Merge branch 'master' of git://github.com/rapid7/metasploit-framework

lib/msf/core/exploit/mixins.rb

@@ -88,3 +88,6 @@ require 'msf/core/exploit/java'
 # WBEM
 require 'msf/core/exploit/wbemexec'
 
+#WinRM
+require 'msf/core/exploit/winrm'
+

lib/msf/core/exploit/winrm.rb

@@ -0,0 +1,471 @@
+# -*- coding: binary -*-
+require 'uri'
+require 'digest'
+require 'rex/proto/ntlm/crypt'
+require 'rex/proto/ntlm/constants'
+require 'rex/proto/ntlm/utils'
+require 'rex/proto/ntlm/exceptions'
+
+module Msf
+module Exploit::Remote::WinRM
+
+	include Exploit::Remote::NTLM::Client
+	include Exploit::Remote::HttpClient
+
+	#
+	# Constants
+	#
+	NTLM_CRYPT ||= Rex::Proto::NTLM::Crypt
+	NTLM_CONST ||= Rex::Proto::NTLM::Constants
+	NTLM_UTILS ||= Rex::Proto::NTLM::Utils
+	NTLM_XCEPT ||= Rex::Proto::NTLM::Exceptions
+
+	def initialize(info = {})
+		super
+		register_options(
+			[
+				Opt::RHOST,
+				Opt::RPORT(5985),
+				OptString.new('VHOST', [ false, "HTTP server virtual host" ]),
+				OptBool.new('SSL', [ false, 'Negotiate SSL for outgoing connections', false]),
+				OptEnum.new('SSLVersion', [ false, 'Specify the version of SSL that should be used', 'SSL3', ['SSL2', 'SSL3', 'TLS1']]),
+				OptString.new('DOMAIN', [ true, 'The domain to use for Windows authentification', 'WORKSTATION']),
+				OptString.new('URI', [ true, "The URI of the WinRM service", "/wsman" ]),
+				OptString.new('USERNAME', [ false, 'A specific username to authenticate as' ]),
+				OptString.new('PASSWORD', [ false, 'A specific password to authenticate with' ])
+			], self.class
+		)
+
+		register_autofilter_ports([ 80,443,5985,5986 ])
+		register_autofilter_services(%W{ winrm })
+	end
+
+	def winrm_poke(timeout = 20)
+		opts = {
+			'uri' => datastore['URI'],
+			'data' => Rex::Text.rand_text_alpha(8)
+		}
+
+		c     = connect(opts)
+		to    = opts[:timeout] || timeout
+		ctype = "application/soap+xml;charset=UTF-8"
+
+		resp, c = send_request_cgi(opts.merge({
+			'uri'    => opts['uri'],
+			'method' => 'POST',
+			'ctype'  => ctype,
+			'data'   => opts['data']
+		}), to)
+
+		return resp
+	end
+
+	def parse_auth_methods(resp)
+		return [] unless resp and resp.code == 401
+		methods = []
+		methods << "Negotiate" if resp.headers['WWW-Authenticate'].include? "Negotiate"
+		methods << "Kerberos" if resp.headers['WWW-Authenticate'].include? "Kerberos"
+		methods << "Basic" if resp.headers['WWW-Authenticate'].include? "Basic"
+		return methods
+	end
+
+	def winrm_run_cmd(cmd, timeout=20)
+		resp,c = send_request_ntlm(winrm_open_shell_msg,timeout)
+
+		if resp.code == 401
+			print_error "Login failure! Recheck supplied credentials."
+			return resp .code
+		end
+
+		unless resp.code == 200
+			print_error "Got unexpected response: \n #{resp.to_s}"
+			retval == resp.code || 0
+			return retval
+		end
+
+		shell_id = winrm_get_shell_id(resp)
+		resp,c = send_request_ntlm(winrm_cmd_msg(cmd, shell_id),timeout)
+		cmd_id = winrm_get_cmd_id(resp)
+		resp,c = send_request_ntlm(winrm_cmd_recv_msg(shell_id,cmd_id),timeout)
+		streams = winrm_get_cmd_streams(resp)
+		resp,c = send_request_ntlm(winrm_terminate_cmd_msg(shell_id,cmd_id),timeout)
+		resp,c = send_request_ntlm(winrm_delete_shell_msg(shell_id))
+
+		return streams
+	end
+
+	def winrm_wql_msg(wql)
+		action = winrm_uri_action("wql")
+		contents = winrm_header(action) + winrm_wql_body(wql)
+		msg = winrm_envelope(contents)
+
+		return msg
+	end
+
+	def winrm_open_shell_msg
+		action = winrm_uri_action("create_shell")
+		options = winrm_option_set([['WINRS_NOPROFILE', 'FALSE'], ['WINRS_CODEPAGE', '437']])
+		header_data = action + options
+		contents = winrm_header(header_data) + winrm_open_shell_body
