infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Delete print_debug/vprint_debug

bug/bundler_fix
jvazquez-r7 2015-04-21 11:14:03 -05:00
parent 8aca4539c9
commit 4224008709
No known key found for this signature in database
GPG Key ID: 38D99152B9352D83
35 changed files with 94 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/msf/core/exploit/http/server.rb
View File

@ -92,11 +92,7 @@ module Exploit::Remote::HttpServer
def print_error(msg='') def print_error(msg='')
(cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super
end end
# :category: print_* overrides
# Prepends client and module name if inside a thread with a #cli
def print_debug(msg='')
(cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super
end
# #
# :category: print_* overrides # :category: print_* overrides
# Prepends client and module name if inside a thread with a #cli # Prepends client and module name if inside a thread with a #cli
@ -126,11 +122,6 @@ module Exploit::Remote::HttpServer
end end
# :category: print_* overrides # :category: print_* overrides
# Prepends client and module name if inside a thread with a #cli # Prepends client and module name if inside a thread with a #cli
def vprint_debug(msg='')
(cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super
end
# :category: print_* overrides
# Prepends client and module name if inside a thread with a #cli
def vprint_warning(msg='') def vprint_warning(msg='')
(cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super (cli) ? super("#{cli.peerhost.ljust(16)} #{self.shortname} - #{msg}") : super
end end

4
lib/msf/core/exploit/remote/browser_exploit_server.rb
View File

@ -219,7 +219,7 @@ module Msf
@requirements.each do |k, v| @requirements.each do |k, v|
expected = k != :vuln_test ? v : 'true' expected = k != :vuln_test ? v : 'true'
vprint_debug("Comparing requirement: #{k}=#{expected} vs #{k}=#{profile[k.to_sym]}") vprint_status("Comparing requirement: #{k}=#{expected} vs #{k}=#{profile[k.to_sym]}")
if k == :activex if k == :activex
bad_reqs << k if has_bad_activex?(profile[k.to_sym]) bad_reqs << k if has_bad_activex?(profile[k.to_sym])
@ -334,7 +334,7 @@ module Msf
when :script when :script
# Gathers target data from a POST request # Gathers target data from a POST request
parsed_body = CGI::parse(Rex::Text.decode_base64(request.body) || '') parsed_body = CGI::parse(Rex::Text.decode_base64(request.body) || '')
vprint_debug("Received sniffed browser data over POST: \n#{parsed_body}.") vprint_status("Received sniffed browser data over POST: \n#{parsed_body}.")
parsed_body.each { |k, v| update_profile(target_info, k.to_sym, v.first) } parsed_body.each { |k, v| update_profile(target_info, k.to_sym, v.first) }
when :headers when :headers
# Gathers target data from headers # Gathers target data from headers

5
lib/msf/core/module/ui/message/verbose.rb
View File

@ -1,9 +1,4 @@
module Msf::Module::UI::Message::Verbose module Msf::Module::UI::Message::Verbose
# Verbose version of #print_debug
def vprint_debug(msg)
print_debug(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE']
end
# Verbose version of #print_error # Verbose version of #print_error
def vprint_error(msg) def vprint_error(msg)
print_error(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE'] print_error(msg) if datastore['VERBOSE'] || framework.datastore['VERBOSE']

7
lib/msf/core/plugin.rb
View File

@ -119,13 +119,6 @@ class Plugin
output.print_good(msg) if (output) output.print_good(msg) if (output)
end end
#
# Prints a 'debug' message.
#
def print_debug(msg='')
output.print_debug(msg) if (output)
end
# #
# Prints a status line. # Prints a status line.
# #

3
lib/msf/core/post/windows/registry.rb
View File

@ -331,7 +331,6 @@ protected
begin begin
client.sys.config.getprivs() client.sys.config.getprivs()
root_key, base_key = session.sys.registry.splitkey(key) root_key, base_key = session.sys.registry.splitkey(key)
#print_debug("Loading file #{file}")
begin begin
loadres = session.sys.registry.load_key(root_key, base_key, file) loadres = session.sys.registry.load_key(root_key, base_key, file)
rescue Rex::Post::Meterpreter::RequestError => e rescue Rex::Post::Meterpreter::RequestError => e
@ -349,7 +348,6 @@ protected
#print_error("An unknown error has occurred: #{loadres.to_s}") #print_error("An unknown error has occurred: #{loadres.to_s}")
return false return false
else else
#print_debug("Registry Hive Loaded Successfully: #{key}")
return true return true
end end
end end
@ -377,7 +375,6 @@ protected
#print_error("An unknown error has occurred: #{unloadres.to_s}") #print_error("An unknown error has occurred: #{unloadres.to_s}")
return false return false
else else
#print_debug("Registry Hive Unloaded Successfully: #{key}")
return true return true
end end
end end

