Land rapid7#8487, fixups for ETERNALBLUE DCE/RPC code

wvu · wvu · commit 9d82e5a9fd0c · 2017-05-30T13:18:08.000-05:00
diff --git a/modules/exploits/windows/smb/ms17_010_eternalblue.rb b/modules/exploits/windows/smb/ms17_010_eternalblue.rb
@@ -153,11 +153,22 @@ def smb_eternalblue(process_name, grooms)
       client, tree, sock, os = smb1_anonymous_connect_ipc()
       print_good("Connection established for exploitation.")
 
-      if !verify_target(os)
+      if verify_target(os)
+        print_good('Target OS selected valid for OS indicated by SMB reply')
+      else
+        print_warning('Target OS selected not valid for OS indicated by SMB reply')
+        print_warning('Disable VerifyTarget option to proceed manually...')
         raise EternalBlueError, 'Unable to continue with improper OS Target.'
       end
 
-      if !verify_arch
+      # cool buffer print no matter what, will be helpful when people post debug issues
+      print_core_buffer(os)
+
+      if verify_arch
+        print_good('Target arch selected valid for arch indicated by DCE/RPC reply')
+      else
+        print_warning('Target arch selected not valid for arch indicated by DCE/RPC reply')
+        print_warning('Disable VerifyArch option to proceed manually...')
         raise EternalBlueError, 'Unable to continue with improper OS Arch.'
       end
 
@@ -234,18 +245,8 @@ def verify_target(os)
           break
         end
       end
-
-      if ret
-        print_good('Target OS selected valid for OS indicated by SMB reply')
-      else
-        print_warning('Target OS selected not valid for OS indicated by SMB reply')
-        print_warning('Disable VerifyTarget option to proceed manually...')
-      end
     end
 
-    # cool buffer print no matter what, will be helpful when people post debug issues
-    print_core_buffer(os)
-
     return ret
   end
 
@@ -263,10 +264,15 @@ def verify_arch
       '71710533-beba-4937-8319-b5dbef9ccc36', '1.0'
     ).first
 
-    sock = connect(false,
-      'RHOST' => rhost,
-      'RPORT' => 135
-    )
+    begin
+      sock = connect(false,
+        'RHOST' => rhost,
+        'RPORT' => 135
+      )
+    rescue Rex::ConnectionError => e
+      print_error(e.to_s)
+      return false
+    end
 
     sock.put(pkt)
 
@@ -300,13 +306,6 @@ def verify_arch
       end
     end
 
-    if ret
-      print_good('Target arch selected valid for OS indicated by DCE/RPC reply')
-    else
-      print_warning('Target arch selected not valid for OS indicated by DCE/RPC reply')
-      print_warning('Disable VerifyArch option to proceed manually...')
-    end
-
     ret
   end
 
