Merge branch 'master' into feature/eternal_blue/rubysmb_refactor

Author: David Maloney

.travis.yml

@@ -16,9 +16,10 @@ rvm:
   - '2.4.1'
 
 env:
-  - CMD=bundle exec rake "cucumber cucumber:boot" CREATE_BINSTUBS=true
-  - CMD=bundle exec rake spec SPEC_OPTS="--tag content"
-  - CMD=bundle exec rake spec SPEC_OPTS="--tag ~content"
+# TODO: restore these tests when the code passes them!
+#  - CMD='bundle exec rake cucumber cucumber:boot CREATE_BINSTUBS=true'
+  - CMD='bundle exec rake spec SPEC_OPTS="--tag content"'
+  - CMD='bundle exec rake spec SPEC_OPTS="--tag ~content"'
 
 matrix:
   fast_finish: true
@@ -32,14 +33,18 @@ before_install:
   - ln -sf ../../tools/dev/pre-commit-hook.rb ./.git/hooks/post-merge
   - ls -la ./.git/hooks
   - ./.git/hooks/post-merge
+  # Update the bundler
+  - gem install bundler
 before_script:
   - cp config/database.yml.travis config/database.yml
   - bundle exec rake --version
   - bundle exec rake db:create
   - bundle exec rake db:migrate
-script:
   # fail build if db/schema.rb update is not committed
-  - git diff --exit-code db/schema.rb && $CMD
+  - git diff --exit-code db/schema.rb
+script:
+  - echo "${CMD}"
+  - bash -c "${CMD}"
 
 notifications:
   irc: "irc.freenode.org#msfnotify"

Gemfile

@@ -3,10 +3,6 @@ source 'https://rubygems.org'
 #   spec.add_runtime_dependency '<name>', [<version requirements>]
 gemspec name: 'metasploit-framework'
 
-gem 'bit-struct', git: 'https://github.com/busterb/bit-struct', branch: 'ruby-2.4'
-gem 'method_source', git: 'https://github.com/banister/method_source', branch: 'master'
-
-gem 'ruby_smb', path: '/Users/dmaloney/rapid7/ruby_smb'
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
   # code coverage for tests
@@ -19,7 +15,7 @@ group :development do
   # generating documentation
   gem 'yard'
   # for development and testing purposes
-  gem 'pry', git: 'https://github.com/pry/pry', branch: 'master'
+  gem 'pry'
   # module documentation
   gem 'octokit'
   # metasploit-aggregator as a framework only option for now

