Land #2286, @wchen-r7's patch for undefined method errors

2013-08-26 20:46:01 -05:00 · 2013-08-26 20:46:01 -05:00 · b9360b9de6
parent 8e9bcb4cc2 85ed9167f2
commit b9360b9de6
23 changed files with 113 additions and 28 deletions
--- a/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb
+++ b/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb
@ -148,6 +148,11 @@ class Metasploit3 < Msf::Auxiliary
 				}
 		}, 25)

+		if res.nil?
+			print_error("Did not get a response from server")
+			return
+		end
+
 		raw_data = res.body.scan(/#{action.opts['PATTERN']}/).flatten[0]
 		print_line("\n" + Rex::Text.decode_base64(raw_data))

--- a/modules/auxiliary/admin/http/jboss_seam_exec.rb
+++ b/modules/auxiliary/admin/http/jboss_seam_exec.rb
@ -67,10 +67,10 @@ class Metasploit3 < Msf::Auxiliary
 					'method' => 'GET',
 				}, 20)

-			if (res.headers['Location'] =~ %r(java.lang.Runtime.exec\%28java.lang.String\%29))
+			if (res and res.headers['Location'] =~ %r(java.lang.Runtime.exec\%28java.lang.String\%29))
 				flag_found_one = index
 				print_status("Found right index at [" + index.to_s + "] - exec")
-			elsif (res.headers['Location'] =~ %r(java.lang.Runtime\+java.lang.Runtime.getRuntime))
+			elsif (res and res.headers['Location'] =~ %r(java.lang.Runtime\+java.lang.Runtime.getRuntime))
 				print_status("Found right index at [" + index.to_s + "] - getRuntime")
 				flag_found_two = index
 			else
@ -90,7 +90,8 @@ class Metasploit3 < Msf::Auxiliary
 					'method' => 'GET',
 				}, 20)

-			if (res.headers['Location'] =~ %r(pwned=java.lang.UNIXProcess))
+
+			if (res and res.headers['Location'] =~ %r(pwned=java.lang.UNIXProcess))
 				print_status("Exploited successfully")
 			else
 				print_status("Exploit failed.")
--- a/modules/auxiliary/admin/http/typo3_sa_2010_020.rb
+++ b/modules/auxiliary/admin/http/typo3_sa_2010_020.rb
@ -99,8 +99,15 @@ class Metasploit4 < Msf::Auxiliary
 				},25)

 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+			return
 		rescue ::Timeout::Error, ::Errno::EPIPE => e
 			print_error(e.message)
+			return
+		end
+
+		if file.nil?
+			print_error("Connection timed out")
+			return
 		end

 		if ((counter.to_f/queue.length.to_f)*100.0).to_s =~ /\d0.0$/ # Display percentage complete every 10%
@ -108,6 +115,7 @@ class Metasploit4 < Msf::Auxiliary
 			print_status("Requests #{percentage.to_i}% complete - [#{counter} / #{queue.length}]")
 		end

+		# file can be nil
 		case file.headers['Content-Type']
 		when 'text/html'
 			case file.body
--- a/modules/auxiliary/admin/oracle/osb_execqr2.rb
+++ b/modules/auxiliary/admin/oracle/osb_execqr2.rb
@ -51,7 +51,7 @@ class Metasploit3 < Msf::Auxiliary
 				'method' => 'POST',
 			}, 5)

-			if (res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/PHPSESSID=(.*);(.*)/i))
+			if (res and res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/PHPSESSID=(.*);(.*)/i))

 				sessionid = res.headers['Set-Cookie'].split(';')[0]

--- a/modules/auxiliary/admin/oracle/osb_execqr3.rb
+++ b/modules/auxiliary/admin/oracle/osb_execqr3.rb
@ -48,7 +48,7 @@ class Metasploit3 < Msf::Auxiliary
 				'method' => 'POST',
 			}, 5)

-			if (res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/PHPSESSID=(.*);(.*)/i))
+			if (res and res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/PHPSESSID=(.*);(.*)/i))

 				sessionid = res.headers['Set-Cookie'].split(';')[0]

