From 108c3961e2ba5aa70252adaf85c286b75e44ea97 Mon Sep 17 00:00:00 2001 From: William Vu Date: Mon, 11 Jul 2016 12:09:12 -0500 Subject: [PATCH 1/3] Make sure GATEWAY_PROBE_PORT is 0 This ensures that dst_port is set for UDPSocket#send. --- lib/msf/core/exploit/capture.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/msf/core/exploit/capture.rb b/lib/msf/core/exploit/capture.rb index aa0da365d9..61f4651459 100644 --- a/lib/msf/core/exploit/capture.rb +++ b/lib/msf/core/exploit/capture.rb @@ -302,7 +302,7 @@ module Msf def probe_gateway(addr) dst_host = datastore['GATEWAY_PROBE_HOST'] - dst_port = datastore['GATEWAY_PROBE_PORT'] == 0 ? rand(30000) + 1024 : datastore['GATEWAY_PROBE_PORT'] + dst_port = datastore['GATEWAY_PROBE_PORT'].to_i == 0 ? rand(30000) + 1024 : datastore['GATEWAY_PROBE_PORT'] preamble = [datastore['SECRET']].pack("N") secret = "#{preamble}#{Rex::Text.rand_text(rand(0xff)+1)}" From 79fd648bbe1cea58ccbaa87c21266f614fbef129 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 11 Jul 2016 22:05:00 -0500 Subject: [PATCH 2/3] don't double-encapsulate regexes on normalize --- lib/msf/core/opt_regexp.rb | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/msf/core/opt_regexp.rb b/lib/msf/core/opt_regexp.rb index 17d32dbb17..36900de610 100644 --- a/lib/msf/core/opt_regexp.rb +++ b/lib/msf/core/opt_regexp.rb @@ -28,8 +28,11 @@ class OptRegexp < OptBase end def normalize(value) - return nil if value.nil? - return Regexp.compile(value.to_s) + if value.nil? || value.kind_of?(Regexp) + value + else + Regexp.compile(value.to_s) + end end def display_value(value) @@ -38,8 +41,7 @@ class OptRegexp < OptBase elsif value.kind_of?(String) return display_value(normalize(value)) end - - return super + super end end From 128f8029281f3a0feed3b24f12853c5afe046d28 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Mon, 11 Jul 2016 22:05:50 -0500 Subject: [PATCH 3/3] use the regex source when generating or displaying a regex --- modules/auxiliary/scanner/http/cert.rb | 2 +- modules/auxiliary/spoof/nbns/nbns_response.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/scanner/http/cert.rb b/modules/auxiliary/scanner/http/cert.rb index 414f9c391b..59ce33db5b 100644 --- a/modules/auxiliary/scanner/http/cert.rb +++ b/modules/auxiliary/scanner/http/cert.rb @@ -59,7 +59,7 @@ class MetasploitModule < Msf::Auxiliary end end - if cert.issuer.to_s !~ /#{datastore['ISSUER']}/n + if cert.issuer.to_s !~ /#{datastore['ISSUER'].source}/n print_good("#{ip} - '#{vhostn}' : #{cert.issuer} (BAD ISSUER)" ) elsif datastore['SHOWALL'] # show verbose as status diff --git a/modules/auxiliary/spoof/nbns/nbns_response.rb b/modules/auxiliary/spoof/nbns/nbns_response.rb index aca1f4e0b3..68a99b20ad 100644 --- a/modules/auxiliary/spoof/nbns/nbns_response.rb +++ b/modules/auxiliary/spoof/nbns/nbns_response.rb @@ -82,7 +82,7 @@ class MetasploitModule < Msf::Auxiliary nbnsq_type = packet[46..47] nbnsq_class = packet[48..49] - return unless nbnsq_decodedname =~ /#{datastore['REGEX']}/i + return unless nbnsq_decodedname =~ /#{datastore['REGEX'].source}/i vprint_good("#{rhost.ljust 16} nbns - #{nbnsq_decodedname} matches regex, responding with #{spoof}") @@ -165,7 +165,7 @@ class MetasploitModule < Msf::Auxiliary end } - print_status("NBNS Spoofer started. Listening for NBNS requests with REGEX \"#{datastore['REGEX']}\" ...") + print_status("NBNS Spoofer started. Listening for NBNS requests with REGEX \"#{datastore['REGEX'].source}\" ...") self.thread.join print_status("NBNS Monitor thread exited...")