infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #3479, broken sock.get fix

bug/bundler_fix
William Vu 2014-07-16 14:57:32 -05:00
parent 25f74b79b8 b6ded9813a
commit ff6c8bd5de
No known key found for this signature in database
GPG Key ID: E761DCB4C1629024
41 changed files with 122 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb
View File

@ -50,21 +50,21 @@ class Metasploit3 < Msf::Auxiliary
print_status("Attempting to create directory: MKD #{test}")
sock.put("MKD #{test}\r\n")
res = sock.get(-1,5)
res = sock.get_once(-1,5)
if (res =~/257 MKD command successful\./)
print_status("\tDirectory #{test} reportedly created. Verifying with SIZE #{test}")
sock.put("SIZE #{test}\r\n")
res = sock.get(-1,5)
res = sock.get_once(-1,5)
if (res =~ /550 Not a regular file/)
print_status("\tServer reports \"not a regular file\". Directory verified.")
print_status("\tAttempting to delete directory: RMD #{test}")
sock.put("RMD #{test}\r\n")
res = sock.get(-1,5)
res = sock.get_once(-1,5)
if (res =~ /250 RMD command successful\./)
print_status("\tDirectory #{test} reportedly deleted. Verifying with SIZE #{test}")
sock.put("SIZE #{test}\r\n")
res = sock.get(-1,5)
res = sock.get_once(-1,5)
print_status("\tDirectory #{test} no longer exists!")
print_status("Target is confirmed as vulnerable!")
end

4
modules/auxiliary/admin/misc/sercomm_dump_config.rb
View File

@ -116,7 +116,7 @@ class Metasploit3 < Msf::Auxiliary
begin
connect
sock.put(Rex::Text.rand_text(5))
res = sock.get_once
res = sock.get_once(-1, 10)
disconnect
rescue Rex::ConnectionError => e
print_error("Connection failed: #{e.class}: #{e}")
@ -147,7 +147,7 @@ class Metasploit3 < Msf::Auxiliary
connect
sock.put(pkt)
res = sock.get
res = sock.get_once(-1, 10)
disconnect

11
modules/auxiliary/admin/oracle/sid_brute.rb
View File

@ -41,12 +41,14 @@ class Metasploit3 < Msf::Auxiliary
print_status("Starting brute force on #{rhost}, using sids from #{list}...")
fd = File.open(list, 'rb').each do |sid|
fd = ::File.open(list, 'rb').each do |sid|
login = "(DESCRIPTION=(CONNECT_DATA=(SID=#{sid})(CID=(PROGRAM=)(HOST=MSF)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=#{rhost})(PORT=#{rport})))"
pkt = tns_packet(login)
begin
connect
rescue ::Interrupt
raise $!
rescue => e
print_error(e.to_s)
disconnect
@ -55,12 +57,10 @@ class Metasploit3 < Msf::Auxiliary
sock.put(pkt)
select(nil,nil,nil,s.to_i)
res = sock.get_once(-1,3)
res = sock.get_once
disconnect
if ( res and res =~ /ERROR_STACK/ )
''
else
if res and res.to_s !~ /ERROR_STACK/
report_note(
:host => rhost,
:port => rport,
@ -70,6 +70,7 @@ class Metasploit3 < Msf::Auxiliary
)
print_good("#{rhost}:#{rport} Found SID '#{sid.strip}'")
end
end
print_status("Done with brute force...")

2
modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb
View File

@ -64,7 +64,7 @@ class Metasploit3 < Msf::Auxiliary
def get_pkt
buf = sock.get
buf = sock.get_once(-1, 10)
vprint_status("[in ] #{buf.inspect}")
buf
end

