Merge branch 'rapid7' into doc/cleanup-peparsey

Author: egypt

lib/msf/core/exploit/dcerpc.rb

@@ -21,7 +21,7 @@ module Exploit::Remote::DCERPC
 	DCERPCPacket   = Rex::Proto::DCERPC::Packet
 	DCERPCClient   = Rex::Proto::DCERPC::Client
 	DCERPCResponse = Rex::Proto::DCERPC::Response
-	DCERPCUUID	   = Rex::Proto::DCERPC::UUID
+	DCERPCUUID     = Rex::Proto::DCERPC::UUID
 	NDR            = Rex::Encoder::NDR
 
 

lib/msf/core/exploit/file_dropper.rb

@@ -56,7 +56,7 @@ def on_new_session(session)
 	#
 	# Record file as needing to be cleaned up
 	#
-	# @param [Array<String>] files List of paths on the target that should
+	# @param files [Array<String>] List of paths on the target that should
 	#   be deleted during cleanup. Each filename should be either a full
 	#   path or relative to the current working directory of the session
 	#   (not necessarily the same as the cwd of the server we're
@@ -95,7 +95,9 @@ def cleanup
 					true
 				#rescue ::Rex::SocketError, ::EOFError, ::IOError, ::Errno::EPIPE, ::Rex::Post::Meterpreter::RequestError => e
 				rescue ::Exception => e
-					vprint_error("Failed to delete #{file}: #{e.to_s}")
+					vprint_error("Failed to delete #{file}: #{e}")
+					elog("Failed to delete #{file}: #{e.class}: #{e}")
+					elog("Call stack:\n#{e.backtrace.join("\n")}")
 					false
 				end
 			end

lib/msf/core/exploit/psexec.rb

@@ -4,7 +4,6 @@
 require 'rex/proto/dcerpc'
 require 'rex/encoder/ndr'
 
-
 module Msf
 
 ###
@@ -18,6 +17,9 @@ module Msf
 
 module Exploit::Remote::SMB
 
+	require 'msf/core/exploit/smb/authenticated'
+	require 'msf/core/exploit/smb/psexec'
+
 	include Exploit::Remote::Tcp
 	include Exploit::Remote::NTLM::Client
 
@@ -33,20 +35,6 @@ module Exploit::Remote::SMB
 	DCERPCUUID     = Rex::Proto::DCERPC::UUID
 	NDR            = Rex::Encoder::NDR
 
-	# Mini-mixin for making SMBUser/SMBPass/SMBDomain regular options vs advanced
-	# Included when the module needs credentials to function
-	module Authenticated
-		def initialize(info = {})
-			super
-			register_options(
-			[
-				OptString.new('SMBUser', [ false, 'The username to authenticate as', '']),
-				OptString.new('SMBPass', [ false, 'The password for the specified username', '']),
-				OptString.new('SMBDomain',  [ false, 'The Windows domain to use for authentication', 'WORKGROUP']),
-			], Msf::Exploit::Remote::SMB::Authenticated)
-		end
-	end
-
 	def initialize(info = {})
 		super
 
@@ -90,6 +78,13 @@ def initialize(info = {})
 		register_autofilter_services(%W{ netbios-ssn microsoft-ds })
 	end
 
+	# Override {Exploit::Remote::Tcp#connect} to setup an SMB connection
+	# and configure evasion options
+	#
+	# Also populates {#simple}.
+	#
+	# @param (see Exploit::Remote::Tcp#connect)
+	# @return (see Exploit::Remote::Tcp#connect)
 	def connect(global=true)
 
 		disconnect() if global
@@ -132,7 +127,12 @@ def unicode(str)
 		Rex::Text.to_unicode(str)
 	end
 
-	# This method establishes a SMB session over the default socket
+	# Establishes an SMB session over the default socket and connects to
+	# the IPC$ share.
+	#
+	# You should call {#connect} before calling this
+	#
+	# @return [void]
 	def smb_login
 		simple.login(
 			datastore['SMBName'],
@@ -217,13 +217,55 @@ def splitname(uname)
 		end
 	end
 
+	# Whether a remote file exists
+	#
+	# @param file [String] Path to a file to remove, relative to the
+	#   most-recently connected share
+	# @raise [Rex::Proto::SMB::Exceptions::ErrorCode]
+	def smb_file_exist?(file)
+		begin
+			fd = simple.open(file, 'ro')
+		rescue XCEPT::ErrorCode => e
+			# If attempting to open the file results in a "*_NOT_FOUND" error,
+			# then we can be sure the file is not there.
+			#
+			# Copy-pasted from smb/exceptions.rb to avoid the gymnastics
+			# required to pull them out of a giant inverted hash
+			#
+			# 0xC0000034 => "STATUS_OBJECT_NAME_NOT_FOUND",
+			# 0xC000003A => "STATUS_OBJECT_PATH_NOT_FOUND",
+			# 0xC0000225 => "STATUS_NOT_FOUND",
+			error_is_not_found = [ 0xC0000034, 0xC000003A, 0xC0000225 ].include?(e.error_code)
+			# If the server returns some other error, then there was a
+			# permissions problem or some other difficulty that we can't
+			# really account for and hope the caller can deal with it.
+			raise e unless error_is_not_found
+			found = !error_is_not_found
+		else
+			# There was no exception, so we know the file is openable
+			fd.close
+			found = true
+		end
+
+		found
+	end
+
+	# Remove remote file
+	#
+	# @param file (see #smb_file_exist?)
+	# @return [void]
+	def smb_file_rm(file)
+		fd = smb_open(file, 'ro')
+		fd.delete
+	end
+
 
 	#
 	# Fingerprinting methods
 	#
 
 
-	# This method the EnumPrinters() function of the spooler service
+	# Calls the EnumPrinters() function of the spooler service
 	def smb_enumprinters(flags, name, level, blen)
 		stub =
 			NDR.long(flags) +
@@ -632,10 +674,7 @@ def smb_fingerprint
 		fprint
 	end
 
-	#
-	# Accessors
-	#
-
+	# @return [Rex::Proto::SMB::SimpleClient]
 	attr_accessor :simple
 
 end
@@ -785,7 +824,6 @@ def smb_error(cmd, c, errorclass, esn = false)
 		c.put(pkt.to_s)
 	end
 
-
 end
 
 

lib/msf/core/exploit/smb.rb

@@ -0,0 +1,22 @@
+# -*- coding: binary -*-
+
+module Msf
+
+# Mini-mixin for making SMBUser/SMBPass/SMBDomain regular options vs advanced
+# Included when the module needs credentials to function
+module Exploit::Remote::SMB::Authenticated
+
+	include Msf::Exploit::Remote::SMB
+
+	def initialize(info = {})
+		super
+		register_options(
+			[
+				OptString.new('SMBUser', [ false, 'The username to authenticate as', '']),
+				OptString.new('SMBPass', [ false, 'The password for the specified username', '']),
+				OptString.new('SMBDomain',  [ false, 'The Windows domain to use for authentication', 'WORKGROUP']),
+			], Msf::Exploit::Remote::SMB::Authenticated)
+	end
+end
+
+end