+		msg = winrm_envelope(contents)
+
+		return msg
+	end
+
+	def winrm_cmd_msg(cmd,shell_id)
+		action = winrm_uri_action("send_cmd")
+		options = winrm_option_set([['WINRS_CONSOLEMODE_STDIN', 'TRUE'], ['WINRS_SKIP_CMD_SHELL', 'FALSE']])
+		selectors = winrm_selector_set([['ShellId', shell_id]])
+		header_data = action + options + selectors
+		contents = winrm_header(header_data) + winrm_cmd_body(cmd)
+		msg = winrm_envelope(contents)
+
+		return msg
+	end
+
+	def winrm_cmd_recv_msg(shell_id,cmd_id)
+		action = winrm_uri_action("recv_cmd")
+		selectors = winrm_selector_set([['ShellId', shell_id]])
+		header_data = action +  selectors
+		contents = winrm_header(header_data) + winrm_cmd_recv_body(cmd_id)
+		msg = winrm_envelope(contents)
+
+		return msg
+	end
+
+	def winrm_terminate_cmd_msg(shell_id,cmd_id)
+		action = winrm_uri_action("signal_shell")
+		selectors = winrm_selector_set([['ShellId', shell_id]])
+		header_data = action +  selectors
+		contents = winrm_header(header_data) + winrm_terminate_cmd_body(cmd_id)
+		msg = winrm_envelope(contents)
+
+		return msg
+	end
+
+	def winrm_delete_shell_msg(shell_id)
+		action = winrm_uri_action("delete_shell")
+		selectors = winrm_selector_set([['ShellId', shell_id]])
+		header_data = action +  selectors
+		contents = winrm_header(header_data) + winrm_empty_body
+		msg = winrm_envelope(contents)
+
+		return msg
+	end
+
+	def parse_wql_response(response)
+		xml = response.body
+		columns = []
+		rows =[]
+		rxml = REXML::Document.new(xml).root
+		items = rxml.elements["///w:Items"]
+
+		items.elements.to_a("///w:XmlFragment").each do |node|
+			row_data = []
+
+			node.elements.to_a.each do |sub_node|
+				columns << sub_node.name
+				row_data << sub_node.text
+			end
+
+			rows << row_data
+		end
+
+		response_data = Rex::Ui::Text::Table.new(
+			'Header'    => "#{datastore['WQL']} (#{rhost})",
+			'Indent'    => 1,
+			'Columns'   => columns.uniq!
+		)
+
+		rows.each do |row|
+			response_data << row
+		end
+
+		return response_data
+	end
+
+	def winrm_get_shell_id(response)
+		xml = response.body
+		shell_id = REXML::Document.new(xml).elements["//w:Selector"].text
+	end
+
+	def winrm_get_cmd_id(response)
+		xml = response.body
+		cmd_id = REXML::Document.new(xml).elements["//rsp:CommandId"].text
+	end
+
+	def winrm_get_cmd_streams(response)
+		streams = {
+			'stdout' => '',
+			'stderr' => '',
+		}
+
+		xml = response.body
+		rxml = REXML::Document.new(xml).root
+
+		rxml.elements.to_a("//rsp:Stream").each do |node|
+			next if node.text.nil?
+			streams[node.attributes['Name']] << Rex::Text.base64_decode(node.text)
+		end
+
+		return streams
+	end
+
+	def generate_uuid
+		::Rex::Proto::DCERPC::UUID.uuid_unpack(Rex::Text.rand_text(16))
+	end
+
+	def send_request_ntlm(data, timeout = 20)
+		opts = {
+			'uri' => datastore['URI'],
+			'data' => data,
+			'username' => datastore['USERNAME'],
+			'password' => datastore['PASSWORD']
+		}
+
+		ntlm_options =
+			{
+				:signing          => false,
+				:usentlm2_session => datastore['NTLM::UseNTLM2_session'],
+				:use_ntlmv2       => datastore['NTLM::UseNTLMv2'],
+				:send_lm          => datastore['NTLM::SendLM'],
+				:send_ntlm        => datastore['NTLM::SendNTLM']
+			}
+
+		ntlmssp_flags = NTLM_UTILS.make_ntlm_flags(ntlm_options)
+		workstation_name =  Rex::Text.rand_text_alpha(rand(8)+1)
+		domain_name = datastore['DOMAIN']
+		ntlm_message_1 = "NEGOTIATE " + Rex::Text::encode_base64(NTLM_UTILS::make_ntlmssp_blob_init( domain_name,
+			workstation_name,
+			ntlmssp_flags))
+
+		to = opts[:timeout] || timeout
+
+		begin
+			c = connect(opts)
+			ctype = "application/soap+xml;charset=UTF-8"
