Land rapid7#4057 - Bring back TCP::max_send_size and TCP::send_delay options

Fix rapid7#3967

Author: wchen-r7

lib/metasploit/framework/ftp/client.rb

@@ -4,6 +4,7 @@ module Metasploit
   module Framework
     module Ftp
       module Client
+        extend ActiveSupport::Concern
         include Metasploit::Framework::Tcp::Client
 
         #

lib/metasploit/framework/login_scanner/base.rb

@@ -88,6 +88,7 @@ def check_setup
 
           def each_credential
             cred_details.each do |raw_cred|
+
               # This could be a Credential object, or a Credential Core, or an Attempt object
               # so make sure that whatever it is, we end up with a Credential.
               credential = raw_cred.to_credential
@@ -101,6 +102,11 @@ def each_credential
                 credential.realm_key = self.class::REALM_KEY
                 yield credential
               elsif credential.realm.blank? && self.class::REALM_KEY.present? && self.class::DEFAULT_REALM.present?
+                # XXX: This is messing up the display for mssql when not using
+                # Windows authentication, e.g.:
+                #   [+] 10.0.0.53:1433 - LOGIN SUCCESSFUL: WORKSTATION\sa:msfadmin
+                # Realm gets ignored in that case, so it still functions, it
+                # just gives the user bogus info
                 credential.realm_key = self.class::REALM_KEY
                 credential.realm     = self.class::DEFAULT_REALM
                 yield credential
@@ -144,8 +150,10 @@ def scan!
             successful_users = Set.new
 
             each_credential do |credential|
-              # For Pro bruteforce Reuse and Guess we need to note that we skipped an attempt.
+              # Skip users for whom we've have already found a password
               if successful_users.include?(credential.public)
+                # For Pro bruteforce Reuse and Guess we need to note that we
+                # skipped an attempt.
                 if credential.parent.respond_to?(:skipped)
                   credential.parent.skipped = true
                   credential.parent.save!

lib/metasploit/framework/login_scanner/http.rb

@@ -139,8 +139,6 @@ def config_client(client)
         # like timeouts and TCP evasion options
         def set_sane_defaults
           self.connection_timeout ||= 20
-          self.max_send_size = 0 if self.max_send_size.nil?
-          self.send_delay = 0 if self.send_delay.nil?
           self.uri = '/' if self.uri.blank?
           self.method = 'GET' if self.method.blank?
 

lib/metasploit/framework/login_scanner/rex_socket.rb

@@ -12,34 +12,13 @@ module RexSocket
 
         included do
 
-          # @!attribute max_send_size
-          #   @return [Fixnum] The max size of the data to encapsulate in a single packet
-          attr_accessor :max_send_size
-          # @!attribute send_delay
-          #   @return [Fixnum] The delay between sending packets
-          attr_accessor :send_delay
           # @!attribute ssl
           #   @return [Boolean] Whether the socket should use ssl
           attr_accessor :ssl
           # @!attribute ssl_version
           #   @return [String] The version of SSL to implement
           attr_accessor :ssl_version
 
-          validates :max_send_size,
-                    presence: true,
-                    numericality: {
-                        only_integer:             true,
-                        greater_than_or_equal_to: 0
-                    }
-
-          validates :send_delay,
-                    presence: true,
-                    numericality: {
-                        only_integer:             true,
-                        greater_than_or_equal_to: 0
-                    }
-
-
           private
 
           def chost

lib/metasploit/framework/login_scanner/telnet.rb

@@ -105,12 +105,12 @@ def attempt_login(credential)
         # like timeouts and TCP evasion options
         def set_sane_defaults
           self.connection_timeout ||= 30
-          self.max_send_size      ||= 0
           self.port               ||= DEFAULT_PORT
-          self.send_delay         ||= 0
           self.banner_timeout     ||= 25
           self.telnet_timeout     ||= 10
           self.connection_timeout ||= 30
+          self.max_send_size      ||= 0
+          self.send_delay         ||= 0
           # Shim to set up the ivars from the old Login mixin
           create_login_ivars
         end

lib/metasploit/framework/login_scanner/vnc.rb

@@ -56,7 +56,6 @@ def attempt_login(credential)
             # Create our VNC client overtop of the socket
             vnc = Rex::Proto::RFB::Client.new(sock, :allow_none => false)
 
-
             if vnc.handshake
               if vnc_auth(vnc,credential.private)
                 result_options[:status] = Metasploit::Model::Login::Status::SUCCESSFUL
@@ -77,6 +76,8 @@ def attempt_login(credential)
                 proof: e.message,
                 status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
             )
+          ensure
+            disconnect
           end
 
           ::Metasploit::Framework::LoginScanner::Result.new(result_options)

lib/metasploit/framework/mssql/client.rb

@@ -5,6 +5,7 @@ module Framework
     module MSSQL
 
       module Client
+        extend ActiveSupport::Concern
         include Metasploit::Framework::Tcp::Client
 
         NTLM_CRYPT = Rex::Proto::NTLM::Crypt
@@ -725,4 +726,4 @@ def send_spn
 
     end
   end
-end
+end

lib/metasploit/framework/tcp/client.rb

@@ -40,6 +40,33 @@ def write(buf, opts={})
 
       module Client
 
+        extend ActiveSupport::Concern
+
+        # @!attribute max_send_size
+        #   @return [Fixnum] The max size of the data to encapsulate in a single packet
+        attr_accessor :max_send_size
+        # @!attribute send_delay
+        #   @return [Fixnum] The delay between sending packets
+        attr_accessor :send_delay
+
+        included do
+          include ActiveModel::Validations
+          validates :max_send_size,
+                    presence: true,
+                    numericality: {
+                        only_integer:             true,
+                        greater_than_or_equal_to: 0
+                    }
+
+          validates :send_delay,
+                    presence: true,
+                    numericality: {
+                        only_integer:             true,
+                        greater_than_or_equal_to: 0
+                    }
+
+        end
+
         #
         # Establishes a TCP connection to the specified RHOST/RPORT
         #
@@ -64,7 +91,6 @@ def connect(global = true, opts={})
               'Proxies'    => proxies,
               'Timeout'    => (opts['ConnectTimeout'] || connection_timeout || 10).to_i
               )
-
           # enable evasions on this socket
           set_tcp_evasions(nsock)
 
@@ -121,14 +147,6 @@ def disconnect(nsock = self.sock)
         #
         ##
 
-        def max_send_size
-          raise NotImplementedError
-        end
-
-        def send_delay
-          raise NotImplementedError
-        end
-
         #
         # Returns the target host
         #

lib/metasploit/framework/telnet/client.rb

@@ -4,6 +4,7 @@ module Metasploit
   module Framework
     module Telnet
       module Client
+        extend ActiveSupport::Concern
         include Metasploit::Framework::Tcp::Client
         include Msf::Auxiliary::Login
 
@@ -216,4 +217,4 @@ def telnet_timeout
       end
     end
   end
-end
+end

modules/auxiliary/scanner/afp/afp_login.rb

@@ -63,7 +63,9 @@ def run_host(ip)
         proxies: datastore['PROXIES'],
         cred_details: cred_collection,
         stop_on_success: datastore['STOP_ON_SUCCESS'],
-        connection_timeout: 30
+        connection_timeout: 30,
+        max_send_size: datastore['TCP::max_send_size'],
+        send_delay: datastore['TCP::send_delay'],
     )
 
     scanner.scan! do |result|