10
lib/msf/http/typo3/login.rb
View File

@ -32,10 +32,10 @@ module Msf::HTTP::Typo3::Login
end end
n = n_match[1] n = n_match[1]
vprint_debug("e: #{e}") vprint_status("e: #{e}")
vprint_debug("n: #{n}") vprint_status("n: #{n}")
rsa_enc = typo3_helper_login_rsa(e, n, pass) rsa_enc = typo3_helper_login_rsa(e, n, pass)
vprint_debug("RSA Hash: #{rsa_enc}") vprint_status("RSA Hash: #{rsa_enc}")
# make login request # make login request
vars_post = { vars_post = {
'n' => '', 'n' => '',
@ -58,10 +58,10 @@ module Msf::HTTP::Typo3::Login
}) })
if res_login if res_login
if res_login.body =~ /<!-- ###LOGIN_ERROR### begin -->(.*)<!-- ###LOGIN_ERROR### end -->/im if res_login.body =~ /<!-- ###LOGIN_ERROR### begin -->(.*)<!-- ###LOGIN_ERROR### end -->/im
vprint_debug(strip_tags($1)) vprint_status(strip_tags($1))
return nil return nil
elsif res_login.body =~ /<p class="t3-error-text">(.*?)<\/p>/im elsif res_login.body =~ /<p class="t3-error-text">(.*?)<\/p>/im
vprint_debug(strip_tags($1)) vprint_status(strip_tags($1))
return nil return nil
else else
cookies = res_login.get_cookies cookies = res_login.get_cookies

4
lib/rex/io/bidirectional_pipe.rb
View File

@ -87,10 +87,6 @@ class BidirectionalPipe < Rex::Ui::Text::Input
print_line('[+] ' + msg) print_line('[+] ' + msg)
end end
def print_debug(msg='')
print_line('[!] ' + msg)
end
def flush def flush
end end

3
lib/rex/ui/output.rb
View File

@ -30,9 +30,6 @@ class Output
def print_good(msg='') def print_good(msg='')
end end
def print_debug(msg='')
end
# #
# Prints a status line. # Prints a status line.
# #

10
lib/rex/ui/subscriber.rb
View File

@ -56,16 +56,6 @@ module Subscriber
end end
end end
#
# Wraps user_output.print_debug
#
def print_debug(msg='')
if (user_output)
print_blank_line if user_output.prompting?
user_output.print_debug(msg)
end
end
# #
# Wraps user_output.print_warning # Wraps user_output.print_warning
# #

4
lib/rex/ui/text/output.rb
View File

@ -55,10 +55,6 @@ class Output < Rex::Ui::Output
print_line("%bld%grn[+]%clr #{msg}") print_line("%bld%grn[+]%clr #{msg}")
end end
def print_debug(msg = '')
print_line("%bld%cya[!]%clr #{msg}")
end
def print_status(msg = '') def print_status(msg = '')
print_line("%bld%blu[*]%clr #{msg}") print_line("%bld%blu[*]%clr #{msg}")
end end

2
modules/auxiliary/dos/http/wordpress_xmlrpc_dos.rb
View File

@ -129,7 +129,7 @@ class Metasploit3 < Msf::Auxiliary
} }
space_to_fill = size_bytes - empty_xml.size space_to_fill = size_bytes - empty_xml.size
vprint_debug("#{peer} - max XML space to fill: #{space_to_fill} bytes") vprint_status("#{peer} - max XML space to fill: #{space_to_fill} bytes")
payload = "&#{entity};" * (space_to_fill / 6) payload = "&#{entity};" * (space_to_fill / 6)
entity_value_length = space_to_fill - payload.length entity_value_length = space_to_fill - payload.length

2
modules/auxiliary/gather/doliwamp_traversal_creds.rb
View File

@ -101,7 +101,6 @@ class Metasploit3 < Msf::Auxiliary
# Verify if session cookie is valid and return user's ID # Verify if session cookie is valid and return user's ID
# #
def get_user_id def get_user_id
# print_debug("#{peer} - Trying to hijack session '#{@cookie}'")
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'user/fiche.php'), 'uri' => normalize_uri(target_uri.path, 'user/fiche.php'),
'cookie' => @cookie 'cookie' => @cookie
@ -121,7 +120,6 @@ class Metasploit3 < Msf::Auxiliary
# Construct cookie using token # Construct cookie using token
# #
def create_cookie(token) def create_cookie(token)
# print_debug("#{peer} - Creating a cookie with token '#{token}'")
res = send_request_cgi({ res = send_request_cgi({
'uri' => normalize_uri(target_uri.path, 'user/fiche.php'), 'uri' => normalize_uri(target_uri.path, 'user/fiche.php'),
'cookie' => "DOLSESSID_#{Rex::Text.rand_text_alphanumeric(10)}=#{token}" 'cookie' => "DOLSESSID_#{Rex::Text.rand_text_alphanumeric(10)}=#{token}"

4
modules/auxiliary/scanner/smb/smb_enumusers_domain.rb
View File

@ -43,7 +43,6 @@ class Metasploit3 < Msf::Auxiliary
val_actual = resp[idx,4].unpack("V")[0] val_actual = resp[idx,4].unpack("V")[0]
idx += 4 idx += 4
value = resp[idx,val_actual*2] value = resp[idx,val_actual*2]
#print_debug "resp[0x#{idx.to_s(16)},#{val_actual*2}] : " + value
idx += val_actual * 2 idx += val_actual * 2
idx += val_actual % 2 * 2 # alignment idx += val_actual % 2 * 2 # alignment
@ -54,15 +53,12 @@ class Metasploit3 < Msf::Auxiliary
def parse_net_wksta_enum_users_info(resp) def parse_net_wksta_enum_users_info(resp)
accounts = [ Hash.new() ] accounts = [ Hash.new() ]
#print_debug resp[0,20].unpack("H*")
idx = 20 idx = 20
count = resp[idx,4].unpack("V")[0] # wkssvc_NetWkstaEnumUsersInfo -> Info -> PtrCt0 -> User() -> Ptr -> Max Count count = resp[idx,4].unpack("V")[0] # wkssvc_NetWkstaEnumUsersInfo -> Info -> PtrCt0 -> User() -> Ptr -> Max Count
idx += 4 idx += 4
#print_debug "Max Count : " + count.to_s
1.upto(count) do 1.upto(count) do
# wkssvc_NetWkstaEnumUsersInfo -> Info -> PtrCt0 -> User() -> Ptr -> Ref ID # wkssvc_NetWkstaEnumUsersInfo -> Info -> PtrCt0 -> User() -> Ptr -> Ref ID
# print_debug "Ref ID#{account.to_s}: " + resp[idx,4].unpack("H*").to_s
idx += 4 # ref id name idx += 4 # ref id name
idx += 4 # ref id logon domain idx += 4 # ref id logon domain
idx += 4 # ref id other domains idx += 4 # ref id other domains

