Land rapid7#3479, broken sock.get fix

Author: wvu

modules/auxiliary/admin/cisco/vpn_3000_ftp_bypass.rb

@@ -50,21 +50,21 @@ def run
 
       print_status("Attempting to create directory: MKD #{test}")
       sock.put("MKD #{test}\r\n")
-      res = sock.get(-1,5)
+      res = sock.get_once(-1,5)
 
       if (res =~/257 MKD command successful\./)
         print_status("\tDirectory #{test} reportedly created. Verifying with SIZE #{test}")
         sock.put("SIZE #{test}\r\n")
-        res = sock.get(-1,5)
+        res = sock.get_once(-1,5)
         if (res =~ /550 Not a regular file/)
           print_status("\tServer reports \"not a regular file\". Directory verified.")
           print_status("\tAttempting to delete directory: RMD #{test}")
           sock.put("RMD #{test}\r\n")
-          res = sock.get(-1,5)
+          res = sock.get_once(-1,5)
           if (res =~ /250 RMD command successful\./)
             print_status("\tDirectory #{test} reportedly deleted. Verifying with SIZE #{test}")
             sock.put("SIZE #{test}\r\n")
-            res = sock.get(-1,5)
+            res = sock.get_once(-1,5)
             print_status("\tDirectory #{test} no longer exists!")
             print_status("Target is confirmed as vulnerable!")
           end

modules/auxiliary/admin/misc/sercomm_dump_config.rb

@@ -116,7 +116,7 @@ def fingerprint_endian
     begin
       connect
       sock.put(Rex::Text.rand_text(5))
-      res = sock.get_once
+      res = sock.get_once(-1, 10)
       disconnect
     rescue Rex::ConnectionError => e
       print_error("Connection failed: #{e.class}: #{e}")
@@ -147,7 +147,7 @@ def dump_configuration
 
     connect
     sock.put(pkt)
-    res = sock.get
+    res = sock.get_once(-1, 10)
 
     disconnect
 

modules/auxiliary/admin/oracle/sid_brute.rb

@@ -41,12 +41,14 @@ def run
 
     print_status("Starting brute force on #{rhost}, using sids from #{list}...")
 
-    fd = File.open(list, 'rb').each do |sid|
+    fd = ::File.open(list, 'rb').each do |sid|
       login = "(DESCRIPTION=(CONNECT_DATA=(SID=#{sid})(CID=(PROGRAM=)(HOST=MSF)(USER=)))(ADDRESS=(PROTOCOL=tcp)(HOST=#{rhost})(PORT=#{rport})))"
       pkt = tns_packet(login)
 
       begin
         connect
+      rescue ::Interrupt
+        raise $!
       rescue => e
         print_error(e.to_s)
         disconnect
@@ -55,12 +57,10 @@ def run
 
       sock.put(pkt)
       select(nil,nil,nil,s.to_i)
-      res = sock.get_once(-1,3)
+      res = sock.get_once
       disconnect
 
-      if ( res and res =~ /ERROR_STACK/ )
-        ''
-      else
+      if res and res.to_s !~ /ERROR_STACK/
         report_note(
           :host => rhost,
           :port => rport,
@@ -70,6 +70,7 @@ def run
         )
         print_good("#{rhost}:#{rport} Found SID '#{sid.strip}'")
       end
+
     end
 
     print_status("Done with brute force...")

modules/auxiliary/fuzzers/ftp/ftp_pre_post.rb

@@ -64,7 +64,7 @@ def initialize
 
 
   def get_pkt
-    buf = sock.get
+    buf = sock.get_once(-1, 10)
     vprint_status("[in ] #{buf.inspect}")
     buf
   end

modules/auxiliary/scanner/http/open_proxy.rb

@@ -37,7 +37,7 @@ def initialize(info = {})
         OptBool.new('VERIFY_CONNECT', [ false, 'Enable test for CONNECT method', false ]),
         OptBool.new('VERIFY_HEAD', [ false, 'Enable test for HEAD method', false ]),
         OptBool.new('LOOKUP_PUBLIC_ADDRESS', [ false, 'Enable test for retrieve public IP address via RIPE.net', false ]),
-        OptString.new('SITE', [ true, 'The web site to test via alleged web proxy (default is www.google.com)', '209.85.148.147' ]),
+        OptString.new('SITE', [ true, 'The web site to test via alleged web proxy (default is www.google.com)', 'www.google.com' ]),
         OptString.new('ValidCode', [ false, "Valid HTTP code for a successfully request", '200,302' ]),
         OptString.new('ValidPattern', [ false, "Valid HTTP server header for a successfully request", 'server: gws' ]),
         OptString.new('UserAgent', [ true, 'The HTTP User-Agent sent in the request', 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)' ]),
@@ -60,14 +60,16 @@ def run_host(target_host)
 
     if datastore['MULTIPORTS']
       target_ports = [ 80, 1080, 3128, 8080, 8123 ]
-    else
-      target_ports.push(datastore['RPORT'].to_i)
     end
 
+    target_ports.push(datastore['RPORT'].to_i)
+
     if datastore['RANDOMIZE_PORTS']
       target_ports = target_ports.sort_by { rand }
     end
 
+    target_ports = target_ports.uniq
+
     site       = datastore['SITE']
     user_agent = datastore['UserAgent']
 
