1
mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-29 18:07:27 +01:00

Massive whitespace cleanup

This commit is contained in:
sinn3r 2012-03-18 00:07:27 -05:00
parent 7c77fe20cc
commit aeb691bbee
322 changed files with 303 additions and 610 deletions

View File

@ -282,4 +282,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -280,4 +280,4 @@ class Metasploit3 < Msf::Auxiliary
return stub
end
end
end

View File

@ -82,4 +82,4 @@ class Metasploit3 < Msf::Auxiliary
end
disconnect
end
end
end

View File

@ -87,4 +87,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -153,4 +153,4 @@ class Metasploit3 < Msf::Auxiliary
disconnect
end
end
end

View File

@ -58,4 +58,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -64,4 +64,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -155,4 +155,4 @@ class Metasploit4 < Msf::Auxiliary
end
end
end

View File

@ -139,4 +139,4 @@ class Metasploit4 < Msf::Auxiliary
end
end
end

View File

@ -208,4 +208,4 @@ class Metasploit4 < Msf::Auxiliary
end
end
end

View File

@ -42,4 +42,3 @@ class Metasploit3 < Msf::Auxiliary
mssql_xpcmdshell(datastore['CMD'], true) if mssql_login_datastore
end
end

View File

@ -230,4 +230,3 @@ class Metasploit3 < Msf::Auxiliary
disconnect
end
end

View File

@ -216,4 +216,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -45,4 +45,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -75,4 +75,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -62,4 +62,4 @@ class Metasploit3 < Msf::Auxiliary
disconnect
end
end
end

View File

@ -95,5 +95,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -72,4 +72,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -74,4 +74,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -222,4 +222,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -23,8 +23,8 @@ class Metasploit3 < Msf::Auxiliary
super(
'Name' => 'VMWare Power Off Virtual Machine',
'Description' => %Q{
This module will log into the Web API of VMWare and try to power off
a specified Virtual Machine.},
This module will log into the Web API of VMWare and try to power off
a specified Virtual Machine.},
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
'License' => MSF_LICENSE
)
@ -66,10 +66,4 @@ class Metasploit3 < Msf::Auxiliary
return
end
end
end

View File

@ -73,4 +73,3 @@ class Metasploit3 < Msf::Auxiliary
end

View File

@ -23,9 +23,10 @@ class Metasploit3 < Msf::Auxiliary
super(
'Name' => 'VMWare Tag Virtual Machine',
'Description' => %Q{
This module will log into the Web API of VMWare and
'tag' a specified Virtual Machine. It does this by
logging a user event with user supplied text},
This module will log into the Web API of VMWare and
'tag' a specified Virtual Machine. It does this by
logging a user event with user supplied text
},
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
'License' => MSF_LICENSE
)
@ -72,9 +73,4 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -23,8 +23,8 @@ class Metasploit3 < Msf::Auxiliary
super(
'Name' => 'VMWare Terminate ESX Login Sessions',
'Description' => %Q{
This module will log into the Web API of VMWare and try to terminate
user login sessions as specified by the session keys.},
This module will log into the Web API of VMWare and try to terminate
user login sessions as specified by the session keys.},
'Author' => ['TheLightCosine <thelightcosine[at]metasploit.com>'],
'License' => MSF_LICENSE
)
@ -60,8 +60,4 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -114,4 +114,3 @@ class Metasploit3 < Msf::Auxiliary
wdbrpc_client_disconnect
end
end

View File

@ -96,4 +96,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -116,4 +116,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -66,4 +66,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -84,4 +84,4 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
end

View File

@ -160,4 +160,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -158,4 +158,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -153,4 +153,3 @@ class Metasploit3 < Msf::Auxiliary
return target_mac
end
end