2
modules/auxiliary/scanner/ssh/cerberus_sftp_enumusers.rb
View File

@ -173,7 +173,7 @@ class Metasploit3 < Msf::Auxiliary
while (attempt_num <= retry_num) && (ret.nil? || ret == :connection_error) while (attempt_num <= retry_num) && (ret.nil? || ret == :connection_error)
if attempt_num > 0 if attempt_num > 0
Rex.sleep(2 ** attempt_num) Rex.sleep(2 ** attempt_num)
print_debug "#{peer(ip)} Retrying '#{user}' due to connection error" vprint_status("#{peer(ip)} Retrying '#{user}' due to connection error")
end end
ret = check_user(ip, user, rport) ret = check_user(ip, user, rport)

8
modules/auxiliary/scanner/ssh/ssh_enumusers.rb
View File

@ -148,7 +148,7 @@ class Metasploit3 < Msf::Auxiliary
while attempt_num <= retry_num and (ret.nil? or ret == :connection_error) while attempt_num <= retry_num and (ret.nil? or ret == :connection_error)
if attempt_num > 0 if attempt_num > 0
Rex.sleep(2 ** attempt_num) Rex.sleep(2 ** attempt_num)
print_debug "#{peer(ip)} Retrying '#{user}' due to connection error" vprint_status("#{peer(ip)} Retrying '#{user}' due to connection error")
end end
ret = check_user(ip, user, rport) ret = check_user(ip, user, rport)
@ -161,12 +161,12 @@ class Metasploit3 < Msf::Auxiliary
def show_result(attempt_result, user, ip) def show_result(attempt_result, user, ip)
case attempt_result case attempt_result
when :success when :success
print_good "#{peer(ip)} User '#{user}' found" print_good("#{peer(ip)} User '#{user}' found")
do_report(ip, user, rport) do_report(ip, user, rport)
when :connection_error when :connection_error
print_error "#{peer(ip)} User '#{user}' on could not connect" print_error("#{peer(ip)} User '#{user}' on could not connect")
when :fail when :fail
print_debug "#{peer(ip)} User '#{user}' not found" print_error("#{peer(ip)} User '#{user}' not found")
end end
end end

