Use Rex Post MySQL Client for lib, specs & modules

Author: sjanusz-r7

lib/metasploit/framework/login_scanner/mysql.rb

@@ -1,5 +1,4 @@
 require 'metasploit/framework/tcp/client'
-require 'mysql'
 require 'metasploit/framework/login_scanner/base'
 require 'metasploit/framework/login_scanner/rex_socket'
 require 'rex/proto/mysql/client'
@@ -47,22 +46,22 @@ def attempt_login(credential)
               status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,
               proof: e
             })
-          rescue Mysql::ClientError => e
+          rescue Rex::Proto::MySQL::Client::ClientError => e
             result_options.merge!({
               status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,
               proof: e
             })
-          rescue Mysql::HostNotPrivileged => e
+          rescue Rex::Proto::MySQL::Client::HostNotPrivileged => e
             result_options.merge!({
               status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,
               proof: e
             })
-          rescue Mysql::AccessDeniedError => e
+          rescue Rex::Proto::MySQL::Client::AccessDeniedError => e
             result_options.merge!({
               status: Metasploit::Model::Login::Status::INCORRECT,
               proof: e
             })
-          rescue Mysql::HostIsBlocked => e
+          rescue Rex::Proto::MySQL::Client::HostIsBlocked => e
             result_options.merge!({
               status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT,
               proof: e

lib/msf/core/exploit/remote/mysql.rb

@@ -20,7 +20,7 @@ module Exploit::Remote::MYSQL
   include Exploit::Remote::Tcp
 
   # @!attribute [rw] mysql_conn
-  # @return [::Mysql]
+  # @return [::Rex::Proto::MySQL::Client]
   attr_accessor :mysql_conn
 
   def initialize(info = {})
@@ -48,16 +48,16 @@ def mysql_login(user='root', pass='', db=nil)
     rescue Errno::ECONNREFUSED
       print_error("Connection refused")
       return false
-    rescue ::Mysql::ClientError
+    rescue ::Rex::Proto::MySQL::Client::ClientError
       print_error("Connection timedout")
       return false
     rescue Errno::ETIMEDOUT
       print_error("Operation timedout")
       return false
-    rescue ::Mysql::HostNotPrivileged
+    rescue ::Rex::Proto::MySQL::Client::HostNotPrivileged
       print_error("Unable to login from this host due to policy")
       return false
-    rescue ::Mysql::AccessDeniedError
+    rescue ::Rex::Proto::MySQL::Client::AccessDeniedError
       print_error("Access denied")
       return false
     end
@@ -87,7 +87,7 @@ def mysql_login_datastore
   def mysql_query(sql)
     begin
       res = mysql_conn.query(sql)
-    rescue ::Mysql::Error => e
+    rescue ::Rex::Proto::MySQL::Client::Error => e
       print_error("MySQL Error: #{e.class} #{e.to_s}")
       return nil
     rescue Rex::ConnectionTimeout => e

modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb

@@ -70,10 +70,10 @@ def run_host(ip)
 
       print_good "#{rhost}:#{rport} The server accepted our first login as #{username} with a bad password. URI: mysql://#{username}:#{password}@#{rhost}:#{rport}"
 
-    rescue ::Mysql::HostNotPrivileged
+    rescue ::Rex::Proto::MySQL::Client::HostNotPrivileged
       print_error "#{rhost}:#{rport} Unable to login from this host due to policy (may still be vulnerable)"
       return
-    rescue ::Mysql::AccessDeniedError
+    rescue ::Rex::Proto::MySQL::Client::AccessDeniedError
       print_good "#{rhost}:#{rport} The server allows logins, proceeding with bypass test"
     rescue ::Interrupt
       raise $!
@@ -125,7 +125,7 @@ def run_host(ip)
             print_good "#{rhost}:#{rport} Successfully bypassed authentication after #{count} attempts. URI: mysql://#{username}:#{password}@#{rhost}:#{rport}"
             results << mysql_client
             close_required = false
-          rescue ::Mysql::AccessDeniedError
+          rescue ::Rex::Proto::MySQL::Client::AccessDeniedError
           rescue ::Exception => e
             print_bad "#{rhost}:#{rport} Thread #{count}] caught an unhandled exception: #{e}"
           ensure

