Merge branch 'master' into feature/MSP-11605/lazy-thread-creation

MSP-11605

Author: limhoff-r7

data/wordlists/tftp.txt

@@ -1,5 +1,7 @@
-000000000000-directory~.xml
 000000000000.cfg
+000000000000-directory~.xml
+000000000000-directory.xml
+000000000000-phone.cfg
 256T.CM
 323tosip1_1.bin
 4601_02_readme_R2_3.txt
@@ -18,26 +20,6 @@
 46xxupgrade.scr
 6100-113.bin
 7200-118.bin
-CFE.bin
-CP7912010301SIP050608A.sbin
-OS79XX.TXT
-P003-07-5-00.bin
-P003-07-5-00.sbn
-P0S3-07-5-00.bin
-P0S3-07-5-00.loads
-P0S3-07-5-00.sb2
-RINGLIST.DAT
-SEP000F34118045.cnf
-SEP001562EA69E8.cnf
-SEPDefault.cnf
-SIP000F34118045.cnf
-SIPDefault.cnf
-SIPinsertMAChere.cnf
-SoundPointIPLocalization
-SoundPointIPWelcome.wav
-TECfg.bin
-TEImage.bin
-XMLDefault.cnf.xml
 a01d01b2_3.bin
 a02d01b2_3.bin
 a10d01b2_3.bin
@@ -46,98 +28,144 @@ a20d01b2_3.bin
 a25d01a2_5.bin
 aastra.cfg
 active/system.ini
-admin-config
 admin.bin
 admin.cfg
-administrator-config
+admin-confg
+admin-config
 administrator.bin
 administrator.cfg
+administrator-config
+applications.cfg
 b01d01b2_3.bin
 b02d01b2_3.bin
 b10d01b2_3.bin
 b20d01a2_3.bin
 b20d01b2_3.bin
 b25d01a2_5.bin
-backup-config
 backup.bin
 backup.cfg
+backup-config
 backup.img
 bbla0_83.bin
-boot-config
 boot.bin
 boot.cfg
-boot.txt
+boot-config
 bootrom.ld
+boot.txt
+bridge-confg
+CFE.bin
 cfg.bin
-cisco_util
+cisco-confg
 cisconet.bin
 cisconet.cfg
 ciscortr.bin
 ciscortr.cfg
-code-config
+cisco_util
 code.bin
 code.cfg
+code-config
 code.img
 config.bin
 config.dump
 config.ini
 config.txt
+CP7912010301SIP050608A.sbin
 cvt01_2_3.bin
 cvt02_2_3.bin
 cvt02sw_2_3.bin
 debian.cfg
 def06r1_8_3.bin
 def24r1_8_3.bin
-default-config
 default.bin
 default.cfg
+default-config
 default.ini
-device-config
 device.bin
 device.cfg
+device-config
 dialplan.xml
 dump.dmc
-firmware-config
+features.cfg
+firewall-nat.cfg
 firmware.bin
 firmware.cfg
+firmware-config
 firmware.img
+gateway-confg
 gkdefault.cfg
+gw-confg
+H323.cfg
 ifIndex-table
-image-config
 image.bin
 image.cfg
+image-config
 image.eim
 image.out
 infrared.txt
-local-config
 local.bin
 local.cfg
-main-config
+local-config
+lync.cfg
 main.bin
 main.cfg
+main-config
 main.img
 merlin2.pcm
+myrouter-confg
 n831r0.bin
 n84r1.bin
 nir4113.bin
 nir539R4.bin
+OS79XX.TXT
+P003-07-5-00.bin
+P003-07-5-00.sbn
+P003-08-11-00.bin
+P003-08-11-00.sbn
+P003-08-2-00.bin
+P003-08-2-00.sbn
+P003-08-3-00.bin
+P003-08-3-00.sbn
+P003-08-6-00.bin
+P003-08-6-00.sbn
+P003-08-9-00.bin
+P003-08-9-00.sbn
+P003-8-12-00.bin
+P003-8-12-00.sbn
+P0S3-07-5-00.bin
+P0S3-07-5-00.loads
+P0S3-07-5-00.sb2
+P0S3-08-11-00.loads
+P0S3-08-11-00.sb2
+P0S3-08-2-00.loads
+P0S3-08-2-00.sb2
+P0S3-08-3-00.loads
+P0S3-08-3-00.sb2
+P0S3-08-6-00.loads
+P0S3-08-6-00.sb2
+P0S3-08-9-00.loads
+P0S3-08-9-00.sb2
+P0S3-8-12-00.loads
+P0S3-8-12-00.sb2
 passwd.bin
 passwd.cfg
 passwd.ini
 password.bin
 password.cfg
 password.ini
-persistent-data
 persistent.bin
 persistent.cfg
+persistent-data
 phbook00e011010455.txt
 phone1.cfg
+polycomConfig.xsd
+polycom.xml
 prestige
 prestige.bin
 prestige.cfg
-private-config
 private.bin
 private.cfg
+private-config
+pstn.cfg
 public.bin
 public.cfg
 pwd.bin
@@ -148,47 +176,73 @@ pxelinux.cfg/default
 ram
 ram-0
 ras
-ras-0
-ras-1
 ras0
+ras-0
 ras1
+ras-1
+reg-advanced.cfg
+reg-basic.cfg
+region.cfg
 release.xml
-remote-config
 remote.bin
 remote.cfg
+remote-config
+RINGLIST.DAT
 rom
-rom-0
-rom-1
 rom0
+rom-0
 rom1
-router-confg
+rom-1
 router.bin
 router.cfg
+router-confg
 s10d01b2_2.bin
 s20d01b2_2.bin
-secret-config
 secret.bin
 secret.cfg
-sip.cfg
-sip.ld
-sip.ver
-sip_4602D01A.txt
-sip_4602D02A.txt
+secret-config
+SEP000F34118045.cnf
+SEP001562EA69E8.cnf
+SEPDefault.cnf
+SIP000F34118045.cnf
+sip_327.cfg
 sip_4602ap1_1.ebin
 sip_4602bt1_1.ebin
+sip_4602D01A.txt
+sip_4602D02A.txt
+sip-basic.cfg
+sip.cfg
+sip-confg
+SIPDefault.cnf
+SIPinsertMAChere.cnf
+sip-interop.cfg
+sip.ld
 sipto323_1_1.ebin
-startup-config
+sip.ver
+site.cfg
+SoundPointIPLocalization
+SoundPointIPWelcome.wav
 startup.bin
 startup.cfg
+startup-config
 syncinfo.xml
-system-config
 system.bin
 system.cfg
+system-config
 system.img
 system.ini
+TECfg.bin
+TEImage.bin
 test
 test.txt
+text.txt
 uip200_463enc.pac
 uniden00e011030397.txt
 unidencom.txt
 v2210c.bin
+version.info
+video.cfg
+video-integration.cfg
+vip-confg
+voip-confg
+XMLDefault.cnf.xml

