diff --git a/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb b/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb index d367bdb8c8..ac65e79159 100644 --- a/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb +++ b/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb @@ -148,6 +148,11 @@ class Metasploit3 < Msf::Auxiliary } }, 25) + if res.nil? + print_error("Did not get a response from server") + return + end + raw_data = res.body.scan(/#{action.opts['PATTERN']}/).flatten[0] print_line("\n" + Rex::Text.decode_base64(raw_data)) diff --git a/modules/auxiliary/admin/http/jboss_seam_exec.rb b/modules/auxiliary/admin/http/jboss_seam_exec.rb index 8e4bd0db0d..8e7e3e38c9 100644 --- a/modules/auxiliary/admin/http/jboss_seam_exec.rb +++ b/modules/auxiliary/admin/http/jboss_seam_exec.rb @@ -67,10 +67,10 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET', }, 20) - if (res.headers['Location'] =~ %r(java.lang.Runtime.exec\%28java.lang.String\%29)) + if (res and res.headers['Location'] =~ %r(java.lang.Runtime.exec\%28java.lang.String\%29)) flag_found_one = index print_status("Found right index at [" + index.to_s + "] - exec") - elsif (res.headers['Location'] =~ %r(java.lang.Runtime\+java.lang.Runtime.getRuntime)) + elsif (res and res.headers['Location'] =~ %r(java.lang.Runtime\+java.lang.Runtime.getRuntime)) print_status("Found right index at [" + index.to_s + "] - getRuntime") flag_found_two = index else @@ -90,7 +90,8 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'GET', }, 20) - if (res.headers['Location'] =~ %r(pwned=java.lang.UNIXProcess)) + + if (res and res.headers['Location'] =~ %r(pwned=java.lang.UNIXProcess)) print_status("Exploited successfully") else print_status("Exploit failed.") diff --git a/modules/auxiliary/admin/http/typo3_sa_2010_020.rb b/modules/auxiliary/admin/http/typo3_sa_2010_020.rb index a9f8e4e5e3..c830a77981 100644 --- a/modules/auxiliary/admin/http/typo3_sa_2010_020.rb +++ b/modules/auxiliary/admin/http/typo3_sa_2010_020.rb @@ -99,8 +99,15 @@ class Metasploit4 < Msf::Auxiliary },25) rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout + return rescue ::Timeout::Error, ::Errno::EPIPE => e print_error(e.message) + return + end + + if file.nil? + print_error("Connection timed out") + return end if ((counter.to_f/queue.length.to_f)*100.0).to_s =~ /\d0.0$/ # Display percentage complete every 10% @@ -108,6 +115,7 @@ class Metasploit4 < Msf::Auxiliary print_status("Requests #{percentage.to_i}% complete - [#{counter} / #{queue.length}]") end + # file can be nil case file.headers['Content-Type'] when 'text/html' case file.body diff --git a/modules/auxiliary/admin/oracle/osb_execqr2.rb b/modules/auxiliary/admin/oracle/osb_execqr2.rb index 52c28488c5..79757334e1 100644 --- a/modules/auxiliary/admin/oracle/osb_execqr2.rb +++ b/modules/auxiliary/admin/oracle/osb_execqr2.rb @@ -51,7 +51,7 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'POST', }, 5) - if (res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/PHPSESSID=(.*);(.*)/i)) + if (res and res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/PHPSESSID=(.*);(.*)/i)) sessionid = res.headers['Set-Cookie'].split(';')[0] diff --git a/modules/auxiliary/admin/oracle/osb_execqr3.rb b/modules/auxiliary/admin/oracle/osb_execqr3.rb index 7b986fc512..c66ac0e31e 100644 --- a/modules/auxiliary/admin/oracle/osb_execqr3.rb +++ b/modules/auxiliary/admin/oracle/osb_execqr3.rb @@ -48,7 +48,7 @@ class Metasploit3 < Msf::Auxiliary 'method' => 'POST', }, 5) - if (res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/PHPSESSID=(.*);(.*)/i)) + if (res and res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/PHPSESSID=(.*);(.*)/i)) sessionid = res.headers['Set-Cookie'].split(';')[0] diff --git a/modules/auxiliary/gather/external_ip.rb b/modules/auxiliary/gather/external_ip.rb index 244ce731f8..5fe447807b 100755 --- a/modules/auxiliary/gather/external_ip.rb +++ b/modules/auxiliary/gather/external_ip.rb @@ -42,6 +42,12 @@ end def run connect res = send_request_cgi({'uri' => '/ip', 'method' => 'GET' }) + + if res.nil? + print_error("Connection timed out") + return + end + our_addr = res.body.strip if Rex::Socket.is_ipv4?(our_addr) or Rex::Socket.is_ipv6?(our_addr) print_good("Source ip to #{rhost} is #{our_addr}") diff --git a/modules/auxiliary/scanner/http/axis_local_file_include.rb b/modules/auxiliary/scanner/http/axis_local_file_include.rb index 70969789c2..9c1d76fe25 100644 --- a/modules/auxiliary/scanner/http/axis_local_file_include.rb +++ b/modules/auxiliary/scanner/http/axis_local_file_include.rb @@ -84,7 +84,12 @@ class Metasploit3 < Msf::Auxiliary print_status("#{target_url} - Apache Axis - Dumping administrative credentials") - if (res and res.code == 200) + if res.nil? + print_error("#{target_url} - Connection timed out") + return + end + + if (res.code == 200) if res.body.to_s.match(/axisconfig/) res.body.scan(/parameter\sname=\"userName\">([^\s]+) uri + payload, }, 25) - if (res and res.code == 200 and res.body) + if res.nil? + print_error("#{target_url} - Connection timed out") + return + end + + if (res.code == 200 and res.body) if res.body.match(/\(.*)\<\/html\>/im) html = $1 diff --git a/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb b/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb index f710262eab..77d2fd3c84 100644 --- a/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb +++ b/modules/auxiliary/scanner/http/dir_webdav_unicode_bypass.rb @@ -164,7 +164,7 @@ class Metasploit3 < Msf::Auxiliary 'data' => webdav_req + "\r\n\r\n", }, 20) - if (res.code.to_i == 207) + if (res and res.code.to_i == 207) print_status("\tFound vulnerable WebDAV Unicode bypass target #{wmap_base_url}#{tpath}%c0%af#{testfdir} #{res.code} (#{wmap_target_host})") # Unable to use report_web_vuln as method is PROPFIND and is not part of allowed diff --git a/modules/auxiliary/scanner/http/dolibarr_login.rb b/modules/auxiliary/scanner/http/dolibarr_login.rb index dfbaca5d16..f563a0dc5b 100644 --- a/modules/auxiliary/scanner/http/dolibarr_login.rb +++ b/modules/auxiliary/scanner/http/dolibarr_login.rb @@ -41,7 +41,7 @@ class Metasploit3 < Msf::Auxiliary def get_sid_token res = send_request_raw({ 'method' => 'GET', - 'uri' => @uri.path + 'uri' => normalize_uri(@uri.path) }) return [nil, nil] if not (res and res.headers['Set-Cookie']) @@ -74,7 +74,7 @@ class Metasploit3 < Msf::Auxiliary begin res = send_request_cgi({ 'method' => 'POST', - 'uri' => "#{@uri.path}index.php", + 'uri' => normalize_uri("#{@uri.path}index.php"), 'cookie' => sid, 'vars_post' => { 'token' => token, @@ -92,6 +92,11 @@ class Metasploit3 < Msf::Auxiliary return :abort end + if res.nil? + print_error("#{@peer} - Connection timed out") + return :abort + end + location = res.headers['Location'] if res and res.headers and (location = res.headers['Location']) and location =~ /admin\// print_good("#{@peer} - Successful login: \"#{user}:#{pass}\"") @@ -112,7 +117,7 @@ class Metasploit3 < Msf::Auxiliary end def run - @uri = normalize_uri(target_uri.path) + @uri = target_uri.path @uri.path << "/" if @uri.path[-1, 1] != "/" @peer = "#{rhost}:#{rport}" diff --git a/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb b/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb index bf504854d9..b0e09427a3 100644 --- a/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb +++ b/modules/auxiliary/scanner/http/litespeed_source_disclosure.rb @@ -62,7 +62,12 @@ class Metasploit3 < Msf::Auxiliary 'uri' => "#{uri}#{nullbytetxt}", }, 25) - version = res.headers['Server'] if res + if res.nil? + print_error("#{target_url} - Connection timed out") + return + end + + version = res.headers['Server'] if vuln_versions.include?