infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Corrected regex scan vs. match issues 

Altered PS and PCL to elsif to avoid
double detection of printjobs.
bug/bundler_fix
Chris John Riley 2012-09-21 13:20:14 +02:00
parent f7aaae614e
commit 9753494cba
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/auxiliary/server/capture/printjob_capture.rb
View File

@ -149,17 +149,15 @@ class Metasploit3 < Msf::Auxiliary
@state[c][:prn_type] = "PS" @state[c][:prn_type] = "PS"
print_good("Printjob intercepted - type PostScript") print_good("Printjob intercepted - type PostScript")
# extract PostScript data including header and EOF marker # extract PostScript data including header and EOF marker
@state[c][:raw_data] = @state[c][:data].scan(/%!PS-Adobe.*%%EOF/im).first @state[c][:raw_data] = @state[c][:data].match(/%!PS-Adobe.*%%EOF/im)[0]
end
# pcl data (capture PCL or PJL start code) # pcl data (capture PCL or PJL start code)
if @state[c][:data].unpack("H*")[0] =~ /[1b45|1b25|1b26]/ elsif @state[c][:data].unpack("H*")[0] =~ /(1b45|1b25|1b26)/
@state[c][:prn_type] = "PCL" @state[c][:prn_type] = "PCL"
print_good("Printjob intercepted - type PCL") print_good("Printjob intercepted - type PCL")
#extract everything between PCL start and end markers (various) #extract everything between PCL start and end markers (various)
@state[c][:raw_data] = \ @state[c][:raw_data] = Array(@state[c][:data].unpack("H*")[0]
Array(@state[c][:data].unpack("H*")[0] .match(/((1b45|1b25|1b26).*(1b45|1b252d313233343558))/i)[0]) \
.scan(/[1b45|1b25|1b26].*[1b45|1b252d313233343558]/i)).pack("H*") .pack("H*")
end end
# extract Postsript Metadata # extract Postsript Metadata
@ -181,7 +179,8 @@ class Metasploit3 < Msf::Auxiliary
# output discovered Metadata if set # output discovered Metadata if set
if @state[c][:meta_output] and @metadata if @state[c][:meta_output] and @metadata
@state[c][:meta_output].sort.each do | out | @state[c][:meta_output].sort.each do | out |
print_status("#{out}") # print metadata if not empty
print_status("#{out}") if not out.empty?
end end
else else
print_status("No metadata gathered from printjob") print_status("No metadata gathered from printjob")
@ -233,7 +232,7 @@ class Metasploit3 < Msf::Auxiliary
if meta[0] =~ /^Title/i if meta[0] =~ /^Title/i
@state[c][:prn_title] = meta[0].strip @state[c][:prn_title] = meta[0].strip
end end
end end
end end
def metadata_ipp(c) def metadata_ipp(c)