14
modules/auxiliary/scanner/http/open_proxy.rb
View File

@ -37,7 +37,7 @@ class Metasploit3 < Msf::Auxiliary
OptBool.new('VERIFY_CONNECT', [ false, 'Enable test for CONNECT method', false ]),
OptBool.new('VERIFY_HEAD', [ false, 'Enable test for HEAD method', false ]),
OptBool.new('LOOKUP_PUBLIC_ADDRESS', [ false, 'Enable test for retrieve public IP address via RIPE.net', false ]),
OptString.new('SITE', [ true, 'The web site to test via alleged web proxy (default is www.google.com)', '209.85.148.147' ]),
OptString.new('SITE', [ true, 'The web site to test via alleged web proxy (default is www.google.com)', 'www.google.com' ]),
OptString.new('ValidCode', [ false, "Valid HTTP code for a successfully request", '200,302' ]),
OptString.new('ValidPattern', [ false, "Valid HTTP server header for a successfully request", 'server: gws' ]),
OptString.new('UserAgent', [ true, 'The HTTP User-Agent sent in the request', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)' ]),
@ -60,14 +60,16 @@ class Metasploit3 < Msf::Auxiliary
if datastore['MULTIPORTS']
target_ports = [ 80, 1080, 3128, 8080, 8123 ]
else
target_ports.push(datastore['RPORT'].to_i)
end
target_ports.push(datastore['RPORT'].to_i)
if datastore['RANDOMIZE_PORTS']
target_ports = target_ports.sort_by { rand }
end
target_ports = target_ports.uniq
site = datastore['SITE']
user_agent = datastore['UserAgent']
@ -97,7 +99,7 @@ class Metasploit3 < Msf::Auxiliary
request = method + " http://" + site + "/ HTTP/1.1" + "\r\n" +
"Host: " + site + "\r\n" +
"Connection: close" + "\r\n" +
"User-Agent: user_agent" + "\r\n" +
"User-Agent: #{user_agent}" + "\r\n" +
"Accept-Encoding: *" + "\r\n" +
"Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7" + "\r\n" +
"Cache-Control: no" + "\r\n" +
@ -115,7 +117,7 @@ class Metasploit3 < Msf::Auxiliary
request = write_request('GET',site,user_agent)
sock.put(request)
res = sock.get
res = sock.get_once(-1, 10)
disconnect
@ -167,7 +169,7 @@ class Metasploit3 < Msf::Auxiliary
request = write_request('GET',ripe_address,user_agent)
sock.put(request)
res = sock.get
res = sock.get_once(-1, 10)
disconnect

2
modules/auxiliary/scanner/portscan/ftpbounce.rb
View File

@ -59,7 +59,7 @@ class Metasploit3 < Msf::Auxiliary
# on the response codes. We need to do this between every
# port scan attempt unfortunately.
while true
r = self.sock.get(0.25)
r = sock.get_once(-1, 0.25)
break if not r or r.empty?
end

12
modules/auxiliary/scanner/scada/modbusclient.rb
View File

@ -47,8 +47,7 @@ class Metasploit3 < Msf::Auxiliary
def send_frame(payload)
sock.put(payload)
@modbus_counter += 1
r = sock.get(sock.def_read_timeout)
return r
sock.get_once(-1, sock.def_read_timeout)
end
def make_payload(payload)
@ -65,10 +64,7 @@ class Metasploit3 < Msf::Auxiliary
payload += [@function_code].pack("c")
payload += [datastore['DATA_ADDRESS']].pack("n")
payload += [1].pack("n")
packet_data = make_payload(payload)
packet_data
make_payload(payload)
end
def make_write_coil_payload(data)
@ -89,9 +85,7 @@ class Metasploit3 < Msf::Auxiliary
payload += [datastore['DATA_ADDRESS']].pack("n")
payload += [data].pack("n")
packet_data = make_payload(payload)
packet_data
make_payload(payload)
end
def handle_error(response)

2
modules/auxiliary/scanner/ssl/openssl_ccs.rb
View File

@ -187,7 +187,7 @@ class Metasploit3 < Msf::Auxiliary
vprint_status("#{peer} - Sending Client Hello...")
sock.put(client_hello)
server_hello = sock.get(response_timeout)
server_hello = sock.get_once(-1, response_timeout)
unless server_hello
vprint_error("#{peer} - No Server Hello after #{response_timeout} seconds...")

