Land rapid7#6039, fix error handling in mssql_idf

Brent Cook · Brent Cook · commit 5882904bb8c0 · 2015-10-02T18:36:27.000-05:00
diff --git a/lib/msf/core/exploit/mssql.rb b/lib/msf/core/exploit/mssql.rb
@@ -385,12 +385,18 @@ def mssql_login(user='sa', pass='', db='')
     disconnect if self.sock
     connect
 
-    # Send a prelogin packet and check that encryption is not enabled
-    if mssql_prelogin() != ENCRYPT_NOT_SUP
-      print_error("Encryption is not supported")
+    begin
+      # Send a prelogin packet and check that encryption is not enabled
+      if mssql_prelogin() != ENCRYPT_NOT_SUP
+        print_error("Encryption is not supported")
+        return false
+      end
+    rescue EOFError
+      print_error("Probable server or network failure.")
       return false
     end
 
+
     if datastore['USE_WINDOWS_AUTHENT']
 
       idx = 0
@@ -623,7 +629,12 @@ def mssql_login(user='sa', pass='', db='')
       # Packet header and total length including header
       pkt = "\x10\x01" + [pkt.length + 8].pack('n') + [0].pack('n') + [1].pack('C') + "\x00" + pkt
 
-      resp = mssql_send_recv(pkt)
+      begin
+        resp = mssql_send_recv(pkt)
+      rescue EOFError
+        print_error("Probable server or network failure.")
+        return false
+      end
 
     end
 
diff --git a/modules/auxiliary/admin/mssql/mssql_idf.rb b/modules/auxiliary/admin/mssql/mssql_idf.rb
@@ -14,7 +14,6 @@
 
 require 'msf/core'
 
-
 class Metasploit3 < Msf::Auxiliary
 
   include Msf::Exploit::Remote::MSSQL
@@ -95,11 +94,20 @@ def run
     sql += "CLOSE table_cursor "
     sql += "DEALLOCATE table_cursor "
 
+    begin
+      if mssql_login_datastore
+        result = mssql_query(sql, false)
+        column_data = result[:rows]
+      else
+        print_error('Login failed')
+        return
+      end
+    rescue Rex::ConnectionRefused => e
+      print_error("Connection failed: #{e}")
+      return
+    end
 
-    # Add error handling here
-    result = mssql_query(sql, false) if mssql_login_datastore
     column_data = result[:rows]
-
     widths = [0, 0, 0, 0, 0, 9]
     total_width = 0
 
@@ -113,25 +121,24 @@ def run
       total_width += a
     }
 
-    print_line("")
+    print_line
 
     buffer = ""
     headings.each { |row|
       0.upto(5) { |col|
         buffer += row[col].ljust(widths[col] + 1)
       }
       print_line(buffer)
-      print_line("")
+      print_line
       buffer = ""
 
       0.upto(5) { |col|
         buffer += print "=" * widths[col] + " "
       }
       print_line(buffer)
-      print_line("")
+      print_line
     }
 
-    table_data_sql = {}
     column_data.each { |row|
       count_sql = "SELECT COUNT(*) AS count FROM "
 
@@ -153,73 +160,11 @@ def run
 
       buffer += row_count.to_s
       print_line(buffer)
-      print_line("")
-
-#			if row_count == 0
-#				data_sql = nil
-#				table_data_sql[full_table + "." + column_name] = nil
-#			elsif row_count < 4
-#				data_sql = "SELECT * from " + full_table
-#				table_data_sql[full_table + "." + column_name] = data_sql
-#			else
-#				data_sql = "SELECT TOP 3 * from " + full_table
-#
-#				# or this will get top, middle and last rows
-#
-#				data_sql = "
-#							with tmp as (select *,ROW_NUMBER() over (order by " + column_name + ") as rownumber from " + full_table + " )
-#								select * from tmp where rownumber between 1 and 1;
-#							with tmp as (select *,ROW_NUMBER() over (order by " + column_name + ") as rownumber from " + full_table + " )
-#								select * from tmp where rownumber between " + (row_count / 2).to_s + " and " + (row_count / 2).to_s + ";
-#							with tmp as (select *,ROW_NUMBER() over (order by " + column_name + ") as rownumber from " + full_table + " )
-#								select * from tmp where rownumber between " + row_count.to_s + " and " + row_count.to_s + ";
-#						"
-#				table_data_sql[full_table + "." + column_name] = data_sql
-#			end
+      print_line
     }
 
-    print_line("")
-
-    # The code from this point on is for dumping out some sample data however the MSSQL parser isn't working
-    # correctly so the output is messed up. I'll finish implementing this once the bug is fixed.
-
-#		print_line("")
-#		print_with_underline("Sample Data")
-#		print_line("")
-#		table_data_sql.each_pair { |table, sql|
-#			if !sql.nil?
-#				print_with_underline table
-#				result = mssql_query(sql, true) if mssql_login_datastore
-#				#print_line result.inspect
-#				result[:colnames].each { |row|
-#					print row.ljust(20)
-#				}
-#			end
-#		}
-#
-#			if !data_sql.nil?
-#				result = mssql_query(data_sql, false) if mssql_login_datastore
-#	#			print_line "INSPECT"
-#	#			print_line result.keys.inspect
-#	#			print_line result[:colnames].inspect
-#		result[:colnames].each { |row|
-#			print row.ljust(20)
-#		}
-#		print_line("")
-#		result[:colnames].each { |row|
-#			print "=" * 20 + " "
-#		}
-#		print_line("")
-#
-#				if !result[:rows].nil?
-##				print_line data_sql
-#					result[:rows].each { |acol|
-#						acol.each { |aval|
-#				#			print_line aval
-#						}
-#					}
-#				end
-#			end
+    print_line
     disconnect
   end
+
 end
