infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2 from todb-r7/simplify-chargen-detection 

Add chargen to udp_probe and udp_sweep
bug/bundler_fix
Matteo Cantoni 2013-12-20 08:48:50 -08:00
parent d26303e3e7 2f34f8458b
commit 038d6d526c
2 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
modules/auxiliary/scanner/discovery/udp_probe.rb
View File

@ -204,6 +204,11 @@ class Metasploit3 < Msf::Auxiliary
case pkt[2]
when 19
app = 'chargen'
return unless chargen_parse(pkt[0])
@results[hkey] = true
when 53
app = 'DNS'
ver = nil
@ -362,6 +367,13 @@ class Metasploit3 < Msf::Auxiliary
"#{res[2]}_#{res[1]}"
end
#
# Validate a chargen packet.
#
def chargen_parse(data)
data =~ /ABCDEFGHIJKLMNOPQRSTUVWXYZ|0123456789/i
end
#
# Validate this is truly Citrix ICA; returns true or false.
#
@ -397,6 +409,11 @@ class Metasploit3 < Msf::Auxiliary
# The probe definitions
#
def probe_chargen(ip)
pkt = Rex::Text.rand_text_alpha_lower(1)
return [pkt, 19]
end
def probe_pkt_dns(ip)
data = [rand(0xffff)].pack('n') +
"\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00"+

18
modules/auxiliary/scanner/discovery/udp_sweep.rb
View File

@ -153,6 +153,12 @@ class Metasploit3 < Msf::Auxiliary
case sport
when 19
app = 'chargen'
ver = nil
return unless chargen_parse(data)
@results[hkey] = true
when 53
app = 'DNS'
ver = nil
@ -306,6 +312,13 @@ class Metasploit3 < Msf::Auxiliary
print_status("Discovered #{app} on #{shost}:#{sport} (#{inf})")
end
#
# Validate a chargen packet.
#
def chargen_parse(data)
data =~ /ABCDEFGHIJKLMNOPQRSTUVWXYZ|0123456789/i
end
#
# Parse a db2disco packet.
#
@ -349,6 +362,11 @@ class Metasploit3 < Msf::Auxiliary
# The probe definitions
#
def probe_chargen(ip)
pkt = Rex::Text.rand_text_alpha_lower(1)
return [pkt, 19]
end
def probe_pkt_dns(ip)
data = [rand(0xffff)].pack('n') +
"\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00"+