View File

@ -6,7 +6,7 @@
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
# http://metasploit.com/
##
require 'msf/core'
@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
[ 'URL', 'http://www.slideshare.net/claudijd/dc-skytalk-bnat-hijacking-repairing-broken-communication-channels'],
]
)
register_options(
[
OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "21,22,23,80,443"]),
@ -49,42 +49,41 @@ class Metasploit3 < Msf::Auxiliary
end
def probe_reply(pcap, to)
reply = nil
begin
Timeout.timeout(to) do
pcap.each do |r|
pkt = PacketFu::Packet.parse(r)
next unless pkt.is_tcp?
reply = pkt
break
end
end
rescue Timeout::Error
end
return reply
reply = nil
begin
Timeout.timeout(to) do
pcap.each do |r|
pkt = PacketFu::Packet.parse(r)
next unless pkt.is_tcp?
reply = pkt
break
end
end
rescue Timeout::Error
end
return reply
end
def generate_probe(ip)
ftypes = %w{windows, linux, freebsd}
@flavor = ftypes[rand(ftypes.length)]
config = PacketFu::Utils.whoami?(:iface => datastore['INTERFACE'])
p = PacketFu::TCPPacket.new(:config => config)
p.ip_daddr = ip
p.tcp_flags.syn = 1
ftypes = %w{windows, linux, freebsd}
@flavor = ftypes[rand(ftypes.length)]
config = PacketFu::Utils.whoami?(:iface => datastore['INTERFACE'])
p = PacketFu::TCPPacket.new(:config => config)
p.ip_daddr = ip
p.tcp_flags.syn = 1
return p
end
def run_host(ip)
open_pcap
to = (datastore['TIMEOUT'] || 500).to_f / 1000.0
p = generate_probe(ip)
pcap = self.capture
ports = Rex::Socket.portspec_crack(datastore['PORTS'])
ports.each_with_index do |port,i|
p.tcp_dst = port
p.tcp_src = rand(64511)+1024
@ -96,12 +95,11 @@ class Metasploit3 < Msf::Auxiliary
capture_sendto(p, ip)
reply = probe_reply(pcap, to)
next if reply.nil?
print_status("[BNAT RESPONSE] Requested IP: #{ip} Responding IP: #{reply.ip_saddr} Port: #{reply.tcp_src}")
end
close_pcap
end
end
print_status("[BNAT RESPONSE] Requested IP: #{ip} Responding IP: #{reply.ip_saddr} Port: #{reply.tcp_src}")
end
close_pcap
end
end

View File

@ -451,11 +451,3 @@ class BaseParser
self.crawler.cinipath
end
end

View File

@ -59,4 +59,3 @@ class Metasploit3 < Msf::Auxiliary
print_status("Avahi should be down now")
end
end

View File

@ -69,4 +69,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -71,4 +71,4 @@ class Metasploit3 < Msf::Auxiliary
disconnect
end
end
end

View File

@ -63,7 +63,7 @@ cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010213
TCATSysSrv+0x14f6a:
00414f6a 66833802 cmp word ptr [eax],2 ds:0023:02a1f9cf=????
0:016> k
ChildEBP RetAddr
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
02a0f7f8 71ab265b TCATSysSrv+0x14f6a
02a0f80c 71ab4a9e WS2_32!Prolog_v1+0x21
@ -73,4 +73,4 @@ WARNING: Stack unwind information not available. Following frames may be wrong.
02a0f938 71ad303a WS2_32!WSARecvFrom+0x7d
02a0f96c 00414b92 WSOCK32!recvfrom+0x39
02a0f988 00000000 TCATSysSrv+0x14b92
=end
=end

View File

@ -52,4 +52,3 @@ class Metasploit3 < Msf::Auxiliary
disconnect_udp
end
end

View File

@ -74,4 +74,3 @@ class Metasploit3 < Msf::Auxiliary
close_pcap
end
end

View File

@ -115,4 +115,3 @@ class Metasploit3 < Msf::Auxiliary
frame[16,6] = eton(addr) if addr
end
end