10
modules/auxiliary/scanner/ssl/openssl_heartbleed.rb
View File

@ -339,7 +339,7 @@ class Metasploit3 < Msf::Auxiliary
def tls_jabber
sock.put(jabber_connect_msg(xmpp_domain))
res = sock.get(response_timeout)
res = sock.get_once(-1, response_timeout)
if res && res.include?('host-unknown')
jabber_host = res.match(/ from='([\w.]*)' /)
if jabber_host && jabber_host[1]
@ -347,7 +347,7 @@ class Metasploit3 < Msf::Auxiliary
establish_connect
vprint_status("#{peer} - Connecting with autodetected remote XMPP hostname: #{jabber_host[1]}...")
sock.put(jabber_connect_msg(jabber_host[1]))
res = sock.get(response_timeout)
res = sock.get_once(-1, response_timeout)
end
end
if res.nil? || res.include?('stream:error') || res !~ /<starttls xmlns=['"]urn:ietf:params:xml:ns:xmpp-tls['"]/
@ -356,14 +356,14 @@ class Metasploit3 < Msf::Auxiliary
end
msg = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"
sock.put(msg)
res = sock.get(response_timeout)
res = sock.get_once(-1, response_timeout)
return nil if res.nil? || !res.include?('<proceed')
res
end
def tls_ftp
# http://tools.ietf.org/html/rfc4217
res = sock.get(response_timeout)
res = sock.get_once(-1, response_timeout)
return nil if res.nil?
sock.put("AUTH TLS\r\n")
res = get_data
@ -418,7 +418,7 @@ class Metasploit3 < Msf::Auxiliary
vprint_status("#{peer} - Sending Client Hello...")
sock.put(client_hello)
server_hello = sock.get(response_timeout)
server_hello = sock.get_once(-1, response_timeout)
unless server_hello
vprint_error("#{peer} - No Server Hello after #{response_timeout} seconds...")
return nil

2
modules/auxiliary/scanner/tftp/tftpbrute.rb
View File

@ -50,7 +50,7 @@ class Metasploit3 < Msf::Auxiliary
filename.strip!
pkt = "\x00\x01" + filename + "\x00" + "netascii" + "\x00"
udp_sock.sendto(pkt, ip, datastore['RPORT'])
resp = udp_sock.get(1)
resp = udp_sock.get(3)
if resp and resp.length >= 2 and resp[0, 2] == "\x00\x03"
print_status("Found #{filename} on #{ip}")
#Add Report

2
modules/exploits/linux/http/alcatel_omnipcx_mastercgi_exec.rb
View File

@ -70,7 +70,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Sending GET request with command line payload...")
sock.put(req)
res = sock.get(3,3)
res = sock.get_once(-1, 5)
if (res =~ /<h5>(.*)<\/h5>/smi)
out = $1

2
modules/exploits/linux/misc/hp_data_protector_cmd_exec.rb
View File

@ -96,7 +96,7 @@ class Metasploit3 < Msf::Exploit::Remote
# Read command output from socket if cmd/unix/generic payload was used
if (datastore['CMD'])
res = sock.get
res = sock.get_once(-1, 10)
print_status(res.to_s) if not res.empty?
end

6
modules/exploits/linux/misc/novell_edirectory_ncp_bof.rb
View File

@ -60,7 +60,7 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
sock.put(connection_request)
res = sock.get
res = sock.get_once(-1, 10)
disconnect
if res.nil? or res[8, 2].unpack("n")[0] != 0x3333 or res[15, 1].unpack("C")[0] != 0
# res[8,2] => Reply Type
@ -91,7 +91,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Sending Service Connection Request...")
sock.put(connection_request)
res = sock.get
res = sock.get_once(-1, 10)
if res.nil? or res[8, 2].unpack("n")[0] != 0x3333 or res[15, 1].unpack("C")[0] != 0
# res[8,2] => Reply Type
# res[15,1] => Connection Status
@ -124,7 +124,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Sending Overflow on Keyed Object Login...")
sock.put(pkt)
sock.get
sock.get_once(-1, 10)
disconnect
end

3
modules/exploits/linux/pop3/cyrus_pop3d_popsubfolders.rb
View File

@ -63,8 +63,9 @@ class Metasploit3 < Msf::Exploit::Remote
def exploit
connect
banner = sock.get_once.to_s.strip
print_status "Banner: #{banner = sock.gets}"
print_status "Banner: #{banner}"
# NOTE: orig poc shellcode len: 84

4
modules/exploits/multi/misc/java_jdwp_debugger.rb
View File

@ -156,7 +156,7 @@ class Metasploit3 < Msf::Exploit::Remote
# Establishes handshake with the server
def handshake
sock.put(HANDSHAKE)
return sock.get(datastore['RESPONSE_TIMEOUT'])
return sock.get_once(-1, datastore['RESPONSE_TIMEOUT'])
end
# Forges packet for JDWP protocol
@ -173,7 +173,7 @@ class Metasploit3 < Msf::Exploit::Remote
# Reads packet response for JDWP protocol
def read_reply(timeout = default_timeout)
response = sock.get(timeout)
response = sock.get_once(-1, timeout)
fail_with(Failure::TimeoutExpired, "#{peer} - Not received response") unless response
pktlen, id, flags, errcode = response.unpack('NNCn')
response.slice!(0..10)

