Merge branch 'master' into feature/MSP-11124/msf-dbmanager-reorg

MSP-11124

Author: limhoff-r7

lib/metasploit/framework/login_scanner/jenkins.rb

@@ -0,0 +1,60 @@
+require 'metasploit/framework/login_scanner/http'
+
+module Metasploit
+  module Framework
+    module LoginScanner
+
+      # Jenkins login scanner
+      class Jenkins < HTTP
+
+        # Inherit LIKELY_PORTS,LIKELY_SERVICE_NAMES, and REALM_KEY from HTTP
+        CAN_GET_SESSION = true
+        DEFAULT_PORT    = 8080
+        PRIVATE_TYPES   = [ :password ]
+
+        # (see Base#set_sane_defaults)
+        def set_sane_defaults
+          self.uri = "/j_acegi_security_check" if self.uri.nil?
+          self.method = "POST" if self.method.nil?
+
+          super
+        end
+
+        def attempt_login(credential)
+          result_opts = {
+              credential: credential,
+              host: host,
+              port: port,
+              protocol: 'tcp'
+          }
+          if ssl
+            result_opts[:service_name] = 'https'
+          else
+            result_opts[:service_name] = 'http'
+          end
+          begin
+            cli = Rex::Proto::Http::Client.new(host, port, {}, ssl, ssl_version)
+            cli.connect
+            req = cli.request_cgi({
+              'method'=>'POST',
+              'uri'=>'/j_acegi_security_check',
+              'vars_post'=> {
+                'j_username' => credential.public,
+                'j_password'=>credential.private
+                }
+            })
+            res = cli.send_recv(req)
+            if res && !res.headers['location'].include?('loginError')
+              result_opts.merge!(status: Metasploit::Model::Login::Status::SUCCESSFUL, proof: res.headers)
+            else
+              result_opts.merge!(status: Metasploit::Model::Login::Status::INCORRECT, proof: res)
+            end
+          rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
+            result_opts.merge!(status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT)
+          end
+          Result.new(result_opts)
+        end
+      end
+    end
+  end
+end

lib/msf/base/serializer/readable_text.rb

@@ -31,7 +31,7 @@ def self.dump_module(mod, indent = "  ")
       when MODULE_AUX
         return dump_auxiliary_module(mod, indent)
       when MODULE_POST
-        return dump_basic_module(mod, indent)
+        return dump_post_module(mod, indent)
       else
         return dump_generic_module(mod, indent)
     end
@@ -84,14 +84,14 @@ def self.dump_exploit_target(mod, indent = '', h = nil)
     tbl.to_s + "\n"
   end
 
-  # Dumps an auxiliary's actions
+  # Dumps a module's actions
   #
-  # @param mod [Msf::Auxiliary] the auxiliary module.
+  # @param mod [Msf::Module] the module.
   # @param indent [String] the indentation to use (only the length
   #   matters)
   # @param h [String] the string to display as the table heading.
   # @return [String] the string form of the table.
-  def self.dump_auxiliary_actions(mod, indent = '', h = nil)
+  def self.dump_module_actions(mod, indent = '', h = nil)
     tbl = Rex::Ui::Text::Table.new(
       'Indent'  => indent.length,
       'Header'  => h,
@@ -108,6 +108,28 @@ def self.dump_auxiliary_actions(mod, indent = '', h = nil)
     tbl.to_s + "\n"
   end
 
+  # Dumps the module's selected action
+  #
+  # @param mod [Msf::Module] the module.
+  # @param indent [String] the indentation to use (only the length
+  #   matters)
+  # @param h [String] the string to display as the table heading.
+  # @return [String] the string form of the table.
+  def self.dump_module_action(mod, indent = '', h = nil)
+    tbl = Rex::Ui::Text::Table.new(
+      'Indent'  => indent.length,
+      'Header'  => h,
+      'Columns' =>
+        [
+          'Name',
+          'Description',
+        ])
+
+    tbl << [ mod.action.name || 'All', mod.action.description || '' ]
+
+    tbl.to_s + "\n"
+  end
+
   # Dumps the table of payloads that are compatible with the supplied
   # exploit.
   #
@@ -146,6 +168,7 @@ def self.dump_exploit_module(mod, indent = '')
     output << " Privileged: " + (mod.privileged? ? "Yes" : "No") + "\n"
     output << "    License: #{mod.license}\n"
     output << "       Rank: #{mod.rank_to_s.capitalize}\n"
+    output << "  Disclosed: #{mod.disclosure_date}\n" if mod.disclosure_date
     output << "\n"
 