+			# First request to get the challenge
+			r = c.request_cgi(opts.merge({
+				'uri' => opts['uri'],
+				'method' => 'POST',
+				'ctype'     => ctype,
+				'headers' => { 'Authorization' => ntlm_message_1},
+				'data'        => opts['data']
+			}))
+
+			resp = c.send_recv(r, to)
+
+			unless resp.kind_of? Rex::Proto::Http::Response
+				return [nil,nil]
+			end
+
+			return [nil,nil] if resp.code == 404
+			return [nil,nil] unless resp.code == 401 && resp.headers['WWW-Authenticate']
+			# Get the challenge and craft the response
+			ntlm_challenge = resp.headers['WWW-Authenticate'].match(/NEGOTIATE ([A-Z0-9\x2b\x2f=]+)/i)[1]
+			return [nil,nil] unless ntlm_challenge
+
+			#old and simplier method but not compatible with windows 7/2008r2
+			#ntlm_message_2 = Rex::Proto::NTLM::Message.decode64(ntlm_challenge)
+			#ntlm_message_3 = ntlm_message_2.response( {:user => opts['username'],:password => opts['password']}, {:ntlmv2 => true})
+			ntlm_message_2 = Rex::Text::decode_base64(ntlm_challenge)
+			blob_data = NTLM_UTILS.parse_ntlm_type_2_blob(ntlm_message_2)
+			challenge_key = blob_data[:challenge_key]
+			server_ntlmssp_flags = blob_data[:server_ntlmssp_flags] #else should raise an error
+			#netbios name
+			default_name =  blob_data[:default_name] || ''
+			#netbios domain
+			default_domain = blob_data[:default_domain] || ''
+			#dns name
+			dns_host_name =  blob_data[:dns_host_name] || ''
+			#dns domain
+			dns_domain_name =  blob_data[:dns_domain_name] || ''
+			#Client time
+			chall_MsvAvTimestamp = blob_data[:chall_MsvAvTimestamp] || ''
+			spnopt = {:use_spn => datastore['NTLM::SendSPN'], :name =>  self.rhost}
+			resp_lm,
+			resp_ntlm,
+			client_challenge,
+			ntlm_cli_challenge = NTLM_UTILS.create_lm_ntlm_responses(opts['username'], opts['password'], challenge_key,
+				domain_name, default_name, default_domain,
+				dns_host_name, dns_domain_name, chall_MsvAvTimestamp,
+				spnopt, ntlm_options)
+			ntlm_message_3 = NTLM_UTILS.make_ntlmssp_blob_auth(domain_name, workstation_name, opts['username'],
+				resp_lm, resp_ntlm, '', ntlmssp_flags)
+			ntlm_message_3 = Rex::Text::encode_base64(ntlm_message_3)
+
+			# Send the response
+			r = c.request_cgi(opts.merge({
+				'uri' => opts['uri'],
+				'method' => 'POST',
+				'ctype'     => ctype,
+				'headers' => { 'Authorization' => "NEGOTIATE #{ntlm_message_3}"},
+				'data'        => opts['data']
+				}))
+
+			resp = c.send_recv(r, to, true)
+
+			unless resp.kind_of? Rex::Proto::Http::Response
+				return [nil,nil]
+			end
+
+			return [nil,nil] if resp.code == 404
+			return [resp,c]
+		rescue ::Errno::EPIPE, ::Timeout::Error
+		end
+	end
+
+	def accepts_ntlm_auth
+		parse_auth_methods(winrm_poke).include? "Negotiate"
+	end
+
+	def target_url
+		proto = "http"
+		if rport == 5986 or datastore['SSL']
+			proto = "https"
+		end
+
+		if datastore['VHOST']
+			return  "#{proto}://#{datastore ['VHOST']}:#{rport}#{@uri.to_s}"
+		else
+			return "#{proto}://#{rhost}:#{rport}#{@uri.to_s}"
+		end
+	end
+
+
+
+	private
+
+	def winrm_option_set(options)
+		xml = "<w:OptionSet>"
+
+		options.each do |option_pair|
+			xml << winrm_option(*option_pair)
+		end
+
+		xml << "</w:OptionSet>"
+		return xml
+	end
+
+	def winrm_option(name,value)
+		%Q{<w:Option Name="#{name}">#{value}</w:Option>}
+	end
+
+	def winrm_selector_set(selectors)
+		xml = "<w:SelectorSet>"
+
+		selectors.each do |selector_pair|
+			xml << winrm_selector(*selector_pair)
+		end
+
+		xml << "</w:SelectorSet>"
+		return xml
+	end
+
+	def winrm_selector(name,value)
+		%Q{<w:Selector Name="#{name}">#{value}</w:Selector>}
+	end
+
+	def winrm_wql_body(wql)
