infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploit-framework/modules/auxiliary/scanner/portscan/ftpbounce.rb

102 lines
2.6 KiB
Ruby
Raw Normal View History

adding an ftp bounce port scanner aux module (can still be useful today) git-svn-id: file:///home/svn/framework3/trunk@6174 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-23 02:05:28 +00:00
##
use https for metaploit.com links
2017-07-24 13:26:21 +00:00
# This module requires Metasploit: https://metasploit.com/download
Redo the boilerplate / splat [SeeRM #8496]
2013-10-15 18:50:46 +00:00
# Current source: https://github.com/rapid7/metasploit-framework
adding an ftp bounce port scanner aux module (can still be useful today) git-svn-id: file:///home/svn/framework3/trunk@6174 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-23 02:05:28 +00:00
##
use MetasploitModule as a class name
2016-03-08 13:02:44 +00:00
class MetasploitModule < Msf::Auxiliary
adding an ftp bounce port scanner aux module (can still be useful today) git-svn-id: file:///home/svn/framework3/trunk@6174 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-23 02:05:28 +00:00
Retab modules
2013-08-30 21:28:54 +00:00
# Order is important here
include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner
include Msf::Exploit::Remote::Ftp
def initialize
super(
'Name' => 'FTP Bounce Port Scanner',
'Description' => %q{
Enumerate TCP services via the FTP bounce PORT/LIST
Add custom rhost/rport, remove editorializing desc Verification: ```` resource (./a.rc)> run [*] Connecting to FTP server .... [*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server) [*] Connected to target FTP server. [*] Authenticating as anonymous with password mozilla@example.com... [*] FTP send: "USER anonymous\r\n" [*] FTP recv: "331 Anonymous login ok, send your complete email address as your password\r\n" ```` ...etc.
2014-04-15 02:46:05 +00:00
method.
Retab modules
2013-08-30 21:28:54 +00:00
},
'Author' => 'kris katterjohn',
'License' => MSF_LICENSE
)
register_options([
OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "1-10000"]),
OptAddress.new('BOUNCEHOST', [true, "FTP relay host"]),
argh, forgot the comma!
2015-12-05 16:24:10 +00:00
OptPort.new('BOUNCEPORT', [true, "FTP relay port", 21]),
Added delay/jitter to ftpbounce scan
2015-12-05 15:22:52 +00:00
OptInt.new('DELAY', [true, "The delay between connections, per thread, in milliseconds", 0]),
argh, forgot the comma!
2015-12-05 16:24:10 +00:00
OptInt.new('JITTER', [true, "The delay jitter factor (maximum value by which to +/- DELAY) in milliseconds.", 0])
Retab modules
2013-08-30 21:28:54 +00:00
])
deregister_options('RHOST', 'RPORT')
end
# No IPv6 support yet
def support_ipv6?
false
end
Add custom rhost/rport, remove editorializing desc Verification: ```` resource (./a.rc)> run [*] Connecting to FTP server .... [*] FTP recv: "220 ProFTPD 1.3.3a Server (My FTP server) [*] Connected to target FTP server. [*] Authenticating as anonymous with password mozilla@example.com... [*] FTP send: "USER anonymous\r\n" [*] FTP recv: "331 Anonymous login ok, send your complete email address as your password\r\n" ```` ...etc.
2014-04-15 02:46:05 +00:00
def rhost
datastore['BOUNCEHOST']
end
def rport
datastore['BOUNCEPORT']
end
Retab modules
2013-08-30 21:28:54 +00:00
def run_host(ip)
ports = Rex::Socket.portspec_crack(datastore['PORTS'])
if ports.empty?
Raise Msf::OptionValidateError when the PORTS option is invalid Instead of print_error for invalid ports, modules should be raising Msf::OptionValidateError to warn the user about the invalid input.
2013-12-18 21:04:53 +00:00
raise Msf::OptionValidateError.new(['PORTS'])
Retab modules
2013-08-30 21:28:54 +00:00
end
Added delay/jitter to ftpbounce scan
2015-12-05 15:22:52 +00:00
jitter_value = datastore['JITTER'].to_i
Removed EOL spaces (msftidy)
2015-12-05 15:33:04 +00:00
if jitter_value < 0
Added delay/jitter to ftpbounce scan
2015-12-05 15:22:52 +00:00
raise Msf::OptionValidateError.new(['JITTER'])
Removed EOL spaces (msftidy)
2015-12-05 15:33:04 +00:00
end
Added delay/jitter to ftpbounce scan
2015-12-05 15:22:52 +00:00
delay_value = datastore['DELAY'].to_i
Removed EOL spaces (msftidy)
2015-12-05 15:33:04 +00:00
if delay_value < 0
Added delay/jitter to ftpbounce scan
2015-12-05 15:22:52 +00:00
raise Msf::OptionValidateError.new(['DELAY'])
end
Retab modules
2013-08-30 21:28:54 +00:00
return if not connect_login
ports.each do |port|
# Clear out the receive buffer since we're heavily dependent
# on the response codes. We need to do this between every
# port scan attempt unfortunately.
while true
Fix incorrect use of sock.get() that could lead to indefinite hang
2014-06-28 20:22:16 +00:00
r = sock.get_once(-1, 0.25)
Retab modules
2013-08-30 21:28:54 +00:00
break if not r or r.empty?
end
begin
Added delay/jitter to ftpbounce scan
2015-12-05 15:22:52 +00:00
# Add the delay based on JITTER and DELAY if needs be
add_delay_jitter(delay_value,jitter_value)
host = (ip.split('.') + [port / 256, port % 256]).join(',')
Retab modules
2013-08-30 21:28:54 +00:00
resp = send_cmd(["PORT", host])
if resp =~ /^5/
#print_error("Got error from PORT to #{ip}:#{port}")
next
elsif not resp
next
end
resp = send_cmd(["LIST"])
if resp =~ /^[12]/
print_status -> print_good. [When it is successful, show it!]
2017-07-13 23:09:35 +00:00
print_good(" TCP OPEN #{ip}:#{port}")
Retab modules
2013-08-30 21:28:54 +00:00
report_service(:host => ip, :port => port)
end
rescue ::Exception
print_error("Unknown error: #{$!}")
end
end
end
adding an ftp bounce port scanner aux module (can still be useful today) git-svn-id: file:///home/svn/framework3/trunk@6174 4d416f70-5f16-0410-b530-b9f4589650da
2009-01-23 02:05:28 +00:00
end