Metasploit mailing list archives

Updated Microsoft DNS modules

From: asotirov at determina.com (Alexander Sotirov)
Date: Tue, 22 May 2007 00:34:59 -0700

H D Moore wrote:

Honestly I didn't udnerstand the patch. In the module 'target' should be 
set to targets[datastore['TARGET']] by default. Setting this manually 
means something else broke. Fabrice, can you share a little more about 
this?


I think this is the same issue I ran into last week with another module. It took
me a while to debug it, but I finally figured out that it's a bug in Ruby (or
maybe a just a really weird feature). Look at this code:

class Foo
  attr_accessor :bar

  def foo
    self.bar = 1
    p self.bar       # prints 1
    p bar            # prints 1
  end
end

The assignment self.bar is a method call to the setter method bar=(). The two
print statements call the bar() getter method.

class Foo
  attr_accessor :bar

  def foo
    self.bar = 1
    bar = 2
    p self.bar       # prints 1
    p bar            # prints 2
  end
end

The assignment bar = 2 creates a new local variable. The second print statement
prints the value of the local variable instead of calling the bar() getter method.

Here comes the weird part:

class Foo
  attr_accessor :bar

  def foo
    self.bar = 1

    if false
      bar = 2        # never executed
    end

    p self.bar       # prints 1
    p bar            # prints nil
  end
end

Even though the bar = 2 assignment is never executed, the Ruby interpreter still
creates a local variable called bar. The second print statement prints the value
of the local variable (which is nil because it has not been initialized).

I think that that you're seeing the exact same issue in the DNS module. Here's
the code:

if (target.name =~ /Automatic/)
  if (not schedport)
    target = gettarget('2003SP12')
  else
    if (not schedport)
      target = gettarget('2000')
    else
      target = gettarget('2003SP0')
    end
  end
end

The assignments to target inside the if statement will create a new local
variable called target. If you're using a non-automatic target, the assignments
will not happen and the local target variable will be nil.

Alex

Current thread:

Updated Microsoft DNS modules H D Moore (Apr 20)
- Updated Microsoft DNS modules Fabrice MOURRON (Apr 21)
  - Updated Microsoft DNS modules M.P.Sairam (May 21)
    - Updated Microsoft DNS modules H D Moore (May 21)
    - Updated Microsoft DNS modules M.P.Sairam (May 21)
    - Updated Microsoft DNS modules Alexander Sotirov (May 22)
    - Updated Microsoft DNS modules H D Moore (May 22)
- Updated Microsoft DNS modules Abhishek Bhuyan (Apr 23)
  - Updated Microsoft DNS modules H D Moore (May 21)