Fix up the stored banner for SMTP

git-svn-id: file:///home/svn/framework3/trunk@8661 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-26 18:47:48 +00:00 · 2010-02-26 18:47:48 +00:00 · 2cbf64b85a
parent be0fc489b1
commit 2cbf64b85a
2 changed files with 19 additions and 37 deletions
--- a/lib/msf/core/exploit/smtp.rb
+++ b/lib/msf/core/exploit/smtp.rb
@ -11,7 +11,7 @@ require 'msf/core/exploit/tcp'
 module Exploit::Remote::Smtp

 	include Exploit::Remote::Tcp
-	
+
 	#
 	# Creates an instance of an SMTP exploit module.
 	#
@ -27,7 +27,7 @@ module Exploit::Remote::Smtp
 				OptString.new('MAILTO', [ true, 'TO address of the e-mail', 'human@ahhhzombies111.net']),
 			], Msf::Exploit::Remote::Smtp)
 		register_autofilter_ports([ 25, 465, 587, 2525, 25025, 25000])
-		register_autofilter_services(%W{ smtp smtps})			
+		register_autofilter_services(%W{ smtp smtps})
 	end

 	#
@ -36,21 +36,16 @@ module Exploit::Remote::Smtp
 	# message is read in and stored in the 'banner' attribute.
 	#
 	def connect(global = true)
-		print_status("Connecting to SMTP server #{rhost}:#{rport}...")
-
 		fd = super
-	
-		# Wait for a banner to arrive...
-		self.banner = fd.get_once

-		print_status("Connected to target SMTP server.")
-		print_status("Banner: #{self.banner.split("\n")[0].strip}")
+		# Wait for a banner to arrive...
+		self.banner = fd.get_once(-1, 30)
 		# Return the file descriptor to the caller
 		fd
 	end

 	#
-	# Connect to the remote SMTP server, and begin a DATA transfer 
+	# Connect to the remote SMTP server, and begin a DATA transfer
 	#
 	def connect_login(global = true)
 		smtpsock = connect(global)
@ -59,10 +54,10 @@ module Exploit::Remote::Smtp
 		raw_send_recv("MAIL FROM: #{datastore['MAILFROM']}\r\n")
 		raw_send_recv("RCPT TO: #{datastore['MAILTO']}\r\n")
 		raw_send_recv("DATA\r\n")
-		
+
 		return true
 	end
-	
+
 	#
 	# This method transmits an IMAP command and waits for a response.  If one is
 	# received, it is returned to the caller.
@ -83,3 +78,4 @@ protected
 end

 end
+
--- a/modules/auxiliary/scanner/smtp/smtp_banner.rb
+++ b/modules/auxiliary/scanner/smtp/smtp_banner.rb
@ -1,5 +1,5 @@
 ##
-# This file is part of the Metasploit Framework and may be subject to 
+# This file is part of the Metasploit Framework and may be subject to
 # redistribution and commercial restrictions. Please see the Metasploit
 # Framework web site for more information on licensing and terms of use.
 # http://metasploit.com/framework/
@ -26,33 +26,19 @@ class Metasploit3 < Msf::Auxiliary
 			'License'     => MSF_LICENSE
 		)
 		deregister_options('MAILFROM', 'MAILTO')
-
 	end

-	def run_host(target_host)
-
+	def run_host(ip)
 		begin
-		
-			res = connect(true)
-
-		if res 
-			report_note(
-				:host	=> target_host,
-				:proto	=> 'SMTP',
-				:port	=> rport,
-				:type	=> 'BANNER',
-				:data	=> banner.strip!
-			)
-
-			print_status("#{target_host}:#{rport} is running (#{banner})")
-
+			res = connect
+			banner_sanitized = banner.to_s.gsub(/[\x00-\x19\x7f-\xff]/) { |s| "\\x%02x" % s[0,1].unpack("C")[0] }
+			print_status("#{ip}:#{rport} SMTP #{banner_sanitized}")
+			report_service(:host => rhost, :port => rport, :name => "smtp", :info => banner)
+		rescue ::Rex::ConnectionError
+		rescue ::Exception => e
+			print_error("#{rhost}:#{rport} #{e} #{e.backtrace}")
 		end
-
-		disconnect
-		
-		rescue ::Interrupt
-			raise $!
-		rescue ::Rex::ConnectionError, ::IOError
-		end	
 	end
+
 end
+