+		%Q{
+				<env:Body>
+				<n:Enumerate>
+					<w:OptimizeEnumeration xsi:nil="true"/>
+					<w:MaxElements>32000</w:MaxElements>
+					<w:Filter Dialect="http://schemas.microsoft.com/wbem/wsman/1/WQL">#{wql}</w:Filter>
+				</n:Enumerate>
+			</env:Body>
+		}
+	end
+
+	def winrm_open_shell_body
+		%q{<env:Body>
+			<rsp:Shell>
+		<rsp:InputStreams>stdin</rsp:InputStreams>
+		<rsp:OutputStreams>stdout stderr</rsp:OutputStreams>
+		</rsp:Shell>
+		</env:Body>}
+	end
+
+	def winrm_cmd_body(cmd)
+		%Q{ <env:Body>
+			<rsp:CommandLine>
+				<rsp:Command>&quot;#{cmd}&quot;</rsp:Command>
+			</rsp:CommandLine>
+		</env:Body>}
+	end
+
+	def winrm_cmd_recv_body(cmd_id)
+		%Q{<env:Body>
+			<rsp:Receive>
+				<rsp:DesiredStream CommandId="#{cmd_id}">stdout stderr</rsp:DesiredStream>
+			</rsp:Receive>
+		</env:Body>}
+	end
+
+	def winrm_terminate_cmd_body(cmd_id)
+		%Q{ <env:Body>
+			<rsp:Signal CommandId="#{cmd_id}">
+				<rsp:Code>http://schemas.microsoft.com/wbem/wsman/1/windows/shell/signal/terminate</rsp:Code>
+			</rsp:Signal>
+		</env:Body>}
+	end
+
+	def winrm_empty_body
+		%q{<env:Body/>}
+	end
+
+	def  winrm_envelope(data)
+		%Q{
+			<?xml version="1.0" encoding="UTF-8"?>
+			<env:Envelope xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:b="http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd"
+			xmlns:cfg="http://schemas.microsoft.com/wbem/wsman/1/config" xmlns:env="http://www.w3.org/2003/05/soap-envelope"
+			xmlns:n="http://schemas.xmlsoap.org/ws/2004/09/enumeration" xmlns:p="http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd"
+			xmlns:rsp="http://schemas.microsoft.com/wbem/wsman/1/windows/shell" xmlns:w="http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd"
+			xmlns:x="http://schemas.xmlsoap.org/ws/2004/09/transfer" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+			xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> #{data}</env:Envelope>
+		}
+	end
+
+	def winrm_header(data)
+		%Q{
+			<env:Header>
+			<a:To>#{target_url}</a:To>
+			<a:ReplyTo>
+				<a:Address mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
+			</a:ReplyTo>
+			<w:MaxEnvelopeSize mustUnderstand="true">153600</w:MaxEnvelopeSize>
+			<a:MessageID>uuid:#{generate_uuid}</a:MessageID>
+			<w:Locale mustUnderstand="false" xml:lang="en-US"/>
+			<p:DataLocale mustUnderstand="false" xml:lang="en-US"/>
+			<w:OperationTimeout>PT60S</w:OperationTimeout>
+			#{data}
+		</env:Header>
+		}
+	end
+
+	def winrm_uri_action(type)
+		case type
+		when "wql"
+			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/wmi/root/cimv2/*</w:ResourceURI>
+			<a:Action mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate</a:Action>}
+		when "create_shell"
+			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI>
+			<a:Action mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/transfer/Create</a:Action>}
+		when "send_cmd"
+			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI>
+			<a:Action mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/Command</a:Action>}
+		when "recv_cmd"
+			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI>
+			<a:Action mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/Receive</a:Action>}
+		when "signal_shell"
+			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI>
+			<a:Action mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/Signal</a:Action>}
+		when "delete_shell"
+			return %q{<w:ResourceURI mustUnderstand="true">http://schemas.microsoft.com/wbem/wsman/1/windows/shell/cmd</w:ResourceURI>
+			<a:Action mustUnderstand="true">http://schemas.xmlsoap.org/ws/2004/09/transfer/Delete</a:Action>}
+		end
+	end
+
+end
+end

