Land @2243, @wchen-r7's patch for [SeeRM rapid7#8312]

Author: jvazquez-r7

modules/auxiliary/analyze/jtr_aix.rb

@@ -32,59 +32,66 @@ def initialize
 
 	def run
 		wordlist = Rex::Quickfile.new("jtrtmp")
+		begin
+			wordlist.write( build_seed().join("\n") + "\n" )
+		ensure
+			wordlist.close
+		end
 
-		wordlist.write( build_seed().join("\n") + "\n" )
-		wordlist.close
+		myloots = myworkspace.loots.find(:all, :conditions => ['ltype=?', 'aix.hashes'])
+		return if myloots.nil? or myloots.empty?
 
-		hashlist = Rex::Quickfile.new("jtrtmp")
+		loot_data = ''
 
-		myloots = myworkspace.loots.find(:all, :conditions => ['ltype=?', 'aix.hashes'])
-		unless myloots.nil? or myloots.empty?
-			myloots.each do |myloot|
-				begin
-					usf = File.open(myloot.path, "rb")
-				rescue Exception => e
-					print_error("Unable to read #{myloot.path} \n #{e}")
-					next
-				end
-				usf.each_line do |row|
-					row.gsub!(/\n/, ":#{myloot.host.address}\n")
-					hashlist.write(row)
+		myloots.each do |myloot|
+			usf = ''
+			begin
+				File.open(myloot.path, "rb") do |f|
+					usf = f.read
 				end
+			rescue Exception => e
+				print_error("Unable to read #{myloot.path} \n #{e}")
+				next
+			end
+			usf.each_line do |row|
+				row.gsub!(/\n/, ":#{myloot.host.address}\n")
+				loot_data << row
 			end
-			hashlist.close
+		end
 
-			print_status("HashList: #{hashlist.path}")
+		hashlist = Rex::Quickfile.new("jtrtmp")
+		hashlist.write(loot_data)
+		hashlist.close
 
-			print_status("Trying Format:des Wordlist: #{wordlist.path}")
-			john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
-			print_status("Trying Format:des Rule: All4...")
-			john_crack(hashlist.path, :incremental => "All4", :format => 'des')
-			print_status("Trying Format:des Rule: Digits5...")
-			john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
+		print_status("HashList: #{hashlist.path}")
 
-			cracked = john_show_passwords(hashlist.path)
+		print_status("Trying Format:des Wordlist: #{wordlist.path}")
+		john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
+		print_status("Trying Format:des Rule: All4...")
+		john_crack(hashlist.path, :incremental => "All4", :format => 'des')
+		print_status("Trying Format:des Rule: Digits5...")
+		john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
 
+		cracked = john_show_passwords(hashlist.path)
 
-			print_status("#{cracked[:cracked]} hashes were cracked!")
 
-			cracked[:users].each_pair do |k,v|
-				if v[0] == "NO PASSWORD"
-					passwd=""
-				else
-					passwd=v[0]
-				end
-				print_good("Host: #{v.last}  User: #{k} Pass: #{passwd}")
-				report_auth_info(
-					:host  => v.last,
-					:port => 22,
-					:sname => 'ssh',
-					:user => k,
-					:pass => passwd
-				)
+		print_status("#{cracked[:cracked]} hashes were cracked!")
+
+		cracked[:users].each_pair do |k,v|
+			if v[0] == "NO PASSWORD"
+				passwd=""
+			else
+				passwd=v[0]
 			end
+			print_good("Host: #{v.last}  User: #{k} Pass: #{passwd}")
+			report_auth_info(
+				:host  => v.last,
+				:port => 22,
+				:sname => 'ssh',
+				:user => k,
+				:pass => passwd
+			)
 		end
-
 	end
 
 end

modules/auxiliary/analyze/jtr_linux.rb

@@ -41,84 +41,89 @@ def initialize
 	def run
 		wordlist = Rex::Quickfile.new("jtrtmp")
 
-		wordlist.write( build_seed().join("\n") + "\n" )
-		wordlist.close
-
-		hashlist = Rex::Quickfile.new("jtrtmp")
+		begin
+			wordlist.write( build_seed().join("\n") + "\n" )
+		ensure
+			wordlist.close
+		end
 
