From fe360e3e2acc81e1f9bcc6a50a1e2c9ee77a093d Mon Sep 17 00:00:00 2001
From: wchen-r7 <wei_chen@rapid7.com>
Date: Mon, 10 Jul 2017 11:18:20 -0500
Subject: [PATCH] Fix #8685, Check nil condition for #wordlist_file in jtr
 modules

JTR modules should never assume there is always a database
connected while using #wordlist_file, considering a database is
an optional component for Framework.

Fix #8685
---
 modules/auxiliary/analyze/jtr_aix.rb           | 5 +++++
 modules/auxiliary/analyze/jtr_crack_fast.rb    | 5 +++++
 modules/auxiliary/analyze/jtr_linux.rb         | 5 +++++
 modules/auxiliary/analyze/jtr_mssql_fast.rb    | 5 +++++
 modules/auxiliary/analyze/jtr_mysql_fast.rb    | 5 +++++
 modules/auxiliary/analyze/jtr_postgres_fast.rb | 5 +++++
 6 files changed, 30 insertions(+)

diff --git a/modules/auxiliary/analyze/jtr_aix.rb b/modules/auxiliary/analyze/jtr_aix.rb
index 18b8515040..f3c42045fd 100644
--- a/modules/auxiliary/analyze/jtr_aix.rb
+++ b/modules/auxiliary/analyze/jtr_aix.rb
@@ -32,6 +32,11 @@ class MetasploitModule < Msf::Auxiliary
 
     # generate our wordlist and close the file handle
     wordlist = wordlist_file
+    unless wordlist
+      print_error('This module cannot run without a database connected. Use db_connect to connect to a database.')
+      return
+    end
+
     wordlist.close
     print_status "Wordlist file written out to #{wordlist.path}"
     cracker.wordlist = wordlist.path
diff --git a/modules/auxiliary/analyze/jtr_crack_fast.rb b/modules/auxiliary/analyze/jtr_crack_fast.rb
index b3ab197ca6..96f57bef69 100644
--- a/modules/auxiliary/analyze/jtr_crack_fast.rb
+++ b/modules/auxiliary/analyze/jtr_crack_fast.rb
@@ -31,6 +31,11 @@ class MetasploitModule < Msf::Auxiliary
 
     # generate our wordlist and close the file handle
     wordlist = wordlist_file
+    unless wordlist
+      print_error('This module cannot run without a database connected. Use db_connect to connect to a database.')
+      return
+    end
+
     wordlist.close
     print_status "Wordlist file written out to #{wordlist.path}"
     cracker.wordlist = wordlist.path
diff --git a/modules/auxiliary/analyze/jtr_linux.rb b/modules/auxiliary/analyze/jtr_linux.rb
index a49d2f14c4..04a4cd83a0 100644
--- a/modules/auxiliary/analyze/jtr_linux.rb
+++ b/modules/auxiliary/analyze/jtr_linux.rb
@@ -46,6 +46,11 @@ class MetasploitModule < Msf::Auxiliary
 
     # generate our wordlist and close the file handle
     wordlist = wordlist_file
+    unless wordlist
+      print_error('This module cannot run without a database connected. Use db_connect to connect to a database.')
+      return
+    end
+
     wordlist.close
     print_status "Wordlist file written out to #{wordlist.path}"
     cracker.wordlist = wordlist.path
diff --git a/modules/auxiliary/analyze/jtr_mssql_fast.rb b/modules/auxiliary/analyze/jtr_mssql_fast.rb
index 787f0de29a..5ab7e96c0f 100644
--- a/modules/auxiliary/analyze/jtr_mssql_fast.rb
+++ b/modules/auxiliary/analyze/jtr_mssql_fast.rb
@@ -33,6 +33,11 @@ class MetasploitModule < Msf::Auxiliary
 
     # generate our wordlist and close the file handle
     wordlist = wordlist_file
+    unless wordlist
+      print_error('This module cannot run without a database connected. Use db_connect to connect to a database.')
+      return
+    end
+
     wordlist.close
     print_status "Wordlist file written out to #{wordlist.path}"
     cracker.wordlist = wordlist.path
diff --git a/modules/auxiliary/analyze/jtr_mysql_fast.rb b/modules/auxiliary/analyze/jtr_mysql_fast.rb
index cb4e6a7a30..af8c4fe11c 100644
--- a/modules/auxiliary/analyze/jtr_mysql_fast.rb
+++ b/modules/auxiliary/analyze/jtr_mysql_fast.rb
@@ -32,6 +32,11 @@ class MetasploitModule < Msf::Auxiliary
 
     # generate our wordlist and close the file handle
     wordlist = wordlist_file
+    unless wordlist
+      print_error('This module cannot run without a database connected. Use db_connect to connect to a database.')
+      return
+    end
+
     wordlist.close
     print_status "Wordlist file written out to #{wordlist.path}"
     cracker.wordlist = wordlist.path
diff --git a/modules/auxiliary/analyze/jtr_postgres_fast.rb b/modules/auxiliary/analyze/jtr_postgres_fast.rb
index 7fdab976d5..da34fdf0b6 100644
--- a/modules/auxiliary/analyze/jtr_postgres_fast.rb
+++ b/modules/auxiliary/analyze/jtr_postgres_fast.rb
@@ -36,6 +36,11 @@ class MetasploitModule < Msf::Auxiliary
 
     # generate our wordlist and close the file handle
     wordlist = wordlist_file
+    unless wordlist
+      print_error('This module cannot run without a database connected. Use db_connect to connect to a database.')
+      return
+    end
+
     wordlist.close