infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix incorrect use of sock.get that leads to indefinite hang

bug/bundler_fix
HD Moore 2014-06-28 15:48:58 -05:00
parent 3ae91410f5
commit 3868348045
9 changed files with 19 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/auxiliary/admin/misc/sercomm_dump_config.rb
View File

@ -116,7 +116,7 @@ class Metasploit3 < Msf::Auxiliary
begin
connect
sock.put(Rex::Text.rand_text(5))
res = sock.get_once
res = sock.get_once(-1, 10)_once
disconnect
rescue Rex::ConnectionError => e
print_error("Connection failed: #{e.class}: #{e}")
@ -147,7 +147,7 @@ class Metasploit3 < Msf::Auxiliary
connect
sock.put(pkt)
res = sock.get
res = sock.get_once(-1, 10)
disconnect

2
modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb
View File

@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary
def get_pkt
buf = sock.get
buf = sock.get_once(-1, 10)
vprint_status("[in ] #{buf.inspect}")
buf
end

4
modules/auxiliary/scanner/http/open_proxy.rb
View File

@ -115,7 +115,7 @@ class Metasploit3 < Msf::Auxiliary
request = write_request('GET',site,user_agent)
sock.put(request)
res = sock.get_once(-1, 10)
res = sock.get_once(-1, 10)_once(-1, 10)
disconnect
@ -167,7 +167,7 @@ class Metasploit3 < Msf::Auxiliary
request = write_request('GET',ripe_address,user_agent)
sock.put(request)
res = sock.get
res = sock.get_once(-1, 10)
disconnect

2
modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb
View File

@ -96,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote
# Read command output from socket if cmd/unix/generic payload was used
if (datastore['CMD'])
res = sock.get
res = sock.get_once(-1, 10)
print_status(res.to_s) if not res.empty?
end

6
modules/exploits/linux/misc/novell_edirectory_ncp_bof.rb
View File

@ -60,7 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
sock.put(connection_request)
res = sock.get
res = sock.get_once(-1, 10)
disconnect
if res.nil? or res[8, 2].unpack("n")[0] != 0x3333 or res[15, 1].unpack("C")[0] != 0
# res[8,2] => Reply Type
@ -91,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Sending Service Connection Request...")
sock.put(connection_request)
res = sock.get
res = sock.get_once(-1, 10)
if res.nil? or res[8, 2].unpack("n")[0] != 0x3333 or res[15, 1].unpack("C")[0] != 0
# res[8,2] => Reply Type
# res[15,1] => Connection Status
@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Sending Overflow on Keyed Object Login...")
sock.put(pkt)
sock.get
sock.get_once(-1, 10)
disconnect
end

4
modules/exploits/unix/misc/qnx_qconn_exec.rb
View File

@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote
req = "service launcher\n"
req << "start/flags run /bin/echo /bin/echo #{fingerprint}\n"
sock.put(req)
res = sock.get
res = sock.get_once(-1, 10)
disconnect
# check response
@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("#{@peer} - Sending payload (#{req.length} bytes)")
connect
sock.put(req)
res = sock.get
res = sock.get_once(-1, 10)
# check response
if res and res =~ /No controlling tty/

4
modules/exploits/windows/misc/hp_dataprotector_dtbclslogin.rb
View File

@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
hello << "\xb0\x02\x00\x00\xff\xff\x00\x00" << "\x06\x10\x00\x00\x7c\xfa"
sock.put(hello)
hello_response = sock.get
hello_response = sock.get_once(-1, 10)
disconnect
if hello_response and hello_response =~ /Dtb: Context/
@ -109,7 +109,7 @@ class Metasploit3 < Msf::Exploit::Remote
hello << "\xb0\x02\x00\x00\xff\xff\x00\x00" << "\x06\x10\x00\x00\x7c\xfa"
sock.put(hello)
hello_response = sock.get
hello_response = sock.get_once(-1, 10)
if not hello_response or hello_response.empty?
print_error("#{sock.peerinfo} - The Hello Request hasn't received a response")

10
modules/exploits/windows/misc/hp_dataprotector_new_folder.rb
View File

@ -160,7 +160,7 @@ class Metasploit3 < Msf::Exploit::Remote
end
sock.put(hello)
hello_response = sock.get
hello_response = sock.get_once(-1, 10)
if not hello_response or hello_response.empty?
print_error("#{sock.peerinfo} - The Hello Request haven't had response")
@ -235,7 +235,7 @@ class Metasploit3 < Msf::Exploit::Remote
end
sock.put(auth)
auth_response = sock.get
auth_response = sock.get_once(-1, 10)
if not auth_response or auth_response.empty?
print_error("#{sock.peerinfo} - The Authentication Request haven't had response")
return
@ -247,7 +247,7 @@ class Metasploit3 < Msf::Exploit::Remote
request_token << "\x07\x00\x00\x00"
sock.put(request_token)
response_token = sock.get
response_token = sock.get_once(-1, 10)
if not response_token or response_token.empty?
print_error("#{sock.peerinfo} - The Token Request haven't had response")
return
@ -261,7 +261,7 @@ class Metasploit3 < Msf::Exploit::Remote
request_home_identifier << "\x00\x00\x00\x00"
sock.put(request_home_identifier)
response_home_identifier = sock.get
response_home_identifier = sock.get_once(-1, 10)
if not response_home_identifier or response_home_identifier.empty?
print_error("#{sock.peerinfo} - The Home Identifier Request haven't had response")
return
@ -275,7 +275,7 @@ class Metasploit3 < Msf::Exploit::Remote
request_home_contents << response_home_identifier[24,9] << "\00\x00\x00\x00\x0d\x00\x00"
sock.put(request_home_contents)
response_home_contents = sock.get
response_home_contents = sock.get_once(-1, 10)
if not response_home_contents or response_home_contents.empty?
print_error("#{sock.peerinfo} - The Home Contents Request haven't had response")
return

2
modules/exploits/windows/misc/poisonivy_bof.rb
View File

@ -154,7 +154,7 @@ class Metasploit3 < Msf::Exploit::Remote
connect
print_status("Performing handshake...")
sock.put("\x00" * 256)
sock.get
sock.get_once(-1, 10)
# Don't change the nulls, or it might not work
xploit = ''