Use upstream ruby-mysql in Remote::MYSQL

* ... and dependents
rapid7 · Oct 12, 2023 · 1b17276 · 1b17276
1 parent 7f4a9c4
commit 1b17276
Show file tree

Hide file tree

Showing 7 changed files with 26 additions and 26 deletions.
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -468,7 +468,7 @@ GEM
     rubocop-ast (1.29.0)
       parser (>= 3.2.1.0)
     ruby-macho (4.0.0)
-    ruby-mysql (4.0.0)
+    ruby-mysql (4.1.0)
     ruby-prof (1.4.2)
     ruby-progressbar (1.13.0)
     ruby-rc4 (0.1.5)

diff --git a/lib/msf/core/exploit/remote/mysql.rb b/lib/msf/core/exploit/remote/mysql.rb
@@ -12,7 +12,7 @@
 ###
 
 
-require 'rbmysql'
+require 'mysql'
 
 module Msf
 module Exploit::Remote::MYSQL
@@ -37,21 +37,21 @@ def mysql_login(user='root', pass='', db=nil)
     connect
 
     begin
-      @mysql_handle = ::RbMysql.connect(rhost, user, pass, db, rport, sock)
+      @mysql_handle = ::Mysql.connect(rhost, user, pass, db, rport, io: sock)
 
     rescue Errno::ECONNREFUSED
       print_error("Connection refused")
       return false
-    rescue RbMysql::ClientError
+    rescue ::Mysql::ClientError
       print_error("Connection timedout")
       return false
     rescue Errno::ETIMEDOUT
       print_error("Operation timedout")
       return false
-    rescue RbMysql::HostNotPrivileged
+    rescue ::Mysql::HostNotPrivileged
       print_error("Unable to login from this host due to policy")
       return false
-    rescue RbMysql::AccessDeniedError
+    rescue ::Mysql::AccessDeniedError
       print_error("Access denied")
       return false
     end
@@ -78,7 +78,7 @@ def mysql_login_datastore
   def mysql_query(sql)
     begin
       res = @mysql_handle.query(sql)
-    rescue ::RbMysql::Error => e
+    rescue ::Mysql::Error => e
       print_error("MySQL Error: #{e.class} #{e.to_s}")
       return nil
     rescue Rex::ConnectionTimeout => e

diff --git a/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb b/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb
@@ -61,15 +61,15 @@ def run_host(ip)
 
     begin
       socket = connect(false)
-      mysql_client = ::RbMysql.connect(rhost, username, password, nil, rport, socket)
+      mysql_client = ::Mysql.connect(rhost, username, password, nil, rport, io: socket)
       results << mysql_client
 
       print_good "#{rhost}:#{rport} The server accepted our first login as #{username} with a bad password. URI: mysql://#{username}:#{password}@#{rhost}:#{rport}"
 
-    rescue RbMysql::HostNotPrivileged
+    rescue ::Mysql::HostNotPrivileged
       print_error "#{rhost}:#{rport} Unable to login from this host due to policy (may still be vulnerable)"
       return
-    rescue RbMysql::AccessDeniedError
+    rescue ::Mysql::AccessDeniedError
       print_good "#{rhost}:#{rport} The server allows logins, proceeding with bypass test"
     rescue ::Interrupt
       raise $!
@@ -113,11 +113,11 @@ def run_host(ip)
           begin
             # Create our socket and make the connection
             s = connect(false)
-            mysql_client = ::RbMysql.connect(rhost, username, password, nil, rport, s)
+            mysql_client = ::Mysql.connect(rhost, username, password, nil, rport, io: s)
 
             print_good "#{rhost}:#{rport} Successfully bypassed authentication after #{count} attempts. URI: mysql://#{username}:#{password}@#{rhost}:#{rport}"
             results << mysql_client
-          rescue RbMysql::AccessDeniedError
+          rescue ::Mysql::AccessDeniedError
           rescue ::Exception => e
             print_bad "#{rhost}:#{rport} Thread #{count}] caught an unhandled exception: #{e}"
           end

diff --git a/modules/auxiliary/scanner/mysql/mysql_file_enum.rb b/modules/auxiliary/scanner/mysql/mysql_file_enum.rb
@@ -50,7 +50,7 @@ def run_host(ip)
 
