fixes for some socket association stuff
git-svn-id: file:///home/svn/incoming/trunk@3233 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
6d087fe0f3
commit
410770bae6
|
@ -166,6 +166,20 @@ class Exploit < Msf::Module
|
||||||
Exploit::Type::Remote
|
Exploit::Type::Remote
|
||||||
end
|
end
|
||||||
|
|
||||||
|
#
|
||||||
|
# Adds a socket to the list of sockets opened by this exploit.
|
||||||
|
#
|
||||||
|
def add_socket(sock)
|
||||||
|
self.sockets << sock
|
||||||
|
end
|
||||||
|
|
||||||
|
#
|
||||||
|
# Removes a socket from the list of sockets.
|
||||||
|
#
|
||||||
|
def remove_socket(sock)
|
||||||
|
self.sockets.delete(sock)
|
||||||
|
end
|
||||||
|
|
||||||
#
|
#
|
||||||
# This method is called once a new session has been created on behalf of
|
# This method is called once a new session has been created on behalf of
|
||||||
# this exploit instance and all socket connections created by this
|
# this exploit instance and all socket connections created by this
|
||||||
|
|
|
@ -42,6 +42,8 @@ module Exploit::Remote::DCERPC
|
||||||
end
|
end
|
||||||
|
|
||||||
def dcerpc_bind (h)
|
def dcerpc_bind (h)
|
||||||
|
opts = { 'Msf' => framework, 'MsfExploit' => self }
|
||||||
|
|
||||||
if datastore['DCERPCFragSize']
|
if datastore['DCERPCFragSize']
|
||||||
opts['frag_size'] = datastore['DCERPCFragSize']
|
opts['frag_size'] = datastore['DCERPCFragSize']
|
||||||
end
|
end
|
||||||
|
@ -51,6 +53,7 @@ module Exploit::Remote::DCERPC
|
||||||
end
|
end
|
||||||
|
|
||||||
self.dcerpc = Rex::Proto::DCERPC::Client.new(h, dcerpc_socket(), opts)
|
self.dcerpc = Rex::Proto::DCERPC::Client.new(h, dcerpc_socket(), opts)
|
||||||
|
|
||||||
if self.handle.protocol == 'ncacn_np'
|
if self.handle.protocol == 'ncacn_np'
|
||||||
self.simple = self.dcerpc.smb # expose the simple client if we have access to it
|
self.simple = self.dcerpc.smb # expose the simple client if we have access to it
|
||||||
end
|
end
|
||||||
|
|
|
@ -64,21 +64,25 @@ require 'rex/proto/smb/exceptions'
|
||||||
|
|
||||||
# Create the appropriate socket based on protocol
|
# Create the appropriate socket based on protocol
|
||||||
def socket_setup()
|
def socket_setup()
|
||||||
|
ctx = { 'Msf' => options['Msf'], 'MsfExploit' => options['MsfExploit'] }
|
||||||
self.socket = case self.handle.protocol
|
self.socket = case self.handle.protocol
|
||||||
when 'ncacn_ip_tcp' then Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => self.handle.options[0])
|
when 'ncacn_ip_tcp' then Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => self.handle.options[0], 'Context' => ctx)
|
||||||
when 'ncacn_np' then begin
|
when 'ncacn_np' then begin
|
||||||
socket = ''
|
socket = ''
|
||||||
begin
|
begin
|
||||||
timeout(10) {
|
timeout(10) {
|
||||||
socket = Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => 445)
|
socket = Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => 445, 'Context' => ctx)
|
||||||
}
|
}
|
||||||
rescue Timeout::Error, Rex::ConnectionRefused
|
rescue Timeout::Error, Rex::ConnectionRefused
|
||||||
socket = Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => 139)
|
socket = Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => 139, 'Context' => ctx)
|
||||||
end
|
end
|
||||||
socket
|
socket
|
||||||
end
|
end
|
||||||
else nil
|
else nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Add this socket to the exploit's list of open sockets
|
||||||
|
options['MsfExploit'].add_socket(self.socket) if (options['MsfExploit'])
|
||||||
end
|
end
|
||||||
|
|
||||||
def smb_connect()
|
def smb_connect()
|
||||||
|
|
|
@ -180,7 +180,6 @@ class Exploits::Windows::Dcerpc::MS03_026_DCOM < Msf::Exploit::Remote
|
||||||
begin
|
begin
|
||||||
dcerpc_call(0, stubdata)
|
dcerpc_call(0, stubdata)
|
||||||
rescue Rex::Proto::DCERPC::Exceptions::NoResponse
|
rescue Rex::Proto::DCERPC::Exceptions::NoResponse
|
||||||
print_status('server did not respond, but we do not expect it to.')
|
|
||||||
end
|
end
|
||||||
|
|
||||||
handler
|
handler
|
||||||
|
|
Loading…
Reference in New Issue