modules/auxiliary/scanner/mysql/mysql_file_enum.rb

@@ -56,7 +56,7 @@ def run_host(ip)
 
     begin
       mysql_query_no_handle("USE " + datastore['DATABASE_NAME'])
-    rescue ::Mysql::Error => e
+    rescue ::Rex::Proto::MySQL::Client::Error => e
       vprint_error("MySQL Error: #{e.class} #{e.to_s}")
       return
     rescue Rex::ConnectionTimeout => e
@@ -87,7 +87,7 @@ def run_host(ip)
   def check_dir dir
     begin
       res = mysql_query_no_handle("LOAD DATA INFILE '" + dir + "' INTO TABLE " + datastore['TABLE_NAME'])
-    rescue ::Mysql::TextfileNotReadable
+    rescue ::Rex::Proto::MySQL::Client::TextfileNotReadable
       print_good("#{dir} is a directory and exists")
       report_note(
         :host  => mysql_conn.host,
@@ -97,7 +97,7 @@ def check_dir dir
         :proto => 'tcp',
         :update => :unique_data
       )
-    rescue ::Mysql::DataTooLong, ::Mysql::TruncatedWrongValueForField
+    rescue ::Rex::Proto::MySQL::Client::DataTooLong, ::Rex::Proto::MySQL::Client::TruncatedWrongValueForField
       print_good("#{dir} is a file and exists")
       report_note(
         :host  => mysql_conn.host,
@@ -107,9 +107,9 @@ def check_dir dir
         :proto => 'tcp',
         :update => :unique_data
       )
-    rescue ::Mysql::ServerError
+    rescue ::Rex::Proto::MySQL::Client::ServerError
       vprint_warning("#{dir} does not exist")
-    rescue ::Mysql::Error => e
+    rescue ::Rex::Proto::MySQL::Client::Error => e
       vprint_error("MySQL Error: #{e.class} #{e.to_s}")
       return
     rescue Rex::ConnectionTimeout => e

modules/auxiliary/scanner/mysql/mysql_login.rb

@@ -179,7 +179,7 @@ def int_version(str)
   end
 
   # @param [Metasploit::Framework::LoginScanner::Result] result
-  # @param [::Mysql] client
+  # @param [::Rex::Proto::MySQL::Client] client
   # @return [Msf::Sessions::MySQL]
   def session_setup(result, client)
     return unless (result && client)

modules/auxiliary/scanner/mysql/mysql_writable_dirs.rb

@@ -62,7 +62,7 @@ def check_dir(dir)
     begin
       print_status("Checking #{dir}...")
       res = mysql_query_no_handle("SELECT _utf8'test' INTO DUMPFILE '#{dir}/" + datastore['FILE_NAME'] + "'")
-    rescue ::Mysql::ServerError => e
+    rescue ::Rex::Proto::MySQL::Client::ServerError => e
       print_warning(e.to_s)
     rescue Rex::ConnectionTimeout => e
       print_error("Timeout: #{e.message}")

modules/exploits/windows/mysql/mysql_mof.rb

@@ -67,7 +67,7 @@ def query(q)
       res.each_hash do |row|
         rows << row
       end
-    rescue ::Mysql::ParseError
+    rescue ::Rex::Proto::MySQL::Client::ParseError
       return rows
     end
 
@@ -102,7 +102,7 @@ def exploit
         m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
         return unless m
       end
-    rescue ::Mysql::AccessDeniedError
+    rescue ::Rex::Proto::MySQL::Client::AccessDeniedError
       print_error("Access denied.")
       return
     end
@@ -120,7 +120,7 @@ def exploit
     begin
       upload_file(exe, dest)
       register_file_for_cleanup("#{exe_name}")
-    rescue ::Mysql::AccessDeniedError
+    rescue ::Rex::Proto::MySQL::Client::AccessDeniedError
       print_error("No permission to write. I blame kc :-)")
       return
     end
@@ -132,7 +132,7 @@ def exploit
     begin
       upload_file(mof, dest)
       register_file_for_cleanup("wbem\\mof\\good\\#{mof_name}")
-    rescue ::Mysql::AccessDeniedError
+    rescue ::Rex::Proto::MySQL::Client::AccessDeniedError
       print_error("No permission to write. Bail!")
       return
     end

modules/exploits/windows/mysql/mysql_start_up.rb

@@ -73,7 +73,7 @@ def query(q)
       res.each_hash do |row|
         rows << row
       end
-    rescue ::Mysql::ParseError
+    rescue ::Rex::Proto::MySQL::Client::ParseError
       return rows
     end
 