@@ -97,7 +99,7 @@ def write_request(method,site,user_agent)
     request = method + " http://" + site + "/ HTTP/1.1" + "\r\n" +
       "Host: " + site + "\r\n" +
       "Connection: close" + "\r\n" +
-      "User-Agent: user_agent" + "\r\n" +
+      "User-Agent: #{user_agent}" + "\r\n" +
       "Accept-Encoding: *" + "\r\n" +
       "Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7" + "\r\n" +
       "Cache-Control: no" + "\r\n" +
@@ -115,7 +117,7 @@ def send_request(site,user_agent)
 
       request = write_request('GET',site,user_agent)
       sock.put(request)
-      res = sock.get
+      res = sock.get_once(-1, 10)
 
       disconnect
 
@@ -167,7 +169,7 @@ def send_request_ripe(user_agent)
 
       request = write_request('GET',ripe_address,user_agent)
       sock.put(request)
-      res = sock.get
+      res = sock.get_once(-1, 10)
 
       disconnect
 

modules/auxiliary/scanner/portscan/ftpbounce.rb

@@ -59,7 +59,7 @@ def run_host(ip)
       # on the response codes.  We need to do this between every
       # port scan attempt unfortunately.
       while true
-        r = self.sock.get(0.25)
+        r = sock.get_once(-1, 0.25)
         break if not r or r.empty?
       end
 

modules/auxiliary/scanner/scada/modbusclient.rb

@@ -47,8 +47,7 @@ def initialize(info = {})
   def send_frame(payload)
     sock.put(payload)
     @modbus_counter += 1
-    r = sock.get(sock.def_read_timeout)
-    return r
+    sock.get_once(-1, sock.def_read_timeout)
   end
 
   def make_payload(payload)
@@ -65,10 +64,7 @@ def make_read_payload
     payload += [@function_code].pack("c")
     payload += [datastore['DATA_ADDRESS']].pack("n")
     payload += [1].pack("n")
-
-    packet_data = make_payload(payload)
-
-    packet_data
+    make_payload(payload)
   end
 
   def make_write_coil_payload(data)
@@ -89,9 +85,7 @@ def make_write_register_payload(data)
     payload += [datastore['DATA_ADDRESS']].pack("n")
     payload += [data].pack("n")
 
-    packet_data = make_payload(payload)
-
-    packet_data
+    make_payload(payload)
   end
 
   def handle_error(response)

modules/auxiliary/scanner/ssl/openssl_ccs.rb

@@ -187,7 +187,7 @@ def establish_connect
 
     vprint_status("#{peer} - Sending Client Hello...")
     sock.put(client_hello)
-    server_hello = sock.get(response_timeout)
+    server_hello = sock.get_once(-1, response_timeout)
 
     unless server_hello
       vprint_error("#{peer} - No Server Hello after #{response_timeout} seconds...")

modules/auxiliary/scanner/ssl/openssl_heartbleed.rb

@@ -339,15 +339,15 @@ def jabber_connect_msg(hostname)
 
   def tls_jabber
     sock.put(jabber_connect_msg(xmpp_domain))
-    res = sock.get(response_timeout)
+    res = sock.get_once(-1, response_timeout)
     if res && res.include?('host-unknown')
       jabber_host = res.match(/ from='([\w.]*)' /)
       if jabber_host && jabber_host[1]
         disconnect
         establish_connect
         vprint_status("#{peer} - Connecting with autodetected remote XMPP hostname: #{jabber_host[1]}...")
         sock.put(jabber_connect_msg(jabber_host[1]))
-        res = sock.get(response_timeout)
+        res = sock.get_once(-1, response_timeout)
       end
     end
     if res.nil? || res.include?('stream:error') || res !~ /<starttls xmlns=['"]urn:ietf:params:xml:ns:xmpp-tls['"]/
@@ -356,14 +356,14 @@ def tls_jabber
     end
     msg = "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"
     sock.put(msg)
-    res = sock.get(response_timeout)
+    res = sock.get_once(-1, response_timeout)
     return nil if res.nil? || !res.include?('<proceed')
     res
   end
 
   def tls_ftp
     # http://tools.ietf.org/html/rfc4217
-    res = sock.get(response_timeout)
+    res = sock.get_once(-1, response_timeout)
     return nil if res.nil?
     sock.put("AUTH TLS\r\n")
     res = get_data
@@ -418,7 +418,7 @@ def establish_connect
     vprint_status("#{peer} - Sending Client Hello...")
     sock.put(client_hello)
 
-    server_hello = sock.get(response_timeout)
+    server_hello = sock.get_once(-1, response_timeout)
     unless server_hello
       vprint_error("#{peer} - No Server Hello after #{response_timeout} seconds...")
       return nil

modules/auxiliary/scanner/tftp/tftpbrute.rb

@@ -50,7 +50,7 @@ def run_host(ip)
         filename.strip!
         pkt = "\x00\x01" + filename + "\x00" + "netascii" + "\x00"
         udp_sock.sendto(pkt, ip, datastore['RPORT'])
-        resp = udp_sock.get(1)
+        resp = udp_sock.get(3)
         if resp and resp.length >= 2 and resp[0, 2] == "\x00\x03"
           print_status("Found #{filename} on #{ip}")
           #Add Report