Fix UDP scanner mixin with multicast addresses

This fixes #8828 by only binding UDP sockets when we have unicast
targets. If we have multicast, prefer unbound sockets.

This also brings in the 'ipaddress' gem for identifying multicast
addresses. It looks like it could replace a lot of custom-built
functionality in rex-socket, including RangeWalker. Will need to see how
efficient it is.
bug/bundler_fix
Brent Cook 2017-08-22 06:44:43 -05:00
parent 031f48725f
commit 17aef43bb8
3 changed files with 27 additions and 15 deletions

View File

@ -11,6 +11,7 @@ PATH
bit-struct
dnsruby
filesize
ipaddress
jsobfu
json
metasm
@ -128,6 +129,7 @@ GEM
fivemat (1.3.5)
hashery (2.1.2)
i18n (0.8.6)
ipaddress (0.8.3)
jsobfu (0.4.2)
rkelly-remix
json (2.1.0)

View File

@ -1,5 +1,7 @@
# -*- coding: binary -*-
require 'ipaddress'
module Msf
###
@ -43,18 +45,20 @@ module Auxiliary::UDPScanner
datastore['BATCHSIZE'].to_i
end
def udp_socket(ip, port)
def udp_socket(ip, port, bind_peer: true)
key = "#{ip}:#{port}:#{bind_peer ? 'bound' : 'unbound'}"
@udp_sockets_mutex.synchronize do
key = "#{ip}:#{port}"
unless @udp_sockets.key?(key)
@udp_sockets[key] =
Rex::Socket::Udp.create({
sock_info = {
'LocalHost' => datastore['CHOST'] || nil,
'LocalPort' => datastore['CPORT'] || 0,
'PeerHost' => ip,
'PeerPort' => port,
'Context' => { 'Msf' => framework, 'MsfExploit' => self }
})
}
if bind_peer
sock_info['PeerHost'] = ip
sock_info['PeerPort'] = port
end
@udp_sockets[key] = Rex::Socket::Udp.create(sock_info)
add_socket(@udp_sockets[key])
end
return @udp_sockets[key]
@ -123,10 +127,15 @@ module Auxiliary::UDPScanner
data = data.to_binary_s if data.respond_to?('to_binary_s')
resend_count = 0
sock = nil
begin
sock = udp_socket(ip, port)
unless IPAddress(ip).multicast?
sock = udp_socket(ip, port, bind_peer: true)
sock.send(data, 0)
else
sock = udp_socket(ip, port, bind_peer: false)
sock.sendto(data, ip, port, 0)
end
rescue ::Errno::ENOBUFS
resend_count += 1
@ -136,8 +145,7 @@ module Auxiliary::UDPScanner
end
scanner_recv(0.1)
::IO.select(nil, nil, nil, 0.25)
sleep(0.25)
retry

View File

@ -54,6 +54,8 @@ Gem::Specification.new do |spec|
spec.add_runtime_dependency 'backports'
# Needed for some admin modules (cfme_manageiq_evm_pass_reset.rb)
spec.add_runtime_dependency 'bcrypt'
# Address manipulation (TODO: evaluate to replace rex-socket address handling)
spec.add_runtime_dependency 'ipaddress'
# Needed for Javascript obfuscation
spec.add_runtime_dependency 'jsobfu'
# Needed for some admin modules (scrutinizer_add_user.rb)