44
modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
View File

@ -693,12 +693,12 @@ class Metasploit3 < Msf::Auxiliary
ssl_type = ssl_unpacked[0] ssl_type = ssl_unpacked[0]
ssl_version = ssl_unpacked[1] ssl_version = ssl_unpacked[1]
ssl_len = ssl_unpacked[2] ssl_len = ssl_unpacked[2]
vprint_debug("SSL record ##{ssl_record_counter}:") vprint_status("SSL record ##{ssl_record_counter}:")
vprint_debug("\tType: #{ssl_type}") vprint_status("\tType: #{ssl_type}")
vprint_debug("\tVersion: 0x#{ssl_version}") vprint_status("\tVersion: 0x#{ssl_version}")
vprint_debug("\tLength: #{ssl_len}") vprint_status("\tLength: #{ssl_len}")
if ssl_type != HANDSHAKE_RECORD_TYPE if ssl_type != HANDSHAKE_RECORD_TYPE
vprint_debug("\tWrong Record Type! (#{ssl_type})") vprint_status("\tWrong Record Type! (#{ssl_type})")
else else
ssl_data = remaining_data[5, ssl_len] ssl_data = remaining_data[5, ssl_len]
handshakes = parse_handshakes(ssl_data) handshakes = parse_handshakes(ssl_data)
@ -729,24 +729,24 @@ class Metasploit3 < Msf::Auxiliary
hs_len = hs_unpacked[2] hs_len = hs_unpacked[2]
hs_data = remaining_data[4, hs_len] hs_data = remaining_data[4, hs_len]
handshake_count += 1 handshake_count += 1
vprint_debug("\tHandshake ##{handshake_count}:") vprint_status("\tHandshake ##{handshake_count}:")
vprint_debug("\t\tLength: #{hs_len}") vprint_status("\t\tLength: #{hs_len}")
handshake_parsed = nil handshake_parsed = nil
case hs_type case hs_type
when HANDSHAKE_SERVER_HELLO_TYPE when HANDSHAKE_SERVER_HELLO_TYPE
vprint_debug("\t\tType: Server Hello (#{hs_type})") vprint_status("\t\tType: Server Hello (#{hs_type})")
handshake_parsed = parse_server_hello(hs_data) handshake_parsed = parse_server_hello(hs_data)
when HANDSHAKE_CERTIFICATE_TYPE when HANDSHAKE_CERTIFICATE_TYPE
vprint_debug("\t\tType: Certificate Data (#{hs_type})") vprint_status("\t\tType: Certificate Data (#{hs_type})")
handshake_parsed = parse_certificate_data(hs_data) handshake_parsed = parse_certificate_data(hs_data)
when HANDSHAKE_KEY_EXCHANGE_TYPE when HANDSHAKE_KEY_EXCHANGE_TYPE
vprint_debug("\t\tType: Server Key Exchange (#{hs_type})") vprint_status("\t\tType: Server Key Exchange (#{hs_type})")
# handshake_parsed = parse_server_key_exchange(hs_data) # handshake_parsed = parse_server_key_exchange(hs_data)
when HANDSHAKE_SERVER_HELLO_DONE_TYPE when HANDSHAKE_SERVER_HELLO_DONE_TYPE
vprint_debug("\t\tType: Server Hello Done (#{hs_type})") vprint_status("\t\tType: Server Hello Done (#{hs_type})")
else else
vprint_debug("\t\tType: Handshake type #{hs_type} not implemented") vprint_status("\t\tType: Handshake type #{hs_type} not implemented")
end end
handshakes << { handshakes << {
@ -763,13 +763,13 @@ class Metasploit3 < Msf::Auxiliary
# Parse Server Hello message # Parse Server Hello message
def parse_server_hello(data) def parse_server_hello(data)
version = data.unpack('H4')[0] version = data.unpack('H4')[0]
vprint_debug("\t\tServer Hello Version: 0x#{version}") vprint_status("\t\tServer Hello Version: 0x#{version}")
random = data[2,32].unpack('H*')[0] random = data[2,32].unpack('H*')[0]
vprint_debug("\t\tServer Hello random data: #{random}") vprint_status("\t\tServer Hello random data: #{random}")
session_id_length = data[34,1].unpack('C')[0] session_id_length = data[34,1].unpack('C')[0]
vprint_debug("\t\tServer Hello Session ID length: #{session_id_length}") vprint_status("\t\tServer Hello Session ID length: #{session_id_length}")
session_id = data[35,session_id_length].unpack('H*')[0] session_id = data[35,session_id_length].unpack('H*')[0]
vprint_debug("\t\tServer Hello Session ID: #{session_id}") vprint_status("\t\tServer Hello Session ID: #{session_id}")
# TODO Read the rest of the server hello (respect message length) # TODO Read the rest of the server hello (respect message length)
# TODO: return hash with data # TODO: return hash with data
@ -782,8 +782,8 @@ class Metasploit3 < Msf::Auxiliary
unpacked = data.unpack('Cn') unpacked = data.unpack('Cn')
cert_len_padding = unpacked[0] cert_len_padding = unpacked[0]
cert_len = unpacked[1] cert_len = unpacked[1]
vprint_debug("\t\tCertificates length: #{cert_len}") vprint_status("\t\tCertificates length: #{cert_len}")
vprint_debug("\t\tData length: #{data.length}") vprint_status("\t\tData length: #{data.length}")
# contains multiple certs # contains multiple certs
already_read = 3 already_read = 3
cert_counter = 0 cert_counter = 0
@ -793,14 +793,14 @@ class Metasploit3 < Msf::Auxiliary
single_cert_unpacked = data[already_read, 3].unpack('Cn') single_cert_unpacked = data[already_read, 3].unpack('Cn')
single_cert_len_padding = single_cert_unpacked[0] single_cert_len_padding = single_cert_unpacked[0]
single_cert_len = single_cert_unpacked[1] single_cert_len = single_cert_unpacked[1]
vprint_debug("\t\tCertificate ##{cert_counter}:") vprint_status("\t\tCertificate ##{cert_counter}:")
vprint_debug("\t\t\tCertificate ##{cert_counter}: Length: #{single_cert_len}") vprint_status("\t\t\tCertificate ##{cert_counter}: Length: #{single_cert_len}")
certificate_data = data[(already_read + 3), single_cert_len] certificate_data = data[(already_read + 3), single_cert_len]
cert = OpenSSL::X509::Certificate.new(certificate_data) cert = OpenSSL::X509::Certificate.new(certificate_data)
# First received certificate is the one from the server # First received certificate is the one from the server
@cert = cert if @cert.nil? @cert = cert if @cert.nil?
#vprint_debug("Got certificate: #{cert.to_text}") #vprint_status("Got certificate: #{cert.to_text}")
vprint_debug("\t\t\tCertificate ##{cert_counter}: #{cert.inspect}") vprint_status("\t\t\tCertificate ##{cert_counter}: #{cert.inspect}")
already_read = already_read + single_cert_len + 3 already_read = already_read + single_cert_len + 3
end end

2
modules/auxiliary/server/browser_autopwn.rb
View File

@ -233,7 +233,7 @@ class Metasploit3 < Msf::Auxiliary
) )
if (datastore['DEBUG']) if (datastore['DEBUG'])
print_debug("NOTE: Debug Mode; javascript will not be obfuscated") print_status("NOTE: Debug Mode; javascript will not be obfuscated")
else else
pre = Time.now pre = Time.now

2
modules/exploits/android/browser/samsung_knox_smdm_url.rb
View File

@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
send_response(cli, apk_bytes, magic_headers) send_response(cli, apk_bytes, magic_headers)
end end
elsif req.uri =~ /_poll/ elsif req.uri =~ /_poll/
vprint_debug "Polling #{req.qstring['id']}: #{@served_payloads[req.qstring['id']]}" vprint_status("Polling #{req.qstring['id']}: #{@served_payloads[req.qstring['id']]}")
send_response(cli, @served_payloads[req.qstring['id']].to_s, 'Content-type' => 'text/plain') send_response(cli, @served_payloads[req.qstring['id']].to_s, 'Content-type' => 'text/plain')
elsif req.uri =~ /launch$/ elsif req.uri =~ /launch$/
send_response_html(cli, launch_html) send_response_html(cli, launch_html)