--- a/modules/auxiliary/gather/external_ip.rb
+++ b/modules/auxiliary/gather/external_ip.rb
@ -42,6 +42,12 @@ end
 	def run
 		connect
 		res = send_request_cgi({'uri' => '/ip', 'method' => 'GET' })
+
+		if res.nil?
+			print_error("Connection timed out")
+			return
+		end
+
 		our_addr = res.body.strip
 		if Rex::Socket.is_ipv4?(our_addr) or Rex::Socket.is_ipv6?(our_addr)
 			print_good("Source ip to #{rhost} is #{our_addr}")
--- a/modules/auxiliary/scanner/http/axis_local_file_include.rb
+++ b/modules/auxiliary/scanner/http/axis_local_file_include.rb
@ -84,7 +84,12 @@ class Metasploit3 < Msf::Auxiliary

 			print_status("#{target_url} - Apache Axis - Dumping administrative credentials")

-			if (res and res.code == 200)
+			if res.nil?
+				print_error("#{target_url} - Connection timed out")
+				return
+			end
+
+			if (res.code == 200)
 				if res.body.to_s.match(/axisconfig/)

 					res.body.scan(/parameter\sname=\"userName\">([^\s]+)</)
--- a/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb
+++ b/modules/auxiliary/scanner/http/barracuda_directory_traversal.rb
@ -63,7 +63,12 @@ class Metasploit3 < Msf::Auxiliary
 				'uri'     => uri + payload,
 			}, 25)

-		if (res and res.code == 200 and res.body)
+		if res.nil?
+			print_error("#{target_url} - Connection timed out")
+			return
+		end
+
+		if (res.code == 200 and res.body)
 			if res.body.match(/\<html\>(.*)\<\/html\>/im)
 				html = $1

--- a/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb
+++ b/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb
@ -164,7 +164,7 @@ class Metasploit3 < Msf::Auxiliary
 						'data'		=> webdav_req + "\r\n\r\n",
 					}, 20)

-					if (res.code.to_i == 207)
+					if (res and res.code.to_i == 207)
 						print_status("\tFound vulnerable WebDAV Unicode bypass target #{wmap_base_url}#{tpath}%c0%af#{testfdir} #{res.code} (#{wmap_target_host})")

 						# Unable to use report_web_vuln as method is PROPFIND and is not part of allowed
--- a/modules/auxiliary/scanner/http/dolibarr_login.rb
+++ b/modules/auxiliary/scanner/http/dolibarr_login.rb
@ -41,7 +41,7 @@ class Metasploit3 < Msf::Auxiliary
 	def get_sid_token
 		res = send_request_raw({
 			'method' => 'GET',
-			'uri'    => @uri.path
+			'uri'    => normalize_uri(@uri.path)
 		})

 		return [nil, nil] if not (res and res.headers['Set-Cookie'])
@ -74,7 +74,7 @@ class Metasploit3 < Msf::Auxiliary
 		begin
 			res = send_request_cgi({
 				'method'   => 'POST',
-				'uri'      => "#{@uri.path}index.php",
+				'uri'      => normalize_uri("#{@uri.path}index.php"),
 				'cookie'   => sid,
 				'vars_post' => {
 					'token'         => token,
@ -92,6 +92,11 @@ class Metasploit3 < Msf::Auxiliary
 			return :abort
 		end

+		if res.nil?
+			print_error("#{@peer} - Connection timed out")
+			return :abort
+		end
+
 		location = res.headers['Location']
 		if res and res.headers and (location = res.headers['Location']) and location =~ /admin\//
 			print_good("#{@peer} - Successful login: \"#{user}:#{pass}\"")
@ -112,7 +117,7 @@ class Metasploit3 < Msf::Auxiliary
 	end

 	def run
-		@uri = normalize_uri(target_uri.path)
+		@uri = target_uri.path
 		@uri.path << "/" if @uri.path[-1, 1] != "/"
 		@peer = "#{rhost}:#{rport}"

--- a/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb
+++ b/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb
@ -62,7 +62,12 @@ class Metasploit3 < Msf::Auxiliary
 				'uri'     => "#{uri}#{nullbytetxt}",
 			}, 25)

-			version = res.headers['Server'] if res
+			if res.nil?
+				print_error("#{target_url} - Connection timed out")
+				return
+			end
+
+			version = res.headers['Server']

 			if vuln_versions.include?(version)
 				print_good("#{target_url} - LiteSpeed - Vulnerable version: #{version}")
--- a/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb
+++ b/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb
@ -43,11 +43,6 @@ class Metasploit3 < Msf::Auxiliary
 			], self.class)
 	end

