fixes for some socket association stuff

git-svn-id: file:///home/svn/incoming/trunk@3233 4d416f70-5f16-0410-b530-b9f4589650da

lib/msf/core/exploit.rb

@@ -166,6 +166,20 @@ class Exploit < Msf::Module
 			Exploit::Type::Remote
 		end
 
+		#
+		# Adds a socket to the list of sockets opened by this exploit.
+		#
+		def add_socket(sock)
+			self.sockets << sock
+		end
+
+		#
+		# Removes a socket from the list of sockets.
+		#
+		def remove_socket(sock)
+			self.sockets.delete(sock)
+		end
+
 		#
 		# This method is called once a new session has been created on behalf of
 		# this exploit instance and all socket connections created by this

lib/msf/core/exploit/dcerpc.rb

@@ -17,8 +17,8 @@ module Exploit::Remote::DCERPC
 	DCERPCPacket   = Rex::Proto::DCERPC::Packet
 	DCERPCClient   = Rex::Proto::DCERPC::Client
 	DCERPCResponse = Rex::Proto::DCERPC::Response
-	DCERPCUUID     = Rex::Proto::DCERPC::UUID
+	DCERPCUUID	   = Rex::Proto::DCERPC::UUID
-    NDR            = Rex::Proto::DCERPC::NDR
+	NDR            = Rex::Proto::DCERPC::NDR
 
 	def initialize(info = {})
 		super
@@ -34,31 +34,34 @@ module Exploit::Remote::DCERPC
 				Opt::RHOST,
 				Opt::RPORT(135),
 			], Msf::Exploit::Remote::DCERPC
-        )
+		)
 	end
 
-    def dcerpc_handle (uuid, version, protocol, opts)
+	def dcerpc_handle (uuid, version, protocol, opts)
-        self.handle = Rex::Proto::DCERPC::Handle.new([uuid, version], protocol, datastore['RHOST'], opts)
+		self.handle = Rex::Proto::DCERPC::Handle.new([uuid, version], protocol, datastore['RHOST'], opts)
-    end
+	end
 
-    def dcerpc_bind (h)
+	def dcerpc_bind (h)
-        if datastore['DCERPCFragSize']
+		opts = { 'Msf' => framework, 'MsfExploit' => self }
-            opts['frag_size'] = datastore['DCERPCFragSize']
-        end
 
-        if datastore['DCERPCFakeMultiBind']
+		if datastore['DCERPCFragSize']
-            opts['fake_multi_bind'] = 1
+			opts['frag_size'] = datastore['DCERPCFragSize']
-        end
+		end
 
-        self.dcerpc = Rex::Proto::DCERPC::Client.new(h, dcerpc_socket(), opts)
+		if datastore['DCERPCFakeMultiBind']
-        if self.handle.protocol == 'ncacn_np'
+			opts['fake_multi_bind'] = 1
-            self.simple = self.dcerpc.smb  # expose the simple client if we have access to it
+		end
-        end
-    end
 
-    def dcerpc_call (function, stub = '')
+		self.dcerpc = Rex::Proto::DCERPC::Client.new(h, dcerpc_socket(), opts)
-        dcerpc.call(function, stub)
+
-    end
+		if self.handle.protocol == 'ncacn_np'
+			self.simple = self.dcerpc.smb  # expose the simple client if we have access to it
+		end
+	end
+
+	def dcerpc_call (function, stub = '')
+		dcerpc.call(function, stub)
+	end
 
 	# Convert a standard ASCII string to 16-bit Unicode
 	def unicode (str)
@@ -66,7 +69,7 @@ module Exploit::Remote::DCERPC
 	end
 	
 	# Used to track the last DCERPC context 
-    attr_accessor	:dcerpc_bind_context, :handle, :dcerpc, :dcerpc_socket
+	attr_accessor	:dcerpc_bind_context, :handle, :dcerpc, :dcerpc_socket
 	
 end
 

lib/rex/proto/dcerpc/client.rb

@@ -64,21 +64,25 @@ require 'rex/proto/smb/exceptions'
 
     # Create the appropriate socket based on protocol
     def socket_setup()
+	 	ctx = { 'Msf' => options['Msf'], 'MsfExploit' => options['MsfExploit'] }
         self.socket = case self.handle.protocol
-            when 'ncacn_ip_tcp' then Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => self.handle.options[0])
+            when 'ncacn_ip_tcp' then Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => self.handle.options[0], 'Context' => ctx)
             when 'ncacn_np' then begin 
                 socket = ''
                 begin
                 timeout(10) {
-                    socket = Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => 445)
+                    socket = Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => 445, 'Context' => ctx)
                 }
                 rescue Timeout::Error, Rex::ConnectionRefused
-                    socket = Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => 139)
+                    socket = Rex::Socket.create_tcp('PeerHost' => self.handle.address, 'PeerPort' => 139, 'Context' => ctx)
                 end
                 socket
             end
             else nil
         end
+
+		# Add this socket to the exploit's list of open sockets
+		options['MsfExploit'].add_socket(self.socket) if (options['MsfExploit'])
     end
 
     def smb_connect()

modules/exploits/windows/dcerpc/ms03_026_dcom.rb

@@ -60,11 +60,11 @@ class Exploits::Windows::Dcerpc::MS03_026_DCOM < Msf::Exploit::Remote
 		connect
 		print_status("Trying target #{target.name}...")
 	
-        handle = dcerpc_handle('4d9f4ab8-7d1c-11cf-861e-0020af6e7c57', '0.0', 'ncacn_ip_tcp', [datastore['RPORT']])
+		handle = dcerpc_handle('4d9f4ab8-7d1c-11cf-861e-0020af6e7c57', '0.0', 'ncacn_ip_tcp', [datastore['RPORT']])
-        print_status("Binding to #{handle} ...")
+		print_status("Binding to #{handle} ...")
-        dcerpc_bind(handle)
+		dcerpc_bind(handle)
-        print_status("Bound to #{handle} ...")
+		print_status("Bound to #{handle} ...")
-		
+				
 		# Carefully create the combination of addresses and code for cross-os exploitation
 		xpseh = Rex::Text.rand_text_alphanumeric(360, payload_badchars)
 		
@@ -176,12 +176,11 @@ class Exploits::Windows::Dcerpc::MS03_026_DCOM < Msf::Exploit::Remote
             NDR.long(rand(0xFFFFFFFF))
        
         
-        print_status('sending exploit ...')
+		print_status('sending exploit ...')
-        begin
+		begin
-		    dcerpc_call(0, stubdata)
+			dcerpc_call(0, stubdata)
-        rescue Rex::Proto::DCERPC::Exceptions::NoResponse
+		rescue Rex::Proto::DCERPC::Exceptions::NoResponse
-            print_status('server did not respond, but we do not expect it to.')
+		end
-        end
 
 		handler
 		disconnect