View File

@ -165,4 +165,3 @@ bf87c9d9 0f82cf000000 jb win32k!bComputeIDs+0x1be (bf87caae)
bf87c9df 8a6702 mov ah,byte ptr [edi+2] <--- the crash above
=end

View File

@ -51,4 +51,4 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
end

View File

@ -49,4 +49,4 @@ class Metasploit3 < Msf::Auxiliary
disconnect
end
end
end

View File

@ -110,4 +110,3 @@ class Metasploit3 < Msf::Auxiliary
disconnect_udp
end
end

View File

@ -57,4 +57,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -67,4 +67,3 @@ class Metasploit3 < Msf::Auxiliary
client.close
end
end

View File

@ -44,4 +44,3 @@ class Metasploit3 < Msf::Auxiliary
disconnect_udp
end
end

View File

@ -498,4 +498,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -48,13 +48,13 @@ class Metasploit3 < Msf::Auxiliary
OptBool.new('EXTRALINE', [ true, "Add extra CRLF's in response to LIST",true])
], self.class)
end
# Not compatible today
def support_ipv6?
false
end
#---------------------------------------------------------------------------------
def setup

View File

@ -93,4 +93,3 @@ class Metasploit3 < Msf::Auxiliary
datastore['URIBASE']
end
end

View File

@ -90,4 +90,3 @@ class Metasploit3 < Msf::Auxiliary
datastore['URIBASE']
end
end

View File

@ -351,7 +351,7 @@ class Metasploit3 < Msf::Auxiliary
print_status("Filing Date: " + filing_date)
print_status("10K Filing Form: " + form10k)
print_status("SEC 21 Form: " + sec21)
print_status("Company is active filer: " + (is_filer == "1" ? "true" : "false"))
print_status("Company is active filer: " + (is_filer == "1" ? "true" : "false"))
}
end
end

View File

@ -507,4 +507,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -122,4 +122,4 @@ class Metasploit3 < Msf::Auxiliary
end
return status
end
end
end

View File

@ -122,4 +122,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -91,4 +91,3 @@ class Metasploit3 < Msf::Auxiliary
end

