Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mysql login exceptions #1260

Merged
merged 4 commits into from
Jan 9, 2013
Merged

Mysql login exceptions #1260

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
261e095
Handle exceptions in mysql_login
sinn3r Jan 7, 2013
5bc1066
Change how modules use the mysql login functions
sinn3r Jan 7, 2013
824bd84
I forgot to add this exception
sinn3r Jan 8, 2013
6490af7
Make failures more verbose so people know what's going on
sinn3r Jan 9, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
41 changes: 30 additions & 11 deletions lib/msf/core/exploit/mysql.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,16 +40,35 @@ def mysql_login(user='root', pass='', db=nil)
disconnect if self.sock
connect

@mysql_handle = ::RbMysql.connect({
:host => rhost,
:port => rport,
:read_timeout => 300,
:write_timeout => 300,
:socket => sock,
:user => user,
:password => pass,
:db => db
})
begin
@mysql_handle = ::RbMysql.connect({
:host => rhost,
:port => rport,
:read_timeout => 300,
:write_timeout => 300,
:socket => sock,
:user => user,
:password => pass,
:db => db
})
rescue Errno::ECONNREFUSED
print_error("Connection refused")
return false
rescue RbMysql::ClientError
print_error("Connection timedout")
return false
rescue Errno::ETIMEDOUT
print_error("Operation timedout")
return false
rescue RbMysql::HostNotPrivileged
print_error("Unable to login from this host due to policy")
return false
rescue RbMysql::AccessDeniedError
print_error("Access denied")
return false
end

return true
end

def mysql_logoff
Expand All @@ -62,7 +81,7 @@ def mysql_login_datastore
res = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
rescue Rex::ConnectionTimeout => e
print_error("Timeout: #{e.message}")
res = nil
res = false
end

return res
Expand Down
1 change: 0 additions & 1 deletion modules/auxiliary/scanner/mysql/mysql_hashdump.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ def initialize
def run_host(ip)

if (not mysql_login_datastore)
print_error("Invalid MySQL Server credentials")
return
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleting this print_error results in the module exiting silently when login isn't possible unless VERBOSE = true:

msf  auxiliary(mysql_hashdump) > run

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf  auxiliary(mysql_hashdump) > set VERBOSE true
VERBOSE => true
msf  auxiliary(mysql_hashdump) > run

[-] Unable to login from this host due to policy
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Not sure if this is the best approach (the module finishing silently on error and verbose = false)... awaiting for confirmation before merge.

end

Expand Down
8 changes: 3 additions & 5 deletions modules/auxiliary/scanner/mysql/mysql_login.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,9 @@ def do_login(user='', pass='')

vprint_status("#{rhost}:#{rport} Trying username:'#{user}' with password:'#{pass}'")
begin
mysql_login(user, pass)
m = mysql_login(user, pass)
return :fail if not m

print_good("#{rhost}:#{rport} - SUCCESSFUL LOGIN '#{user}' : '#{pass}'")
report_auth_info(
:host => rhost,
Expand All @@ -116,10 +118,6 @@ def do_login(user='', pass='')
)
return :next_user

rescue ::RbMysql::AccessDeniedError
vprint_status("#{rhost}:#{rport} failed to login as '#{user}' with password '#{pass}'")
return :fail

rescue ::RbMysql::Error => e
vprint_error("#{rhost}:#{rport} failed to login: #{e.class} #{e}")
return :error
Expand Down
1 change: 0 additions & 1 deletion modules/auxiliary/scanner/mysql/mysql_schemadump.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ def initialize
def run_host(ip)

if (not mysql_login_datastore)
print_error("Invalid MySQL Server credentials")
return
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above, can exit silently in case of login error if verfose != true

end
mysql_schema = get_schema
Expand Down
8 changes: 2 additions & 6 deletions modules/exploits/windows/mysql/mysql_mof.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,12 +55,8 @@ def initialize(info = {})
end

def check
begin
m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
rescue RbMysql::AccessDeniedError
print_error("#{peer} - Access denied.")
return Exploit::CheckCode::Safe
end
m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
return Exploit::CheckCode::Safe if not m

return Exploit::CheckCode::Appears if is_windows?
return Exploit::CheckCode::Safe
Expand Down
10 changes: 6 additions & 4 deletions modules/exploits/windows/mysql/mysql_payload.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,8 @@ def password
end

def login_and_get_sys_exec
mysql_login(username,password,'mysql')
m = mysql_login(username,password,'mysql')
return if not m
@mysql_arch = mysql_get_arch
@mysql_sys_exec_available = mysql_check_for_sys_exec()
if !@mysql_sys_exec_available || datastore['FORCE_UDF_UPLOAD']
Expand All @@ -74,17 +75,18 @@ def login_and_get_sys_exec
else
print_status "sys_exec() already available, using that (override with FORCE_UDF_UPLOAD)."
end

return m
end

def execute_command(cmd, opts)
mysql_sys_exec(cmd, datastore['VERBOSE'])
end

def exploit
login_and_get_sys_exec()
m = login_and_get_sys_exec()

if not @mysql_handle
print_status("Invalid MySQL credentials")
if not m
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above, can exit silently in case of login error if verfose != true

return
elsif not [:win32,:win64].include?(@mysql_arch)
print_status("Incompatible MySQL target architecture: '#{@mysql_arch}'")
Expand Down
3 changes: 0 additions & 3 deletions modules/exploits/windows/mysql/scrutinizer_upload_exec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,9 +109,6 @@ def mysql_upload_binary(bindata, path)

# Login
h = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])

# The lib throws its own error message anyway:
# "Exploit failed [no-access]: RbMysql::AccessDeniedError"
return false if not h

tmp = mysql_get_temp_dir
Expand Down