6
modules/exploits/multi/misc/veritas_netbackup_cmdexec.rb
View File

@ -59,11 +59,11 @@ class Metasploit3 < Msf::Exploit::Remote
buf = "\x20\x20\x201\x20\x20\x20\x20\x20\x201\necho #{sploit}\n"
sock.put(buf)
banner = sock.get(3,3)
banner = sock.get_once
disconnect
if (banner and banner =~ /#{sploit}/)
if banner.to_s.index(sploit)
return Exploit::CheckCode::Vulnerable
end
return Exploit::CheckCode::Safe
@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
buf << "\n"
sock.put(buf)
res = sock.get(-1,3)
res = sock.get_once
print_status(res.to_s)

2
modules/exploits/unix/http/contentkeeperweb_mimencode.rb
View File

@ -58,7 +58,7 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
sock.put("GET /cgi-bin/ck/mimencode HTTP/1.0\r\n\r\n")
banner = sock.get(-1,3)
banner = sock.get_once(-1, 3)
disconnect
if (banner =~ /500 Internal/)

4
modules/exploits/unix/misc/qnx_qconn_exec.rb
View File

@ -75,7 +75,7 @@ class Metasploit3 < Msf::Exploit::Remote
req = "service launcher\n"
req << "start/flags run /bin/echo /bin/echo #{fingerprint}\n"
sock.put(req)
res = sock.get
res = sock.get_once(-1, 10)
disconnect
# check response
@ -99,7 +99,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("#{@peer} - Sending payload (#{req.length} bytes)")
connect
sock.put(req)
res = sock.get
res = sock.get_once(-1, 10)
# check response
if res and res =~ /No controlling tty/

2
modules/exploits/unix/ssh/tectia_passwd_changereq.rb
View File

@ -69,7 +69,7 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
banner = sock.get_once.strip
banner = sock.get_once.to_s.strip
vprint_status("#{rhost}:#{rport} - Banner: #{banner}")
disconnect

7
modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb
View File

@ -82,13 +82,14 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
banner = sock.get(-1,3)
banner = sock.get_once || ""
disconnect
validate = "\x32\x32\x30\x20\xbb\xb6\xd3\xad\xb9"
validate << "\xe2\xc1\xd9\x46\x54\x50\xb7\xfe\xce"
validate << "\xf1\xc6\xf7\x21\x0d\x0a"
disconnect
if (banner == validate)
if banner.to_s == validate
return Exploit::CheckCode::Vulnerable
end
return Exploit::CheckCode::Safe

4
modules/exploits/windows/ftp/dreamftp_format.rb
View File

@ -56,9 +56,9 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
banner = sock.get(-1,3)
banner = sock.get_once
disconnect
if (banner =~ /Dream FTP Server/)
if (banner.to_s =~ /Dream FTP Server/)
return Exploit::CheckCode::Detected
end
return Exploit::CheckCode::Safe

2
modules/exploits/windows/ftp/sami_ftpd_user.rb
View File

@ -71,7 +71,7 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
banner = sock.get(-1,3)
banner = sock.get_once(-1, 3)
disconnect
if (banner =~ /Sami FTP Server 2\.0\.2/)

4
modules/exploits/windows/http/amlibweb_webquerydll_app.rb
View File

@ -68,10 +68,10 @@ class Metasploit3 < Msf::Exploit::Remote
rand = Rex::Text.rand_text_alpha(10)
sock.put("GET /amlibweb/webquery.dll?#{rand}= HTTP/1.0\r\n\r\n")
res = sock.get(-1,3)
res = sock.get_once
disconnect
if (res =~ /<H1>BAD REQUEST<\/H1><P>Your client sent a request that this server didn't understand.<br>Request:\s(\w+)/)
if (res.to_s =~ /<H1>BAD REQUEST<\/H1><P>Your client sent a request that this server didn't understand.<br>Request:\s(\w+)/)
if ($1 == rand)
return Exploit::CheckCode::Vulnerable
end

