Skip to content

Commit bf8f722

Browse files
David MaloneyDavid Maloney
David Maloney
authored and
David Maloney
committed
rescue exceptions in check_setup
1 parent 7d4c4c3 commit bf8f722

File tree

2 files changed

+38
-27
lines changed

2 files changed

+38
-27
lines changed

lib/metasploit/framework/login_scanner/glassfish.rb

Lines changed: 26 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -22,31 +22,35 @@ class Glassfish < HTTP
2222

2323
# (see Base#check_setup)
2424
def check_setup
25-
res = send_request({'uri' => '/common/index.jsf'})
26-
return "Connection failed" if res.nil?
27-
if !([200, 302].include?(res.code))
28-
return "Unexpected HTTP response code #{res.code} (is this really Glassfish?)"
29-
end
30-
31-
# If remote login is enabled on 4.x, it redirects to https on the
32-
# same port.
33-
if !self.ssl && res.headers['Location'] =~ /^https:/
34-
self.ssl = true
25+
begin
3526
res = send_request({'uri' => '/common/index.jsf'})
36-
if res.nil?
37-
return "Connection failed after SSL redirection"
27+
return "Connection failed" if res.nil?
28+
if !([200, 302].include?(res.code))
29+
return "Unexpected HTTP response code #{res.code} (is this really Glassfish?)"
3830
end
39-
if res.code != 200
40-
return "Unexpected HTTP response code #{res.code} after SSL redirection (is this really Glassfish?)"
31+
32+
# If remote login is enabled on 4.x, it redirects to https on the
33+
# same port.
34+
if !self.ssl && res.headers['Location'] =~ /^https:/
35+
self.ssl = true
36+
res = send_request({'uri' => '/common/index.jsf'})
37+
if res.nil?
38+
return "Connection failed after SSL redirection"
39+
end
40+
if res.code != 200
41+
return "Unexpected HTTP response code #{res.code} after SSL redirection (is this really Glassfish?)"
42+
end
4143
end
42-
end
4344

44-
res = send_request({'uri' => '/login.jsf'})
45-
return "Connection failed" if res.nil?
46-
extract_version(res.headers['Server'])
45+
res = send_request({'uri' => '/login.jsf'})
46+
return "Connection failed" if res.nil?
47+
extract_version(res.headers['Server'])
4748

48-
if @version.nil? || @version !~ /^[2349]/
49-
return "Unsupported version ('#{@version}')"
49+
if @version.nil? || @version !~ /^[2349]/
50+
return "Unsupported version ('#{@version}')"
51+
end
52+
rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
53+
return "Unable to connect to target"
5054
end
5155

5256
false
@@ -194,8 +198,8 @@ def attempt_login(credential)
194198
# @return [nil] If the banner did not match any of the expected values
195199
def extract_version(banner)
196200
# Set version. Some GlassFish servers return banner "GlassFish v3".
197-
if banner =~ /GlassFish Server(?: Open Source Edition)?[[:blank:]]*(\d\.\d)/
198-
@version = $1
201+
if banner =~ /(GlassFish Server|Open Source Edition)[[:blank:]]*(\d\.\d)/
202+
@version = $2
199203
elsif banner =~ /GlassFish v(\d)/
200204
@version = $1
201205
elsif banner =~ /Sun GlassFish Enterprise Server v2/

lib/metasploit/framework/login_scanner/http.rb

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -53,15 +53,22 @@ def check_setup
5353
'uri' => uri,
5454
'method' => method
5555
)
56-
# Use _send_recv instead of send_recv to skip automatiu
57-
# authentication
58-
response = http_client._send_recv(request)
56+
57+
begin
58+
# Use _send_recv instead of send_recv to skip automatiu
59+
# authentication
60+
response = http_client._send_recv(request)
61+
rescue ::EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
62+
error_message = "Unable to connect to target"
63+
end
5964

6065
if !(response && response.code == 401 && response.headers['WWW-Authenticate'])
61-
"No authentication required"
66+
error_message = "No authentication required"
6267
else
63-
false
68+
error_message = false
6469
end
70+
71+
error_message
6572
end
6673

6774
# Attempt a single login with a single credential against the target.

0 commit comments

Comments
 (0)