Use the payload as the ICMP tag check
git-svn-id: file:///home/svn/framework3/trunk@7309 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
f89085fd20
commit
1ca1e1cc84
|
@ -73,11 +73,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
case ip.protocol
|
case ip.protocol
|
||||||
when 1
|
when 1
|
||||||
icmp = Racket::ICMP.new(ip.payload)
|
icmp = Racket::ICMP.new(ip.payload)
|
||||||
if(icmp.id != datastore['ECHOID'].to_i)
|
|
||||||
return
|
|
||||||
end
|
|
||||||
reply = {:raw => r, :eth => eth, :ip => ip, :icmp => icmp}
|
reply = {:raw => r, :eth => eth, :ip => ip, :icmp => icmp}
|
||||||
reply[:type] = :icmp
|
reply[:type] = :icmp
|
||||||
|
return if(icmp.payload[4,2] != [datastore['ECHOID']].pack('n')
|
||||||
reply[:internal] = Rex::Socket.addr_ntoa(icmp.payload[0,4])
|
reply[:internal] = Rex::Socket.addr_ntoa(icmp.payload[0,4])
|
||||||
reply[:external] = ip.src_ip
|
reply[:external] = ip.src_ip
|
||||||
return reply
|
return reply
|
||||||
|
|
|
@ -83,9 +83,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
n.l4 = Racket::ICMP.new
|
n.l4 = Racket::ICMP.new
|
||||||
n.l4.type = 8
|
n.l4.type = 8
|
||||||
n.l4.id = datastore['ECHOID'].to_i
|
n.l4.id = rand(0x10000)
|
||||||
n.l4.seq = 1
|
n.l4.seq = 1
|
||||||
n.l4.payload = Rex::Socket.addr_aton(dst) + Rex::Text.rand_text(28)
|
n.l4.payload = Rex::Socket.addr_aton(dst) + [datastore['ECHOID']].pack('n') + Rex::Text.rand_text(26)
|
||||||
|
|
||||||
n.l4.fix!
|
n.l4.fix!
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue