Add check() implementation based on bcoles notes

hdm · hdm · commit cf7cfa9b2c2a · 2017-05-25T09:49:45.000-05:00
diff --git a/modules/exploits/linux/samba/is_known_pipename.rb b/modules/exploits/linux/samba/is_known_pipename.rb
@@ -24,6 +24,7 @@ def initialize(info = {})
         [
           'steelo <knownsteelo[at]gmail.com>',    # Vulnerability Discovery
           'hdm',                                  # Metasploit Module
+          'Brendan Coles <bcoles[at]gmail.com>',  # Check logic
         ],
       'License'        => MSF_LICENSE,
       'References'     =>
@@ -270,6 +271,54 @@ def find_payload
     end
   end
 
+  def check
+    res = smb_fingerprint
+
+    unless res['native_lm'] =~ /Samba ([\d\.]+)/
+      print_error("does not appear to be Samba: #{res['os']} / #{res['native_lm']}")
+      return CheckCode::Safe
+    end
+
+    samba_version = Gem::Version.new($1.gsub(/\.$/, ''))
+
+    vprint_status("Samba version identified as #{samba_version.to_s}")
+
+    if samba_version < Gem::Version.new('3.5.0')
+      return CheckCode::Safe
+    end
+
+    # Patched in 4.4.14
+    if samba_version < Gem::Version.new('4.5.0') &&
+       samba_version >= Gem::Version.new('4.4.14')
+      return CheckCode::Safe
+    end
+
+    # Patched in 4.5.10
+    if samba_version > Gem::Version.new('4.5.0') &&
+       samba_version < Gem::Version.new('4.6.0') &&
+       samba_version >= Gem::Version.new('4.5.10')
+      return CheckCode::Safe
+    end
+
+    # Patched in 4.6.4
+    if samba_version >= Gem::Version.new('4.6.4')
+      return CheckCode::Safe
+    end
+
+    connect
+    smb_login
+    find_writeable_share_path
+    disconnect
+
+    if @share.to_s.length == 0
+      print_status("Samba version #{samba_version.to_s} found, but no writeable share has been identified")
+      return CheckCode::Detected
+    end
+
+    print_good("Samba version #{samba_version.to_s} found with writeable share '#{@share}'")
+    return CheckCode::Appears
+  end
+
   def exploit
     # Setup SMB
     connect