lib/msf/core/db_manager/note.rb

@@ -75,9 +75,10 @@ def report_note(opts)
       if (opts[:port])
         proto = nil
         sname = nil
-        case opts[:proto].to_s.downcase # Catch incorrect usages
+        proto_lower = opts[:proto].to_s.downcase # Catch incorrect usages
+        case proto_lower
         when 'tcp','udp'
-          proto = opts[:proto]
+          proto = proto_lower
           sname = opts[:sname] if opts[:sname]
         when 'dns','snmp','dhcp'
           proto = 'udp'
@@ -166,4 +167,4 @@ def report_note(opts)
     ret[:note] = note
   }
   end
-end
+end

lib/msf/core/module/module_info.rb

@@ -74,7 +74,7 @@ def info_fixups
   # Checks and merges the supplied key/value pair in the supplied hash.
   #
   def merge_check_key(info, name, val)
-    if (self.respond_to?("merge_info_#{name.downcase}"))
+    if (self.respond_to?("merge_info_#{name.downcase}", true))
       eval("merge_info_#{name.downcase}(info, val)")
     else
       # If the info hash already has an entry for this name

lib/rex/proto/quake.rb

@@ -0,0 +1,3 @@
+# -*- coding: binary -*-
+
+require 'rex/proto/quake/message'

lib/rex/proto/quake/message.rb

@@ -0,0 +1,73 @@
+# -*- coding: binary -*-
+
+module Rex
+module Proto
+##
+#
+# Quake 3 protocol, taken from ftp://ftp.idsoftware.com/idstuff/quake3/docs/server.txt
+#
+##
+module Quake
+  HEADER = 0xFFFFFFFF
+
+  def decode_message(message)
+    # minimum size is header (4) + <command> + <stuff>
+    return if message.length < 7
+    header = message.unpack('N')[0]
+    return if header != HEADER
+    message[4, message.length]
+  end
+
+  def encode_message(payload)
+    [HEADER].pack('N') + payload
+  end
+
+  def getstatus
+    encode_message('getstatus')
+  end
+
+  def getinfo
+    encode_message('getinfo')
+  end
+
+  def decode_infostring(infostring)
+    # decode an "infostring", which is just a (supposedly) quoted string of tokens separated
+    # by backslashes, generally terminated with a newline
+    token_re = /([^\\]+)\\([^\\]+)/
+    return nil unless infostring =~ token_re
+    # remove possibly present leading/trailing double quote
+    infostring.gsub!(/(?:^"|"$)/, '')
+    # remove the trailing \n, if present
+    infostring.gsub!(/\n$/, '')
+    # split on backslashes and group into key value pairs
+    infohash = {}
+    infostring.scan(token_re).each do |kv|
+      infohash[kv.first] = kv.last
+    end
+    infohash
+  end
+
+  def decode_response(message, type)
+    resp = decode_message(message)
+    if /^print\n(?<error>.*)\n?/m =~ resp
+      # XXX: is there a better exception to throw here?
+      fail ::ArgumentError, "#{type} error: #{error}"
+    # why doesn't this work?
+    # elsif /^#{type}Response\n(?<infostring>.*)/m =~ resp
+    elsif resp =~ /^#{type}Response\n(.*)/m
+      decode_infostring(Regexp.last_match(1))
+    else
+      nil
+    end
+  end
+
+  def decode_status(message)
+    decode_response(message, 'status')
+  end
+
+  def decode_info(message)
+    decode_response(message, 'info')
+  end
+end
+end
+end