Improvements to the cleanup process, close sockets properly for exploits and auxiliary

git-svn-id: file:///home/svn/framework3/trunk@9187 4d416f70-5f16-0410-b530-b9f4589650da

lib/msf/core/auxiliary.rb

@@ -178,14 +178,14 @@ class Auxiliary < Msf::Module
 	#
 	def abort_sockets
 		sockets.delete_if { |sock|
-			if (sock.respond_to?('abortive_close'))
+			if (sock.respond_to?('abortive_close='))
 				sock.abortive_close = true
 			end
-			begin
-				disconnect(sock)
-			rescue
-			end
 
+			begin
+				sock.close
+			rescue ::Exception
+			end
 			true
 		}
 	end
@@ -207,3 +207,4 @@ protected
 end
 
 end
+

lib/msf/core/auxiliary/scanner.rb

@@ -51,10 +51,10 @@ def run
 	#
 
 	if(Rex::Compat.is_windows)
-		if(threads_max > 16)
+		if(threads_max > 32)
 			print_error("Warning: The Windows platform cannot reliably support more than 16 threads")
 			print_error("Thread count has been adjusted to 16")
-			threads_max = 16
+			threads_max = 32
 		end
 	end
 
@@ -96,6 +96,8 @@ def run
 					rescue ::Exception => e
 						print_status("Error: #{targ}: #{e.class} #{e.message}")
 						elog("Error running against host #{targ}: #{e.message}\n#{e.backtrace.join("\n")}")
+					ensure
+						nmod.cleanup
 					end
 				end
 			end
@@ -163,6 +165,8 @@ def run
 							raise $!
 						rescue ::Exception => e
 							print_status("Error: #{mybatch[0]}-#{mybatch[-1]}: #{e}")
+						ensure
+							nmod.cleanup
 						end
 					end
 					thread[:batch_size] = batch.length

lib/msf/core/exploit.rb

@@ -188,15 +188,14 @@ class Exploit < Msf::Module
 		#
 		def abort_sockets
 			sockets.delete_if { |sock|
-				if (sock.respond_to?('abortive_close'))
+				if (sock.respond_to?('abortive_close='))
 					sock.abortive_close = true
 				end
 
 				begin
-					disconnect(sock)
-				rescue
+					sock.close
+				rescue ::Exception
 				end
-
 				true
 			}
 		end
@@ -420,6 +419,7 @@ class Exploit < Msf::Module
 		if (payload_instance and handler_enabled?)
 			payload_instance.cleanup_handler
 		end
+		self.abort_sockets if self.respond_to?('abort_sockets')
 	end
 
 	#

lib/msf/core/exploit/http.rb

@@ -179,7 +179,6 @@ module Exploit::Remote::HttpClient
 	#
 	def cleanup
 		super
-
 		disconnect
 	end
 
@@ -1028,3 +1027,4 @@ module Exploit::Remote::HttpServer::PHPInclude
 
 end
 end
+

lib/msf/core/exploit/tcp.rb

@@ -183,7 +183,6 @@ module Exploit::Remote::Tcp
 	#
 	def cleanup
 		super
-
 		disconnect
 	end
 
@@ -325,6 +324,7 @@ module Exploit::Remote::TcpServer
 	# Stops the service, if one was created.
 	#
 	def cleanup
+		super
 		if(service)
 			stop_service()
 			print_status("Server stopped.")

lib/msf/core/exploit/udp.rb

@@ -96,7 +96,6 @@ module Exploit::Remote::Udp
 	#
 	def cleanup
 		super
-
 		disconnect_udp
 	end
 
@@ -155,3 +154,4 @@ protected
 
 end
 end
+

lib/msf/core/exploit_driver.rb

@@ -184,9 +184,10 @@ protected
 					(exploit.passive? == true) ? nil : payload.wfs_delay + exploit.wfs_delay)
 			end
 		rescue ::Exception
-
 			exploit.framework.events.on_module_error(exploit, $!)
 			exploit.print_error("Exploit failed: #{$!}")
+			exploit.error = $!
+
 			elog("Exploit failed (#{exploit.refname}): #{$!}", 'core', LEV_0)
 			dlog("Call stack:\n#{$@.join("\n")}", 'core', LEV_3)
 

modules/auxiliary/scanner/discovery/udp_sweep.rb

@@ -77,7 +77,8 @@ class Metasploit3 < Msf::Auxiliary
 
 		# Create an unbound UDP socket if no CHOST is specified, otherwise
 		# create a UDP socket bound to CHOST (in order to avail of pivoting)
-		udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )
+		udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil, 'Context' => {'Msf' => framework, 'MsfExploit' => self} })
+		add_socket(udp_sock)
 
