Skip to content

Commit 5bc1066

Browse files
committed
Change how modules use the mysql login functions
1 parent 261e095 commit 5bc1066

File tree

7 files changed

+12
-21
lines changed

7 files changed

+12
-21
lines changed

lib/msf/core/exploit/mysql.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@ def mysql_login_datastore
7878
res = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
7979
rescue Rex::ConnectionTimeout => e
8080
print_error("Timeout: #{e.message}")
81-
res = nil
81+
res = false
8282
end
8383

8484
return res

modules/auxiliary/scanner/mysql/mysql_hashdump.rb

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,6 @@ def initialize
2929
def run_host(ip)
3030

3131
if (not mysql_login_datastore)
32-
print_error("Invalid MySQL Server credentials")
3332
return
3433
end
3534

modules/auxiliary/scanner/mysql/mysql_login.rb

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,9 @@ def do_login(user='', pass='')
103103

104104
vprint_status("#{rhost}:#{rport} Trying username:'#{user}' with password:'#{pass}'")
105105
begin
106-
mysql_login(user, pass)
106+
m = mysql_login(user, pass)
107+
return :fail if not m
108+
107109
print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN '#{user}' : '#{pass}'")
108110
report_auth_info(
109111
:host => rhost,
@@ -116,10 +118,6 @@ def do_login(user='', pass='')
116118
)
117119
return :next_user
118120

119-
rescue ::RbMysql::AccessDeniedError
120-
vprint_status("#{rhost}:#{rport} failed to login as '#{user}' with password '#{pass}'")
121-
return :fail
122-
123121
rescue ::RbMysql::Error => e
124122
vprint_error("#{rhost}:#{rport} failed to login: #{e.class} #{e}")
125123
return :error

modules/auxiliary/scanner/mysql/mysql_schemadump.rb

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,6 @@ def initialize
3535
def run_host(ip)
3636

3737
if (not mysql_login_datastore)
38-
print_error("Invalid MySQL Server credentials")
3938
return
4039
end
4140
mysql_schema = get_schema

modules/exploits/windows/mysql/mysql_mof.rb

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -55,12 +55,8 @@ def initialize(info = {})
5555
end
5656

5757
def check
58-
begin
59-
m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
60-
rescue RbMysql::AccessDeniedError
61-
print_error("#{peer} - Access denied.")
62-
return Exploit::CheckCode::Safe
63-
end
58+
m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
59+
return Exploit::CheckCode::Safe if not m
6460

6561
return Exploit::CheckCode::Appears if is_windows?
6662
return Exploit::CheckCode::Safe

modules/exploits/windows/mysql/mysql_payload.rb

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,8 @@ def password
6565
end
6666

6767
def login_and_get_sys_exec
68-
mysql_login(username,password,'mysql')
68+
m = mysql_login(username,password,'mysql')
69+
return if not m
6970
@mysql_arch = mysql_get_arch
7071
@mysql_sys_exec_available = mysql_check_for_sys_exec()
7172
if !@mysql_sys_exec_available || datastore['FORCE_UDF_UPLOAD']
@@ -74,17 +75,18 @@ def login_and_get_sys_exec
7475
else
7576
print_status "sys_exec() already available, using that (override with FORCE_UDF_UPLOAD)."
7677
end
78+
79+
return m
7780
end
7881

7982
def execute_command(cmd, opts)
8083
mysql_sys_exec(cmd, datastore['VERBOSE'])
8184
end
8285

8386
def exploit
84-
login_and_get_sys_exec()
87+
m = login_and_get_sys_exec()
8588

86-
if not @mysql_handle
87-
print_status("Invalid MySQL credentials")
89+
if not m
8890
return
8991
elsif not [:win32,:win64].include?(@mysql_arch)
9092
print_status("Incompatible MySQL target architecture: '#{@mysql_arch}'")

modules/exploits/windows/mysql/scrutinizer_upload_exec.rb

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -109,9 +109,6 @@ def mysql_upload_binary(bindata, path)
109109

110110
# Login
111111
h = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
112-
113-
# The lib throws its own error message anyway:
114-
# "Exploit failed [no-access]: RbMysql::AccessDeniedError"
115112
return false if not h
116113

117114
tmp = mysql_get_temp_dir

0 commit comments

Comments
 (0)