Fix incorrect use of sock.get that leads to indefinite hang
parent
3ae91410f5
commit
3868348045
|
@ -116,7 +116,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
begin
|
begin
|
||||||
connect
|
connect
|
||||||
sock.put(Rex::Text.rand_text(5))
|
sock.put(Rex::Text.rand_text(5))
|
||||||
res = sock.get_once
|
res = sock.get_once(-1, 10)_once
|
||||||
disconnect
|
disconnect
|
||||||
rescue Rex::ConnectionError => e
|
rescue Rex::ConnectionError => e
|
||||||
print_error("Connection failed: #{e.class}: #{e}")
|
print_error("Connection failed: #{e.class}: #{e}")
|
||||||
|
@ -147,7 +147,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
connect
|
connect
|
||||||
sock.put(pkt)
|
sock.put(pkt)
|
||||||
res = sock.get
|
res = sock.get_once(-1, 10)
|
||||||
|
|
||||||
disconnect
|
disconnect
|
||||||
|
|
||||||
|
|
|
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
|
|
||||||
def get_pkt
|
def get_pkt
|
||||||
buf = sock.get
|
buf = sock.get_once(-1, 10)
|
||||||
vprint_status("[in ] #{buf.inspect}")
|
vprint_status("[in ] #{buf.inspect}")
|
||||||
buf
|
buf
|
||||||
end
|
end
|
||||||
|
|
|
@ -115,7 +115,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
request = write_request('GET',site,user_agent)
|
request = write_request('GET',site,user_agent)
|
||||||
sock.put(request)
|
sock.put(request)
|
||||||
res = sock.get_once(-1, 10)
|
res = sock.get_once(-1, 10)_once(-1, 10)
|
||||||
|
|
||||||
disconnect
|
disconnect
|
||||||
|
|
||||||
|
@ -167,7 +167,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
request = write_request('GET',ripe_address,user_agent)
|
request = write_request('GET',ripe_address,user_agent)
|
||||||
sock.put(request)
|
sock.put(request)
|
||||||
res = sock.get
|
res = sock.get_once(-1, 10)
|
||||||
|
|
||||||
disconnect
|
disconnect
|
||||||
|
|
||||||
|
|
|
@ -96,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
# Read command output from socket if cmd/unix/generic payload was used
|
# Read command output from socket if cmd/unix/generic payload was used
|
||||||
if (datastore['CMD'])
|
if (datastore['CMD'])
|
||||||
res = sock.get
|
res = sock.get_once(-1, 10)
|
||||||
print_status(res.to_s) if not res.empty?
|
print_status(res.to_s) if not res.empty?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -60,7 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
def check
|
def check
|
||||||
connect
|
connect
|
||||||
sock.put(connection_request)
|
sock.put(connection_request)
|
||||||
res = sock.get
|
res = sock.get_once(-1, 10)
|
||||||
disconnect
|
disconnect
|
||||||
if res.nil? or res[8, 2].unpack("n")[0] != 0x3333 or res[15, 1].unpack("C")[0] != 0
|
if res.nil? or res[8, 2].unpack("n")[0] != 0x3333 or res[15, 1].unpack("C")[0] != 0
|
||||||
# res[8,2] => Reply Type
|
# res[8,2] => Reply Type
|
||||||
|
@ -91,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
print_status("Sending Service Connection Request...")
|
print_status("Sending Service Connection Request...")
|
||||||
sock.put(connection_request)
|
sock.put(connection_request)
|
||||||
res = sock.get
|
res = sock.get_once(-1, 10)
|
||||||
if res.nil? or res[8, 2].unpack("n")[0] != 0x3333 or res[15, 1].unpack("C")[0] != 0
|
if res.nil? or res[8, 2].unpack("n")[0] != 0x3333 or res[15, 1].unpack("C")[0] != 0
|
||||||
# res[8,2] => Reply Type
|
# res[8,2] => Reply Type
|
||||||
# res[15,1] => Connection Status
|
# res[15,1] => Connection Status
|
||||||
|
@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
|
|
||||||
print_status("Sending Overflow on Keyed Object Login...")
|
print_status("Sending Overflow on Keyed Object Login...")
