dnrops
/
metasploit-framework
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

whitespace cleanup 

git-svn-id: file:///home/svn/framework3/trunk@13703 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
James Lee 2011-09-07 19:32:16 +00:00
parent e31acef6e9
commit cc24962bc8
1 changed files with 25 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
lib/msf/core/exploit/mssql.rb
View File

@ -23,12 +23,12 @@ module Exploit::Remote::MSSQL
#
# Constants
#
NTLM_CRYPT = Rex::Proto::NTLM::Crypt
NTLM_CRYPT = Rex::Proto::NTLM::Crypt
NTLM_CONST = Rex::Proto::NTLM::Constants
NTLM_UTILS = Rex::Proto::NTLM::Utils
NTLM_XCEPT = Rex::Proto::NTLM::Exceptions
# Encryption
# Encryption
ENCRYPT_OFF = 0x00 #Encryption is available but off.
ENCRYPT_ON = 0x01 #Encryption is available and on.
ENCRYPT_NOT_SUP = 0x02 #Encryption is not available.
@ -38,7 +38,7 @@ module Exploit::Remote::MSSQL
TYPE_SQL_BATCH = 1 # (Client) SQL command
TYPE_PRE_TDS7_LOGIN = 2 # (Client) Pre-login with version < 7 (unused)
TYPE_RPC = 3 # (Client) RPC
TYPE_TABLE_RESPONSE = 4 # (Server) Pre-Login Response ,Login Response, Row Data, Return Status, Return Parameters,
TYPE_TABLE_RESPONSE = 4 # (Server) Pre-Login Response ,Login Response, Row Data, Return Status, Return Parameters,
# Request Completion, Error and Info Messages, Attention Acknowledgement
TYPE_ATTENTION_SIGNAL = 6 # (Client) Attention
TYPE_BULK_LOAD = 7 # (Client) SQL Command with binary data
@ -77,7 +77,7 @@ module Exploit::Remote::MSSQL
File.join(Msf::Config.install_root, "data", "exploits", "mssql", "h2b")
]),
OptString.new('DOMAIN', [ true, 'The domain to use for windows authentification', 'WORKSTATION'])
], Msf::Exploit::Remote::MSSQL)
], Msf::Exploit::Remote::MSSQL)
register_autofilter_ports([ 1433, 1434, 1435, 14330, 2533, 9152, 2638 ])
register_autofilter_services(%W{ ms-sql-s ms-sql2000 sybase })
end
@ -288,14 +288,14 @@ module Exploit::Remote::MSSQL
#this method send a prelogin packet and check if encryption is off
#
def mssql_prelogin(enc_error=false)
pkt = ""
pkt_hdr = ""
pkt_data_token = ""
pkt_data = ""
pkt_hdr = [
pkt_hdr = [
TYPE_PRE_LOGIN_MESSAGE, #type
STATUS_END_OF_MESSAGE, #status
0x0000, #length
@ -303,10 +303,10 @@ module Exploit::Remote::MSSQL
0x00, # PacketID
0x00 #Window
]
version = [0x55010008,0x0000].pack("Vv")
encryption = ENCRYPT_NOT_SUP # off
instoptdata = "MSSQLServer\0"
instoptdata = "MSSQLServer\0"
threadid = "\0\0" + Rex::Text.rand_text(2)
@ -315,7 +315,7 @@ module Exploit::Remote::MSSQL
0x00, # Token 0 type Version
idx , # VersionOffset
version.length, # VersionLength
0x01, # Token 1 type Encryption
idx = idx + version.length, # EncryptionOffset
0x01, # EncryptionLength
@ -327,7 +327,7 @@ module Exploit::Remote::MSSQL
0x03, # Token 3 type Threadid
idx + instoptdata.length, # ThreadIdOffset
0x04, # ThreadIdLength
0xFF
].pack("CnnCnnCnnCnnC")
@ -351,10 +351,10 @@ module Exploit::Remote::MSSQL
idx -= 5
if token[0] == 0x01
idx += token[1]
idx += token[1]
break
end
end
end
if idx > 0
encryption_mode = resp[idx,1].unpack("C")[0]
else
@ -380,21 +380,21 @@ module Exploit::Remote::MSSQL
# Send a prelogin packet and check that encryption is not enabled
if mssql_prelogin() != ENCRYPT_NOT_SUP
print_error("Encryption is not supported")
print_error("Encryption is not supported")
return false
end
if datastore['USE_WINDOWS_AUTHENT']
idx = 0
pkt = ''
pkt_hdr = ''
pkt_hdr = [
pkt_hdr = [
TYPE_TDS7_LOGIN, #type
STATUS_END_OF_MESSAGE, #status
0x0000, #length
0x0000, # SPID
0x01, # PacketID (unused upon specification
0x01, # PacketID (unused upon specification
# but ms network monitor stil prefer 1 to decode correctly, wireshark don't care)
0x00 #Window
]
@ -417,7 +417,7 @@ module Exploit::Remote::MSSQL
cname = Rex::Text.to_unicode( Rex::Text.rand_text_alpha(rand(8)+1) )
aname = Rex::Text.to_unicode( Rex::Text.rand_text_alpha(rand(8)+1) ) #application and library name
sname = Rex::Text.to_unicode( rhost )
dname = Rex::Text.to_unicode( db )
dname = Rex::Text.to_unicode( db )
ntlm_options = {
:signing => false,
@ -429,7 +429,7 @@ module Exploit::Remote::MSSQL
ntlmssp_flags = NTLM_UTILS.make_ntlm_flags(ntlm_options)
workstation_name = Rex::Text.rand_text_alpha(rand(8)+1)
domain_name = datastore['DOMAIN']
domain_name = datastore['DOMAIN']
ntlmsspblob = NTLM_UTILS::make_ntlmssp_blob_init(domain_name, workstation_name, ntlmssp_flags)
@ -473,7 +473,7 @@ module Exploit::Remote::MSSQL
# Total packet length
pkt[0,4] = [pkt.length].pack('V')
pkt_hdr[2] = pkt.length + 8
pkt = pkt_hdr.pack("CCnnCC") + pkt
@ -491,7 +491,7 @@ module Exploit::Remote::MSSQL
rescue NTLM_XCEPT::NTLMMissingChallenge
info = {:errors => []}
mssql_parse_reply(resp, info)
mssql_print_reply(info)
mssql_print_reply(info)
return false
end
challenge_key = blob_data[:challenge_key]
@ -506,7 +506,7 @@ module Exploit::Remote::MSSQL
dns_domain_name = blob_data[:dns_domain_name] || ''
#Client time
chall_MsvAvTimestamp = blob_data[:chall_MsvAvTimestamp] || ''
spnopt = {:use_spn => datastore['NTLM::SendSPN'], :name => self.rhost}
resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge = NTLM_UTILS.create_lm_ntlm_responses(user, pass, challenge_key,
@ -520,12 +520,12 @@ module Exploit::Remote::MSSQL
idx = 0
pkt = ''
pkt_hdr = ''
pkt_hdr = [
pkt_hdr = [
TYPE_SSPI_MESSAGE, #type
STATUS_END_OF_MESSAGE, #status
0x0000, #length
0x0000, # SPID
0x01, # PacketID
0x01, # PacketID
0x00 #Window
]
@ -615,7 +615,7 @@ module Exploit::Remote::MSSQL
# Packet header and total length including header
pkt = "\x10\x01" + [pkt.length + 8].pack('n') + [0].pack('n') + [1].pack('C') + "\x00" + pkt
resp = mssql_send_recv(pkt)
end