 		myloots = myworkspace.loots.where('ltype=?', 'linux.hashes')
-		unless myloots.nil? or myloots.empty?
-			myloots.each do |myloot|
-				begin
-					usf = File.open(myloot.path, "rb")
-				rescue Exception => e
-					print_error("Unable to read #{myloot.path} \n #{e}")
-				end
-				usf.each_line do |row|
-					row.gsub!(/\n/, ":#{myloot.host.address}\n")
-					hashlist.write(row)
+		return if myloots.nil? or myloots.empty?
+
+		loot_data = ''
+
+		myloots.each do |myloot|
+			usf = ''
+			begin
+				File.open(myloot.path, "rb") do |f|
+					usf = f.read
 				end
+			rescue Exception => e
+				print_error("Unable to read #{myloot.path} \n #{e}")
 			end
-			hashlist.close
-
-			print_status("HashList: #{hashlist.path}")
-
-			print_status("Trying Format:md5 Wordlist: #{wordlist.path}")
-			john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'md5')
-			print_status("Trying Format:md5 Rule: All4...")
-			john_crack(hashlist.path, :incremental => "All4", :format => 'md5')
-			print_status("Trying Format:md5 Rule: Digits5...")
-			john_crack(hashlist.path, :incremental => "Digits5", :format => 'md5')
-
-
-			print_status("Trying Format:des Wordlist: #{wordlist.path}")
-			john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
-			print_status("Trying Format:des Rule: All4...")
-			john_crack(hashlist.path, :incremental => "All4", :format => 'des')
-			print_status("Trying Format:des Rule: Digits5...")
-			john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
-
-			print_status("Trying Format:bsdi Wordlist: #{wordlist.path}")
-			john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'bsdi')
-			print_status("Trying Format:bsdi Rule: All4...")
-			john_crack(hashlist.path, :incremental => "All4", :format => 'bsdi')
-			print_status("Trying Format:bsdi Rule: Digits5...")
-			john_crack(hashlist.path, :incremental => "Digits5", :format => 'bsdi')
-
-			if datastore['Crypt']
-				print_status("Trying Format:crypt Wordlist: #{wordlist.path}")
-				john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'crypt')
-				print_status("Trying Rule: All4...")
-				john_crack(hashlist.path, :incremental => "All4", :format => 'crypt')
-				print_status("Trying Rule: Digits5...")
-				john_crack(hashlist.path, :incremental => "Digits5", :format => 'crypt')
+			usf.each_line do |row|
+				row.gsub!(/\n/, ":#{myloot.host.address}\n")
+				loot_data << row
 			end
+		end
 
+		hashlist = Rex::Quickfile.new("jtrtmp")
+		hashlist.write(loot_data)
+		hashlist.close
+
+		print_status("HashList: #{hashlist.path}")
+
+		print_status("Trying Format:md5 Wordlist: #{wordlist.path}")
+		john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'md5')
+		print_status("Trying Format:md5 Rule: All4...")
+		john_crack(hashlist.path, :incremental => "All4", :format => 'md5')
+		print_status("Trying Format:md5 Rule: Digits5...")
+		john_crack(hashlist.path, :incremental => "Digits5", :format => 'md5')
+
+
+		print_status("Trying Format:des Wordlist: #{wordlist.path}")
+		john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'des')
+		print_status("Trying Format:des Rule: All4...")
+		john_crack(hashlist.path, :incremental => "All4", :format => 'des')
+		print_status("Trying Format:des Rule: Digits5...")
+		john_crack(hashlist.path, :incremental => "Digits5", :format => 'des')
+
+		print_status("Trying Format:bsdi Wordlist: #{wordlist.path}")
+		john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'bsdi')
+		print_status("Trying Format:bsdi Rule: All4...")
+		john_crack(hashlist.path, :incremental => "All4", :format => 'bsdi')
+		print_status("Trying Format:bsdi Rule: Digits5...")
+		john_crack(hashlist.path, :incremental => "Digits5", :format => 'bsdi')
+
+		if datastore['Crypt']
+			print_status("Trying Format:crypt Wordlist: #{wordlist.path}")
+			john_crack(hashlist.path, :wordlist => wordlist.path, :rules => 'single', :format => 'crypt')
+			print_status("Trying Rule: All4...")
+			john_crack(hashlist.path, :incremental => "All4", :format => 'crypt')
+			print_status("Trying Rule: Digits5...")
+			john_crack(hashlist.path, :incremental => "Digits5", :format => 'crypt')
+		end
 
-			cracked = john_show_passwords(hashlist.path)
 
+		cracked = john_show_passwords(hashlist.path)
 
-			print_status("#{cracked[:cracked]} hashes were cracked!")
 
-			cracked[:users].each_pair do |k,v|
-				if v[0] == "NO PASSWORD"
-					passwd=""
-				else
-					passwd=v[0]
-				end
-				print_good("Host: #{v.last}  User: #{k} Pass: #{passwd}")
-				report_auth_info(
-					:host  => v.last,
-					:port => 22,
-					:sname => 'ssh',
-					:user => k,
-					:pass => passwd
-				)
+		print_status("#{cracked[:cracked]} hashes were cracked!")
+
+		cracked[:users].each_pair do |k,v|
+			if v[0] == "NO PASSWORD"
+				passwd=""
+			else
+				passwd=v[0]
 			end
+			print_good("Host: #{v.last}  User: #{k} Pass: #{passwd}")
+			report_auth_info(
+				:host  => v.last,
+				:port => 22,
+				:sname => 'ssh',
+				:user => k,
+				:pass => passwd
+			)
 		end
-
 	end
-
-
-
 end

modules/auxiliary/client/smtp/emailer.rb

@@ -46,42 +46,82 @@ def initialize(info = {})
 		deregister_options('SUBJECT')
 	end
 