modules/auxiliary/scanner/winrm/winrm_auth_methods.rb

@@ -0,0 +1,64 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+
+require 'msf/core'
+require 'rex/proto/ntlm/message'
+
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Exploit::Remote::WinRM
+	include Msf::Auxiliary::Report
+
+
+	include Msf::Auxiliary::Scanner
+
+	def initialize
+		super(
+			'Name'           => 'WinRM Authentication Method Detection',
+			'Version'        => '$Revision$',
+			'Description'    => %q{
+				This module sends a request to an HTTP/HTTPS service to see if it is a WinRM service.
+				If it is a WinRM service, it also gathers the Authentication Methods supported.
+				},
+			'Author'         => [ 'thelightcosine' ],
+			'License'        => MSF_LICENSE
+		)
+
+		deregister_options('USERNAME', 'PASSWORD')
+
+	end
+
+
+	def run_host(ip)
+		resp = winrm_poke
+		return nil if resp.nil?
+		if  resp.code == 401 and resp.headers['Server'].include? "Microsoft-HTTPAPI"
+			methods = parse_auth_methods(resp)
+			desc = resp.headers['Server'] + " Authentication Methods: " + methods.to_s
+			report_service(
+				:host  => ip,
+				:port  => rport,
+				:proto => 'tcp',
+				:name  => 'winrm',
+				:info  => desc
+			)
+			print_good "Negotiate protocol supported" if methods.include? "Negotiate"
+			print_good "Kerberos protocol supported" if methods.include? "Kerberos"
+			print_good "Basic protocol supported" if methods.include? "Basic"
+		else
+			print_error "#{ip}:#{rport} Does not appear to be a WinRM server"
+		end
+	end
+
+
+end

modules/exploits/linux/local/sock_sendpage.rb

@@ -13,6 +13,7 @@ require 'msf/core/post/linux/priv'
 require 'msf/core/exploit/local/linux_kernel'
 require 'msf/core/exploit/local/linux'
 require 'msf/core/exploit/local/unix'
+require 'msf/core/exploit/exe'
 
