PAYLOAD: adduser.rb - Checks on the PASS parameter

[chris.riley at c22.cc (ChrisJohnRiley)]

Hi Guys,

 

I?m trying to implement a few checks in a custom version of the adduser.rb
payload (length and password complexity rules on the PASS parameter).
Although I?ve the checks are functioning (see DEBUG messages), I can?t seem
to get the payload to exit out cleanly and cancel the exploit
(Msf::OptionValidateError ???).

 

Currently I?m doing the following (excuse the beginners Ruby) .:

 

<snip>

if datastore['PASS'] != ''

             if datastore['PASS'].length > 14

                          puts "#\n#[DEBUG] Password is more than 14
characters long\n#"

                          datastore['PASS'] = '' 

             # Regex to match for min 8 chars, Upper, lower, number and
special character

             elsif PASS =~
/\A^.*((?=.{8,})(?=.*[a-z])(?=.*[A-Z])(?=.*[\d\W])).*$/

                          puts "#\n#[DEBUG] Password passes complexity
requirements\n#"

             else

                          puts "#\n#[DEBUG] Password failed complexity\n#"

                          datastore['PASS'] = ''

             end

end

</snip>

 

The whole adduser_wmic_regex.rb script is available for download here ?
https://sites.google.com/a/c22.cc/storage/home/metasploit

 

Although I?m running this section of code at the start of command_string, it
appears to run after the validation routine is already completed on the PASS
parameter to make sure it?s present and correct. Even then setting the PASS
parameter to an empty string probably isn?t the standard method of handling
this. I?m sure that there?s a better way (one that works), or alternatively
a separate place altogether I should be implementing these checks. Can
anybody point me in the right direction to find a solution ?

 

Thanks,

 

Chris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20090911/0e51eac1/attachment.html>