+	def load_yaml_conf
+		opts = {}
+
+		File.open(datastore['YAML_CONFIG'], "rb") do |f|
+			yamlconf = YAML::load(f)
+
+			opts['to']                   = yamlconf['to']
+			opts['from']                 = yamlconf['from']
+			opts['subject']              = yamlconf['subject']
+			opts['type']                 = yamlconf['type']
+			opts['msg_file']             = yamlconf['msg_file']
+			opts['wait']                 = yamlconf['wait']
+			opts['add_name']             = yamlconf['add_name']
+			opts['sig']                  = yamlconf['sig']
+			opts['sig_file']             = yamlconf['sig_file']
+			opts['attachment']           = yamlconf['attachment']
+			opts['attachment_file']      = yamlconf['attachment_file']
+			opts['attachment_file_type'] = yamlconf['attachment_file_type']
+			opts['attachment_file_name'] = yamlconf['attachment_file_name']
+
+			### payload options ###
+			opts['make_payload']         = yamlconf['make_payload']
+			opts['zip_payload']          = yamlconf['zip_payload']
+			opts['msf_port']             = yamlconf['msf_port']
+			opts['msf_ip']               = yamlconf['msf_ip']
+			opts['msf_payload']          = yamlconf['msf_payload']
+			opts['msf_filename']         = yamlconf['msf_filename']
+			opts['msf_change_ext']       = yamlconf['msf_change_ext']
+			opts['msf_payload_ext']      = yamlconf['msf_payload_ext']
+		end
+
+		opts
+	end
+
+	def load_file(fname)
+		buf = ''
+		File.open(fname, 'rb') do |f|
+			buf = f.read
+		end
+
+		buf
+	end
+
 	def run
 
-		fileconf = File.open(datastore['YAML_CONFIG'], "rb")
-		yamlconf = YAML::load(fileconf)
-
-		fileto = yamlconf['to']
-		from = yamlconf['from']
-		subject = yamlconf['subject']
-		type = yamlconf['type']
-		msg_file = yamlconf['msg_file']
-		wait = yamlconf['wait']
-		add_name = yamlconf['add_name']
-		sig = yamlconf['sig']
-		sig_file = yamlconf['sig_file']
-		attachment = yamlconf['attachment']
-		attachment_file = yamlconf['attachment_file']
+		yamlconf = load_yaml_conf
+
+		fileto               = yamlconf['to']
+		from                 = yamlconf['from']
+		subject              = yamlconf['subject']
+		type                 = yamlconf['type']
+		msg_file             = yamlconf['msg_file']
+		wait                 = yamlconf['wait']
+		add_name             = yamlconf['add_name']
+		sig                  = yamlconf['sig']
+		sig_file             = yamlconf['sig_file']
+		attachment           = yamlconf['attachment']
+		attachment_file      = yamlconf['attachment_file']
 		attachment_file_type = yamlconf['attachment_file_type']
 		attachment_file_name = yamlconf['attachment_file_name']
 
-		### payload options ###
-		make_payload    = yamlconf['make_payload']
-		zip_payload     = yamlconf['zip_payload']
-		msf_port        = yamlconf['msf_port']
-		msf_ip          = yamlconf['msf_ip']
-		msf_payload     = yamlconf['msf_payload']
-		msf_filename    = yamlconf['msf_filename']
-		msf_change_ext  = yamlconf['msf_change_ext']
-		msf_payload_ext = yamlconf['msf_payload_ext']
-
+		make_payload         = yamlconf['make_payload']
+		zip_payload          = yamlconf['zip_payload']
+		msf_port             = yamlconf['msf_port']
+		msf_ip               = yamlconf['msf_ip']
+		msf_payload          = yamlconf['msf_payload']
+		msf_filename         = yamlconf['msf_filename']
+		msf_change_ext       = yamlconf['msf_change_ext']
+		msf_payload_ext      = yamlconf['msf_payload_ext']
 
 		tmp = Dir.tmpdir
 
 		datastore['MAILFROM'] = from
 
-		msg = File.open(msg_file, 'rb').read
-		email_sig = File.open(sig_file, 'rb').read
+		msg       = load_file(msg_file)
+		email_sig = load_file(sig_file)
 
 		if (type !~ /text/i and type !~ /text\/html/i)
 			print_error("YAML config: #{type}")
@@ -154,7 +194,7 @@ def run
 			end
 
 			if sig
-				data_sig = File.open(sig_file, 'rb').read
+				data_sig = load_file(sig_file)
 				email_msg_body = "#{email_msg_body}\n#{data_sig}"
 			end
 
@@ -172,7 +212,7 @@ def run
 
 			if attachment
 				if attachment_file_name
-					data_attachment = File.open(attachment_file, 'rb').read
+					data_attachment = load_file(attachment_file)
 					mime_msg.add_part(Rex::Text.encode_base64(data_attachment, "\r\n"), attachment_file_type, "base64", "attachment; filename=\"#{attachment_file_name}\"")
 				end
 			end