6
modules/exploits/windows/http/ca_igateway_debug.rb
View File

@ -59,10 +59,10 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
sock.put("HEAD / HTTP/1.0\r\n\r\n\r\n")
banner = sock.get(-1,3)
sock.put("HEAD / HTTP/1.0\r\nHost: #{rhost}\r\n\r\n")
banner = sock.get_once
if (banner =~ /GET and POST methods are the only methods supported at this time/) # Unique?
if (banner.to_s =~ /GET and POST methods are the only methods supported at this time/) # Unique?
return Exploit::CheckCode::Detected
end
return Exploit::CheckCode::Safe

8
modules/exploits/windows/http/mcafee_epolicy_source.rb
View File

@ -66,12 +66,12 @@ class Metasploit3 < Msf::Exploit::Remote
connect
req = "GET /SITEINFO.INI HTTP/1.0\r\n"
req << "User-Agent: Mozilla/5.0\r\n"
sock.put(req + "\r\n\r\n")
req << "User-Agent: Mozilla/5.0\r\n\r\n"
sock.put(req)
banner = sock.get(-1,3)
banner = sock.get_once
if (banner =~ /Spipe\/1\.0/)
if banner.to_s =~ /Spipe\/1\.0/
return Exploit::CheckCode::Appears
end
return Exploit::CheckCode::Safe

6
modules/exploits/windows/http/mdaemon_worldclient_form2raw.rb
View File

@ -68,10 +68,10 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
sock.put("GET / HTTP/1.0\r\n\r\n")
banner = sock.get(-1,3)
banner = sock.get_once
disconnect
if (banner =~ /WDaemon\/6\.8\.[0-5]/)
if (banner.to_s =~ /WDaemon\/6\.8\.[0-5]/)
return Exploit::CheckCode::Appears
end
@ -90,7 +90,7 @@ class Metasploit3 < Msf::Exploit::Remote
sploit << payload.encoded + " HTTP/1.0"
sock.put(sploit + "\r\n\r\n")
res = sock.get(3,3)
res = sock.get_once(-1, 3)
if (res =~ /Message spooled but will be deleted if not FROM a valid account/)
print_status("Payload accepted by WorldClient Form2Raw CGI!")

4
modules/exploits/windows/http/psoproxy91_overflow.rb
View File

@ -59,8 +59,8 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
sock.put("GET / HTTP/1.0\r\n\r\n")
banner = sock.get(-1,3)
if (banner =~ /PSO Proxy 0\.9/)
banner = sock.get_once
if (banner.to_s =~ /PSO Proxy 0\.9/)
return Exploit::CheckCode::Appears
end
return Exploit::CheckCode::Safe

6
modules/exploits/windows/http/servu_session_cookie.rb
View File

@ -75,12 +75,12 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
sock.put("\r\n\r\n") # works
res = sock.get(-1,3)
res = sock.get_once
disconnect
if (res =~ /Server: Serv-U\/9\.0\.0\.5/)
if (res.to_s =~ /Server: Serv-U\/9\.0\.0\.5/)
return Exploit::CheckCode::Appears
elsif (res =~ /Server: Serv-U/)
elsif (res.to_s =~ /Server: Serv-U/)
return Exploit::CheckCode::Detected
end
return Exploit::CheckCode::Safe

4
modules/exploits/windows/http/steamcast_useragent.rb
View File

@ -60,10 +60,10 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
sock.put("GET / HTTP/1.0\r\n\r\n")
res = sock.get(-1, 3)
res = sock.get_once
disconnect
if (res =~ /Steamcast\/0\.9\.75/)
if (res.to_s =~ /Steamcast\/0\.9\.75/)
return Exploit::CheckCode::Appears
end
return Exploit::CheckCode::Safe

6
modules/exploits/windows/http/xitami_if_mod_since.rb
View File

@ -60,11 +60,11 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
sock.put("GET / HTTP/1.1\r\n\r\n")
banner = sock.get(-1,3)
sock.put("GET / HTTP/1.1\r\nHost: #{rhost}\r\n\r\n")
banner = sock.get_once
disconnect
if (banner =~ /Xitami/)
if (banner.to_s =~ /Xitami/)
vprint_status("Banner: #{banner}")
return Exploit::CheckCode::Detected
end

