diff --git a/lib/rex/proto/addp.rb b/lib/rex/proto/addp.rb index d996f2c82f..c1373b9a8a 100644 --- a/lib/rex/proto/addp.rb +++ b/lib/rex/proto/addp.rb @@ -42,34 +42,25 @@ module Proto CMD_CNT = 14 - - def self.mac2bin(mac) - mac.split(":").map{|c| c.to_i(16) }.pack("C*") - end - - def self.bin2mac(bin) - bin.unpack("C6").map{|x| "%.2x" % x }.join(":").upcase - end - def self.encode_password(pwd="dbps") [pwd.length].pack("C") + pwd end def self.request_config(magic, dmac="\xff\xff\xff\xff\xff\xff") - mac = (dmac.length == 6) ? dmac : self.mac2bin(dmac) + mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac) req = magic + [ CMD_CONF_REQ, 6].pack("nn") + mac return req end def self.request_config_all(dmac="\xff\xff\xff\xff\xff\xff") - mac = (dmac.length == 6) ? dmac : self.mac2bin(dmac) + mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac) res = [] MAGICS.each { |m| res << self.request_config(m, dmac) } return res end def self.request_static_ip(magic, dmac, ip, mask, gw, pwd="dbps") - mac = (dmac.length == 6) ? dmac : self.mac2bin(dmac) + mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac) buf = Rex::Socket.addr_aton(ip) + Rex::Socket.addr_aton(mask) + @@ -82,7 +73,7 @@ module Proto end def self.request_dhcp(magic, dmac, enabled, pwd="dbps") - mac = (dmac.length == 6) ? dmac : self.mac2bin(dmac) + mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac) buf = [ enabled ? 1 : 0 ].pack("C") + mac + @@ -93,7 +84,7 @@ module Proto end def self.request_reboot(magic, dmac, pwd="dbps") - mac = (dmac.length == 6) ? dmac : self.mac2bin(dmac) + mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac) buf = mac + self.encode_password(pwd) @@ -121,7 +112,7 @@ module Proto case i_type when 0x01 - res[:mac] = self.bin2mac(i_data) + res[:mac] = Rex::Socket.eth_ntoa(i_data) when 0x02 res[:ip] = Rex::Socket.addr_ntoa(i_data) when 0x03 diff --git a/lib/rex/socket.rb b/lib/rex/socket.rb index 9374349c6e..8e37cf3719 100644 --- a/lib/rex/socket.rb +++ b/lib/rex/socket.rb @@ -455,6 +455,20 @@ module Socket end end + # + # Converts a colon-delimited MAC address into a 6-byte binary string + # + def self.eth_aton(mac) + mac.split(":").map{|c| c.to_i(16) }.pack("C*") + end + + # + # Converts a 6-byte binary string into a colon-delimited MAC address + # + def self.eth_ntoa(bin) + bin.unpack("C6").map{|x| "%.2x" % x }.join(":").upcase + end + # # Converts a CIDR subnet into an array (base, bcast) # diff --git a/modules/auxiliary/scanner/scada/digi_addp_reboot.rb b/modules/auxiliary/scanner/scada/digi_addp_reboot.rb index 35ac287533..da1d9d953b 100644 --- a/modules/auxiliary/scanner/scada/digi_addp_reboot.rb +++ b/modules/auxiliary/scanner/scada/digi_addp_reboot.rb @@ -24,7 +24,7 @@ class Metasploit3 < Msf::Auxiliary 'Version' => '$Revision$', 'Description' => 'Reboot Digi International based equipment through the ADDP service', 'Author' => 'hdm', - 'References' => + 'References' => [ ['URL', 'http://qbeukes.blogspot.com/2009/11/advanced-digi-discovery-protocol_21.html'], ['URL', 'http://www.digi.com/wiki/developer/index.php/Advanced_Device_Discovery_Protocol_%28ADDP%29'], @@ -144,7 +144,7 @@ class Metasploit3 < Msf::Auxiliary if @results[addr][:cmd] == Rex::Proto::ADDP::CMD_REBOOT_REP print_status("#{addr}:#{rport} Reboot Status: " + Rex::Proto::ADDP.reply_to_string(@results[addr])) end - + return unless @results[addr][:magic] and @results[addr][:mac] end diff --git a/modules/auxiliary/scanner/scada/digi_addp_version.rb b/modules/auxiliary/scanner/scada/digi_addp_version.rb index acb5722184..48caec9fd5 100644 --- a/modules/auxiliary/scanner/scada/digi_addp_version.rb +++ b/modules/auxiliary/scanner/scada/digi_addp_version.rb @@ -24,7 +24,7 @@ class Metasploit3 < Msf::Auxiliary 'Version' => '$Revision$', 'Description' => 'Discover host information through the Digi International ADDP service', 'Author' => 'hdm', - 'References' => + 'References' => [ ['URL', 'http://qbeukes.blogspot.com/2009/11/advanced-digi-discovery-protocol_21.html'], ['URL', 'http://www.digi.com/wiki/developer/index.php/Advanced_Device_Discovery_Protocol_%28ADDP%29'], @@ -119,7 +119,7 @@ class Metasploit3 < Msf::Auxiliary @results[addr] ||= {} @results[addr] = Rex::Proto::ADDP.decode_reply(data) - + return unless @results[addr][:magic] and @results[addr][:mac] inf = Rex::Proto::ADDP.reply_to_string(@results[addr])