2014-08-09 04:00:43 +00:00
|
|
|
# -*- coding: binary -*-
|
|
|
|
|
require 'rex/proto/ntp'
|
2014-09-20 18:10:00 +00:00
|
|
|
require 'msf/core/exploit'
|
2014-08-09 04:00:43 +00:00
|
|
|
module Msf
|
|
|
|
|
|
|
|
|
|
###
|
|
|
|
|
#
|
|
|
|
|
# This module provides methods for working with NTP
|
|
|
|
|
#
|
|
|
|
|
###
|
|
|
|
|
module Auxiliary::NTP
|
|
|
|
|
|
2014-09-20 18:10:00 +00:00
|
|
|
include Exploit::Capture
|
2014-08-09 04:00:43 +00:00
|
|
|
include Auxiliary::Scanner
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Initializes an instance of an auxiliary module that uses NTP
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
def initialize(info = {})
|
|
|
|
|
super
|
|
|
|
|
register_options(
|
|
|
|
|
[
|
|
|
|
|
Opt::RPORT(123),
|
|
|
|
|
], self.class)
|
|
|
|
|
|
|
|
|
|
register_advanced_options(
|
|
|
|
|
[
|
2014-08-20 19:21:39 +00:00
|
|
|
OptInt.new('VERSION', [true, 'Use this NTP version', 2]),
|
|
|
|
|
OptInt.new('IMPLEMENTATION', [true, 'Use this NTP mode 7 implementation', 3])
|
2014-08-09 04:00:43 +00:00
|
|
|
], self.class)
|
|
|
|
|
end
|
2014-09-20 18:10:00 +00:00
|
|
|
|
|
|
|
|
# Called for each IP in the batch
|
|
|
|
|
def scan_host(ip)
|
|
|
|
|
if spoofed?
|
|
|
|
|
datastore['ScannerRecvWindow'] = 0
|
|
|
|
|
scanner_spoof_send(@probe, ip, datastore['RPORT'], datastore['SRCIP'], datastore['NUM_REQUESTS'])
|
|
|
|
|
else
|
|
|
|
|
scanner_send(@probe, ip, datastore['RPORT'])
|
|
|
|
|
end
|
|
|
|
|
end
|
2014-08-09 04:00:43 +00:00
|
|
|
end
|
|
|
|
|
end
|