     begin
       mysql_query_no_handle("USE " + datastore['DATABASE_NAME'])
-    rescue ::RbMysql::Error => e
+    rescue ::Mysql::Error => e
       vprint_error("MySQL Error: #{e.class} #{e.to_s}")
       return
     rescue Rex::ConnectionTimeout => e
@@ -81,7 +81,7 @@ def run_host(ip)
   def check_dir dir
     begin
       res = mysql_query_no_handle("LOAD DATA INFILE '" + dir + "' INTO TABLE " + datastore['TABLE_NAME'])
-    rescue ::RbMysql::TextfileNotReadable
+    rescue ::Mysql::TextfileNotReadable
       print_good("#{dir} is a directory and exists")
       report_note(
         :host  => rhost,
@@ -91,7 +91,7 @@ def check_dir dir
         :proto => 'tcp',
         :update => :unique_data
       )
-    rescue ::RbMysql::DataTooLong, ::RbMysql::TruncatedWrongValueForField
+    rescue ::Mysql::DataTooLong, ::Mysql::TruncatedWrongValueForField
       print_good("#{dir} is a file and exists")
       report_note(
         :host  => rhost,
@@ -101,9 +101,9 @@ def check_dir dir
         :proto => 'tcp',
         :update => :unique_data
       )
-    rescue ::RbMysql::ServerError
+    rescue ::Mysql::ServerError
       vprint_warning("#{dir} does not exist")
-    rescue ::RbMysql::Error => e
+    rescue ::Mysql::Error => e
       vprint_error("MySQL Error: #{e.class} #{e.to_s}")
       return
     rescue Rex::ConnectionTimeout => e

diff --git a/modules/auxiliary/scanner/mysql/mysql_writable_dirs.rb b/modules/auxiliary/scanner/mysql/mysql_writable_dirs.rb
@@ -57,7 +57,7 @@ def check_dir(dir)
     begin
       print_status("Checking #{dir}...")
       res = mysql_query_no_handle("SELECT _utf8'test' INTO DUMPFILE '#{dir}/" + datastore['FILE_NAME'] + "'")
-    rescue ::RbMysql::ServerError => e
+    rescue ::Mysql::ServerError => e
       print_warning(e.to_s)
     rescue Rex::ConnectionTimeout => e
       print_error("Timeout: #{e.message}")

diff --git a/modules/exploits/windows/mysql/mysql_mof.rb b/modules/exploits/windows/mysql/mysql_mof.rb
@@ -66,7 +66,7 @@ def query(q)
       res.each_hash do |row|
         rows << row
       end
-    rescue RbMysql::ParseError
+    rescue ::Mysql::ParseError
       return rows
     end
 
@@ -94,7 +94,7 @@ def exploit
     begin
       m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
       return if not m
-    rescue RbMysql::AccessDeniedError
+    rescue ::Mysql::AccessDeniedError
       print_error("Access denied.")
       return
     end
@@ -112,7 +112,7 @@ def exploit
     begin
       upload_file(exe, dest)
       register_file_for_cleanup("#{exe_name}")
-    rescue RbMysql::AccessDeniedError
+    rescue ::Mysql::AccessDeniedError
       print_error("No permission to write. I blame kc :-)")
       return
     end
@@ -124,7 +124,7 @@ def exploit
     begin
       upload_file(mof, dest)
       register_file_for_cleanup("wbem\\mof\\good\\#{mof_name}")
-    rescue RbMysql::AccessDeniedError
+    rescue ::Mysql::AccessDeniedError
       print_error("No permission to write. Bail!")
       return
     end

diff --git a/modules/exploits/windows/mysql/mysql_start_up.rb b/modules/exploits/windows/mysql/mysql_start_up.rb
@@ -72,7 +72,7 @@ def query(q)
       res.each_hash do |row|
         rows << row
       end
-    rescue RbMysql::ParseError
+    rescue ::Mysql::ParseError
       return rows
     end
 
@@ -104,7 +104,7 @@ def exploit
     print_status("Attempting to login as '#{datastore['USERNAME']}:#{datastore['PASSWORD']}'")
     begin
       m = mysql_login(datastore['USERNAME'], datastore['PASSWORD'])
-    rescue RbMysql::AccessDeniedError
+    rescue ::Mysql::AccessDeniedError
       fail_with(Failure::NoAccess, "#{peer} - Access denied")
     end
 
@@ -116,7 +116,7 @@ def exploit
 
     begin
       drive = get_drive_letter
-    rescue RbMysql::ParseError
+    rescue ::Mysql::ParseError
       fail_with(Failure::UnexpectedReply, "#{peer} - Could not determine drive name")
     end
 
@@ -129,7 +129,7 @@ def exploit
     print_status("Uploading to '#{dest}'")
     begin
       upload_file(exe, dest)
-    rescue RbMysql::AccessDeniedError
+    rescue ::Mysql::AccessDeniedError
       fail_with(Failure::NotVulnerable, "#{peer} - No permission to write. I blame kc :-)")
     end
     register_file_for_cleanup("#{dest}")