View File

@ -314,4 +314,3 @@ class Metasploit3 < Msf::Auxiliary
end

View File

@ -52,7 +52,7 @@ class Metasploit3 < Msf::Auxiliary
@probes << 'probe_pkt_db2disco'
@probes << 'probe_pkt_citrix'
@probes << 'probe_pkt_pca_st'
@probes << 'probe_pkt_pca_nq'
@probes << 'probe_pkt_pca_nq'
end
@ -107,13 +107,13 @@ class Metasploit3 < Msf::Auxiliary
rescue ::Exception => e
print_error("Unknown error: #{@thost}:#{@tport} #{e.class} #{e} #{e.backtrace}")
end
@results.each_key do |k|
next if not @results[k].respond_to?('keys')
data = @results[k]
next unless inside_workspace_boundary?(data[:host])
conf = {
:host => data[:host],
:port => data[:port],
@ -121,7 +121,7 @@ class Metasploit3 < Msf::Auxiliary
:name => data[:app],
:info => data[:info]
}
if data[:hname]
conf[:host_name] = data[:hname].downcase
end
@ -129,7 +129,7 @@ class Metasploit3 < Msf::Auxiliary
if data[:mac]
conf[:mac] = data[:mac].downcase
end
report_service(conf)
print_status("Discovered #{data[:app]} on #{k} (#{data[:info]})")
end
@ -140,7 +140,7 @@ class Metasploit3 < Msf::Auxiliary
# The response parsers
#
def parse_reply(pkt)
# Ignore "empty" packets
return if not pkt[1]
@ -154,7 +154,7 @@ class Metasploit3 < Msf::Auxiliary
hname = nil
hkey = "#{pkt[1]}:#{pkt[2]}"
# Work with protocols that return different data in different packets
# These are reported at the end of the scanning loop to build state
case pkt[2]
@ -162,25 +162,25 @@ class Metasploit3 < Msf::Auxiliary
@results[hkey] ||= {}
data = @results[hkey]
data[:app] = "pcAnywhere"
data[:port] = pkt[2]
data[:host] = pkt[1]
case pkt[0]
when /^NR(........................)(........)/
name = $1.dup
caps = $2.dup
caps = $2.dup
name = name.gsub(/_+$/, '').gsub("\x00", '').strip
caps = caps.gsub(/_+$/, '').gsub("\x00", '').strip
data[:name] = name
data[:caps] = caps
when /^ST(.+)/
buff = $1.dup
stat = 'Unknown'
if buff[2,1].unpack("C")[0] == 67
stat = "Available"
end
@ -188,29 +188,28 @@ class Metasploit3 < Msf::Auxiliary
if buff[2,1].unpack("C")[0] == 11
stat = "Busy"
end
data[:stat] = stat
end
if data[:name]
inf << "Name: #{data[:name]} "
end
if data[:stat]
inf << "- #{data[:stat]} "
end
if data[:caps]
inf << "( #{data[:caps]} ) "
end
data[:info] = inf
end
data[:info] = inf
end
# Ignore duplicates for the protocols below
return if @results[hkey]
case pkt[2]
when 53
@ -271,7 +270,7 @@ class Metasploit3 < Msf::Auxiliary
hname = names[0][0]
end
end
@results[hkey] = true
when 111
@ -344,7 +343,7 @@ class Metasploit3 < Msf::Auxiliary
app = 'citrix-ica'
return unless citrix_parse(pkt[0])
@results[hkey] = true
end
return unless inside_workspace_boundary?(pkt[1])
@ -513,10 +512,9 @@ class Metasploit3 < Msf::Auxiliary
def probe_pkt_pca_st(ip)
return ["ST", 5632]
end
def probe_pkt_pca_nq(ip)
return ["NQ", 5632]
end
end