     # Authors
@@ -201,6 +224,53 @@ def self.dump_auxiliary_module(mod, indent = '')
     output << "     Module: #{mod.fullname}\n"
     output << "    License: #{mod.license}\n"
     output << "       Rank: #{mod.rank_to_s.capitalize}\n"
+    output << "  Disclosed: #{mod.disclosure_date}\n" if mod.disclosure_date
+    output << "\n"
+
+    # Authors
+    output << "Provided by:\n"
+    mod.each_author { |author|
+      output << indent + author.to_s + "\n"
+    }
+    output << "\n"
+
+    # Actions
+    if mod.action
+      output << "Available actions:\n"
+      output << dump_module_actions(mod, indent)
+    end
+
+    # Options
+    if (mod.options.has_options?)
+      output << "Basic options:\n"
+      output << dump_options(mod, indent)
+      output << "\n"
+    end
+
+    # Description
+    output << "Description:\n"
+    output << word_wrap(Rex::Text.compress(mod.description))
+    output << "\n"
+
+    # References
+    output << dump_references(mod, indent)
+
+    return output
+  end
+
+  # Dumps information about a post module.
+  #
+  # @param mod [Msf::Post] the post module.
+  # @param indent [String] the indentation to use.
+  # @return [String] the string form of the information.
+  def self.dump_post_module(mod, indent = '')
+    output  = "\n"
+    output << "       Name: #{mod.name}\n"
+    output << "     Module: #{mod.fullname}\n"
+    output << "   Platform: #{mod.platform_to_s}\n"
+    output << "       Arch: #{mod.arch_to_s}\n"
+    output << "       Rank: #{mod.rank_to_s.capitalize}\n"
+    output << "  Disclosed: #{mod.disclosure_date}\n" if mod.disclosure_date
     output << "\n"
 
     # Authors
@@ -210,6 +280,12 @@ def self.dump_auxiliary_module(mod, indent = '')
     }
     output << "\n"
 
+    # Actions
+    if mod.action
+      output << "Available actions:\n"
+      output << dump_module_actions(mod, indent)
+    end
+
     # Options
     if (mod.options.has_options?)
       output << "Basic options:\n"

lib/msf/core/exploit/http/server.rb

@@ -689,6 +689,16 @@ module Exploit::Remote::HttpServer::HTML
 
   include Msf::Exploit::Remote::HttpServer
 
+  UTF_NONE         = 'none'
+  UTF_7            = 'utf-7'
+  UTF_7_ALL        = 'utf-7-all'
+  UTF_8            = 'utf-8'
+  UTF_16_LE        = 'utf-16le'
+  UTF_16_BE        = 'utf-16be'
+  UTF_16_BE_MARKER = 'utf-16be-marker'
+  UTF_32_LE        = 'utf-32le'
+  UTF_32_BE        = 'utf-32be'
+
 protected
 
   def initialize(info = {})
@@ -700,7 +710,7 @@ def initialize(info = {})
         # most browsers.  as such, they are not added by default.  The
         # mixin supports encoding using them, however they are not
         # listed in the Option.
-        OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', 'none', ['none', 'utf-16le', 'utf-16be', 'utf-16be-marker', 'utf-32le', 'utf-32be']]),
+        OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', UTF_NONE, [UTF_NONE, UTF_16_LE, UTF_16_BE, UTF_16_BE_MARKER, UTF_32_LE, UTF_32_BE]]),
         OptEnum.new('HTML::base64', [false, 'Enable HTML obfuscation via an embeded base64 html object (IE not supported)', 'none', ['none', 'plain', 'single_pad', 'double_pad', 'random_space_injection']]),
         OptInt.new('HTML::javascript::escape', [false, 'Enable HTML obfuscation via HTML escaping (number of iterations)',  0]),
       ], Exploit::Remote::HttpServer::HTML)
@@ -894,19 +904,19 @@ def send_response_html(cli, body, headers = {})
       }
     end
 
-    if ['utf-16le','utf-16be','utf32-le','utf32-be','utf-7','utf-8'].include?(datastore['HTML::unicode'])
+    if [UTF_16_LE, UTF_16_BE, UTF_32_LE, UTF_32_BE, UTF_7, UTF_8].include?(datastore['HTML::unicode'])
       headers['Content-Type'] = 'text/html; charset= ' + datastore['HTML::unicode']
       body = Rex::Text.to_unicode(body, datastore['HTML::unicode'])
     else
       # special cases
       case datastore['HTML::unicode']
-        when 'utf-16be-marker'
+        when UTF_16_BE_MARKER
           headers['Content-Type'] = 'text/html'
-          body = "\xFE\xFF" + Rex::Text.to_unicode(body, 'utf-16be')
-        when 'utf-7-all'
-          headers['Content-Type'] = 'text/html; charset=utf-7'
-          body = Rex::Text.to_unicode(body, 'utf-7', 'all')
-        when 'none'
+          body = "\xFE\xFF" + Rex::Text.to_unicode(body, UTF_16_BE)
+        when UTF_7_ALL
+          headers['Content-Type'] = "text/html; charset=#{UTF_7}"
+          body = Rex::Text.to_unicode(body, UTF_7, 'all')
+        when UTF_NONE
           # do nothing
         else
           raise RuntimeError, 'Invalid unicode.  how did you get here?'