2
modules/exploits/linux/local/pkexec.rb
View File

@ -349,7 +349,7 @@ int main(int argc,char *argv[], char ** envp)
rm_f executable_path rm_f executable_path
write_file(executable_path, elf) write_file(executable_path, elf)
output = cmd_exec("chmod +x #{executable_path}; #{executable_path}") output = cmd_exec("chmod +x #{executable_path}; #{executable_path}")
output.each_line { |line| print_debug line.chomp } output.each_line { |line| vprint_status(line.chomp) }
stime = Time.now.to_f stime = Time.now.to_f
print_status "Starting the payload handler..." print_status "Starting the payload handler..."

2
modules/exploits/linux/local/sock_sendpage.rb
View File

@ -446,7 +446,7 @@ int main(int argc, char **argv) {
rm_f executable_path rm_f executable_path
write_file(executable_path, elf) write_file(executable_path, elf)
output = cmd_exec("chmod +x #{executable_path}; #{executable_path}") output = cmd_exec("chmod +x #{executable_path}; #{executable_path}")
output.each_line { |line| print_debug line.chomp } output.each_line { |line| vprint_status(line.chomp) }
end end

2
modules/exploits/linux/misc/sercomm_exec.rb
View File

@ -195,8 +195,6 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def execute_command(cmd, opts) def execute_command(cmd, opts)
vprint_debug(cmd)
# Get the length of the command, for the backdoor's command injection # Get the length of the command, for the backdoor's command injection
cmd_length = cmd.length cmd_length = cmd.length

20
modules/exploits/linux/smtp/exim_gethostbyname_bof.rb
View File

@ -97,7 +97,7 @@ class Metasploit4 < Msf::Exploit::Remote
rescue rescue
peer = "#{rhost}:#{rport}" peer = "#{rhost}:#{rport}"
vprint_debug("#{peer} - Caught #{$!.class}: #{$!.message}") vprint_status("#{peer} - Caught #{$!.class}: #{$!.message}")
ensure ensure
smtp_disconnect smtp_disconnect
@ -160,14 +160,14 @@ class Metasploit4 < Msf::Exploit::Remote
16.times do 16.times do
done = catch(:another_heap_shift) do done = catch(:another_heap_shift) do
heap_shift = MIN_HEAP_SHIFT + (rand(1024) & ~15) heap_shift = MIN_HEAP_SHIFT + (rand(1024) & ~15)
print_debug("#{{ heap_shift: heap_shift }}") vprint_status("#{{ heap_shift: heap_shift }}")
# write the malloc_chunk header at increasing offsets (8-byte step), # write the malloc_chunk header at increasing offsets (8-byte step),
# until we overwrite the "503 sender not yet given" error message # until we overwrite the "503 sender not yet given" error message
128.step(256, 8) do |write_offset| 128.step(256, 8) do |write_offset|
error = try_information_leak(heap_shift, write_offset) error = try_information_leak(heap_shift, write_offset)
print_debug("#{{ write_offset: write_offset, error: error }}") vprint_status("#{{ write_offset: write_offset, error: error }}")
throw(:another_heap_shift) if not error throw(:another_heap_shift) if not error
next if error == "503 sender not yet given" next if error == "503 sender not yet given"
@ -179,7 +179,7 @@ class Metasploit4 < Msf::Exploit::Remote
error[i] = try_information_leak(heap_shift, write_offset + i*8) error[i] = try_information_leak(heap_shift, write_offset + i*8)
throw(:another_heap_shift) if not error[i] throw(:another_heap_shift) if not error[i]
end end
print_debug("#{{ error: error }}") vprint_status("#{{ error: error }}")
_leaked_arch = leaked_arch _leaked_arch = leaked_arch
if (error[0] == error[1]) and (error[0].empty? or (error[0].unpack('C')[0] & 7) == 0) and # fd_nextsize if (error[0] == error[1]) and (error[0].empty? or (error[0].unpack('C')[0] & 7) == 0) and # fd_nextsize
@ -197,7 +197,7 @@ class Metasploit4 < Msf::Exploit::Remote
else else
throw(:another_heap_shift) throw(:another_heap_shift)
end end
print_debug("#{{ leaked_arch: leaked_arch }}") vprint_status("#{{ leaked_arch: leaked_arch }}")
fail_with(Failure::BadConfig, "arch changed") if _leaked_arch and _leaked_arch != leaked_arch fail_with(Failure::BadConfig, "arch changed") if _leaked_arch and _leaked_arch != leaked_arch
# try different large-bins: most of them should be empty, # try different large-bins: most of them should be empty,
@ -211,7 +211,7 @@ class Metasploit4 < Msf::Exploit::Remote
next if (error.unpack('C')[0] & (leaked_arch == ARCH_X86 ? 7 : 15)) != 0 # MALLOC_ALIGN_MASK next if (error.unpack('C')[0] & (leaked_arch == ARCH_X86 ? 7 : 15)) != 0 # MALLOC_ALIGN_MASK
count[error] += 1 count[error] += 1
end end
print_debug("#{{ count: count }}") vprint_status("#{{ count: count }}")
throw(:another_heap_shift) if count.empty? throw(:another_heap_shift) if count.empty?
# convert count to a nested array of [key, value] arrays and sort it # convert count to a nested array of [key, value] arrays and sort it
@ -345,7 +345,7 @@ class Metasploit4 < Msf::Exploit::Remote
encoded = payload.raw.gsub(/[\"\\]/, '\\\\\\&').gsub(/[\$\{\}\\]/, '\\\\\\&') encoded = payload.raw.gsub(/[\"\\]/, '\\\\\\&').gsub(/[\$\{\}\\]/, '\\\\\\&')
# setsid because of Exim's "killpg(pid, SIGKILL);" after "alarm(60);" # setsid because of Exim's "killpg(pid, SIGKILL);" after "alarm(60);"
command = '${run{/usr/bin/env setsid /bin/sh -c "' + encoded + '"}}' command = '${run{/usr/bin/env setsid /bin/sh -c "' + encoded + '"}}'
print_debug(command) vprint_status("Command: #{command}")
# don't try to execute commands directly, try a very simple ACL first, # don't try to execute commands directly, try a very simple ACL first,
# to distinguish between exploitation-problems and shellcode-problems # to distinguish between exploitation-problems and shellcode-problems
@ -407,9 +407,9 @@ class Metasploit4 < Msf::Exploit::Remote
# (we don't control what's stored at heap_addr) # (we don't control what's stored at heap_addr)
rand_offset = rand(max_rand_offset) rand_offset = rand(max_rand_offset)
print_debug("#{{ helo: helo_len, step: step_len, addr: heap_addr.to_s(16), offset: rand_offset }}") vprint_status("#{{ helo: helo_len, step: step_len, addr: heap_addr.to_s(16), offset: rand_offset }}")
reply = try_code_execution(helo_len, acldrop, heap_addr + rand_offset) reply = try_code_execution(helo_len, acldrop, heap_addr + rand_offset)
print_debug("#{{ reply: reply }}") if reply vprint_status("#{{ reply: reply }}") if reply
if reply and if reply and
reply[:code] == "550" and reply[:code] == "550" and
@ -419,7 +419,7 @@ class Metasploit4 < Msf::Exploit::Remote
print_good("Please wait for reply...") print_good("Please wait for reply...")
# execute command this time, not acldrop # execute command this time, not acldrop
reply = try_code_execution(helo_len, command, heap_addr + rand_offset) reply = try_code_execution(helo_len, command, heap_addr + rand_offset)
print_debug("#{{ reply: reply }}") vprint_status("#{{ reply: reply }}")
return handler return handler
end end

