From 6435b4370a864f27600d4ea49a2a739e4565842b Mon Sep 17 00:00:00 2001 From: Rob Fuller Date: Sun, 25 May 2014 10:40:23 -0400 Subject: [PATCH] @Meatballs1 fixes --- modules/post/windows/gather/enum_patches.rb | 59 +++++++++++---------- 1 file changed, 32 insertions(+), 27 deletions(-) diff --git a/modules/post/windows/gather/enum_patches.rb b/modules/post/windows/gather/enum_patches.rb index c9e829fbe5..e29bfeaf7e 100644 --- a/modules/post/windows/gather/enum_patches.rb +++ b/modules/post/windows/gather/enum_patches.rb @@ -9,6 +9,7 @@ require 'msf/core/post/common' class Metasploit3 < Msf::Post include Msf::Post::Common + include Msf::Post::Windows::ExtAPI def initialize(info={}) super(update_info(info, @@ -28,7 +29,7 @@ class Metasploit3 < Msf::Post register_options( [ - OptBool.new('MSFLOCALS', [ false, 'Search for missing patchs for which there is a MSF local module', true]), + OptBool.new('MSFLOCALS', [ true, 'Search for missing patchs for which there is a MSF local module', true]), OptString.new('KB', [ true, 'A comma separated list of KB patches to search for', 'KB2871997, KB2928120']) ], self.class) end @@ -53,35 +54,39 @@ class Metasploit3 < Msf::Post patches = patches + msfmodules end - client.core.use("extapi") if not client.ext.aliases.include?("extapi") - begin - objects = client.extapi.wmi.query("SELECT HotFixID FROM Win32_QuickFixEngineering") - rescue RuntimeError - print_error "Known bug in WMI query, try migrating to another process" - return - end - kb_ids = objects[:values].map { |kb| kb[0] } - patches.each do |kb| - if kb_ids.include?(kb) - print_status("#{kb} applied") - else - case kb - when "KB977165" - print_good("KB977165 - Possibly vulnerable to MS10-015 kitrap0d if Windows 2K SP4 - Windows 7 (x86)") - when "KB2305420" - print_good("KB2305420 - Possibly vulnerable to MS10-092 schelevator if Vista, 7, and 2008") - when "KB2592799" - print_good("KB2592799 - Possibly vulnerable to MS11-080 afdjoinleaf if XP SP2/SP3 Win 2k3 SP2") - when "KB2778930" - print_good("KB2778930 - Possibly vulnerable to MS13-005 hwnd_broadcast, elevates from Low to Medium integrity") - when "KB2850851" - print_good("KB2850851 - Possibly vulnerable to MS13-053 schlamperei if x86 Win7 SP0/SP1") - when "KB2870008" - print_good("KB2870008 - Possibly vulnerable to MS13-081 track_popup_menu") + extapi_loaded = load_extapi + if extapi_loaded + begin + objects = session.extapi.wmi.query("SELECT HotFixID FROM Win32_QuickFixEngineering") + rescue RuntimeError + print_error "Known bug in WMI query, try migrating to another process" + return + end + kb_ids = objects[:values].map { |kb| kb[0] } + patches.each do |kb| + if kb_ids.include?(kb) + print_status("#{kb} applied") else - print_good("#{kb} is missing") + case kb + when "KB977165" + print_good("KB977165 - Possibly vulnerable to MS10-015 kitrap0d if Windows 2K SP4 - Windows 7 (x86)") + when "KB2305420" + print_good("KB2305420 - Possibly vulnerable to MS10-092 schelevator if Vista, 7, and 2008") + when "KB2592799" + print_good("KB2592799 - Possibly vulnerable to MS11-080 afdjoinleaf if XP SP2/SP3 Win 2k3 SP2") + when "KB2778930" + print_good("KB2778930 - Possibly vulnerable to MS13-005 hwnd_broadcast, elevates from Low to Medium integrity") + when "KB2850851" + print_good("KB2850851 - Possibly vulnerable to MS13-053 schlamperei if x86 Win7 SP0/SP1") + when "KB2870008" + print_good("KB2870008 - Possibly vulnerable to MS13-081 track_popup_menu") + else + print_good("#{kb} is missing") + end end end + else + print_error "ExtAPI failed to load" end end end