From 075fe09c2fa94ce8126abaec1792b37bdc09769e Mon Sep 17 00:00:00 2001 From: adfoster-r7 Date: Thu, 12 Oct 2023 17:39:47 +0100 Subject: [PATCH] Fix mysql authbypass running out of sockets --- .../auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb b/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb index 5792ca54c2f4..6e66d7632496 100644 --- a/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb +++ b/modules/auxiliary/scanner/mysql/mysql_authbypass_hashdump.rb @@ -61,8 +61,10 @@ def run_host(ip) begin socket = connect(false) + close_required = true mysql_client = ::Mysql.connect(rhost, username, password, nil, rport, io: socket) results << mysql_client + close_required = false print_good "#{rhost}:#{rport} The server accepted our first login as #{username} with a bad password. URI: mysql://#{username}:#{password}@#{rhost}:#{rport}" @@ -76,6 +78,8 @@ def run_host(ip) rescue ::Exception => e print_error "#{rhost}:#{rport} Error: #{e}" return + ensure + socket.close if socket && close_required end # Short circuit if we already won @@ -112,14 +116,18 @@ def run_host(ip) t = Thread.new(item) do |count| begin # Create our socket and make the connection + close_required = true s = connect(false) mysql_client = ::Mysql.connect(rhost, username, password, nil, rport, io: s) print_good "#{rhost}:#{rport} Successfully bypassed authentication after #{count} attempts. URI: mysql://#{username}:#{password}@#{rhost}:#{rport}" results << mysql_client + close_required = false rescue ::Mysql::AccessDeniedError rescue ::Exception => e print_bad "#{rhost}:#{rport} Thread #{count}] caught an unhandled exception: #{e}" + ensure + s.close if socket && close_required end end