(version) print_good("#{target_url} - LiteSpeed - Vulnerable version: #{version}") diff --git a/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb b/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb index b4ead24215..97c7d40f17 100644 --- a/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb +++ b/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb @@ -43,11 +43,6 @@ class Metasploit3 < Msf::Auxiliary ], self.class) end - def target_url - uri = normalize_uri(datastore['URI']) - "http://#{vhost}:#{rport}#{datastore['URI']}" - end - def run_host(ip) trav_strings = [ '../', @@ -71,6 +66,11 @@ class Metasploit3 < Msf::Auxiliary 'uri' => uri + payload, }, 25) + if res.nil? + print_error("#{rhost}:#{rport} Connection timed out") + return + end + print_status("#{rhost}:#{rport} Trying URL " + payload ) if (res and res.code == 200 and res.body) @@ -93,6 +93,7 @@ class Metasploit3 < Msf::Auxiliary print_error("#{rhost}:#{rport} No HTML was returned") end else + # if res is nil, we hit this print_error("#{rhost}:#{rport} Unrecognized #{res.code} response") end i += 1; diff --git a/modules/auxiliary/scanner/http/nginx_source_disclosure.rb b/modules/auxiliary/scanner/http/nginx_source_disclosure.rb index b9920d1707..5793df3170 100644 --- a/modules/auxiliary/scanner/http/nginx_source_disclosure.rb +++ b/modules/auxiliary/scanner/http/nginx_source_disclosure.rb @@ -72,7 +72,10 @@ class Metasploit3 < Msf::Auxiliary 'uri' => "#{uri}#{get_source}", }, 25) - if res + if res.nil? + print_error("#{target_url} - nginx - Connection timed out") + return + else version = res.headers['Server'] http_fingerprint({ :response => res }) end diff --git a/modules/auxiliary/scanner/http/novell_mdm_creds.rb b/modules/auxiliary/scanner/http/novell_mdm_creds.rb index b2cee84c51..6ce61e080a 100644 --- a/modules/auxiliary/scanner/http/novell_mdm_creds.rb +++ b/modules/auxiliary/scanner/http/novell_mdm_creds.rb @@ -69,6 +69,12 @@ class Metasploit3 < Msf::Auxiliary cmd_var => cmd } }) + + if res.nil? + print_error("Connection timed out") + return "", "" # Empty username & password + end + creds = res.body.to_s.match(/.*:"(.*)";.*";/)[1] return creds.split(":") end @@ -89,6 +95,7 @@ class Metasploit3 < Msf::Auxiliary print_status("Found Version #{ver}") session_id,cmd = setup_session() user,pass = get_creds(session_id,cmd) + return if user.empty? and pass.empty? print_good("Got creds. Login:#{user} Password:#{pass}") print_good("Access the admin interface here: #{ip}:#{rport}#{target_uri.path}dashboard/") diff --git a/modules/auxiliary/scanner/http/rails_mass_assignment.rb b/modules/auxiliary/scanner/http/rails_mass_assignment.rb index 1c3a94f0cb..bcc0be30a3 100644 --- a/modules/auxiliary/scanner/http/rails_mass_assignment.rb +++ b/modules/auxiliary/scanner/http/rails_mass_assignment.rb @@ -87,7 +87,7 @@ class Metasploit3 < Msf::Auxiliary 'data' => datastore['METHOD'] == 'POST' ? query.to_query : datastore['DATA'] }, 20) - if resp.code == 500 + if resp and resp.code == 500 print_good("#{ip} - Possible attributes mass assignment in attribute #{param}[...] at #{datastore['PATH']}") report_web_vuln( :host => rhost, diff --git a/modules/auxiliary/scanner/http/sevone_enum.rb b/modules/auxiliary/scanner/http/sevone_enum.rb index 3cce022b63..5fbd309425 100644 --- a/modules/auxiliary/scanner/http/sevone_enum.rb +++ b/modules/auxiliary/scanner/http/sevone_enum.rb @@ -86,6 +86,11 @@ class Metasploit3 < Msf::Auxiliary } }) + if res.nil? + print_error("#{rhost}:#{rport} - Connection timed out") + return :abort + end + check_key = "The user has logged in successfully." key = JSON.parse(res.body)["statusString"] diff --git a/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb b/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb index 99eebecee0..334a36419d 100644 --- a/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb +++ b/modules/auxiliary/scanner/http/vmware_server_dir_trav.rb @@ -52,9 +52,14 @@ class Metasploit3 < Msf::Auxiliary 'uri' => trav+file, 'version' => '1.1', 'method' => 'GET' - }, 25) + }, 25) - if (res and res.code == 200) + if res.nil? + print_error("Connection timed out") + return + end + + if res.code == 200 #print_status("Output Of Requested File:\n#{res.body}") print_status("#{target_host}:#{rport} appears vulnerable to VMWare Directory Traversal Vulnerability") report_vuln( diff --git a/modules/auxiliary/scanner/http/web_vulndb.rb b/modules/auxiliary/scanner/http/web_vulndb.rb index 60959f9a85..28f84078d1 100644 --- a/modules/auxiliary/scanner/http/web_vulndb.rb +++ b/modules/auxiliary/scanner/http/web_vulndb.rb @@ -136,12 +136,15 @@ class Metasploit3 < Msf::Auxiliary 'ctype' => 'text/plain' }, 20) + if res.nil? + print_error("Connection timed out") + return + end if testmesg.empty? or usecode - if(not res or ((res.code.to_i == ecode) or (emesg and res.body.index(emesg)))) + if (res.code.to_i == ecode) or (emesg and res.body.index(emesg)) if dm == false print_status("NOT Found #{wmap_base_url}#{tpath}#{testfvuln} #{res.code.to_i}") - #blah end else if res.code.to_i == 400 and ecode != 400 @@ -174,7 +177,6 @@ class Metasploit3 < Msf::Auxiliary else if dm == false print_status("NOT Found #{wmap_base_url}#{tpath}#{testfvuln} #{res.code.to_i}") - #blah end end end diff --git a/modules/auxiliary/scanner/http/wordpress_login_enum.rb b/modules/auxiliary/scanner/http/wordpress_login_enum.rb index 5696bf2e3d..aa0ca6f110 100644 --- a/modules/auxiliary/scanner/http/wordpress_login_enum.rb +++ b/modules/auxiliary/scanner/http/wordpress_login_enum.rb @@ -111,10 +111,15 @@ class Metasploit3 < Msf::Auxiliary 'data' => post_data, }, 20) + if res.nil? + print_error("#{target_url} - Connection timed out") + return :abort + end + valid_user = false - if (res and res.code == 200 ) + if res.code == 200 if (res.body.to_s =~ /Incorrect password/ ) valid_user = true @@ -150,7 +155,9 @@ class Metasploit3 < Msf::Auxiliary end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout + return :abort rescue ::Timeout::Error, ::Errno::EPIPE + return :abort end end diff --git a/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb b/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb index 8da40d10e7..b8b876d50b 100644 --- a/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb +++ b/modules/auxiliary/scanner/lotus/lotus_domino_hashes.rb @@ -45,6 +45,11 @@ class Metasploit3 < Msf::Auxiliary 'uri' => "#{$uri}\/$defaultview?Readviewentries", }, 25) + if res.nil? + print_error("Connection timed out") + return + end + if (res and res.body.to_s =~ /\ post_data, }, 20) + if res.nil? + print_error("http://#{vhost}:#{rport} - Connection timed out") + return + end + if (res and res.code == 302 ) if res.headers['Set-Cookie'] and res.headers['Set-Cookie'].match(/DomAuthSessId=(.*);(.*)/i) cookie = "DomAuthSessId=#{$1}" diff --git a/modules/auxiliary/scanner/oracle/spy_sid.rb b/modules/auxiliary/scanner/oracle/spy_sid.rb index 5326fc21a2..961250ca60 100644 --- a/modules/auxiliary/scanner/oracle/spy_sid.rb +++ b/modules/auxiliary/scanner/oracle/spy_sid.rb @@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary 'version' => '1.1', }, 5) - if ( res.body =~ /SERVICE_NAME=/ ) + if res and res.body =~ /SERVICE_NAME=/ select(nil,nil,nil,2) sid = res.body.scan(/SERVICE_NAME=([^\)]+)/) report_note( diff --git a/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb b/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb index aa3f7baec7..361fedd5c4 100644 --- a/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb +++ b/modules/auxiliary/scanner/oracle/xdb_sid_brute.rb @@ -242,7 +242,7 @@ class Metasploit3 < Msf::Auxiliary } }, -1) - if (res.code == 200) + if res and res.code == 200 if (not res.body.length > 0) # sometimes weird bug where body doesn't have value yet res.body = res.bufq @@ -294,7 +294,7 @@ class Metasploit3 < Msf::Auxiliary } }, -1) - if (res.code == 200) + if res and res.code == 200 if (not res.body.length > 0) # sometimes weird bug where body doesn't have value yet res.body = res.bufq diff --git a/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb b/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb index af99ca752b..d9a2f67f11 100644 --- a/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb +++ b/modules/auxiliary/scanner/sap/sap_mgmt_con_instanceproperties.rb @@ -91,6 +91,11 @@ class Metasploit4 < Msf::Auxiliary } }, 15) + if res.nil? + print_error("#{rhost}:#{rport} [SAP] Unable to connect") + return + end + if res.code == 200 body = res.body if body.match(/CentralServices<\/property>Attribute<\/propertytype>([^<]+)<\/value>/)