Gemfile.lock

@@ -1,30 +1,7 @@
-GIT
-  remote: https://github.com/banister/method_source
-  revision: 0cc6cc8e15d08880585e8cb0c54e13c3cf937c54
-  branch: master
-  specs:
-    method_source (0.8.1)
-
-GIT
-  remote: https://github.com/busterb/bit-struct
-  revision: 707133ae6af5420be6fbe29be6baa5fbc929da2e
-  branch: ruby-2.4
-  specs:
-    bit-struct (0.15.0)
-
-GIT
-  remote: https://github.com/pry/pry
-  revision: f19d3e2ae86a677e1e926016fa1a5763675e3659
-  branch: master
-  specs:
-    pry (0.10.4)
-      coderay (~> 1.1.0)
-      method_source (~> 0.8.1)
-
 PATH
   remote: .
   specs:
-    metasploit-framework (4.14.22)
+    metasploit-framework (4.14.24)
       actionpack (~> 4.2.6)
       activerecord (~> 4.2.6)
       activesupport (~> 4.2.6)
@@ -58,7 +35,7 @@ PATH
       rb-readline
       recog
       redcarpet
-      rex-arch (= 0.1.4)
+      rex-arch
       rex-bin_tools
       rex-core
       rex-encoder
@@ -138,6 +115,7 @@ GEM
     backports (3.8.0)
     bcrypt (3.1.11)
     bindata (2.4.0)
+    bit-struct (0.16)
     builder (3.2.3)
     capybara (2.14.0)
       addressable
@@ -237,6 +215,7 @@ GEM
       railties (~> 4.2.6)
       recog (~> 2.0)
     metasploit_payloads-mettle (0.1.9)
+    method_source (0.8.2)
     mime-types (3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
@@ -267,6 +246,10 @@ GEM
       activerecord (>= 4.0.0)
       arel (>= 4.0.1)
       pg_array_parser (~> 0.0.9)
+    pry (0.10.4)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
     public_suffix (2.0.5)
     rack (1.6.8)
     rack-test (0.6.3)
@@ -286,10 +269,10 @@ GEM
       thor (>= 0.18.1, < 2.0)
     rake (12.0.0)
     rb-readline (0.5.4)
-    recog (2.1.7)
+    recog (2.1.8)
       nokogiri
     redcarpet (3.4.0)
-    rex-arch (0.1.4)
+    rex-arch (0.1.8)
       rex-text
     rex-bin_tools (0.1.3)
       metasm
@@ -353,6 +336,10 @@ GEM
       rspec-mocks (~> 3.6.0)
       rspec-support (~> 3.6.0)
     rspec-support (3.6.0)
+    ruby_smb (0.0.17)
+      bindata
+      rubyntlm
+      windows_error
     rubyntlm (0.6.2)
     rubyzip (1.2.1)
     sawyer (0.8.1)
@@ -370,6 +357,7 @@ GEM
       json (>= 1.8, < 3)
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.1)
+    slop (3.6.0)
     sqlite3 (1.3.13)
     sshkey (1.9.0)
     thor (0.19.4)
@@ -381,7 +369,7 @@ GEM
       tzinfo (>= 1.0.0)
     windows_error (0.1.2)
     xmlrpc (0.3.0)
-    xpath (2.0.0)
+    xpath (2.1.0)
       nokogiri (~> 1.3)
     yard (0.9.9)
 
@@ -390,15 +378,13 @@ PLATFORMS
 
 DEPENDENCIES
   aruba
-  bit-struct!
   cucumber-rails
   factory_girl_rails
   fivemat
   metasploit-aggregator
   metasploit-framework!
-  method_source!
   octokit
-  pry!
+  pry
   rake
   redcarpet
   rspec-rails