 			# Send each probe to each host
 			@probes.each do |probe|

modules/auxiliary/scanner/netbios/nbname.rb

@@ -58,7 +58,8 @@ class Metasploit3 < Msf::Auxiliary
 
 			# Create an unbound UDP socket if no CHOST is specified, otherwise
 			# create a UDP socket bound to CHOST (in order to avail of pivoting)
-			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )
+			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil, 'Context' => {'Msf' => framework, 'MsfExploit' => self} })
+			add_socket(udp_sock)
 
 			batch.each do |ip|
 				begin

modules/auxiliary/scanner/ntp/ntp_monlist.rb

@@ -61,7 +61,8 @@ class Metasploit3 < Msf::Auxiliary
 
 			# Create an unbound UDP socket if no CHOST is specified, otherwise
 			# create a UDP socket bound to CHOST (in order to avail of pivoting)
-			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )
+			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil, 'Context' => {'Msf' => framework, 'MsfExploit' => self} })
+			add_socket(udp_sock)
 
 			# Try three times since NTP servers can be a bit busy
 			1.upto(3)  do

modules/auxiliary/scanner/sip/enumerator.rb

@@ -58,9 +58,11 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = Rex::Socket::Udp.create(
 				{
 					'LocalHost' => datastore['CHOST'] || nil,
-					'LocalPort' => datastore['CPORT'].to_i
+					'LocalPort' => datastore['CPORT'].to_i,
+					'Context'   => { 'Msf' => framework, 'MsfExploit' => self }
 				}
 			)
+			add_socket(udp_sock)
 
 			mini = datastore['MINEXT']
 			maxi = datastore['MAXEXT']
@@ -167,3 +169,4 @@ class Metasploit3 < Msf::Auxiliary
 		end
 	end
 end
+

modules/auxiliary/scanner/sip/options.rb

@@ -55,9 +55,11 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = Rex::Socket::Udp.create(
 				{
 					'LocalHost' => datastore['CHOST'] || nil,
-					'LocalPort' => datastore['CPORT'].to_i
+					'LocalPort' => datastore['CPORT'].to_i,
+					'Context' => {'Msf' => framework, 'MsfExploit' => self}
 				}
 			)
+			add_socket(udp_sock)
 
 			batch.each do |ip|
 				data = create_probe(ip)
@@ -163,3 +165,4 @@ class Metasploit3 < Msf::Auxiliary
 
 
 end
+

modules/auxiliary/scanner/snmp/community.rb

@@ -70,7 +70,8 @@ class Metasploit3 < Msf::Auxiliary
 
 			# Create an unbound UDP socket if no CHOST is specified, otherwise
 			# create a UDP socket bound to CHOST (in order to avail of pivoting)
-			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )
+			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil, 'Context' => {'Msf' => framework, 'MsfExploit' => self} })
+			add_socket(udp_sock)
 
 			print_status(">> progress (#{batch[0]}-#{batch[-1]}) #{idx}/#{@comms.length * batch.length}...")
 			@comms.each do |comm|

modules/auxiliary/scanner/tftp/tftpbrute.rb

@@ -49,6 +49,7 @@ class Metasploit3 < Msf::Auxiliary
 						}
 				}
 			)
+			add_socket(udp_sock)
 
 			fd = File.open(datastore['DICTIONARY'], 'r')
 			fd.read(fd.stat.size).split("\n").each do |filename|

modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb

@@ -104,6 +104,9 @@ class Metasploit3 < Msf::Exploit::Remote
 			}
 		})
 
+		# Let this close automatically
+		add_socket(wdmserver)
+
 		wdmserver_port = wdmserver.getsockname[2]
 		print_status("Starting the HTTP service on port #{wdmserver_port}")
 
@@ -150,7 +153,12 @@ class Metasploit3 < Msf::Exploit::Remote
 
 		# Download some response data
 		resp = sock.get_once(-1, 10)
-		print_status("Received: " + resp)
+		print_status("Received: #{resp}")
+
+		if not resp
+			print_error("No reply from the target, this may not be a vulnerable system")
+			return
+		end
 
 		print_status("Waiting on a connection to the HTTP service")
 		begin

modules/exploits/windows/ftp/microsoft_ftpd_nlst.rb

@@ -143,6 +143,8 @@ class Metasploit3 < Msf::Exploit::Remote
 			}
 		)
 
+		add_socket(srv)
+
 		begin
 
 		thr = Thread.new { srv.accept }
@@ -174,3 +176,4 @@ class Metasploit3 < Msf::Exploit::Remote
 	end
 
 end
+

modules/exploits/windows/license/calicclnt_getconfig.rb

@@ -100,6 +100,8 @@ class Metasploit3 < Msf::Exploit::Remote
 						'MsfExploit' => self,
 					})
 
+			add_socket(fakecaservice)
+
 			fakecaservice.start
 			print_status("Waiting for the license agent to connect back...")
 			begin