View File

@ -54,7 +54,7 @@ class Metasploit3 < Msf::Auxiliary
@probes << 'probe_pkt_citrix'
@probes << 'probe_pkt_pca_st'
@probes << 'probe_pkt_pca_nq'
end
def setup
@ -74,7 +74,7 @@ class Metasploit3 < Msf::Auxiliary
# Fingerprint a single host
def run_batch(batch)
@results = {}
print_status("Sending #{@probes.length} probes to #{batch[0]}->#{batch[-1]} (#{batch.length} hosts)")
begin
@ -143,9 +143,9 @@ class Metasploit3 < Msf::Auxiliary
@results.each_key do |k|
next if not @results[k].respond_to?('keys')
data = @results[k]
next unless inside_workspace_boundary?(data[:host])
conf = {
:host => data[:host],
:port => data[:port],
@ -153,7 +153,7 @@ class Metasploit3 < Msf::Auxiliary
:name => data[:app],
:info => data[:info]
}
if data[:hname]
conf[:host_name] = data[:hname].downcase
end
@ -161,11 +161,11 @@ class Metasploit3 < Msf::Auxiliary
if data[:mac]
conf[:mac] = data[:mac].downcase
end
report_service(conf)
print_status("Discovered #{data[:app]} on #{k} (#{data[:info]})")
end
end
@ -189,8 +189,7 @@ class Metasploit3 < Msf::Auxiliary
inf = ''
maddr = nil
hname = nil
# Work with protocols that return different data in different packets
# These are reported at the end of the scanning loop to build state
case pkt[2]
@ -198,21 +197,21 @@ class Metasploit3 < Msf::Auxiliary
@results[hkey] ||= {}
data = @results[hkey]
data[:app] = "pcAnywhere"
data[:port] = pkt[2]
data[:host] = pkt[1]
case pkt[0]
when /^NR(........................)(........)/
name = $1.dup
caps = $2.dup
caps = $2.dup
name = name.gsub(/_+$/, '').gsub("\x00", '').strip
caps = caps.gsub(/_+$/, '').gsub("\x00", '').strip
data[:name] = name
data[:caps] = caps
when /^ST(.+)/
buff = $1.dup
stat = 'Unknown'
@ -224,14 +223,14 @@ class Metasploit3 < Msf::Auxiliary
if buff[2,1].unpack("C")[0] == 11
stat = "Busy"
end
data[:stat] = stat
end
if data[:name]
inf << "Name: #{data[:name]} "
end
if data[:stat]
inf << "- #{data[:stat]} "
end
@ -239,9 +238,9 @@ class Metasploit3 < Msf::Auxiliary
if data[:caps]
inf << "( #{data[:caps]} ) "
end
data[:info] = inf
data[:info] = inf
end
# Ignore duplicates
return if @results[hkey]
@ -260,7 +259,7 @@ class Metasploit3 < Msf::Auxiliary
ver = pkt[0].unpack('H*')[0] if not ver
inf = ver if ver
@results[hkey] = true
when 137
@ -306,7 +305,7 @@ class Metasploit3 < Msf::Auxiliary
hname = names[0][0]
end
end
@results[hkey] = true
when 111
@ -328,7 +327,7 @@ class Metasploit3 < Msf::Auxiliary
)
end
inf = svc.join(", ")
@results[hkey] = true
when 123
@ -340,7 +339,7 @@ class Metasploit3 < Msf::Auxiliary
ver = 'NTP v4 (unsynchronized)' if (ver =~ /^e40/)
ver = 'Microsoft NTP' if (ver =~ /^dc00|^dc0f/)
inf = ver if ver
@results[hkey] = true
when 1434
@ -350,7 +349,7 @@ class Metasploit3 < Msf::Auxiliary
}
@results[hkey] = true
when 161
app = 'SNMP'
asn = OpenSSL::ASN1.decode(pkt[0]) rescue nil
@ -368,7 +367,7 @@ class Metasploit3 < Msf::Auxiliary
inf = snmp_info
com = snmp_comm
@results[hkey] = true
@results[hkey] = true
when 5093
app = 'Sentinel'
@ -382,7 +381,7 @@ class Metasploit3 < Msf::Auxiliary
when 1604
app = 'citrix-ica'
return unless citrix_parse(pkt[0])
@results[hkey] = true
@results[hkey] = true
end
@ -547,14 +546,13 @@ class Metasploit3 < Msf::Auxiliary
"\x00\x00\x00\x00"
return [data, 1604]
end
def probe_pkt_pca_st(ip)
return ["ST", 5632]
end
def probe_pkt_pca_nq(ip)
return ["NQ", 5632]
end
end
end

View File

@ -190,4 +190,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -53,4 +53,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -34,7 +34,7 @@ class Metasploit3 < Msf::Auxiliary
register_options(
[
OptString.new('PATH', [ true, "The path/file to identify backups", '/index.asp']),
OptString.new('PATH', [ true, "The path/file to identify backups", '/index.asp'])
], self.class)
end