-	def target_url
-		uri = normalize_uri(datastore['URI'])
-		"http://#{vhost}:#{rport}#{datastore['URI']}"
-	end
-
 	def run_host(ip)
 		trav_strings = [
 			'../',
@ -71,6 +66,11 @@ class Metasploit3 < Msf::Auxiliary
 						'uri'     => uri + payload,
 					}, 25)

+				if res.nil?
+					print_error("#{rhost}:#{rport} Connection timed out")
+					return
+				end
+
 				print_status("#{rhost}:#{rport} Trying URL " + payload )

 				if (res and res.code == 200 and res.body)
@ -93,6 +93,7 @@ class Metasploit3 < Msf::Auxiliary
 						print_error("#{rhost}:#{rport} No HTML was returned")
 					end
 				else
+					# if res is nil, we hit this
 					print_error("#{rhost}:#{rport} Unrecognized #{res.code} response")
 				end
 				i += 1;
--- a/modules/auxiliary/scanner/http/nginx_source_disclosure.rb
+++ b/modules/auxiliary/scanner/http/nginx_source_disclosure.rb
@ -72,7 +72,10 @@ class Metasploit3 < Msf::Auxiliary
 					'uri'     => "#{uri}#{get_source}",
 				}, 25)

-			if res
+			if res.nil?
+				print_error("#{target_url} - nginx - Connection timed out")
+				return
+			else
 				version = res.headers['Server']
 				http_fingerprint({ :response => res })
 			end
--- a/modules/auxiliary/scanner/http/novell_mdm_creds.rb
+++ b/modules/auxiliary/scanner/http/novell_mdm_creds.rb
@ -69,6 +69,12 @@ class Metasploit3 < Msf::Auxiliary
 				cmd_var => cmd
 			}
 		})
+
+		if res.nil?
+			print_error("Connection timed out")
+			return "", "" # Empty username & password
+		end
+
 		creds = res.body.to_s.match(/.*:"(.*)";.*";/)[1]
 		return creds.split(":")
 	end
@ -89,6 +95,7 @@ class Metasploit3 < Msf::Auxiliary
 				print_status("Found Version #{ver}")
 				session_id,cmd = setup_session()
 				user,pass = get_creds(session_id,cmd)
+				return if user.empty? and pass.empty?
 				print_good("Got creds. Login:#{user} Password:#{pass}")
 				print_good("Access the admin interface here: #{ip}:#{rport}#{target_uri.path}dashboard/")

--- a/modules/auxiliary/scanner/http/rails_mass_assignment.rb
+++ b/modules/auxiliary/scanner/http/rails_mass_assignment.rb
@ -87,7 +87,7 @@ class Metasploit3 < Msf::Auxiliary
 				'data'      => datastore['METHOD'] == 'POST' ? query.to_query : datastore['DATA']
 			}, 20)

-			if resp.code == 500
+			if resp and resp.code == 500
 				print_good("#{ip} - Possible attributes mass assignment in attribute #{param}[...] at #{datastore['PATH']}")
 				report_web_vuln(
 					:host   => rhost,
--- a/modules/auxiliary/scanner/http/sevone_enum.rb
+++ b/modules/auxiliary/scanner/http/sevone_enum.rb
@ -86,6 +86,11 @@ class Metasploit3 < Msf::Auxiliary
 				}
 			})

+		if res.nil?
+			print_error("#{rhost}:#{rport} - Connection timed out")
+			return :abort
+		end
+
 		check_key = "The user has logged in successfully."

 		key = JSON.parse(res.body)["statusString"]
--- a/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb
+++ b/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb
@ -52,9 +52,14 @@ class Metasploit3 < Msf::Auxiliary
 				'uri'          => trav+file,
 				'version'      => '1.1',
 				'method'       => 'GET'
-						}, 25)
+			}, 25)

-			if (res and res.code == 200)
+			if res.nil?
+				print_error("Connection timed out")
+				return
+			end
+
+			if res.code == 200
 				#print_status("Output Of Requested File:\n#{res.body}")
 				print_status("#{target_host}:#{rport} appears vulnerable to VMWare Directory Traversal Vulnerability")
 				report_vuln(
--- a/modules/auxiliary/scanner/http/web_vulndb.rb
+++ b/modules/auxiliary/scanner/http/web_vulndb.rb
@ -136,12 +136,15 @@ class Metasploit3 < Msf::Auxiliary
 						'ctype'		=> 'text/plain'
 					}, 20)

