability in the url_redirect.cgi application
        accessible through the web interface of Supermicro Onboard IPMI controllers.  The vulnerability
        is present due to a lack of sanitization of the url_name parameter. This allows an attacker with
        a valid, but not necessarily administrator-level account, to access the contents of any file
        on the system. This includes the /nv/PSBlock file, which contains the cleartext credentials for
-        all configured accounts. This module has been tested on a Supermicro Onboard IPMI (X9SCL/X9SCM) 
+        all configured accounts. This module has been tested on a Supermicro Onboard IPMI (X9SCL/X9SCM)
        with firmware version SMT_X9_214.
      },
      'Author'       =>
--- a/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb
+++ b/modules/exploits/linux/http/dlink_upnp_exec_noauth.rb
@ -118,7 +118,10 @@ class Metasploit3 < Msf::Exploit::Remote
    if (datastore['DOWNHOST'])
      service_url = 'http://' + datastore['DOWNHOST'] + ':' + datastore['SRVPORT'].to_s + resource_uri
    else
-      #do not use SSL
+      # do not use SSL for this part
+      # XXX: See https://dev.metasploit.com/redmine/issues/8498
+      # It must be possible to do this without directly editing the
+      # datastore.
      if datastore['SSL']
        ssl_restore = true
        datastore['SSL'] = false
@ -142,6 +145,10 @@ class Metasploit3 < Msf::Exploit::Remote
        'Path' => resource_uri
      }})

+      # Restore SSL preference
+      # XXX: See https://dev.metasploit.com/redmine/issues/8498
+      # It must be possible to do this without directly editing the
+      # datastore.
      datastore['SSL'] = true if ssl_restore
    end

--- a/modules/exploits/multi/http/struts_default_action_mapper.rb
+++ b/modules/exploits/multi/http/struts_default_action_mapper.rb
@ -106,7 +106,10 @@ class Metasploit3 < Msf::Exploit::Remote
  end

  def start_http_service
-    #do not use SSL
+    # do not use SSL for this part
+    # XXX: See https://dev.metasploit.com/redmine/issues/8498
+    # It must be possible to do this without directly editing the
+    # datastore.
    if datastore['SSL']
      ssl_restore = true
      datastore['SSL'] = false
@ -129,6 +132,10 @@ class Metasploit3 < Msf::Exploit::Remote
      }
    })

+    # Restore SSL preference
+    # XXX: See https://dev.metasploit.com/redmine/issues/8498
+    # It must be possible to do this without directly editing the
+    # datastore.
    datastore['SSL'] = true if ssl_restore

    return service_url
--- a/modules/exploits/windows/misc/altiris_ds_sqli.rb
+++ b/modules/exploits/windows/misc/altiris_ds_sqli.rb
@ -1,8 +1,6 @@
 ##
-# This file is part of the Metasploit Framework and may be subject to
-# redistribution and commercial restrictions. Please see the Metasploit
-# Framework web site for more information on licensing and terms of use.
-# http://metasploit.com/framework/
+# This module requires Metasploit: http//metasploit.com/download
+# Current source: https://github.com/rapid7/metasploit-framework
 ##

 require 'msf/core'