2012-01-28 19:51:10 +00:00
|
|
|
##
|
2014-10-17 16:47:33 +00:00
|
|
|
# This module requires Metasploit: http://metasploit.com/download
|
2013-10-15 18:50:46 +00:00
|
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
2012-01-28 19:51:10 +00:00
|
|
|
##
|
|
|
|
|
2016-03-08 13:02:44 +00:00
|
|
|
class MetasploitModule < Msf::Auxiliary
|
2013-08-30 21:28:54 +00:00
|
|
|
include Msf::Exploit::Remote::Tcp
|
|
|
|
include Msf::Auxiliary::Scanner
|
|
|
|
include Msf::Auxiliary::Report
|
|
|
|
|
|
|
|
def initialize
|
|
|
|
super(
|
|
|
|
'Name' => 'PcAnywhere TCP Service Discovery',
|
|
|
|
'Description' => 'Discover active pcAnywhere services through TCP',
|
|
|
|
'Author' => 'hdm',
|
|
|
|
'License' => MSF_LICENSE
|
|
|
|
)
|
|
|
|
|
|
|
|
register_options(
|
|
|
|
[
|
|
|
|
Opt::RPORT(5631)
|
2017-05-03 20:42:21 +00:00
|
|
|
])
|
2013-08-30 21:28:54 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def run_host(ip)
|
|
|
|
begin
|
|
|
|
connect
|
|
|
|
sock.put("\x00\x00\x00\x00")
|
|
|
|
res = sock.get_once(-1, 15)
|
|
|
|
if not (res and res.index("Please press <Enter>"))
|
|
|
|
disconnect
|
|
|
|
return
|
|
|
|
end
|
2012-01-28 19:51:10 +00:00
|
|
|
|
2012-02-01 16:59:58 +00:00
|
|
|
=begin
|
2013-08-30 21:28:54 +00:00
|
|
|
sock.put( "\x6f\x06\xfe" )
|
|
|
|
res = sock.get_once(-1, 15)
|
2012-02-01 16:59:58 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
sock.put("\x6f\x61\xff\x09\x00\x07\x00\x00\x01\xff\x00\x00\x07\x00")
|
|
|
|
res = sock.get_once(-1, 15)
|
2012-01-28 19:51:10 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
sock.put("\x6f\x62\x00\x02\x00\x00\x00")
|
|
|
|
res = sock.get_once(-1, 15)
|
|
|
|
print_status(Rex::Text.to_hex_dump(res))
|
2012-02-01 16:59:58 +00:00
|
|
|
=end
|
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
report_service(:host => rhost, :port => rport, :name => "pcanywhere_data", :info => "")
|
2017-07-19 10:39:15 +00:00
|
|
|
print_good("#{rhost}:#{rport} pcAnywhere data service")
|
2012-02-01 16:59:58 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
rescue ::Rex::ConnectionError, ::EOFError, ::Errno::ECONNRESET
|
|
|
|
rescue ::Exception => e
|
|
|
|
print_error("#{rhost}:#{rport} Error: #{e.class} #{e} #{e.backtrace}")
|
|
|
|
end
|
|
|
|
end
|
2012-01-28 19:51:10 +00:00
|
|
|
end
|