4
modules/exploits/multi/browser/java_storeimagearray.rb
View File

@ -97,10 +97,10 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def on_request_uri( cli, request ) def on_request_uri( cli, request )
print_debug("Requesting: #{request.uri}") vprint_status("Requesting: #{request.uri}")
if request.uri !~ /\.jar$/i if request.uri !~ /\.jar$/i
if not request.uri =~ /\/$/ if not request.uri =~ /\/$/
print_status("Sending redirect...") vprint_status("Sending redirect...")
send_redirect(cli, "#{get_resource}/", '') send_redirect(cli, "#{get_resource}/", '')
return return
end end

10
modules/exploits/multi/http/drupal_drupageddon.rb
View File

@ -112,7 +112,7 @@ class Metasploit3 < Msf::Exploit::Remote
md5_base64 = phpass_encode64(md5, md5.length) md5_base64 = phpass_encode64(md5, md5.length)
md5_stripped = md5_base64[0...22] md5_stripped = md5_base64[0...22]
pass = "$P\\$" + iter_char + salt + md5_stripped pass = "$P\\$" + iter_char + salt + md5_stripped
vprint_debug("#{peer} - password hash: #{pass}") vprint_status("#{peer} - password hash: #{pass}")
return pass return pass
end end
@ -129,8 +129,8 @@ class Metasploit3 < Msf::Exploit::Remote
form_build_id = $1 if content =~ /name="form_build_id" value="(.+?)"/ form_build_id = $1 if content =~ /name="form_build_id" value="(.+?)"/
form_token = $1 if content =~ /name="form_token" value="(.+?)"/ form_token = $1 if content =~ /name="form_token" value="(.+?)"/
vprint_debug("#{peer} - form_build_id: #{form_build_id}") vprint_status("#{peer} - form_build_id: #{form_build_id}")
vprint_debug("#{peer} - form_token: #{form_token}") vprint_status("#{peer} - form_token: #{form_token}")
return form_build_id, form_token return form_build_id, form_token
end end
@ -202,7 +202,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
cookie = res.get_cookies cookie = res.get_cookies
vprint_debug("#{peer} - cookie: #{cookie}") vprint_status("#{peer} - cookie: #{cookie}")
# call admin interface to extract CSRF token and enabled modules # call admin interface to extract CSRF token and enabled modules
print_status("#{peer} - Trying to parse enabled modules") print_status("#{peer} - Trying to parse enabled modules")
@ -280,7 +280,7 @@ class Metasploit3 < Msf::Exploit::Remote
# get administrator role id # get administrator role id
id = $1 if res.body =~ /for="edit-([0-9]+)-administer-content-types">#{admin_role}:/ id = $1 if res.body =~ /for="edit-([0-9]+)-administer-content-types">#{admin_role}:/
vprint_debug("#{peer} - admin role id: #{id}") vprint_status("#{peer} - admin role id: #{id}")
unless id unless id
fail_with(Failure::Unknown, "Could not parse out administrator ID") fail_with(Failure::Unknown, "Could not parse out administrator ID")