@@ -113,7 +113,7 @@ def exploit
         m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
         return unless m
       end
-    rescue ::Mysql::AccessDeniedError
+    rescue ::Rex::Proto::MySQL::Client::AccessDeniedError
       fail_with(Failure::NoAccess, "#{peer} - Access denied")
     end
 
@@ -125,7 +125,7 @@ def exploit
 
     begin
       drive = get_drive_letter
-    rescue ::Mysql::ParseError
+    rescue ::Rex::Proto::MySQL::Client::ParseError
       fail_with(Failure::UnexpectedReply, "#{peer} - Could not determine drive name")
     end
 
@@ -138,7 +138,7 @@ def exploit
     print_status("Uploading to '#{dest}'")
     begin
       upload_file(exe, dest)
-    rescue ::Mysql::AccessDeniedError
+    rescue ::Rex::Proto::MySQL::Client::AccessDeniedError
       fail_with(Failure::NotVulnerable, "#{peer} - No permission to write. I blame kc :-)")
     end
     register_file_for_cleanup("#{dest}")

spec/lib/metasploit/framework/login_scanner/mysql_spec.rb

@@ -4,7 +4,7 @@
 RSpec.describe Metasploit::Framework::LoginScanner::MySQL do
   let(:public) { 'root' }
   let(:private) { 'toor' }
-  let(:client) { instance_double(::Mysql) }
+  let(:client) { instance_double(::Rex::Proto::MySQL::Client) }
   let(:pub_blank) {
     Metasploit::Framework::Credential.new(
         paired: true,
@@ -42,69 +42,69 @@
 
     context 'when the attempt is successful' do
       it 'returns a result object with a status of Metasploit::Model::Login::Status::SUCCESSFUL' do
-        expect(::Mysql).to receive(:connect).and_return(client)
+        expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_return(client)
         expect(login_scanner.attempt_login(pub_pri).status).to eq Metasploit::Model::Login::Status::SUCCESSFUL
       end
     end
 
     context 'when the attempt is unsuccessful' do
       context 'due to connection refused' do
         it 'returns a result with a status of Metasploit::Model::Login::Status::UNABLE_TO_CONNECT' do
-          expect(::Mysql).to receive(:connect).and_raise Errno::ECONNREFUSED
+          expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_raise Errno::ECONNREFUSED
           expect(login_scanner.attempt_login(pub_pub).status).to eq Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
         end
 
         it 'returns a result with the proof containing an appropriate error message' do
-          expect(::Mysql).to receive(:connect).and_raise Errno::ECONNREFUSED
+          expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_raise Errno::ECONNREFUSED
           expect(login_scanner.attempt_login(pub_pub).proof).to be_a(Errno::ECONNREFUSED)
         end
       end
 
       context 'due to connection timeout' do
         it 'returns a result with a status of Metasploit::Model::Login::Status::UNABLE_TO_CONNECT' do
-          expect(::Mysql).to receive(:connect).and_raise Mysql::ClientError, "Client Error"
+          expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_raise ::Rex::Proto::MySQL::Client::ClientError, "Client Error"
           expect(login_scanner.attempt_login(pub_pub).status).to eq Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
         end
 
         it 'returns a result with the proof containing an appropriate error message' do
-          expect(::Mysql).to receive(:connect).and_raise Mysql::ClientError, "Client Error"
-          expect(login_scanner.attempt_login(pub_pub).proof).to be_a(Mysql::ClientError)
+          expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_raise ::Rex::Proto::MySQL::Client::ClientError, "Client Error"
+          expect(login_scanner.attempt_login(pub_pub).proof).to be_a(::Rex::Proto::MySQL::Client::ClientError)
         end
       end
 
