diff --git a/BUGS.txt b/BUGS.txt index e6cc47d6cc..d6f6ad5854 100644 --- a/BUGS.txt +++ b/BUGS.txt @@ -13,6 +13,7 @@ Metasploit Framework v3.0 [Exploits] * Exploits can crash when a handler sets .sock/.udp_sock to nil - Persistent payloads, exploit tries to use nil as a socket + [msfconsole] * Regex errors if unmatched {/[ sequences are tabbed - use exploit/[ diff --git a/VERSION b/VERSION deleted file mode 100644 index 1668182789..0000000000 --- a/VERSION +++ /dev/null @@ -1 +0,0 @@ -3.0 Beta Release 1 diff --git a/documentation/LICENSE b/documentation/LICENSE index 57a20264f4..f521a2ee1b 100644 --- a/documentation/LICENSE +++ b/documentation/LICENSE @@ -33,24 +33,24 @@ modification of the Software itself]. "Extension" includes any module or plug-in that is intended (by design and coding) to, or can, be dynamically loaded by the Software. -d. "Developer" means the then-current copyright holder(s) of the Software, +e. "Developer" means the then-current copyright holder(s) of the Software, including, but not limited to, the Metasploit personnel and any third-party contributors (or their successor(s) or transferee(s)). -e. "Documentation" means any and all end user, technical/programmer, +f. "Documentation" means any and all end user, technical/programmer, network administrator, or other manuals, tutorials, or code samples provided or offered by Developer with the Software, excluding those items created by someone other than the Developer. -f. "Use" means to download, install, access, copy, execute, sell, or +g. "Use" means to download, install, access, copy, execute, sell, or otherwise benefit from the Software (directly or indirectly, with or without notice or knowledge of the Software's incorporation or utilization in any larger application or product). -g. "You" means the individual or organization that is using the Software +h. "You" means the individual or organization that is using the Software under the License. -h. "Interface" means to execute, parse, or otherwise benefit from the use +i. "Interface" means to execute, parse, or otherwise benefit from the use of the Software. diff --git a/lib/msf/core/framework.rb b/lib/msf/core/framework.rb index 1cd2fa3b18..1d386fab0c 100644 --- a/lib/msf/core/framework.rb +++ b/lib/msf/core/framework.rb @@ -15,7 +15,7 @@ class Framework # Major = 3 Minor = 0 - Release = "-beta-1" + Release = "-beta-2-svn" Version = "#{Major}.#{Minor}#{Release}" Revision = "$Revision$" diff --git a/lib/msf/core/module_manager.rb b/lib/msf/core/module_manager.rb index 6ec806502d..fbeeced037 100644 --- a/lib/msf/core/module_manager.rb +++ b/lib/msf/core/module_manager.rb @@ -742,6 +742,12 @@ protected # Skip test-suite files next if (file =~ /rb\.ts\.rb$/) + # Skip non-ruby files + next if (file !~ /\.rb$/i) + + # Skip files with a leading period + next if (file =~ /^\./i) + begin load_module_from_file(path, file, loaded, recalc, counts, demand) rescue NameError @@ -797,6 +803,7 @@ protected # Loads a module from the supplied file. # def load_module_from_file(path, file, loaded, recalc, counts, demand = false) + # If the file doesn't end in the expected extension... return nil if (!file.match(/\.rb$/)) diff --git a/lib/rex/proto/smb/client.rb b/lib/rex/proto/smb/client.rb index 24109c82f3..e2d9ed212f 100644 --- a/lib/rex/proto/smb/client.rb +++ b/lib/rex/proto/smb/client.rb @@ -1149,6 +1149,70 @@ EVADE = Rex::Proto::SMB::Evasions end + # Perform a transaction against a given pipe name (no null terminator) + def trans_nonull(pipe, param = '', body = '', setup_count = 0, setup_data = '', no_response = nil) + + pkt = CONST::SMB_TRANS_PKT.make_struct + self.smb_defaults(pkt['Payload']['SMB']) + + # Packets larger than mlen will cause XP SP2 to disconnect us ;-( + mlen = 4200 + + # Figure out how much space is taken up by our current arguments + xlen = pipe.length + param.length + body.length + + filler1 = '' + filler2 = '' + + # Fill any available space depending on the evasion settings + if (xlen < mlen) + filler1 = EVADE.make_offset_filler(evasion_opts['pad_data'], (mlen-xlen)/2) + filler2 = EVADE.make_offset_filler(evasion_opts['pad_data'], (mlen-xlen)/2) + end + + # Squish the whole thing together + data = pipe + filler1 + param + filler2 + body + + # Throw some form of a warning out? + if (data.length > mlen) + # XXX This call will more than likely fail :-( + end + + # Calculate all of the offsets + base_offset = pkt.to_s.length + (setup_count * 2) - 4 + param_offset = base_offset + pipe.length + filler1.length + data_offset = param_offset + filler2.length + param.length + + pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_TRANSACTION + pkt['Payload']['SMB'].v['Flags1'] = 0x18 + pkt['Payload']['SMB'].v['Flags2'] = 0x2001 + pkt['Payload']['SMB'].v['WordCount'] = 14 + setup_count + + pkt['Payload'].v['ParamCountTotal'] = param.length + pkt['Payload'].v['DataCountTotal'] = body.length + pkt['Payload'].v['ParamCountMax'] = 0 + pkt['Payload'].v['DataCountMax'] = 0 + pkt['Payload'].v['ParamCount'] = param.length + pkt['Payload'].v['ParamOffset'] = param_offset + pkt['Payload'].v['DataCount'] = body.length + pkt['Payload'].v['DataOffset'] = data_offset + pkt['Payload'].v['SetupCount'] = setup_count + pkt['Payload'].v['SetupData'] = setup_data + + pkt['Payload'].v['Payload'] = data + + if no_response + pkt['Payload'].v['Flags'] = 2 + end + + response = self.smb_send(pkt.to_s) + if no_response + return response + end + + return self.smb_recv_parse(CONST::SMB_COM_TRANSACTION) + end + # Perform a transaction2 request using the specified subcommand, parameters, and data def trans2(subcommand, param = '', body = '')