53
modules/exploits/multi/http/jboss_seam_upload_exec.rb
View File

@ -80,21 +80,21 @@ class Metasploit3 < Msf::Exploit::Remote
'data' => "actionOutcome=/success.xhtml?user%3d%23{expressions.getClass().forName('java.lang.Runtime').getDeclaredMethod('getRuntime')}" 'data' => "actionOutcome=/success.xhtml?user%3d%23{expressions.getClass().forName('java.lang.Runtime').getDeclaredMethod('getRuntime')}"
}, timeout=datastore['TIMEOUT']) }, timeout=datastore['TIMEOUT'])
if (res and res.code == 302 and res.headers['Location']) if (res and res.code == 302 and res.headers['Location'])
vprint_debug("Server sent a 302 with location") vprint_status("Server sent a 302 with location")
if (res.headers['Location'] =~ %r(public\+static\+java\.lang\.Runtime\+java.lang.Runtime.getRuntime\%28\%29)) if (res.headers['Location'] =~ %r(public\+static\+java\.lang\.Runtime\+java.lang.Runtime.getRuntime\%28\%29))
report_vuln({ report_vuln({
:host => rhost, :host => rhost,
:port => rport, :port => rport,
:name => "#{self.name} - #{uri}", :name => "#{self.name} - #{uri}",
:refs => self.references, :refs => self.references,
:info => "Module #{self.fullname} found vulnerable JBoss Seam 2 resource." :info => "Module #{self.fullname} found vulnerable JBoss Seam 2 resource."
}) })
return Exploit::CheckCode::Vulnerable return Exploit::CheckCode::Vulnerable
else else
return Exploit::CheckCode::Safe return Exploit::CheckCode::Safe
end end
else else
return Exploit::CheckCode::Unknown return Exploit::CheckCode::Unknown
end end
# If we reach this point, we didn't find the service # If we reach this point, we didn't find the service
@ -205,8 +205,6 @@ EOJSP
def get_full_path(filename) def get_full_path(filename)
#vprint_debug("Trying to find full path for #{filename}")
uri = target_uri.path uri = target_uri.path
res = send_request_cgi( res = send_request_cgi(
{ {
@ -220,7 +218,6 @@ EOJSP
# the user argument should be set to the result of our call - which # the user argument should be set to the result of our call - which
# will be the full path of our file # will be the full path of our file
matches = /.*user=(.+)\&.*/.match(res.headers['Location']) matches = /.*user=(.+)\&.*/.match(res.headers['Location'])
#vprint_debug("Location is " + res.headers['Location'])
if (matches and matches.captures) if (matches and matches.captures)
return Rex::Text::uri_decode(matches.captures[0]) return Rex::Text::uri_decode(matches.captures[0])
else else
@ -241,16 +238,16 @@ EOJSP
append = 'false' append = 'false'
while (data.length > chunk_size) while (data.length > chunk_size)
status = upload_file_chunk(@payload_exe, append, data[0, chunk_size]) status = upload_file_chunk(@payload_exe, append, data[0, chunk_size])
if status if status
vprint_debug("Uploaded chunk") vprint_status("Uploaded chunk")
else else
vprint_error("Failed to upload chunk") vprint_error("Failed to upload chunk")
break break
end end
data = data[chunk_size, data.length - chunk_size] data = data[chunk_size, data.length - chunk_size]
# first chunk is an overwrite, afterwards, we need to append # first chunk is an overwrite, afterwards, we need to append
append = 'true' append = 'true'
end end
status = upload_file_chunk(@payload_exe, 'true', data) status = upload_file_chunk(@payload_exe, 'true', data)
if status if status
@ -290,7 +287,7 @@ EOJSP
return return
end end
vprint_debug("Sending in chunks of #{chunk_size}") vprint_status("Sending in chunks of #{chunk_size}")
case target['Platform'] case target['Platform']
when 'java' when 'java'

2
modules/exploits/unix/webapp/projectsend_upload_exec.rb
View File

@ -128,7 +128,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_warning("#{peer} - File upload may have failed") print_warning("#{peer} - File upload may have failed")
return fname return fname
else else
vprint_debug("#{peer} - Received response: #{res.code} - #{res.body}") vprint_status("#{peer} - Received response: #{res.code} - #{res.body}")
fail_with(Failure::Unknown, "#{peer} - Something went wrong") fail_with(Failure::Unknown, "#{peer} - Something went wrong")
end end
end end

1
modules/exploits/windows/local/ms10_092_schelevator.rb
View File

@ -116,7 +116,6 @@ class Metasploit3 < Msf::Exploit::Local
print_status("Creating task: #{taskname}") print_status("Creating task: #{taskname}")
cmdline = "schtasks.exe /create /tn #{taskname} /tr \"#{cmd}\" /sc monthly /f" cmdline = "schtasks.exe /create /tn #{taskname} /tr \"#{cmd}\" /sc monthly /f"
# print_debug("Will Execute:\n\t#{cmdline}")
exec_schtasks(cmdline, "create the task") exec_schtasks(cmdline, "create the task")
# #