LICENSE_GEMS

@@ -6,20 +6,21 @@ activerecord, 4.2.8, MIT
 activesupport, 4.2.8, MIT
 addressable, 2.5.1, "Apache 2.0"
 arel, 6.0.4, MIT
-arel-helpers, 2.3.0, unknown
+arel-helpers, 2.4.0, unknown
 aruba, 0.14.2, MIT
+backports, 3.8.0, MIT
 bcrypt, 3.1.11, MIT
 bindata, 2.4.0, ruby
-bit-struct, 0.15.0, ruby
+bit-struct, 0.16, ruby
 builder, 3.2.3, MIT
-bundler, 1.14.6, MIT
+bundler, 1.15.0, MIT
 capybara, 2.14.0, MIT
 childprocess, 0.5.9, MIT
 coderay, 1.1.1, MIT
 contracts, 0.16.0, "Simplified BSD"
 cucumber, 2.4.0, MIT
 cucumber-core, 1.5.0, MIT
-cucumber-rails, 1.4.5, MIT
+cucumber-rails, 1.5.0, MIT
 cucumber-wire, 0.0.1, MIT
 diff-lcs, 1.3, "MIT, Artistic-2.0, GPL-2.0+"
 docile, 1.1.5, MIT
@@ -31,9 +32,9 @@ ffi, 1.9.18, "New BSD"
 filesize, 0.1.1, MIT
 fivemat, 1.3.3, MIT
 gherkin, 4.1.3, MIT
-google-protobuf, 3.2.0.2, "New BSD"
+google-protobuf, 3.3.0, "New BSD"
 googleauth, 0.5.1, "Apache 2.0"
-grpc, 1.2.5, "New BSD"
+grpc, 1.3.4, "New BSD"
 i18n, 0.8.1, MIT
 jsobfu, 0.4.2, "New BSD"
 json, 2.1.0, ruby
@@ -43,19 +44,19 @@ logging, 2.2.2, MIT
 loofah, 2.0.3, MIT
 memoist, 0.15.0, MIT
 metasm, 1.0.3, LGPL
-metasploit-aggregator, 0.1.3, "New BSD"
-metasploit-concern, 2.0.3, "New BSD"
-metasploit-credential, 2.0.8, "New BSD"
-metasploit-framework, 4.14.17, "New BSD"
-metasploit-model, 2.0.3, "New BSD"
-metasploit-payloads, 1.2.28, "3-clause (or ""modified"") BSD"
+metasploit-aggregator, 0.2.1, "New BSD"
+metasploit-concern, 2.0.4, "New BSD"
+metasploit-credential, 2.0.9, "New BSD"
+metasploit-framework, 4.14.23, "New BSD"
+metasploit-model, 2.0.4, "New BSD"
+metasploit-payloads, 1.2.29, "3-clause (or ""modified"") BSD"
 metasploit_data_models, 2.0.14, "New BSD"
 metasploit_payloads-mettle, 0.1.9, "3-clause (or ""modified"") BSD"
-method_source, 0.8.1, MIT
+method_source, 0.8.2, MIT
 mime-types, 3.1, MIT
 mime-types-data, 3.2016.0521, MIT
 mini_portile2, 2.1.0, MIT
-minitest, 5.10.1, MIT
+minitest, 5.10.2, MIT
 msgpack, 1.1.0, "Apache 2.0"
 multi_json, 1.12.1, MIT
 multi_test, 0.1.2, MIT
@@ -64,7 +65,7 @@ nessus_rest, 0.1.6, MIT
 net-ssh, 4.1.0, MIT
 network_interface, 0.0.1, MIT
 nexpose, 6.0.0, BSD
-nokogiri, 1.7.1, MIT
+nokogiri, 1.7.2, MIT
 octokit, 4.7.0, MIT
 openssl-ccm, 1.2.1, MIT
 openvas-omp, 0.0.4, MIT
@@ -77,57 +78,58 @@ pg_array_parser, 0.0.9, unknown
 postgres_ext, 3.0.0, MIT
 pry, 0.10.4, MIT
 public_suffix, 2.0.5, MIT
-rack, 1.6.5, MIT
+rack, 1.6.8, MIT
 rack-test, 0.6.3, MIT
 rails-deprecated_sanitizer, 1.0.3, MIT
 rails-dom-testing, 1.0.8, MIT
 rails-html-sanitizer, 1.0.3, MIT
 railties, 4.2.8, MIT
 rake, 12.0.0, MIT
 rb-readline, 0.5.4, BSD
-recog, 2.1.6, unknown
+recog, 2.1.8, unknown
 redcarpet, 3.4.0, MIT
 rex-arch, 0.1.4, "New BSD"
-rex-bin_tools, 0.1.2, "New BSD"
-rex-core, 0.1.9, "New BSD"
-rex-encoder, 0.1.3, "New BSD"
-rex-exploitation, 0.1.13, "New BSD"
-rex-java, 0.1.4, "New BSD"
-rex-mime, 0.1.4, "New BSD"
-rex-nop, 0.1.0, unknown
-rex-ole, 0.1.5, "New BSD"
-rex-powershell, 0.1.71, "New BSD"
+rex-bin_tools, 0.1.3, "New BSD"
+rex-core, 0.1.10, "New BSD"
+rex-encoder, 0.1.4, "New BSD"
+rex-exploitation, 0.1.14, "New BSD"
+rex-java, 0.1.5, "New BSD"
+rex-mime, 0.1.5, "New BSD"
+rex-nop, 0.1.1, "New BSD"
+rex-ole, 0.1.6, "New BSD"
+rex-powershell, 0.1.72, "New BSD"
 rex-random_identifier, 0.1.2, "New BSD"
-rex-registry, 0.1.2, "New BSD"
-rex-rop_builder, 0.1.2, "New BSD"
-rex-socket, 0.1.5, "New BSD"
-rex-sslscan, 0.1.3, "New BSD"
-rex-struct2, 0.1.1, "New BSD"
-rex-text, 0.2.14, "New BSD"
-rex-zip, 0.1.2, "New BSD"
+rex-registry, 0.1.3, "New BSD"
+rex-rop_builder, 0.1.3, "New BSD"
+rex-socket, 0.1.6, "New BSD"
+rex-sslscan, 0.1.4, "New BSD"
+rex-struct2, 0.1.2, "New BSD"
+rex-text, 0.2.15, "New BSD"
+rex-zip, 0.1.3, "New BSD"
 rkelly-remix, 0.0.7, MIT
 robots, 0.10.1, MIT
 rspec-core, 3.6.0, MIT
 rspec-expectations, 3.6.0, MIT
 rspec-mocks, 3.6.0, MIT
 rspec-rails, 3.6.0, MIT
 rspec-support, 3.6.0, MIT
-ruby_smb, 0.0.12, "New BSD"
+ruby_smb, 0.0.17, "New BSD"
 rubyntlm, 0.6.2, MIT
 rubyzip, 1.2.1, "Simplified BSD"
 sawyer, 0.8.1, MIT
 shoulda-matchers, 3.1.1, MIT
 signet, 0.7.3, "Apache 2.0"
 simplecov, 0.14.1, MIT
-simplecov-html, 0.10.0, MIT
+simplecov-html, 0.10.1, MIT
+slop, 3.6.0, MIT
 sqlite3, 1.3.13, "New BSD"
 sshkey, 1.9.0, MIT
 thor, 0.19.4, MIT
 thread_safe, 0.3.6, "Apache 2.0"
 timecop, 0.8.1, MIT
 tzinfo, 1.2.3, MIT
 tzinfo-data, 1.2017.2, MIT
-windows_error, 0.1.1, BSD
+windows_error, 0.1.2, BSD
 xmlrpc, 0.3.0, ruby
-xpath, 2.0.0, unknown
+xpath, 2.1.0, MIT
 yard, 0.9.9, MIT