19
modules/exploits/windows/lotus/domino_sametime_stmux.rb
View File

@ -63,26 +63,27 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
req = "HEAD / HTTP/1.0\r\n\r\n"
req << "User-Agent: Sametime Community Agent\r\n"
req = "HEAD / HTTP/1.1\r\n"
req << "Host: #{datastore['RHOST']}:#{datastore['RPORT']}\r\n"
req << "User-Agent: Sametime Community Agent\r\n\r\n"
sock.put(req)
res = sock.get_once(-1,3) || ''
res = sock.get_once || ''
disconnect
if (res =~/Lotus-Domino/)
if (res.to_s =~/Lotus-Domino/)
connect
req = "GET /CommunityCBR HTTP/1.0\r\n\r\n"
req << "User-Agent: Sametime Community Agent\r\n"
req = "GET /CommunityCBR HTTP/1.1\r\n"
req << "Host: #{datastore['RHOST']}:#{datastore['RPORT']}\r\n"
req << "User-Agent: Sametime Community Agent\r\n\r\n"
sock.put(req)
res = sock.get_once(-1,3) || ''
res = sock.get_once || ''
disconnect
if (res =~/200 OK/)
if (res.to_s =~ /200 OK/)
return Exploit::CheckCode::Detected
end
end
@ -106,8 +107,8 @@ class Metasploit3 < Msf::Exploit::Remote
path = pad1 + jmp + seh + pad2 + popebx + popad + esp
req = "POST /CommunityCBR/CC.39.#{path}/\r\n"
req << "User-Agent: Sametime Community Agent\r\n"
req << "Host: #{datastore['RHOST']}:#{datastore['RPORT']}\r\n"
req << "User-Agent: Sametime Community Agent\r\n"
req << "Content-Length: #{payload.encoded.length}\r\n"
req << "Connection: Close\r\n"
req << "Cache-Control: no-cache\r\n\r\n"

2
modules/exploits/windows/misc/bomberclone_overflow.rb
View File

@ -64,7 +64,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Trying #{target.name} using lstrcpyA address at #{"0x%.8x" % target.ret }...")
udp_sock.put(request)
udp_sock.get
udp_sock.get(5)
handler(udp_sock)
disconnect_udp

4
modules/exploits/windows/misc/hp_dataprotector_dtbclslogin.rb
View File

@ -79,7 +79,7 @@ class Metasploit3 < Msf::Exploit::Remote
hello << "\xb0\x02\x00\x00\xff\xff\x00\x00" << "\x06\x10\x00\x00\x7c\xfa"
sock.put(hello)
hello_response = sock.get
hello_response = sock.get_once(-1, 10)
disconnect
if hello_response and hello_response =~ /Dtb: Context/
@ -109,7 +109,7 @@ class Metasploit3 < Msf::Exploit::Remote
hello << "\xb0\x02\x00\x00\xff\xff\x00\x00" << "\x06\x10\x00\x00\x7c\xfa"
sock.put(hello)
hello_response = sock.get
hello_response = sock.get_once(-1, 10)
if not hello_response or hello_response.empty?
print_error("#{sock.peerinfo} - The Hello Request hasn't received a response")

10
modules/exploits/windows/misc/hp_dataprotector_new_folder.rb
View File

@ -160,7 +160,7 @@ class Metasploit3 < Msf::Exploit::Remote
end
sock.put(hello)
hello_response = sock.get
hello_response = sock.get_once(-1, 10)
if not hello_response or hello_response.empty?
print_error("#{sock.peerinfo} - The Hello Request haven't had response")
@ -235,7 +235,7 @@ class Metasploit3 < Msf::Exploit::Remote
end
sock.put(auth)
auth_response = sock.get
auth_response = sock.get_once(-1, 10)
if not auth_response or auth_response.empty?
print_error("#{sock.peerinfo} - The Authentication Request haven't had response")
return
@ -247,7 +247,7 @@ class Metasploit3 < Msf::Exploit::Remote
request_token << "\x07\x00\x00\x00"
sock.put(request_token)
response_token = sock.get
response_token = sock.get_once(-1, 10)
if not response_token or response_token.empty?
print_error("#{sock.peerinfo} - The Token Request haven't had response")
return
@ -261,7 +261,7 @@ class Metasploit3 < Msf::Exploit::Remote
request_home_identifier << "\x00\x00\x00\x00"
sock.put(request_home_identifier)
response_home_identifier = sock.get
response_home_identifier = sock.get_once(-1, 10)
if not response_home_identifier or response_home_identifier.empty?
print_error("#{sock.peerinfo} - The Home Identifier Request haven't had response")
return
@ -275,7 +275,7 @@ class Metasploit3 < Msf::Exploit::Remote
request_home_contents << response_home_identifier[24,9] << "\00\x00\x00\x00\x0d\x00\x00"
sock.put(request_home_contents)
response_home_contents = sock.get
response_home_contents = sock.get_once(-1, 10)
if not response_home_contents or response_home_contents.empty?
print_error("#{sock.peerinfo} - The Home Contents Request haven't had response")
return