2
modules/exploits/windows/scada/codesys_gateway_server_traversal.rb
View File

@ -59,9 +59,7 @@ class Metasploit3 < Msf::Exploit::Remote
# We create the filepath for the upload, for execution it should be \windows\system32\wbem\mof\<file with extension mof! # We create the filepath for the upload, for execution it should be \windows\system32\wbem\mof\<file with extension mof!
file = "..\\..\\" << remote_filepath << remote_filename << "\x00" file = "..\\..\\" << remote_filepath << remote_filename << "\x00"
#print_debug("File to upload: #{file}")
pkt_size = local_filedata.size() + file.size() + (0x108 - file.size()) + 4 pkt_size = local_filedata.size() + file.size() + (0x108 - file.size()) + 4
#print_debug(pkt_size)
# Magic_code + packing + size # Magic_code + packing + size
pkt = magic_code << "AAAAAAAAAAAA" << [pkt_size].pack('L') pkt = magic_code << "AAAAAAAAAAAA" << [pkt_size].pack('L')

2
modules/post/windows/gather/credentials/tortoisesvn.rb
View File

@ -185,7 +185,7 @@ class Metasploit3 < Msf::Post
:source_type => "exploit", :source_type => "exploit",
:user => user_name, :user => user_name,
:pass => password) :pass => password)
print_debug "Should have reported..." vprint_status("Should have reported...")
# Set savedpwds to 1 on return # Set savedpwds to 1 on return
return 1 return 1

4
modules/post/windows/gather/file_from_raw_ntfs.rb
View File

@ -86,12 +86,12 @@ class Metasploit3 < Msf::Post
end end
def read(size) def read(size)
vprint_debug("Reading #{size} bytes") vprint_status("Reading #{size} bytes")
client.railgun.kernel32.ReadFile(@handle, size, size, 4, nil)['lpBuffer'] client.railgun.kernel32.ReadFile(@handle, size, size, 4, nil)['lpBuffer']
end end
def seek(offset) def seek(offset)
vprint_debug("Seeking to offset #{offset}") vprint_status("Seeking to offset #{offset}")
high_offset = offset >> 32 high_offset = offset >> 32
low_offset = offset & (2**33 - 1) low_offset = offset & (2**33 - 1)
client.railgun.kernel32.SetFilePointer(@handle, low_offset, high_offset, 0) client.railgun.kernel32.SetFilePointer(@handle, low_offset, high_offset, 0)

1
spec/support/shared/examples/msf/module/ui/message/verbose.rb
View File

@ -1,5 +1,4 @@
shared_examples_for 'Msf::Module::UI::Message::Verbose' do shared_examples_for 'Msf::Module::UI::Message::Verbose' do
it { is_expected.to respond_to :vprint_debug }
it { is_expected.to respond_to :vprint_error } it { is_expected.to respond_to :vprint_error }
it { is_expected.to respond_to :vprint_good } it { is_expected.to respond_to :vprint_good }
it { is_expected.to respond_to :vprint_status } it { is_expected.to respond_to :vprint_status }

4
test/modules/auxiliary/test/check.rb
View File

@ -34,12 +34,12 @@ class Metasploit3 < Msf::Auxiliary
end end
def check def check
print_debug "Check is successful" vprint_status("Check is successful")
return Msf::Exploit::CheckCode::Vulnerable return Msf::Exploit::CheckCode::Vulnerable
end end
def run def run
print_debug "Run is successful." vprint_status("Run is successful.")
end end
end end

4
test/modules/auxiliary/test/space-check.rb
View File

@ -34,12 +34,12 @@ class Metasploit3 < Msf::Auxiliary
end end
def check def check
print_debug "Check is successful" vprint_status("Check is successful")
return Msf::Exploit::CheckCode::Vulnerable return Msf::Exploit::CheckCode::Vulnerable
end end
def run def run
print_debug "Run is successful." vprint_status("Run is successful.")
end end
end end

4
test/modules/exploits/test/browserexploitserver.rb
View File

@ -123,7 +123,7 @@ class Metasploit3 < Msf::Exploit::Remote
end end
def on_request_exploit(cli, request, target_info) def on_request_exploit(cli, request, target_info)
print_debug("Target selected: #{get_target.name}") vprint_status("Target selected: #{get_target.name}")
print_line(Rex::Text.to_hex_dump([rop_junk].pack("V*"))) print_line(Rex::Text.to_hex_dump([rop_junk].pack("V*")))
print_line(Rex::Text.to_hex_dump([rop_nop].pack("V*"))) print_line(Rex::Text.to_hex_dump([rop_nop].pack("V*")))
p = get_payload(cli, target_info) p = get_payload(cli, target_info)
@ -148,4 +148,4 @@ end
=begin =begin
Example of raw target_info: Example of raw target_info:
{:source=>"script", :os_name=>"Microsoft Windows", :os_flavor=>"XP", :ua_name=>"MSIE", :ua_ver=>"8.0", :arch=>"x86", :office=>"null", :proxy=>false, :language=>"en-us", :tried=>true} {:source=>"script", :os_name=>"Microsoft Windows", :os_flavor=>"XP", :ua_name=>"MSIE", :ua_ver=>"8.0", :arch=>"x86", :office=>"null", :proxy=>false, :language=>"en-us", :tried=>true}
=end =end

4
test/modules/exploits/test/check.rb
View File

@ -32,12 +32,12 @@ class Metasploit3 < Msf::Exploit
end end
def check def check
print_debug "Check is successful" vprint_status("Check is successful")
return Msf::Exploit::CheckCode::Vulnerable return Msf::Exploit::CheckCode::Vulnerable
end end
def exploit def exploit
print_debug "Exploit is successful." vprint_status("Exploit is successful.")
end end
end end