View File

@ -86,7 +86,7 @@ class Metasploit3 < Msf::Auxiliary
"'%20OR%20'#{rnum}'%3D'#{rnum+1}'--"
]
]
# Creating strings with true and false values
valstr = []
inivalstr.each do |vstr|
@ -97,7 +97,7 @@ class Metasploit3 < Msf::Auxiliary
# With false values, appending '0' to real value
valstr << ['False num '+vstr[0],'0'+vstr[1],'0'+vstr[2]]
end
#valstr.each do |v|
# print_status("#{v[0]}")
# print_status("#{v[1]}")
@ -130,13 +130,13 @@ class Metasploit3 < Msf::Auxiliary
end
verifynr=2
i=0
k=0
c=0
normalres = nil
verifynr.times do |j|
#SEND NORMAL REQUEST
begin
@ -162,19 +162,19 @@ class Metasploit3 < Msf::Auxiliary
else
if k != normalres.body.length
print_error("Normal response body vary")
return
return
end
if c != normalres.code.to_i
print_error("Normal response code vary")
return
return
end
end
end
end
print_status("[Normal response body: #{k} code: #{c}]")
pinj = false
pinj = false
valstr.each do |tarr|
#QUERY
@ -186,7 +186,7 @@ class Metasploit3 < Msf::Auxiliary
testgvars = queryparse(datastore['QUERY']) #Now its a Hash
testgvars[key] = testgvars[key]+tarr[1]
t = testgvars[key]
begin
trueres = send_request_cgi({
'uri' => datastore['PATH'],
@ -199,11 +199,11 @@ class Metasploit3 < Msf::Auxiliary
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE
end
#SEND FALSE REQUEST
testgvars = queryparse(datastore['QUERY']) #Now its a Hash
testgvars[key] = testgvars[key]+tarr[2]
begin
falseres = send_request_cgi({
'uri' => datastore['PATH'],
@ -215,22 +215,22 @@ class Metasploit3 < Msf::Auxiliary
}, 20)
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE
end
end
pinja = false
pinjb = false
pinjc = false
pinjd = false
pinja = detection_a(normalres,trueres,falseres,tarr)
pinjb = detection_b(normalres,trueres,falseres,tarr)
pinjc = detection_c(normalres,trueres,falseres,tarr)
pinjd = detection_d(normalres,trueres,falseres,tarr)
if pinja or pinjb or pinjc or pinjd
print_error("Possible #{tarr[0]} Blind SQL Injection Found #{datastore['PATH']} #{key}")
print_error("[#{t}]")
report_web_vuln(
:host => ip,
:port => rport,
@ -251,7 +251,7 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
#DATA
if pvars
pvars.each do |key,value|
@ -282,7 +282,7 @@ class Metasploit3 < Msf::Auxiliary
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE
end
#SEND FALSE REQUEST
testpvars = queryparse(datastore['DATA']) #Now its a Hash
testpvars[key] = testpvars[key]+tarr[2]
@ -312,16 +312,16 @@ class Metasploit3 < Msf::Auxiliary
pinjb = false
pinjc = false
pinjd = false
pinja = detection_a(normalres,trueres,falseres,tarr)
pinjb = detection_b(normalres,trueres,falseres,tarr)
pinjc = detection_c(normalres,trueres,falseres,tarr)
pinjd = detection_d(normalres,trueres,falseres,tarr)
if pinja or pinjb or pinjc or pinjd
print_error("Possible #{tarr[0]} Blind SQL Injection Found #{datastore['PATH']} #{key}")
print_error("[#{t}]")
report_web_vuln(
:host => ip,
:port => rport,
@ -344,26 +344,26 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
def detection_a(normalr,truer,falser,tarr)
# print_status("A")
# DETECTION A
# Very simple way to compare responses, this can be improved alot , at this time just the simple way
if normalr and truer
#Very simple way to compare responses, this can be improved alot , at this time just the simple way
reltruesize = truer.body.length-(truer.body.scan(/#{tarr[1]}/).length*tarr[1].length)
normalsize = normalr.body.length
#print_status("normalsize #{normalsize} truesize #{reltruesize}")
if reltruesize == normalsize
if falser
relfalsesize = falser.body.length-(falser.body.scan(/#{tarr[2]}/).length*tarr[2].length)
#print_status("falsesize #{relfalsesize}")
#print_status("falsesize #{relfalsesize}")
if reltruesize > relfalsesize
print_status("Detected by test A")
return true
@ -379,20 +379,20 @@ class Metasploit3 < Msf::Auxiliary
else
print_status("No response.")
end
return false
end
def detection_b(normalr,truer,falser,tarr)
# print_status("B")
# DETECTION B
# Variance on res body
if normalr and truer
if normalr and truer
if falser
#print_status("N: #{normalr.body.length} T: #{truer.body.length} F: #{falser.body.length} T1: #{tarr[1].length} F2: #{tarr[2].length} #{tarr[1].length+tarr[2].length}")
if (truer.body.length-tarr[1].length) != normalr.body.length and (falser.body.length-tarr[2].length) == normalr.body.length
print_status("Detected by test B")
return true
@ -403,17 +403,17 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
return false
end
def detection_c(normalr,truer,falser,tarr)
# print_status("C")
# DETECTION C
# Variance on res code of true or false statements
if normalr and truer
if normalr and truer
if falser
if truer.code.to_i != normalr.code.to_i and falser.code.to_i == normalr.code.to_i
print_status("Detected by test C")
@ -425,26 +425,26 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
return false
end
def detection_d(normalr,truer,falser,tarr)
# print_status("D")
# DETECTION D
# Variance PERCENTAGE MIN MAX on res body
# 2% 50%
max_diff_perc = 2
min_diff_perc = 50
if normalr and truer
max_diff_perc = 2
min_diff_perc = 50
if normalr and truer
if falser
nl= normalr.body.length
tl= truer.body.length
fl= falser.body.length
if nl == 0
nl = 1
end
@ -454,30 +454,30 @@ class Metasploit3 < Msf::Auxiliary
if fl == 0
fl = 1
end
ntmax = [ nl,tl ].max
ntmin = [ nl,tl ].min
diff_nt_perc = ((ntmax - ntmin)*100)/(ntmax)
diff_nt_f_perc = ((ntmax - fl)*100)/(ntmax)
diff_nt_f_perc = ((ntmax - fl)*100)/(ntmax)
if diff_nt_perc <= max_diff_perc and diff_nt_f_perc > min_diff_perc
print_status("Detected by test D")
return true
end
nfmax = [ nl,fl ].max
nfmin = [ nl,fl ].min
diff_nf_perc = ((nfmax - nfmin)*100)/(nfmax)
diff_nf_t_perc = ((nfmax - tl)*100)/(nfmax)
if diff_nf_perc <= max_diff_perc and diff_nf_t_perc > min_diff_perc
print_status("Detected by test D")
return true
end
end
end
return false
end
end