 #load 'lib/msf/core/post/file.rb'
 #load 'lib/msf/core/exploit/local/unix.rb'

modules/exploits/linux/local/udev_netlink.rb

@@ -13,6 +13,7 @@ require 'msf/core/post/linux/priv'
 require 'msf/core/exploit/local/linux_kernel'
 require 'msf/core/exploit/local/linux'
 require 'msf/core/exploit/local/unix'
+require 'msf/core/exploit/exe'
 
 #load 'lib/msf/core/post/file.rb'
 #load 'lib/msf/core/exploit/local/unix.rb'

modules/exploits/unix/local/setuid_nmap.rb

@@ -10,6 +10,7 @@ require 'rex'
 require 'msf/core/post/common'
 require 'msf/core/post/file'
 require 'msf/core/post/linux/priv'
+require 'msf/core/exploit/exe'
 
 
 class Metasploit4 < Msf::Exploit::Local

modules/exploits/windows/local/ask.rb

@@ -10,6 +10,9 @@
 ##
 
 require 'msf/core'
+require 'msf/core/post/common'
+require 'msf/core/exploit/exe'
+require 'msf/core/post/file'
 
 class Metasploit3 < Msf::Exploit::Local
 	Rank = ExcellentRanking

modules/exploits/windows/local/bypassuac.rb

@@ -10,6 +10,9 @@
 ##
 
 require 'msf/core'
+require 'msf/core/post/common'
+require 'msf/core/exploit/exe'
+require 'msf/core/post/file'
 
 class Metasploit3 < Msf::Exploit::Local
 	Rank = ExcellentRanking

modules/exploits/windows/local/current_user_psexec.rb

@@ -14,6 +14,7 @@ require 'rex'
 require 'msf/core/post/windows/services'
 require 'msf/core/post/common'
 require 'msf/core/post/file'
+require 'msf/core/exploit/exe'
 
 class Metasploit3 < Msf::Exploit::Local
 	Rank = ExcellentRanking

modules/exploits/windows/local/ms10_092_schelevator.rb

@@ -9,6 +9,8 @@ require 'msf/core'
 require 'msf/core/post/common'
 require 'rex'
 require 'zlib'
+require 'msf/core/exploit/exe'
+require 'msf/core/post/file'
 
 
 class Metasploit3 < Msf::Exploit::Local

modules/exploits/windows/local/trusted_service_path.rb

@@ -8,6 +8,8 @@
 require 'msf/core'
 require 'msf/core/post/common'
 require 'msf/core/post/windows/services'
+require 'msf/core/exploit/exe'
+require 'msf/core/post/file'
 
 class Metasploit3 < Msf::Exploit::Local
 	Rank = ExcellentRanking

modules/payloads/stagers/php/bind_tcp_ipv6.rb

@@ -18,6 +18,10 @@ module Metasploit3
 	include Msf::Payload::Stager
 	include Msf::Payload::Php
 
+	def self.handler_type_alias
+		"bind_tcp_ipv6"
+	end
+
 	def initialize(info = {})
 		super(merge_info(info,
 			'Name'          => 'Bind TCP Stager IPv6',

modules/post/multi/gather/dns_srv_lookup.rb

@@ -12,6 +12,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/post/common'
+require 'msf/core/auxiliary/report'
 
 
 class Metasploit3 < Msf::Post

modules/post/osx/gather/enum_adium.rb

@@ -9,6 +9,7 @@ require 'msf/core'
 require 'rex'
 require 'msf/core/post/common'
 require 'msf/core/post/file'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/osx/gather/enum_osx.rb

