diff --git a/lib/msf/core/auxiliary/mixins.rb b/lib/msf/core/auxiliary/mixins.rb index 3919fe115e..1baebf4846 100644 --- a/lib/msf/core/auxiliary/mixins.rb +++ b/lib/msf/core/auxiliary/mixins.rb @@ -13,5 +13,7 @@ require 'msf/core/auxiliary/scanner' require 'msf/core/auxiliary/timed' require 'msf/core/auxiliary/wmapmodule' require 'msf/core/auxiliary/crawler' + require 'msf/core/auxiliary/commandshell' require 'msf/core/auxiliary/login' +require 'msf/core/auxiliary/rservices' diff --git a/lib/msf/core/auxiliary/rservices.rb b/lib/msf/core/auxiliary/rservices.rb new file mode 100644 index 0000000000..23dc1a4be4 --- /dev/null +++ b/lib/msf/core/auxiliary/rservices.rb @@ -0,0 +1,88 @@ +## +# $Id$ +## + +## +# +# This Auxiliary Mixin provides functionality for dealing with BSD R*Services +# +## + +module Msf +module Auxiliary::RServices + + def initialize(info = {}) + super + + register_options( + [ + OptString.new('FROMUSER', [ false, 'The username to login from' ]), + OptPath.new( 'FROMUSER_FILE', [ false, 'File containing from usernames, one per line', + File.join(Msf::Config.data_directory, "wordlists", "rservices_from_users.txt") ]) + ], Msf::Auxiliary::RServices) + + register_advanced_options( + [ + OptBool.new('REMOVE_FROMUSER_FILE', [ true, "Automatically delete the FROMUSER_FILE on module completion", false]) + ], Msf::Auxiliary::RServices) + end + + + def connect_from_privileged_port(start_port = 1023) + cport = start_port + while cport > 512 + #vprint_status("Trying to connect from port #{cport} ...") + sd = nil + begin + sd = connect(true, { 'CPORT' => cport }) + + # + # XXX: This is NOT optimal. Unfortunately, unreachable hosts will be + # retried around 512 times :-/ Ticket #3206 tracks this. + # + rescue Rex::HostUnreachable + # Ignore and try again + + rescue Rex::AddressInUse + # Ignore and try again + + rescue Rex::ConnectionError + vprint_error("Unable to connect: #{$!}") + return false + + end + + break if sd + cport -= 1 + end + + if not sock + print_error("#{target_host}:#{rport} - Unable to bind to privileged port") + return false + end + + #vprint_status("Connected from #{cport}") + return true + end + + + def load_fromuser_vars + fromusers = extract_words(datastore['FROMUSER_FILE']) + if datastore['FROMUSER'] + fromusers.unshift datastore['FROMUSER'] + end + fromusers + end + + + def cleanup_files + super + + path = datastore['FROMUSER_FILE'] + if path and datastore['REMOVE_FROMUSER_FILE'] + ::File.unlink(path) rescue nil + end + end + +end +end diff --git a/lib/msf/core/exploit/mixins.rb b/lib/msf/core/exploit/mixins.rb index eeda7398e5..c4dbe4662e 100644 --- a/lib/msf/core/exploit/mixins.rb +++ b/lib/msf/core/exploit/mixins.rb @@ -51,7 +51,6 @@ require 'msf/core/exploit/db2' require 'msf/core/exploit/postgres' require 'msf/core/exploit/wdbrpc' require 'msf/core/exploit/wdbrpc_client' -require 'msf/core/exploit/rservices' # Telephony require 'msf/core/exploit/dialup' diff --git a/lib/msf/core/exploit/rservices.rb b/lib/msf/core/exploit/rservices.rb deleted file mode 100644 index a2ba36fdd6..0000000000 --- a/lib/msf/core/exploit/rservices.rb +++ /dev/null @@ -1,52 +0,0 @@ -module Msf -module Exploit::RServices - - def initialize(info = {}) - super - - register_options( - [ - OptString.new('LOCALUSER', [ false, 'The remote username to test' ]), - ], Msf::Exploit::RServices - ) - end - - def connect_from_privileged_port(start_port = 1023) - cport = start_port - while cport > 512 - #vprint_status("Trying to connect from port #{cport} ...") - sd = nil - begin - sd = connect(true, { 'CPORT' => cport }) - - # - # XXX: This is NOT optimal. Unfortunately, unreachable hosts will be - # retried around 512 times :-/ Ticket #3206 tracks this. - # - rescue Rex::HostUnreachable - # Ignore and try again - - rescue Rex::AddressInUse - # Ignore and try again - - rescue Rex::ConnectionError - vprint_error("Unable to connect: #{$!}") - return false - - end - - break if sd - cport -= 1 - end - - if not sock - print_error("#{target_host}:#{rport} - Unable to bind to privileged port") - return false - end - - #vprint_status("Connected from #{cport}") - return true - end - -end -end