View File

@ -199,4 +199,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -100,4 +100,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -97,4 +97,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -214,4 +214,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -178,7 +178,7 @@ class Metasploit3 < Msf::Auxiliary
:data => "#{tpath}#{testfdir} Auth: #{res.headers['WWW-Authenticate']}",
:update => :unique_data
)
end
end
@ -188,4 +188,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -184,7 +184,7 @@ class Metasploit3 < Msf::Auxiliary
:data => "#{tpath}%c0%af#{testfdir} Code: #{res.code}",
:update => :unique_data
)
end
end
@ -195,4 +195,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -36,7 +36,7 @@ class Metasploit3 < Msf::Auxiliary
register_options(
[
OptString.new('PATH', [true, "Drupal Path", "/"]),
OptString.new('PATH', [true, "Drupal Path", "/"])
], self.class)
end

View File

@ -153,7 +153,7 @@ class Metasploit3 < Msf::Auxiliary
print_error("[#{wmap_target_host}] Error string appears in the normal response, unable to test")
print_error("[#{wmap_target_host}] Error string: '#{inje}'")
print_error("[#{wmap_target_host}] DB TYPE: #{dbt}, Error type '#{injt}'")
report_web_vuln(
:host => ip,
:port => rport,

View File

@ -303,7 +303,7 @@ class Metasploit3 < Msf::Auxiliary
return :abort if (res.code == 404)
if ( [200, 301, 302].include?(res.code) ) or (res.code == 201)
if ( [200, 301, 302].include?(res.code) ) or (res.code == 201)
if ((res.code == 201) and (requesttype == "PUT"))
print_good("Trying to delete #{path}")
del_res,c = send_digest_request_cgi({
@ -334,4 +334,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -134,7 +134,7 @@ class Metasploit4 < Msf::Auxiliary
path += '/'
end
path += datastore['FILENAME']
path += datastore['FILENAME']
case action.name
when 'PUT'