@@ -11,9 +11,10 @@
 
 require 'msf/core'
 require 'rex'
-
 require 'msf/core/post/common'
 require 'msf/core/post/file'
+require 'msf/core/auxiliary/report'
+
 
 class Metasploit3 < Msf::Post
 

modules/post/osx/gather/hashdump.rb

@@ -11,9 +11,10 @@
 
 require 'msf/core'
 require 'rex'
-
 require 'msf/core/post/common'
 require 'msf/core/post/file'
+require 'msf/core/auxiliary/report'
+
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/escalate/service_permissions.rb

@@ -12,6 +12,7 @@
 require 'msf/core'
 require 'msf/core/post/windows/services'
 require 'rex'
+require 'msf/core//post/windows/services'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/arp_scanner.rb

@@ -12,6 +12,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/post/common'
+require 'msf/core/auxiliary/report'
 
 
 class Metasploit3 < Msf::Post

modules/post/windows/gather/bitcoin_jacker.rb

@@ -10,6 +10,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Auxiliary::Report

modules/post/windows/gather/credentials/coreftp.rb

@@ -13,6 +13,7 @@ require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/registry'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Post::Windows::Registry

modules/post/windows/gather/credentials/credential_collector.rb

@@ -12,6 +12,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/post/common'
+require 'msf/core/auxiliary/report'
 
 
 class Metasploit3 < Msf::Post

modules/post/windows/gather/credentials/dyndns.rb

@@ -10,6 +10,7 @@
 ##
 
 require 'msf/core'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/enum_picasa_pwds.rb

@@ -13,6 +13,7 @@ require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/registry'
 require 'msf/core/post/windows/priv'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/epo_sql.rb

@@ -13,6 +13,7 @@ require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/registry'
 require "net/dns/resolver"
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/flashfxp.rb

@@ -11,6 +11,8 @@ require 'msf/core'
 require 'rex'
 require 'rex/parser/ini'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/ftpnavigator.rb

@@ -12,6 +12,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/gpp.rb

@@ -10,6 +10,7 @@ require 'rex'
 require 'rexml/document'
 require 'msf/core/post/windows/registry'
 require 'msf/core/post/windows/priv'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Auxiliary::Report

modules/post/windows/gather/credentials/idm.rb

@@ -11,6 +11,7 @@
 
 require 'msf/core'
 require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Post::Windows::Registry

modules/post/windows/gather/credentials/imail.rb

@@ -11,6 +11,7 @@
 
 require 'msf/core'
 require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/imvu.rb

@@ -14,6 +14,7 @@
 require 'msf/core'
 require 'msf/core/post/windows/registry'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/meebo.rb

@@ -11,6 +11,7 @@
 
 require 'msf/core'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Auxiliary::Report

modules/post/windows/gather/credentials/mremote.rb

@@ -15,6 +15,7 @@ require 'msf/core'
 require 'rex'
 require 'rexml/document'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Post::Windows::UserProfiles

modules/post/windows/gather/credentials/nimbuzz.rb

@@ -11,6 +11,7 @@
 
 require 'msf/core'
 require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Post::Windows::Registry

modules/post/windows/gather/credentials/outlook.rb

@@ -11,6 +11,7 @@ require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/registry'
 require 'msf/core/post/windows/priv'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/razorsql.rb

@@ -8,6 +8,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/tortoisesvn.rb

@@ -3,6 +3,7 @@ require 'rex'
 require 'msf/core/post/windows/priv'
 require 'msf/core/post/windows/registry'
 require 'base64'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/total_commander.rb

@@ -11,6 +11,8 @@ require 'msf/core'
 require 'rex'
 require 'rex/parser/ini'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Post::Windows::Registry

modules/post/windows/gather/credentials/trillian.rb

@@ -14,6 +14,8 @@ require 'rex'
 require 'rex/parser/ini'
 require 'base64'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/credentials/vnc.rb

