infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove previously deprecated modules

bug/bundler_fix
James Lee 2014-04-20 22:15:44 -05:00
parent 71a650fe6e
commit ee413ac385
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
2 changed files with 0 additions and 199 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
modules/auxiliary/scanner/smb/ms08_067_check.rb
View File

@ -1,120 +0,0 @@
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require "msf/core"
require 'msf/core/module/deprecated'
class Metasploit4 < Msf::Auxiliary
include Msf::Exploit::Remote::DCERPC
include Msf::Exploit::Remote::SMB
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
include Msf::Module::Deprecated
deprecated Date.new(2014, 2, 26), "exploit/windows/smb/ms08_067_netapi"
def initialize(info = {})
super(update_info(info,
'Name' => "MS08-067 Scanner",
'Description' => %q{
This module uses the check in ms08_067_netapi to scan for MS08-067.
},
'Author' => [
"hdm", # with tons of input/help/testing from the community
"Brett Moore <brett.moore[at]insomniasec.com>",
"frank2 <frank2@dc949.org>", # check() detection
"jduck", # XP SP2/SP3 AlwaysOn DEP bypass
"sho-luv", # Original module
"wvu" # Refactor and cleanup
],
'References' => [
["CVE", "2008-4250"],
["OSVDB", "49243"],
["MSB", "MS08-067"],
# If this vulnerability is found, ms08-67 is exposed as well
["URL", "http://www.rapid7.com/vulndb/lookup/dcerpc-ms-netapi-netpathcanonicalize-dos"]
],
'License' => MSF_LICENSE
))
register_options([
OptString.new("SMBPIPE", [true, "The pipe name to use (BROWSER, SRVSVC)", "BROWSER"])
], self.class)
end
def run_host(ip)
case check_vuln
when Msf::Exploit::CheckCode::Vulnerable
print_good("#{ip}:#{rport} - MS08-067 VULNERABLE")
report_vuln({
:host => ip,
:name => "MS08-067",
:info => "Vulnerability in Server service could allow remote code execution",
:refs => self.references
})
when Msf::Exploit::CheckCode::Safe
vprint_status("#{ip}:#{rport} - MS08-067 SAFE")
when Msf::Exploit::CheckCode::Unknown
vprint_status("#{ip}:#{rport} - MS08-067 UNKNOWN")
end
end
def check_vuln
begin
connect()
smb_login()
rescue Rex::Proto::SMB::Exceptions::LoginError
return Msf::Exploit::CheckCode::Unknown
end
#
# Build the malicious path name
# 5b878ae7 "db @eax;g"
prefix = "\\"
path =
"\x00\\\x00/"*0x10 +
Rex::Text.to_unicode("\\") +
Rex::Text.to_unicode("R7") +
Rex::Text.to_unicode("\\..\\..\\") +
Rex::Text.to_unicode("R7") +
"\x00"*2
server = Rex::Text.rand_text_alpha(rand(8)+1).upcase
handle = dcerpc_handle( '4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0',
'ncacn_np', ["\\#{datastore['SMBPIPE']}"]
)
begin
# Samba doesn't have this handle and returns an ErrorCode
dcerpc_bind(handle)
rescue Rex::Proto::SMB::Exceptions::ErrorCode
return Msf::Exploit::CheckCode::Safe
end
stub =
NDR.uwstring(server) +
NDR.UnicodeConformantVaryingStringPreBuilt(path) +
NDR.long(8) +
NDR.wstring(prefix) +
NDR.long(4097) +
NDR.long(0)
resp = dcerpc.call(0x1f, stub)
error = resp[4,4].unpack("V")[0]
# Cleanup
simple.client.close
simple.client.tree_disconnect
disconnect
if (error == 0x0052005c) # \R :)
return Msf::Exploit::CheckCode::Vulnerable
else
return Msf::Exploit::CheckCode::Safe
end
end
end

79
modules/post/windows/recon/resolve_hostname.rb
View File

@ -1,79 +0,0 @@
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Post
require 'msf/core/module/deprecated'
include Msf::Module::Deprecated
deprecated Date.new(2014, 03, 24), 'post/multi/gather/resolve_hosts'
def initialize(info={})
super( update_info( info,
'Name' => 'Windows Recon Resolve Hostname',
'Description' => %q{
This module resolves a hostname to IP address via the victim,
similar to the Unix 'dig' command. Since resolution happens over
an established session from the perspective of the remote host,
this module can be used to determine differences between external
and internal resolution, especially for potentially high-value
internal addresses of devices named 'mail' or 'www.'
},
'License' => MSF_LICENSE,
'Author' => [ 'mubix' ],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
))
register_options(
[
OptString.new('HOSTNAME', [false, 'Hostname to lookup', nil]),
OptPath.new('HOSTFILE', [false, 'Line separated file with hostnames to resolve', nil]),
OptBool.new('SAVEHOSTS', [true, 'Save resolved hosts to the database', true])
], self.class)
end
def resolve_hostname(hostname)
begin
vprint_status("Looking up IP for #{hostname}")
result = client.net.resolve.resolve_host(hostname)
if result[:ip].nil? or result[:ip].blank?
print_error("Failed to resolve #{hostname}")
return
else
hostip = result[:ip]
end
print_status("#{hostname} resolves to #{hostip}")
if datastore['SAVEHOSTS']
report_host({
:host => hostip,
:name => hostname
})
end
rescue Rex::Post::Meterpreter::RequestError
print_status('Windows 2000 and prior does not support getaddrinfo')
end
end
def run
if datastore['HOSTNAME']
resolve_hostname(datastore['HOSTNAME'])
end
if datastore['HOSTFILE']
::File.open(datastore['HOSTFILE'], "rb").each_line do |hostname|
if hostname.strip != ""
resolve_hostname(hostname.strip)
end
end
end
end
end