HD Moore
6b4eb9a8e2
This change adds two new Rex exceptions and changes the local comm to raise the right one depending on the circumstances. The problem with the existing model is that failed binds and failed connections both raised the same exception. This change is backwards compatible with modules that rescue Rex::AddressInUse in additi on to Rex::ConnectionError. There were two corner cases that rescued Rex::AddressInUse specifically: 1. The 'r'-services mixin and modules caught the old exception when handling bind errors. These have been updated to use BindFailed 2. The meterpreter client had a catch for the old exception when the socket reports a bad destination (usually a network connection dropped). This has been updat ed to use InvalidDestination as that was the intention prior to this change. Since AddressInUse was part of ConnectionError, modules and mixins which caught both in the same rescue have been updated to just catch ConnectionError.
83 lines
1.9 KiB
Ruby
83 lines
1.9 KiB
Ruby
# -*- coding: binary -*-
|
|
|
|
##
|
|
#
|
|
# This Auxiliary Mixin provides functionality for dealing with BSD R*Services
|
|
#
|
|
##
|
|
|
|
module Msf
|
|
module Auxiliary::RServices
|
|
|
|
def initialize(info = {})
|
|
super
|
|
|
|
register_options(
|
|
[
|
|
OptString.new('FROMUSER', [ false, 'The username to login from' ]),
|
|
OptPath.new( 'FROMUSER_FILE', [ false, 'File containing from usernames, one per line',
|
|
File.join(Msf::Config.data_directory, "wordlists", "rservices_from_users.txt") ])
|
|
], Msf::Auxiliary::RServices)
|
|
|
|
register_advanced_options(
|
|
[
|
|
OptBool.new('REMOVE_FROMUSER_FILE', [ true, "Automatically delete the FROMUSER_FILE on module completion", false])
|
|
], Msf::Auxiliary::RServices)
|
|
end
|
|
|
|
|
|
def connect_from_privileged_port(start_port = 1023)
|
|
cport = start_port
|
|
sd = nil
|
|
while cport > 512
|
|
#vprint_status("Trying to connect from port #{cport} ...")
|
|
sd = nil
|
|
begin
|
|
sd = connect(true, { 'CPORT' => cport })
|
|
|
|
rescue Rex::BindFailed
|
|
# Ignore and try again
|
|
#vprint_error("Unable to connect: #{$!}")
|
|
|
|
rescue Rex::ConnectionError => e
|
|
vprint_error("Unable to connect: #{$!}")
|
|
return :refused if e.class == Rex::ConnectionRefused
|
|
return :connection_error
|
|
|
|
end
|
|
|
|
break if sd
|
|
cport -= 1
|
|
end
|
|
|
|
if not sd
|
|
print_error("#{target_host}:#{rport} - Unable to bind to privileged port")
|
|
return :bind_error
|
|
end
|
|
|
|
#vprint_status("Connected from #{cport}")
|
|
return :connected
|
|
end
|
|
|
|
|
|
def load_fromuser_vars
|
|
fromusers = extract_words(datastore['FROMUSER_FILE'])
|
|
if datastore['FROMUSER']
|
|
fromusers.unshift datastore['FROMUSER']
|
|
end
|
|
fromusers
|
|
end
|
|
|
|
|
|
def cleanup_files
|
|
super
|
|
|
|
path = datastore['FROMUSER_FILE']
|
|
if path and datastore['REMOVE_FROMUSER_FILE']
|
|
::File.unlink(path) rescue nil
|
|
end
|
|
end
|
|
|
|
end
|
|
end
|