       context 'due to operation timeout' do
         it 'returns a result with a status of Metasploit::Model::Login::Status::UNABLE_TO_CONNECT' do
-          expect(::Mysql).to receive(:connect).and_raise Errno::ETIMEDOUT
+          expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_raise Errno::ETIMEDOUT
           expect(login_scanner.attempt_login(pub_pub).status).to eq Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
         end
 
         it 'returns a result with the proof containing an appropriate error message' do
-          expect(::Mysql).to receive(:connect).and_raise Errno::ETIMEDOUT
+          expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_raise Errno::ETIMEDOUT
           expect(login_scanner.attempt_login(pub_pub).proof).to be_a(Errno::ETIMEDOUT)
         end
       end
 
       context 'due to not being allowed to connect from this host' do
         it 'returns a result with a status of Metasploit::Model::Login::Status::UNABLE_TO_CONNECT' do
-          expect(::Mysql).to receive(:connect).and_raise Mysql::HostNotPrivileged, "Host not privileged"
+          expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_raise Rex::Proto::MySQL::Client::HostNotPrivileged, "Host not privileged"
           expect(login_scanner.attempt_login(pub_pub).status).to eq Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
         end
 
         it 'returns a result with the proof containing an appropriate error message' do
-          expect(::Mysql).to receive(:connect).and_raise Mysql::HostNotPrivileged, "Host not privileged"
-          expect(login_scanner.attempt_login(pub_pub).proof).to be_a(Mysql::HostNotPrivileged)
+          expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_raise Rex::Proto::MySQL::Client::HostNotPrivileged, "Host not privileged"
+          expect(login_scanner.attempt_login(pub_pub).proof).to be_a(Rex::Proto::MySQL::Client::HostNotPrivileged)
         end
       end
 
       context 'due to access denied' do
         it 'returns a result with a status of Metasploit::Model::Login::Status::INCORRECT' do
-          expect(::Mysql).to receive(:connect).and_raise Mysql::AccessDeniedError, "Access Denied"
+          expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_raise Rex::Proto::MySQL::Client::AccessDeniedError, "Access Denied"
           expect(login_scanner.attempt_login(pub_pub).status).to eq Metasploit::Model::Login::Status::INCORRECT
         end
 
         it 'returns a result with the proof containing an appropriate error message' do
-          expect(::Mysql).to receive(:connect).and_raise Mysql::AccessDeniedError, "Access Denied"
-          expect(login_scanner.attempt_login(pub_pub).proof).to be_a(Mysql::AccessDeniedError)
+          expect(::Rex::Proto::MySQL::Client).to receive(:connect).and_raise Rex::Proto::MySQL::Client::AccessDeniedError, "Access Denied"
+          expect(login_scanner.attempt_login(pub_pub).proof).to be_a(Rex::Proto::MySQL::Client::AccessDeniedError)
         end
       end
     end

spec/lib/msf/base/sessions/mysql_spec.rb

@@ -1,11 +1,11 @@
 # frozen_string_literal: true
 
 require 'spec_helper'
-require 'mysql'
+require 'rex/proto/mysql/client'
 
 RSpec.describe Msf::Sessions::MySQL do
   let(:rstream) { instance_double(::Rex::Socket) }
-  let(:client) { instance_double(::Mysql) }
+  let(:client) { instance_double(::Rex::Proto::MySQL::Client) }
   let(:opts) { { client: client } }
   let(:console_class) { Rex::Post::MySQL::Ui::Console }
   let(:user_input) { instance_double(Rex::Ui::Text::Input::Readline) }
@@ -26,7 +26,7 @@
     allow(rstream).to receive(:peerinfo).and_return(peerinfo)
     allow(client).to receive(:socket).and_return(rstream)
     allow(client).to receive(:database).and_return(database)
-    allow(::Mysql).to receive(:connect).and_return(client)
+    allow(::Rex::Proto::MySQL::Client).to receive(:connect).and_return(client)
   end
 
   subject(:session) do