Fix bad copypast, sock.get usage, HTTP mistakes

Author: HD Moore

modules/exploits/windows/ftp/comsnd_ftpd_fmtstr.rb

@@ -82,13 +82,14 @@ def initialize(info = {})
 
   def check
     connect
-    banner    = sock.get_once(-1,3)
+    banner = sock.get_once || ""
+    disconnect
+
     validate  = "\x32\x32\x30\x20\xbb\xb6\xd3\xad\xb9"
     validate << "\xe2\xc1\xd9\x46\x54\x50\xb7\xfe\xce"
     validate << "\xf1\xc6\xf7\x21\x0d\x0a"
-    disconnect
-
-    if (banner == validate)
+    
+    if banner.to_s == validate
       return Exploit::CheckCode::Vulnerable
     end
     return Exploit::CheckCode::Safe

modules/exploits/windows/lotus/domino_sametime_stmux.rb

@@ -63,26 +63,27 @@ def initialize(info = {})
   def check
     connect
 
-    req = "HEAD / HTTP/1.0\r\n\r\n"
-    req << "User-Agent: Sametime Community Agent\r\n"
+    req = "HEAD / HTTP/1.1\r\n"
     req << "Host: #{datastore['RHOST']}:#{datastore['RPORT']}\r\n"
+    req << "User-Agent: Sametime Community Agent\r\n\r\n"
+    
     sock.put(req)
-    res = sock.get_once(-1,3) || ''
+    res = sock.get_once || ''
 
     disconnect
 
-    if (res =~/Lotus-Domino/)
+    if (res.to_s =~/Lotus-Domino/)
       connect
 
-      req = "GET /CommunityCBR HTTP/1.0\r\n\r\n"
-      req << "User-Agent: Sametime Community Agent\r\n"
+      req = "GET /CommunityCBR HTTP/1.1\r\n"
       req << "Host: #{datastore['RHOST']}:#{datastore['RPORT']}\r\n"
+      req << "User-Agent: Sametime Community Agent\r\n\r\n"
       sock.put(req)
-      res = sock.get_once(-1,3) || ''
+      res = sock.get_once || ''
 
       disconnect
 
-      if (res =~/200 OK/)
+      if (res.to_s =~ /200 OK/)
         return Exploit::CheckCode::Detected
       end
     end
@@ -106,8 +107,8 @@ def exploit
     path = pad1 + jmp + seh + pad2 + popebx + popad + esp
 
     req = "POST /CommunityCBR/CC.39.#{path}/\r\n"
-    req << "User-Agent: Sametime Community Agent\r\n"
     req << "Host: #{datastore['RHOST']}:#{datastore['RPORT']}\r\n"
+    req << "User-Agent: Sametime Community Agent\r\n"
     req << "Content-Length: #{payload.encoded.length}\r\n"
     req << "Connection: Close\r\n"
     req << "Cache-Control: no-cache\r\n\r\n"

modules/exploits/windows/proxy/ccproxy_telnet_ping.rb

@@ -58,10 +58,10 @@ def initialize(info = {})
 
   def check
     connect
-    banner = sock.get_once(-1,3) || ''
+    banner = sock.get_once || ''
     disconnect
 
-    if (banner =~ /CCProxy Telnet Service Ready/)
+    if banner.to_s =~ /CCProxy Telnet Service Ready/
       return Exploit::CheckCode::Detected
     end
       return Exploit::CheckCode::Safe

modules/exploits/windows/smtp/mailcarrier_smtp_ehlo.rb

@@ -58,10 +58,10 @@ def initialize(info = {})
 
   def check
     connect
-    banner = sock.get_once(-1,3) || ''
+    banner = sock.get_once || ''
     disconnect
 
-    if (banner =~ /ESMTP TABS Mail Server for Windows NT/)
+    if banner.to_s =~ /ESMTP TABS Mail Server for Windows NT/
       return Exploit::CheckCode::Detected
     end
     return Exploit::CheckCode::Safe

modules/exploits/windows/telnet/gamsoft_telsrv_username.rb

@@ -84,10 +84,10 @@ def check
     connect
     print_status("Attempting to determine if target is possibly vulnerable...")
     select(nil,nil,nil,7)
-    banner = sock.get_once(-1,3) || ''
+    banner = sock.get_once || ''
     vprint_status("Banner: #{banner}")
 
-    if (banner =~ /TelSrv 1\.5/)
+    if banner.to_s =~ /TelSrv 1\.5/
       return Exploit::CheckCode::Appears
     end
     return Exploit::CheckCode::Safe