data/exploits/CVE-2017-7494/build.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+build () {
+  CC=$1
+  TARGET_SUFFIX=$2
+  CFLAGS=$3
+
+  echo "[*] Building for ${TARGET_SUFFIX}..."
+  for type in {shellcode,system,findsock}
+   do ${CC} ${CFLAGS} -Wall -Werror -fPIC -fno-stack-protector samba-root-${type}.c -shared -o samba-root-${type}-${TARGET_SUFFIX}.so
+  done
+}
+
+rm -f *.o *.so *.gz
+
+#
+# Linux GLIBC
+#
+
+# x86
+build "gcc" "linux-glibc-x86_64" "-m64 -D OLD_LIB_SET_2"
+build "gcc" "linux-glibc-x86" "-m32 -D OLD_LIB_SET_1"
+
+# ARM
+build "arm-linux-gnueabi-gcc-5" "linux-glibc-armel" "-march=armv5 -mlittle-endian"
+build "arm-linux-gnueabihf-gcc-5" "linux-glibc-armhf" "-march=armv7 -mlittle-endian"
+build "aarch64-linux-gnu-gcc-4.9" "linux-glibc-aarch64" ""
+
+# MIPS
+build "mips-linux-gnu-gcc-5" "linux-glibc-mips" "-D OLD_LIB_SET_1"
+build "mipsel-linux-gnu-gcc-5"  "linux-glibc-mipsel" "-D OLD_LIB_SET_1"
+build "mips64-linux-gnuabi64-gcc-5"  "linux-glibc-mips64" "-D OLD_LIB_SET_1"
+build "mips64el-linux-gnuabi64-gcc-5" "linux-glibc-mips64el" "-D OLD_LIB_SET_1"
+
+# SPARC
+build "sparc64-linux-gnu-gcc-5" "linux-glibc-sparc64" ""
+build "sparc64-linux-gnu-gcc-5" "linux-glibc-sparc" "-m32 -D OLD_LIB_SET_1"
+
+# PowerPC
+build "powerpc-linux-gnu-gcc-5" "linux-glibc-powerpc" "-D OLD_LIB_SET_1"
+build "powerpc64-linux-gnu-gcc-5" "linux-glibc-powerpc64" ""
+build "powerpc64le-linux-gnu-gcc-4.9" "linux-glibc-powerpc64le" ""
+
+# S390X
+build "s390x-linux-gnu-gcc-5" "linux-glibc-s390x" ""
+
+gzip -9 *.so
+rm -f *.o *.so