View File

@ -29,7 +29,7 @@ class Metasploit3 < Msf::Auxiliary
'Author' => 'hdm',
'License' => MSF_LICENSE
)
register_wmap_options({
'OrderID' => 0,
'Require' => {},
@ -46,4 +46,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -180,4 +180,4 @@ class Metasploit4 < Msf::Auxiliary
print_good("pem: #{p}")
end
end
end

View File

@ -124,4 +124,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -58,7 +58,7 @@ class Metasploit3 < Msf::Auxiliary
register_wmap_options({
'OrderID' => 1,
'Require' => {},
})
})
end
def run_host(target_host)
@ -82,7 +82,7 @@ class Metasploit3 < Msf::Auxiliary
datastore['RPORT'] = target_port
if target_host == site
print_error("Target is the same as proxy site.")
else
else
check_host(target_host,target_port,site,user_agent)
end
end

View File

@ -80,4 +80,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -107,4 +107,4 @@ class Metasploit3 < Msf::Auxiliary
end
end
end
end
end

View File

@ -92,4 +92,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -112,4 +112,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -68,7 +68,7 @@ class Metasploit3 < Msf::Auxiliary
result.each do |u|
print_status("[#{target_host}] #{tpath} [#{u}]")
report_web_vuln(
:host => target_host,
:port => rport,
@ -92,4 +92,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -73,4 +73,4 @@ class Metasploit3 < Msf::Auxiliary
print_status("File saved in: #{path}")
end
end
end
end

View File

@ -109,4 +109,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -119,4 +119,4 @@ class Metasploit4 < Msf::Auxiliary
rescue ::Timeout::Error, ::Errno::EPIPE
end
end
end
end

View File

@ -250,4 +250,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -109,4 +109,4 @@ HTTP/1.1 405 Method Not Allowed
Allow: GET
Content-Length: 0
Server: Jetty(EAServer/6.3.1.04 Build 63104 EBF 18509)
=end
=end

View File

@ -67,4 +67,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -84,9 +84,9 @@ class Metasploit3 < Msf::Auxiliary
print_status("Testing verb #{tv} resp code: [#{resauth.code}]")
if resauth.code != auth_code and resauth.code <= 302
print_status("Possible authentication bypass with verb #{tv} code #{resauth.code}")
# Unable to use report_web_vuln as method is not in list of allowed methods.
report_note(
:host => ip,
:proto => 'tcp',
@ -96,7 +96,7 @@ class Metasploit3 < Msf::Auxiliary
:data => "#{datastore['PATH']} Verb: #{tv}",
:update => :unique_data
)
end
end
end

View File

@ -147,4 +147,3 @@ require 'cgi'
end
end

View File

@ -48,7 +48,7 @@ class Metasploit3 < Msf::Auxiliary
], self.class)
end
# Modify to true if you have sqlmap installed.
def wmap_enabled
false
@ -189,4 +189,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -78,4 +78,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -79,4 +79,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -78,4 +78,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -182,4 +182,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -260,5 +260,3 @@ class Metasploit3 < Msf::Auxiliary
print_status("Done.")
end
end

View File

@ -40,4 +40,3 @@ class Metasploit3 < Msf::Auxiliary
end
end

View File

@ -84,4 +84,3 @@ class Metasploit3 < Msf::Auxiliary
end
end
end

View File

@ -19,7 +19,7 @@ class Metasploit3 < Msf::Auxiliary
'Name' => 'OKI Printer Default Login Credential Scanner',
'Description' => %q{
This module scans for OKI printers via SNMP, then tries to connect to found devices
with vendor default administrator credentials via HTTP authentication. By default, OKI
with vendor default administrator credentials via HTTP authentication. By default, OKI
network printers use the last six digits of the MAC as admin password.
},
'Author' => 'antr6X <anthr6x[at]gmail.com>',

Some files were not shown because too many files have changed in this diff Show More