Fixes #5749 by converting to unix-style linefeeds and forcing jtr modules to read files as binary, and updating msftidy to allow for r+b as a ghetto append.

2011-11-28 17:52:34 -06:00 · 2011-11-28 17:52:34 -06:00 · f503bd9488
parent c411c216c0
commit f503bd9488
12 changed files with 472 additions and 453 deletions
--- a/modules/auxiliary/analyze/jtr_linux.rb
+++ b/modules/auxiliary/analyze/jtr_linux.rb
@ -55,7 +55,7 @@ class Metasploit3 < Msf::Auxiliary
 		unless myloots.nil? or myloots.empty?
 			myloots.each do |myloot|
 				begin
-					usf = File.open(myloot.path)
+					usf = File.open(myloot.path, "rb")
 				rescue Exception => e
 					print_error("Unable to read #{myloot.path} \n #{e}")
 				end
@ -157,7 +157,7 @@ class Metasploit3 < Msf::Auxiliary
 		john_cracked_passwords.values {|v| seed << v }

 		#Grab the default John Wordlist
-		john = File.open(john_wordlist_path, "r")
+		john = File.open(john_wordlist_path, "rb")
 		john.each_line{|line| seed << line.chomp}

 		unless seed.empty?
--- a/modules/auxiliary/analyze/jtr_mssql_fast.rb
+++ b/modules/auxiliary/analyze/jtr_mssql_fast.rb
@ -80,7 +80,7 @@ class Metasploit3 < Msf::Auxiliary
 		john_cracked_passwords.values {|v| seed << v }

 		#Grab the default John Wordlist
-		john = File.open(john_wordlist_path, "r")
+		john = File.open(john_wordlist_path, "rb")
 		john.each_line{|line| seed << line.chomp}

 		return seed
--- a/modules/auxiliary/analyze/jtr_mysql_fast.rb
+++ b/modules/auxiliary/analyze/jtr_mysql_fast.rb
@ -146,7 +146,7 @@ class Metasploit3 < Msf::Auxiliary
 		john_cracked_passwords.values {|v| seed << v }

 		#Grab the default John Wordlist
-		john = File.open(john_wordlist_path, "r")
+		john = File.open(john_wordlist_path, "rb")
 		john.each_line{|line| seed << line.chomp}

 		return seed
--- a/modules/auxiliary/analyze/jtr_oracle_fast.rb
+++ b/modules/auxiliary/analyze/jtr_oracle_fast.rb
@ -78,7 +78,7 @@ class Metasploit3 < Msf::Auxiliary
 		john_cracked_passwords.values {|v| seed << v }

 		#Grab the default John Wordlist
-		john = File.open(john_wordlist_path, "r")
+		john = File.open(john_wordlist_path, "rb")
 		john.each_line{|line| seed << line.chomp}

 		return seed
--- a/modules/auxiliary/analyze/postgres_md5_crack.rb
+++ b/modules/auxiliary/analyze/postgres_md5_crack.rb
@ -124,11 +124,11 @@ class Metasploit3 < Msf::Auxiliary
 		john_cracked_passwords.values {|v| seed << v }

 		#Grab the default John Wordlist
-		john = File.open(john_wordlist_path, "r")
+		john = File.open(john_wordlist_path, "rb")
 		john.each_line{|line| seed << line.chomp}

 		if datastore['Wordlist']
-			wordlist= File.open(datastore['Wordlist'], "r")
+			wordlist= File.open(datastore['Wordlist'], "rb")
 			wordlist.each_line{|line| seed << line.chomp}
 		end

--- a/modules/auxiliary/spoof/arp/arp_poisoning.rb
+++ b/modules/auxiliary/spoof/arp/arp_poisoning.rb
@ -330,6 +330,7 @@ class Metasploit3 < Msf::Auxiliary
 	end

 	#copy paste from rex::socket cause we need only ipv4
+	#NOTE: Breaks msftidy's rule on long lines, should be refactored for readability.
 	def is_ipv4?(addr)
 		(addr =~ /^(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))$/) ? true : false
 	end
--- a/modules/exploits/multi/handler.rb
+++ b/modules/exploits/multi/handler.rb
@ -16,6 +16,7 @@ class Metasploit3 < Msf::Exploit::Remote

 	#
 	# This module does basically nothing
+	# NOTE: Because of this it's missing a disclosure date that makes msftidy angry.
 	#

 	def initialize(info = {})
--- a/modules/exploits/windows/ftp/absolute_ftp_list_bof.rb
+++ b/modules/exploits/windows/ftp/absolute_ftp_list_bof.rb
@ -143,3 +143,4 @@ AbsoluteFTP 1.9.6
 Does not work on:
 AbsoluteFTP 1.8
 =end
+
--- a/modules/exploits/windows/smtp/njstar_smtp_bof.rb
+++ b/modules/exploits/windows/smtp/njstar_smtp_bof.rb
@ -202,3 +202,4 @@ Invalid exception stack at 41414141
 00ccffe0  d8 9a 83 7c 30 b7 80 7c-00 00 00 00 00 00 00 00  ...|0..|........

 =end
+
--- a/modules/post/windows/gather/credentials/imvu.rb
+++ b/modules/post/windows/gather/credentials/imvu.rb
@ -92,3 +92,4 @@ class Metasploit3 < Msf::Post
 	end

 end
+
--- a/modules/post/windows/recon/computer_browser_discovery.rb
+++ b/modules/post/windows/recon/computer_browser_discovery.rb
@ -92,8 +92,22 @@ client.railgun.add_function( 'netapi32', 'NetUserEnum', 'DWORD',[

 =end

-		client.railgun.add_function( 'netapi32', 'NetServerEnum', 'DWORD',[["PBLOB","servername","in"],["DWORD","level","in"],["PDWORD","bufptr","out"],["DWORD","prefmaxlen","in"],["PDWORD","entriesread","out"],["PDWORD","totalentries","out"],["DWORD","servertype","in"],["PWCHAR","domain","in"],["DWORD","resume_handle","inout"]])
-		client.railgun.add_function( 'ws2_32', 'getaddrinfo', 'DWORD',[["PCHAR","pNodeName","in"],["PCHAR","pServiceName","in"],["PDWORD","pHints","in"],["PDWORD","ppResult","out"]])
+		client.railgun.add_function(
+			'netapi32', 'NetServerEnum', 'DWORD',
+			[
+				["PBLOB","servername","in"], ["DWORD","level","in"], ["PDWORD","bufptr","out"],
+				["DWORD","prefmaxlen","in"], ["PDWORD","entriesread","out"], ["PDWORD","totalentries","out"],
+				["DWORD","servertype","in"], ["PWCHAR","domain","in"], ["DWORD","resume_handle","inout"]
+			]
+		)
+
+		client.railgun.add_function(
+			'ws2_32', 'getaddrinfo', 'DWORD',
+			[
+				["PCHAR","pNodeName","in"], ["PCHAR","pServiceName","in"],
+				["PDWORD","pHints","in"], ["PDWORD","ppResult","out"]
+			]
+		)

 		domain = nil

--- a/tools/msftidy.rb
+++ b/tools/msftidy.rb
@ -103,7 +103,7 @@ def check_single_file(dparts, fparts, f_rel)
 		cr += 1 if ln =~ /\r$/
 		url_ok = false if ln =~ /\.com\/projects\/Framework/
 		if ln =~ /File\.open/ and ln =~ /[\"\'][arw]/
-			if not ln =~ /[\"\'][wra]b\+?[\"\']/
+			if not ln =~ /[\"\'][wra]\+?b\+?[\"\']/
 				nbo += 1
 			end
 		end