metasploit-framework/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb

##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'


class Metasploit3 < Msf::Auxiliary

  include Msf::Exploit::Remote::SMB
  include Msf::Auxiliary::Fuzzer

  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'SMB Create Pipe Request Fuzzer',
      'Description'    => %q{
        This module sends a series of SMB create pipe
      requests using malicious strings.
      },
      'Author'         => [ 'hdm' ],
      'License'        => MSF_LICENSE
    ))
  end

  def do_smb_create(pkt,opts={})
    @connected = false
    connect
    smb_login
    @connected = true
    smb_create("\\" + pkt)
  end

  def run
    last_str = nil
    last_inp = nil
    last_err = nil

    cnt = 0

    fuzz_strings do |str|
      cnt += 1

      if(cnt % 100 == 0)
        print_status("Fuzzing with iteration #{cnt} using #{@last_fuzzer_input}")
      end

      begin
        do_smb_create(str, 0.25)
      rescue ::Interrupt
        print_status("Exiting on interrupt: iteration #{cnt} using #{@last_fuzzer_input}")
        raise $!
      rescue ::Exception => e
        last_err = e
      ensure
        disconnect
      end

      if(not @connected)
        if(last_str)
          print_status("The service may have crashed: iteration:#{cnt-1} method=#{last_inp} string=#{last_str.unpack("H*")[0]} error=#{last_err}")
        else
          print_status("Could not connect to the service: #{last_err}")
        end
        return
      end

      last_str = str
      last_inp = @last_fuzzer_input
    end
  end
end
Various SMB fuzzers to demonstrate the new fuzzing api git-svn-id: file:///home/svn/framework3/trunk@7244 4d416f70-5f16-0410-b530-b9f4589650da 2009-10-25 05:05:54 +00:00			`##`
Fix up comment splats with the correct URI See the complaint on #4039. This doesn't fix that particular issue (it's somewhat unrelated), but does solve around a file parsing problem reported by @void-in 2014-10-17 16:47:33 +00:00			`# This module requires Metasploit: http://metasploit.com/download`
Redo the boilerplate / splat [SeeRM #8496] 2013-10-15 18:50:46 +00:00			`# Current source: https://github.com/rapid7/metasploit-framework`
Various SMB fuzzers to demonstrate the new fuzzing api git-svn-id: file:///home/svn/framework3/trunk@7244 4d416f70-5f16-0410-b530-b9f4589650da 2009-10-25 05:05:54 +00:00			`##`

			`require 'msf/core'`


			`class Metasploit3 < Msf::Auxiliary`

Retab modules 2013-08-30 21:28:54 +00:00			`include Msf::Exploit::Remote::SMB`
			`include Msf::Auxiliary::Fuzzer`
more cleanups git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da 2010-05-03 17:13:09 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`def initialize(info = {})`
			`super(update_info(info,`
			`'Name' => 'SMB Create Pipe Request Fuzzer',`
			`'Description' => %q{`
			`This module sends a series of SMB create pipe`
			`requests using malicious strings.`
			`},`
			`'Author' => [ 'hdm' ],`
			`'License' => MSF_LICENSE`
			`))`
			`end`
more cleanups git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da 2010-05-03 17:13:09 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`def do_smb_create(pkt,opts={})`
			`@connected = false`
			`connect`
			`smb_login`
			`@connected = true`
			`smb_create("\\" + pkt)`
			`end`
more cleanups git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da 2010-05-03 17:13:09 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`def run`
			`last_str = nil`
			`last_inp = nil`
			`last_err = nil`
more cleanups git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da 2010-05-03 17:13:09 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`cnt = 0`
Various SMB fuzzers to demonstrate the new fuzzing api git-svn-id: file:///home/svn/framework3/trunk@7244 4d416f70-5f16-0410-b530-b9f4589650da 2009-10-25 05:05:54 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`fuzz_strings do \|str\|`
			`cnt += 1`
more cleanups git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da 2010-05-03 17:13:09 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`if(cnt % 100 == 0)`
			`print_status("Fuzzing with iteration #{cnt} using #{@last_fuzzer_input}")`
			`end`
more cleanups git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da 2010-05-03 17:13:09 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`begin`
			`do_smb_create(str, 0.25)`
			`rescue ::Interrupt`
			`print_status("Exiting on interrupt: iteration #{cnt} using #{@last_fuzzer_input}")`
			`raise $!`
			`rescue ::Exception => e`
			`last_err = e`
			`ensure`
			`disconnect`
			`end`
more cleanups git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da 2010-05-03 17:13:09 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`if(not @connected)`
			`if(last_str)`
			`print_status("The service may have crashed: iteration:#{cnt-1} method=#{last_inp} string=#{last_str.unpack("H*")[0]} error=#{last_err}")`
			`else`
			`print_status("Could not connect to the service: #{last_err}")`
			`end`
			`return`
			`end`
more cleanups git-svn-id: file:///home/svn/framework3/trunk@9212 4d416f70-5f16-0410-b530-b9f4589650da 2010-05-03 17:13:09 +00:00
Retab modules 2013-08-30 21:28:54 +00:00			`last_str = str`
			`last_inp = @last_fuzzer_input`
			`end`
			`end`
Various SMB fuzzers to demonstrate the new fuzzing api git-svn-id: file:///home/svn/framework3/trunk@7244 4d416f70-5f16-0410-b530-b9f4589650da 2009-10-25 05:05:54 +00:00			`end`