Merge branch 'mysql_login_exceptions' of https://github.com/wchen-r7/metasploit-framework into wchen-r7-mysql_login_exceptions

jvazquez-r7 · jvazquez-r7 · commit 7a1a9985d5e4 · 2013-01-09T18:21:03.000+01:00
diff --git a/lib/msf/core/exploit/mysql.rb b/lib/msf/core/exploit/mysql.rb
@@ -40,16 +40,35 @@ def mysql_login(user='root', pass='', db=nil)
 		disconnect if self.sock
 		connect
 
-		@mysql_handle = ::RbMysql.connect({
-			:host           => rhost,
-			:port           => rport,
-			:read_timeout   => 300,
-			:write_timeout  => 300,
-			:socket         => sock,
-			:user           => user,
-			:password       => pass,
-			:db             => db
-		})
+		begin
+			@mysql_handle = ::RbMysql.connect({
+				:host           => rhost,
+				:port           => rport,
+				:read_timeout   => 300,
+				:write_timeout  => 300,
+				:socket         => sock,
+				:user           => user,
+				:password       => pass,
+				:db             => db
+			})
+		rescue Errno::ECONNREFUSED
+			print_error("Connection refused")
+			return false
+		rescue RbMysql::ClientError
+			print_error("Connection timedout")
+			return false
+		rescue Errno::ETIMEDOUT
+			print_error("Operation timedout")
+			return false
+		rescue RbMysql::HostNotPrivileged
+			print_error("Unable to login from this host due to policy")
+			return false
+		rescue RbMysql::AccessDeniedError
+			print_error("Access denied")
+			return false
+		end
+
+		return true
 	end
 
 	def mysql_logoff
@@ -62,7 +81,7 @@ def mysql_login_datastore
 			res = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
 		rescue Rex::ConnectionTimeout => e
 			print_error("Timeout: #{e.message}")
-			res = nil
+			res = false
 		end
 
 		return res
diff --git a/modules/auxiliary/scanner/mysql/mysql_hashdump.rb b/modules/auxiliary/scanner/mysql/mysql_hashdump.rb
@@ -29,7 +29,6 @@ def initialize
 	def run_host(ip)
 
 		if (not mysql_login_datastore)
-			print_error("Invalid MySQL Server credentials")
 			return
 		end
 
diff --git a/modules/auxiliary/scanner/mysql/mysql_login.rb b/modules/auxiliary/scanner/mysql/mysql_login.rb
@@ -103,7 +103,9 @@ def do_login(user='', pass='')
 
 		vprint_status("#{rhost}:#{rport} Trying username:'#{user}' with password:'#{pass}'")
 		begin
-			mysql_login(user, pass)
+			m = mysql_login(user, pass)
+			return :fail if not m
+
 			print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN '#{user}' : '#{pass}'")
 			report_auth_info(
 				:host   => rhost,
@@ -116,10 +118,6 @@ def do_login(user='', pass='')
 			)
 			return :next_user
 
-		rescue ::RbMysql::AccessDeniedError
-			vprint_status("#{rhost}:#{rport} failed to login as '#{user}' with password '#{pass}'")
-			return :fail
-
 		rescue ::RbMysql::Error => e
 			vprint_error("#{rhost}:#{rport} failed to login: #{e.class} #{e}")
 			return :error
diff --git a/modules/auxiliary/scanner/mysql/mysql_schemadump.rb b/modules/auxiliary/scanner/mysql/mysql_schemadump.rb
@@ -35,7 +35,6 @@ def initialize
 	def run_host(ip)
 
 		if (not mysql_login_datastore)
-			print_error("Invalid MySQL Server credentials")
 			return
 		end
 		mysql_schema = get_schema
diff --git a/modules/exploits/windows/mysql/mysql_mof.rb b/modules/exploits/windows/mysql/mysql_mof.rb
@@ -55,12 +55,8 @@ def initialize(info = {})
 	end
 
 	def check
-		begin
-			m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
-		rescue RbMysql::AccessDeniedError
-			print_error("#{peer} - Access denied.")
-			return Exploit::CheckCode::Safe
-		end
+		m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
+		return Exploit::CheckCode::Safe if not m
 
 		return Exploit::CheckCode::Appears if is_windows?
 		return Exploit::CheckCode::Safe
diff --git a/modules/exploits/windows/mysql/mysql_payload.rb b/modules/exploits/windows/mysql/mysql_payload.rb
@@ -65,7 +65,8 @@ def password
 	end
 
 	def login_and_get_sys_exec
-		mysql_login(username,password,'mysql')
+		m = mysql_login(username,password,'mysql')
+		return if not m
 		@mysql_arch = mysql_get_arch
 		@mysql_sys_exec_available = mysql_check_for_sys_exec()
 		if !@mysql_sys_exec_available || datastore['FORCE_UDF_UPLOAD']
@@ -74,17 +75,18 @@ def login_and_get_sys_exec
 		else
 			print_status "sys_exec() already available, using that (override with FORCE_UDF_UPLOAD)."
 		end
+
+		return m
 	end
 
 	def execute_command(cmd, opts)
 		mysql_sys_exec(cmd, datastore['VERBOSE'])
 	end
 
 	def exploit
-		login_and_get_sys_exec()
+		m = login_and_get_sys_exec()
 
-		if not @mysql_handle
-			print_status("Invalid MySQL credentials")
+		if not m
 			return
 		elsif not [:win32,:win64].include?(@mysql_arch)
 			print_status("Incompatible MySQL target architecture: '#{@mysql_arch}'")
diff --git a/modules/exploits/windows/mysql/scrutinizer_upload_exec.rb b/modules/exploits/windows/mysql/scrutinizer_upload_exec.rb
@@ -109,9 +109,6 @@ def mysql_upload_binary(bindata, path)
 
 		# Login
 		h = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
-
-		# The lib throws its own error message anyway:
-		# "Exploit failed [no-access]: RbMysql::AccessDeniedError"
 		return false if not h
 
 		tmp = mysql_get_temp_dir
