metasploit-framework/modules/auxiliary/scanner/tftp/tftpbrute.rb

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##


require 'msf/core'

class Metasploit3 < Msf::Auxiliary

	include Msf::Auxiliary::Scanner

	def initialize
		super(
			'Name'        => 'TFTP Brute Forcer',
			'Description' => 'This module uses a dictionary to brute force valid TFTP image names from a TFTP server.',
			'Author'      => 'antoine',
			'Version'     => '$Revision$',
			'License'     => BSD_LICENSE
		)

		register_options(
			[
				Opt::RPORT(69),
				OptPath.new('DICTIONARY', [ true, 'The list of filenames', File.join(Msf::Config.install_root, "data", "wordlists", "tftp.txt") ])
			], self.class)
	end

	def run_host(ip)
		begin

			# Create an unbound UDP socket
			udp_sock = Rex::Socket::Udp.create(
				'Context'   =>
					{
						'Msf'        => framework,
						'MsfExploit' => self,
					}				
			)
			
			fd = File.open(datastore['DICTIONARY'], 'r')
			fd.read(fd.stat.size).split("\n").each do |filename|
				filename.strip!
				pkt = "\x00\x01" + filename + "\x00" + "netascii" + "\x00"
				udp_sock.sendto(pkt, ip, datastore['RPORT'])
				resp = udp_sock.get(1)
				if resp and resp.length >= 2 and resp[0, 2] == "\x00\x03"
					print_status("Found #{filename} on #{ip}")
				end
			end
			fd.close
		rescue
		ensure
			udp_sock.close
		end
	end

end
Adds antoine's tftp brute forcer git-svn-id: file:///home/svn/framework3/trunk@6667 4d416f70-5f16-0410-b530-b9f4589650da 2009-06-17 20:52:47 +00:00			`##`
			`# $Id$`
			`##`

			`##`
			`# This file is part of the Metasploit Framework and may be subject to`
			`# redistribution and commercial restrictions. Please see the Metasploit`
			`# Framework web site for more information on licensing and terms of use.`
			`# http://metasploit.com/projects/Framework/`
			`##`


			`require 'msf/core'`

			`class Metasploit3 < Msf::Auxiliary`

			`include Msf::Auxiliary::Scanner`

			`def initialize`
			`super(`
			`'Name' => 'TFTP Brute Forcer',`
Updates to work with the newer aux api git-svn-id: file:///home/svn/framework3/trunk@6670 4d416f70-5f16-0410-b530-b9f4589650da 2009-06-17 21:39:17 +00:00			`'Description' => 'This module uses a dictionary to brute force valid TFTP image names from a TFTP server.',`
Adds antoine's tftp brute forcer git-svn-id: file:///home/svn/framework3/trunk@6667 4d416f70-5f16-0410-b530-b9f4589650da 2009-06-17 20:52:47 +00:00			`'Author' => 'antoine',`
			`'Version' => '$Revision$',`
			`'License' => BSD_LICENSE`
			`)`

			`register_options(`
			`[`
			`Opt::RPORT(69),`
			`OptPath.new('DICTIONARY', [ true, 'The list of filenames', File.join(Msf::Config.install_root, "data", "wordlists", "tftp.txt") ])`
			`], self.class)`
			`end`

			`def run_host(ip)`
			`begin`
Updates to work with the newer aux api git-svn-id: file:///home/svn/framework3/trunk@6670 4d416f70-5f16-0410-b530-b9f4589650da 2009-06-17 21:39:17 +00:00
			`# Create an unbound UDP socket`
			`udp_sock = Rex::Socket::Udp.create(`
			`'Context' =>`
			`{`
			`'Msf' => framework,`
			`'MsfExploit' => self,`
			`}`
			`)`

			`fd = File.open(datastore['DICTIONARY'], 'r')`
			`fd.read(fd.stat.size).split("\n").each do \|filename\|`
			`filename.strip!`
Adds antoine's tftp brute forcer git-svn-id: file:///home/svn/framework3/trunk@6667 4d416f70-5f16-0410-b530-b9f4589650da 2009-06-17 20:52:47 +00:00			`pkt = "\x00\x01" + filename + "\x00" + "netascii" + "\x00"`
Updates to work with the newer aux api git-svn-id: file:///home/svn/framework3/trunk@6670 4d416f70-5f16-0410-b530-b9f4589650da 2009-06-17 21:39:17 +00:00			`udp_sock.sendto(pkt, ip, datastore['RPORT'])`
Adds antoine's tftp brute forcer git-svn-id: file:///home/svn/framework3/trunk@6667 4d416f70-5f16-0410-b530-b9f4589650da 2009-06-17 20:52:47 +00:00			`resp = udp_sock.get(1)`
			`if resp and resp.length >= 2 and resp[0, 2] == "\x00\x03"`
			`print_status("Found #{filename} on #{ip}")`
			`end`
			`end`
Updates to work with the newer aux api git-svn-id: file:///home/svn/framework3/trunk@6670 4d416f70-5f16-0410-b530-b9f4589650da 2009-06-17 21:39:17 +00:00			`fd.close`
Adds antoine's tftp brute forcer git-svn-id: file:///home/svn/framework3/trunk@6667 4d416f70-5f16-0410-b530-b9f4589650da 2009-06-17 20:52:47 +00:00			`rescue`
			`ensure`
			`udp_sock.close`
			`end`
			`end`

			`end`