2
modules/exploits/windows/misc/poisonivy_bof.rb
View File

@ -154,7 +154,7 @@ class Metasploit3 < Msf::Exploit::Remote
connect
print_status("Performing handshake...")
sock.put("\x00" * 256)
sock.get
sock.get_once(-1, 10)
# Don't change the nulls, or it might not work
xploit = ''

4
modules/exploits/windows/proxy/ccproxy_telnet_ping.rb
View File

@ -58,10 +58,10 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
banner = sock.get_once(-1,3) || ''
banner = sock.get_once || ''
disconnect
if (banner =~ /CCProxy Telnet Service Ready/)
if banner.to_s =~ /CCProxy Telnet Service Ready/
return Exploit::CheckCode::Detected
end
return Exploit::CheckCode::Safe

10
modules/exploits/windows/scada/codesys_web_server.rb
View File

@ -79,14 +79,14 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
sock.put("GET / HTTP/1.1\r\n\r\n")
res = sock.get(-1, 3)
sock.put("GET / HTTP/1.1\r\nHost: #{rhost}\r\n\r\n")
res = sock.get_once
disconnect
# Can't flag the web server as vulnerable, because it doesn't
# give us a version
vprint_line(res)
if res =~ /3S_WebServer/
vprint_line(res.to_s)
if res.to_s =~ /3S_WebServer/
return Exploit::CheckCode::Detected
else
return Exploit::CheckCode::Safe
@ -118,7 +118,7 @@ class Metasploit3 < Msf::Exploit::Remote
print_status("Trying target #{target.name}...")
sock.put(sploit)
res = sock.get_once
res = sock.get_once(-1, 5)
print_line(res) unless res.nil?
handler

4
modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb
View File

@ -58,10 +58,10 @@ class Metasploit3 < Msf::Exploit::Remote
def check
connect
banner = sock.get_once(-1,3) || ''
banner = sock.get_once || ''
disconnect
if (banner =~ /ESMTP TABS Mail Server for Windows NT/)
if banner.to_s =~ /ESMTP TABS Mail Server for Windows NT/
return Exploit::CheckCode::Detected
end
return Exploit::CheckCode::Safe

2
modules/exploits/windows/smtp/ms03_046_exchange2000_xexch50.rb
View File

@ -151,7 +151,7 @@ class Metasploit3 < Msf::Exploit::Remote
sock.put("XEXCH50 2 2\r\n")
select(nil,nil,nil,3)
res = sock.get(-1,3)
res = sock.get_once
print_status("#{res}")
if (res !~ /Send binary data/)
print_status("Target is not vulnerable.")

4
modules/exploits/windows/telnet/gamsoft_telsrv_username.rb
View File

@ -84,10 +84,10 @@ class Metasploit3 < Msf::Exploit::Remote
connect
print_status("Attempting to determine if target is possibly vulnerable...")
select(nil,nil,nil,7)
banner = sock.get_once(-1,3) || ''
banner = sock.get_once || ''
vprint_status("Banner: #{banner}")
if (banner =~ /TelSrv 1\.5/)
if banner.to_s =~ /TelSrv 1\.5/
return Exploit::CheckCode::Appears
end
return Exploit::CheckCode::Safe

14
tools/msftidy.rb
View File

@ -538,6 +538,18 @@ class Msftidy
end
end
def check_sock_get
if @source =~ /\s+sock\.get(\s*|\(|\d+\s*|\d+\s*,\d+\s*)/m && @source !~ /sock\.get_once/
info('Please use sock.get_once instead of sock.get')
end
end
def check_udp_sock_get
if @source =~ /udp_sock\.get/m && @source !~ /udp_sock\.get\([a-zA-Z0-9]+/
info('Please specify a timeout to udp_sock.get')
end
end
private
def load_file(file)
@ -584,6 +596,8 @@ def run_checks(full_filepath)
tidy.check_vars_get
tidy.check_newline_eof
tidy.check_rubocop
tidy.check_sock_get
tidy.check_udp_sock_get
return tidy
end