@@ -15,6 +15,7 @@ require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/registry'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/auxiliary/report'
 
 
 class Metasploit3 < Msf::Post

modules/post/windows/gather/credentials/windows_autologin.rb

@@ -11,6 +11,7 @@
 
 require 'msf/core'
 require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Post::Windows::Registry

modules/post/windows/gather/credentials/winscp.rb

@@ -16,6 +16,7 @@ require 'rex'
 require 'msf/core/post/windows/registry'
 require 'rex/parser/ini'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Post::Windows::Registry

modules/post/windows/gather/credentials/wsftp_client.rb

@@ -12,6 +12,7 @@ require 'rex'
 require 'rex/parser/ini'
 require 'msf/core/post/windows/registry'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/auxiliary/report'
 
 
 class Metasploit3 < Msf::Post

modules/post/windows/gather/enum_artifacts.rb

@@ -10,6 +10,7 @@ require 'msf/core'
 require 'msf/core/post/file'
 require 'msf/core/post/windows/registry'
 require 'yaml'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/enum_db.rb

@@ -10,6 +10,7 @@ require 'msf/core'
 require 'msf/core/post/file'
 require 'msf/core/post/common'
 require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/enum_files.rb

@@ -7,6 +7,7 @@
 
 require 'msf/core'
 require 'msf/core/post/file'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/enum_snmp.rb

@@ -12,6 +12,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 
 class Metasploit3 < Msf::Post

modules/post/windows/gather/enum_termserv.rb

@@ -15,6 +15,7 @@ require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/registry'
 require 'msf/core/post/windows/user_profiles'
+require 'msf/core/auxiliary/report'
 
 
 class Metasploit3 < Msf::Post

modules/post/windows/gather/enum_tomcat.rb

@@ -11,6 +11,7 @@ require 'msf/core'
 require 'msf/core/post/file'
 require 'msf/core/post/common'
 require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/forensics/duqu_check.rb

@@ -9,6 +9,7 @@ require 'msf/core'
 require 'msf/core/post/common'
 require 'msf/core/post/windows/registry'
 require 'msf/core/post/windows/priv'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/hashdump.rb

@@ -12,6 +12,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/registry'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/smart_hashdump.rb

@@ -16,6 +16,7 @@ require 'msf/core/post/windows/priv'
 require 'msf/core/post/windows/registry'
 require 'msf/core/post/windows/accounts'
 require 'msf/core/post/file'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/gather/tcpnetstat.rb

@@ -12,6 +12,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/post/common'
+require 'msf/core/auxiliary/report'
 
 
 class Metasploit3 < Msf::Post

modules/post/windows/gather/win_privs.rb

@@ -8,6 +8,7 @@
 require 'msf/core'
 require 'rex'
 require 'msf/core/post/windows/priv'
+require 'msf/core/post/common'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/manage/clone_proxy_settings.rb

@@ -10,6 +10,7 @@
 ##
 
 require 'msf/core'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/manage/pxexploit.rb

@@ -10,6 +10,7 @@
 ##
 
 require 'msf/core'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/recon/computer_browser_discovery.rb

@@ -12,6 +12,7 @@
 
 require 'msf/core'
 require 'rex'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 

modules/post/windows/wlan/wlan_bss_list.rb

@@ -11,6 +11,7 @@
 
 require 'msf/core'
 require 'rex'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Auxiliary::Report

modules/post/windows/wlan/wlan_current_connection.rb

@@ -11,6 +11,7 @@
 
 require 'msf/core'
 require 'rex'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Auxiliary::Report

modules/post/windows/wlan/wlan_disconnect.rb

@@ -11,6 +11,7 @@
 
 require 'msf/core'
 require 'rex'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Auxiliary::Report

modules/post/windows/wlan/wlan_profile.rb

@@ -11,6 +11,7 @@
 
 require 'msf/core'
 require 'rex'
+require 'msf/core/auxiliary/report'
 
 class Metasploit3 < Msf::Post
 	include Msf::Auxiliary::Report