From 2cbf64b85afd1b548a5745c3d049bbbfdc8e036c Mon Sep 17 00:00:00 2001 From: HD Moore Date: Fri, 26 Feb 2010 18:47:48 +0000 Subject: [PATCH] Fix up the stored banner for SMTP git-svn-id: file:///home/svn/framework3/trunk@8661 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/core/exploit/smtp.rb | 20 +++++------ modules/auxiliary/scanner/smtp/smtp_banner.rb | 36 ++++++------------- 2 files changed, 19 insertions(+), 37 deletions(-) diff --git a/lib/msf/core/exploit/smtp.rb b/lib/msf/core/exploit/smtp.rb index 14d6d19afc..398d3c5661 100644 --- a/lib/msf/core/exploit/smtp.rb +++ b/lib/msf/core/exploit/smtp.rb @@ -11,7 +11,7 @@ require 'msf/core/exploit/tcp' module Exploit::Remote::Smtp include Exploit::Remote::Tcp - + # # Creates an instance of an SMTP exploit module. # @@ -27,7 +27,7 @@ module Exploit::Remote::Smtp OptString.new('MAILTO', [ true, 'TO address of the e-mail', 'human@ahhhzombies111.net']), ], Msf::Exploit::Remote::Smtp) register_autofilter_ports([ 25, 465, 587, 2525, 25025, 25000]) - register_autofilter_services(%W{ smtp smtps}) + register_autofilter_services(%W{ smtp smtps}) end # @@ -36,21 +36,16 @@ module Exploit::Remote::Smtp # message is read in and stored in the 'banner' attribute. # def connect(global = true) - print_status("Connecting to SMTP server #{rhost}:#{rport}...") - fd = super - - # Wait for a banner to arrive... - self.banner = fd.get_once - print_status("Connected to target SMTP server.") - print_status("Banner: #{self.banner.split("\n")[0].strip}") + # Wait for a banner to arrive... + self.banner = fd.get_once(-1, 30) # Return the file descriptor to the caller fd end # - # Connect to the remote SMTP server, and begin a DATA transfer + # Connect to the remote SMTP server, and begin a DATA transfer # def connect_login(global = true) smtpsock = connect(global) @@ -59,10 +54,10 @@ module Exploit::Remote::Smtp raw_send_recv("MAIL FROM: #{datastore['MAILFROM']}\r\n") raw_send_recv("RCPT TO: #{datastore['MAILTO']}\r\n") raw_send_recv("DATA\r\n") - + return true end - + # # This method transmits an IMAP command and waits for a response. If one is # received, it is returned to the caller. @@ -83,3 +78,4 @@ protected end end + diff --git a/modules/auxiliary/scanner/smtp/smtp_banner.rb b/modules/auxiliary/scanner/smtp/smtp_banner.rb index 0f51babb4a..d0bbedafdf 100644 --- a/modules/auxiliary/scanner/smtp/smtp_banner.rb +++ b/modules/auxiliary/scanner/smtp/smtp_banner.rb @@ -1,5 +1,5 @@ ## -# This file is part of the Metasploit Framework and may be subject to +# This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more information on licensing and terms of use. # http://metasploit.com/framework/ @@ -26,33 +26,19 @@ class Metasploit3 < Msf::Auxiliary 'License' => MSF_LICENSE ) deregister_options('MAILFROM', 'MAILTO') - end - def run_host(target_host) - + def run_host(ip) begin - - res = connect(true) - - if res - report_note( - :host => target_host, - :proto => 'SMTP', - :port => rport, - :type => 'BANNER', - :data => banner.strip! - ) - - print_status("#{target_host}:#{rport} is running (#{banner})") - + res = connect + banner_sanitized = banner.to_s.gsub(/[\x00-\x19\x7f-\xff]/) { |s| "\\x%02x" % s[0,1].unpack("C")[0] } + print_status("#{ip}:#{rport} SMTP #{banner_sanitized}") + report_service(:host => rhost, :port => rport, :name => "smtp", :info => banner) + rescue ::Rex::ConnectionError + rescue ::Exception => e + print_error("#{rhost}:#{rport} #{e} #{e.backtrace}") end - - disconnect - - rescue ::Interrupt - raise $! - rescue ::Rex::ConnectionError, ::IOError - end end + end +