+					if res.nil?
+						print_error("Connection timed out")
+						return
+					end

 					if testmesg.empty? or usecode
-						if(not res or ((res.code.to_i == ecode) or (emesg and res.body.index(emesg))))
+						if (res.code.to_i == ecode) or (emesg and res.body.index(emesg))
 							if dm == false
 								print_status("NOT Found #{wmap_base_url}#{tpath}#{testfvuln}  #{res.code.to_i}")
-								#blah
 							end
 						else
 							if res.code.to_i == 400  and ecode != 400
@ -174,7 +177,6 @@ class Metasploit3 < Msf::Auxiliary
 						else
 							if dm == false
 								print_status("NOT Found #{wmap_base_url}#{tpath}#{testfvuln}  #{res.code.to_i}")
-								#blah
 							end
 						end
 					end
--- a/modules/auxiliary/scanner/http/wordpress_login_enum.rb
+++ b/modules/auxiliary/scanner/http/wordpress_login_enum.rb
@ -111,10 +111,15 @@ class Metasploit3 < Msf::Auxiliary
 				'data'    => post_data,
 			}, 20)

+			if res.nil?
+				print_error("#{target_url} - Connection timed out")
+				return :abort
+			end
+

 			valid_user = false

-			if (res and res.code == 200 )
+			if res.code == 200
 				if (res.body.to_s =~ /Incorrect password/ )
 					valid_user = true

@ -150,7 +155,9 @@ class Metasploit3 < Msf::Auxiliary
 			end

 		rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
+			return :abort
 		rescue ::Timeout::Error, ::Errno::EPIPE
+			return :abort
 		end
 	end

--- a/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb
+++ b/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb
@ -45,6 +45,11 @@ class Metasploit3 < Msf::Auxiliary
 					'uri'     => "#{$uri}\/$defaultview?Readviewentries",
 				}, 25)

+				if res.nil?
+					print_error("Connection timed out")
+					return
+				end
+
 				if (res and res.body.to_s =~ /\<viewentries/)
 					print_good("http://#{vhost}:#{rport} - Lotus Domino - OK names.nsf accessible without credentials")
 					cookie = ''
@ -85,6 +90,11 @@ class Metasploit3 < Msf::Auxiliary
 				'data'    => post_data,
 			}, 20)

+			if res.nil?
+				print_error("http://#{vhost}:#{rport} - Connection timed out")
+				return
+			end
+
 			if (res and res.code == 302 )
 				if res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/DomAuthSessId=(.*);(.*)/i)
 					cookie = "DomAuthSessId=#{$1}"
--- a/modules/auxiliary/scanner/oracle/spy_sid.rb
+++ b/modules/auxiliary/scanner/oracle/spy_sid.rb
@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary
 				'version' => '1.1',
 			}, 5)

-			if ( res.body =~ /SERVICE_NAME=/ )
+			if res and res.body =~ /SERVICE_NAME=/
 				select(nil,nil,nil,2)
 				sid = res.body.scan(/SERVICE_NAME=([^\)]+)/)
 					report_note(
--- a/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb
+++ b/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb
@ -242,7 +242,7 @@ class Metasploit3 < Msf::Auxiliary
 				}
 			}, -1)

-			if (res.code == 200)
+			if res and res.code == 200
 				if (not res.body.length > 0)
 				# sometimes weird bug where body doesn't have value yet
 					res.body = res.bufq
@ -294,7 +294,7 @@ class Metasploit3 < Msf::Auxiliary
 				}
 			}, -1)

-			if (res.code == 200)
+			if res and res.code == 200
 				if (not res.body.length > 0)
 				# sometimes weird bug where body doesn't have value yet
 					res.body = res.bufq
--- a/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb
+++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb
@ -91,6 +91,11 @@ class Metasploit4 < Msf::Auxiliary
 					}
 			}, 15)

+			if res.nil?
+				print_error("#{rhost}:#{rport} [SAP] Unable to connect")
+				return
+			end
+
 			if res.code == 200
 				body = res.body
 				if body.match(/<property>CentralServices<\/property><propertytype>Attribute<\/propertytype><value>([^<]+)<\/value>/)