lib/msf/core/handler/reverse_tcp.rb

@@ -70,7 +70,7 @@ def initialize(info = {})
   #
   def setup_handler
     if datastore['Proxies'] and not datastore['ReverseAllowProxy']
-      raise RuntimeError, 'TCP connect-back payloads cannot be used with Proxies. Can be overriden by setting ReverseAllowProxy to true'
+      raise RuntimeError, "TCP connect-back payloads cannot be used with Proxies. Use 'set ReverseAllowProxy true' to override this behaviour."
     end
 
     ex = false

lib/msf/core/rpc/v10/client.rb

@@ -21,7 +21,7 @@ def initialize(info={})
       :port => 3790,
       :uri  => '/api/',
       :ssl  => true,
-      :ssl_version => 'SSLv3',
+      :ssl_version => 'TLS1',
       :context     => {}
     }.merge(info)
 

lib/msf/ui/console/command_dispatcher/core.rb

@@ -2009,7 +2009,7 @@ def cmd_set_tabs(str, words)
       res << 'ENCODER'
     end
 
-    if (mod.auxiliary?)
+    if mod.kind_of?(Msf::Module::HasActions)
       res << "ACTION"
     end
 
@@ -2149,10 +2149,10 @@ def cmd_show(*args)
             print_error("No exploit module selected.")
           end
         when "actions"
-          if (mod and (mod.auxiliary? or mod.post?))
+          if mod && mod.kind_of?(Msf::Module::HasActions)
             show_actions(mod)
           else
-            print_error("No auxiliary module selected.")
+            print_error("No module with actions selected.")
           end
 
         else
@@ -2721,8 +2721,8 @@ def tab_complete_option(str, words)
       return option_values_encoders() if opt.upcase == 'StageEncoder'
     end
 
-    # Well-known option names specific to auxiliaries
-    if (mod.auxiliary?)
+    # Well-known option names specific to modules with actions
+    if mod.kind_of?(Msf::Module::HasActions)
       return option_values_actions() if opt.upcase == 'ACTION'
     end
 
@@ -2869,7 +2869,7 @@ def option_values_targets
 
 
   #
-  # Provide valid action options for the current auxiliary module
+  # Provide valid action options for the current module
   #
   def option_values_actions
     res = []
@@ -3146,6 +3146,12 @@ def show_options(mod) # :nodoc:
       print("\nExploit target:\n\n#{mod_targ}\n") if (mod_targ and mod_targ.length > 0)
     end
 
+    # Print the selected action
+    if mod.kind_of?(Msf::Module::HasActions) && mod.action
+      mod_action = Serializer::ReadableText.dump_module_action(mod, '   ')
+      print("\n#{mod.type.capitalize} action:\n\n#{mod_action}\n") if (mod_action and mod_action.length > 0)
+    end
+
     # Uncomment this line if u want target like msf2 format
     #print("\nTarget: #{mod.target.name}\n\n")
   end
@@ -3202,8 +3208,8 @@ def show_targets(mod) # :nodoc:
   end
 
   def show_actions(mod) # :nodoc:
-    mod_actions = Serializer::ReadableText.dump_auxiliary_actions(mod, '   ')
-    print("\nAuxiliary actions:\n\n#{mod_actions}\n") if (mod_actions and mod_actions.length > 0)
+    mod_actions = Serializer::ReadableText.dump_module_actions(mod, '   ')
+    print("\n#{mod.type.capitalize} actions:\n\n#{mod_actions}\n") if (mod_actions and mod_actions.length > 0)
   end
 
   def show_advanced_options(mod) # :nodoc:

lib/msf/ui/console/module_command_dispatcher.rb

@@ -188,16 +188,22 @@ def check_simple(instance=nil)
           print_status("#{peer} - #{code[1]}")
         end
       else
-        print_error("#{peer} - Check failed: The state could not be determined.")
+        msg = "#{peer} - Check failed: The state could not be determined."
+        print_error(msg)
+        elog("#{msg}\n#{caller.join("\n")}")
       end
-    rescue ::Rex::ConnectionError, ::Rex::ConnectionProxyError, ::Errno::ECONNRESET, ::Errno::EINTR, ::Rex::TimeoutError, ::Timeout::Error
+    rescue ::Rex::ConnectionError, ::Rex::ConnectionProxyError, ::Errno::ECONNRESET, ::Errno::EINTR, ::Rex::TimeoutError, ::Timeout::Error => e
       # Connection issues while running check should be handled by the module
-    rescue ::RuntimeError
+      elog("#{e.message}\n#{e.backtrace.join("\n")}")
+    rescue ::RuntimeError => e
       # Some modules raise RuntimeError but we don't necessarily care about those when we run check()
+      elog("#{e.message}\n#{e.backtrace.join("\n")}")
     rescue Msf::OptionValidateError => e
       print_error("Check failed: #{e.message}")
+      elog("#{e.message}\n#{e.backtrace.join("\n")}")
     rescue ::Exception => e
       print_error("#{peer} - Check failed: #{e.class} #{e}")
+      elog("#{e.message}\n#{e.backtrace.join("\n")}")
     end
   end