|
||||||
sock.put(pkt)
|
sock.put(pkt)
|
||||||
sock.get
|
sock.get_once(-1, 10)
|
||||||
disconnect
|
disconnect
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
req = "service launcher\n"
|
req = "service launcher\n"
|
||||||
req << "start/flags run /bin/echo /bin/echo #{fingerprint}\n"
|
req << "start/flags run /bin/echo /bin/echo #{fingerprint}\n"
|
||||||
sock.put(req)
|
sock.put(req)
|
||||||
res = sock.get
|
res = sock.get_once(-1, 10)
|
||||||
disconnect
|
disconnect
|
||||||
|
|
||||||
# check response
|
# check response
|
||||||
|
@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
print_status("#{@peer} - Sending payload (#{req.length} bytes)")
|
print_status("#{@peer} - Sending payload (#{req.length} bytes)")
|
||||||
connect
|
connect
|
||||||
sock.put(req)
|
sock.put(req)
|
||||||
res = sock.get
|
res = sock.get_once(-1, 10)
|
||||||
|
|
||||||
# check response
|
# check response
|
||||||
if res and res =~ /No controlling tty/
|
if res and res =~ /No controlling tty/
|
||||||
|
|
|
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
hello << "\xb0\x02\x00\x00\xff\xff\x00\x00" << "\x06\x10\x00\x00\x7c\xfa"
|
hello << "\xb0\x02\x00\x00\xff\xff\x00\x00" << "\x06\x10\x00\x00\x7c\xfa"
|
||||||
|
|
||||||
sock.put(hello)
|
sock.put(hello)
|
||||||
hello_response = sock.get
|
hello_response = sock.get_once(-1, 10)
|
||||||
disconnect
|
disconnect
|
||||||
|
|
||||||
if hello_response and hello_response =~ /Dtb: Context/
|
if hello_response and hello_response =~ /Dtb: Context/
|
||||||
|
@ -109,7 +109,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
hello << "\xb0\x02\x00\x00\xff\xff\x00\x00" << "\x06\x10\x00\x00\x7c\xfa"
|
hello << "\xb0\x02\x00\x00\xff\xff\x00\x00" << "\x06\x10\x00\x00\x7c\xfa"
|
||||||
|
|
||||||
sock.put(hello)
|
sock.put(hello)
|
||||||
hello_response = sock.get
|
hello_response = sock.get_once(-1, 10)
|
||||||
|
|
||||||
if not hello_response or hello_response.empty?
|
if not hello_response or hello_response.empty?
|
||||||
print_error("#{sock.peerinfo} - The Hello Request hasn't received a response")
|
print_error("#{sock.peerinfo} - The Hello Request hasn't received a response")
|
||||||
|
|
|
@ -160,7 +160,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
sock.put(hello)
|
sock.put(hello)
|
||||||
hello_response = sock.get
|
hello_response = sock.get_once(-1, 10)
|
||||||
|
|
||||||
if not hello_response or hello_response.empty?
|
if not hello_response or hello_response.empty?
|
||||||
print_error("#{sock.peerinfo} - The Hello Request haven't had response")
|
print_error("#{sock.peerinfo} - The Hello Request haven't had response")
|
||||||
|
@ -235,7 +235,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
sock.put(auth)
|
sock.put(auth)
|
||||||
auth_response = sock.get
|
auth_response = sock.get_once(-1, 10)
|
||||||
if not auth_response or auth_response.empty?
|
if not auth_response or auth_response.empty?
|
||||||
print_error("#{sock.peerinfo} - The Authentication Request haven't had response")
|
print_error("#{sock.peerinfo} - The Authentication Request haven't had response")
|
||||||
return
|
return
|
||||||
|
@ -247,7 +247,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
request_token << "\x07\x00\x00\x00"
|
request_token << "\x07\x00\x00\x00"
|
||||||
|
|
||||||
sock.put(request_token)
|
sock.put(request_token)
|
||||||
response_token = sock.get
|
response_token = sock.get_once(-1, 10)
|
||||||
if not response_token or response_token.empty?
|
if not response_token or response_token.empty?
|
||||||
print_error("#{sock.peerinfo} - The Token Request haven't had response")
|
print_error("#{sock.peerinfo} - The Token Request haven't had response")
|
||||||
return
|
return
|
||||||
|
@ -261,7 +261,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
request_home_identifier << "\x00\x00\x00\x00"
|
request_home_identifier << "\x00\x00\x00\x00"
|
||||||
|
|
||||||
sock.put(request_home_identifier)
|
sock.put(request_home_identifier)
|
||||||
response_home_identifier = sock.get
|
response_home_identifier = sock.get_once(-1, 10)
|
||||||
if not response_home_identifier or response_home_identifier.empty?
|
if not response_home_identifier or response_home_identifier.empty?
|
||||||
print_error("#{sock.peerinfo} - The Home Identifier Request haven't had response")
|
print_error("#{sock.peerinfo} - The Home Identifier Request haven't had response")
|
||||||
return
|
return
|
||||||
|
@ -275,7 +275,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
request_home_contents << response_home_identifier[24,9] << "\00\x00\x00\x00\x0d\x00\x00"
|
request_home_contents << response_home_identifier[24,9] << "\00\x00\x00\x00\x0d\x00\x00"
|
||||||
|
|
||||||
sock.put(request_home_contents)
|
sock.put(request_home_contents)
|
||||||
response_home_contents = sock.get
|
response_home_contents = sock.get_once(-1, 10)
|
||||||
if not response_home_contents or response_home_contents.empty?
|
if not response_home_contents or response_home_contents.empty?
|
||||||
print_error("#{sock.peerinfo} - The Home Contents Request haven't had response")
|
print_error("#{sock.peerinfo} - The Home Contents Request haven't had response")
|
||||||
return
|
return
|
||||||
|
|
|
@ -154,7 +154,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
||||||
connect
|
connect
|
||||||
print_status("Performing handshake...")
|
print_status("Performing handshake...")
|
||||||
sock.put("\x00" * 256)
|
sock.put("\x00" * 256)
|
||||||
sock.get
|
sock.get_once(-1, 10)
|
||||||
|
|
||||||
# Don't change the nulls, or it might not work
|
# Don't change the nulls, or it might not work
|
||||||
xploit = ''
|
xploit = ''
|
||||||
|
|
Loading…
Reference in New Issue