infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use the payload as the ICMP tag check 

git-svn-id: file:///home/svn/framework3/trunk@7309 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2009-10-30 17:04:21 +00:00
parent f89085fd20
commit 1ca1e1cc84
2 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
modules/auxiliary/scanner/rogue/rogue_recv.rb
View File

@ -73,11 +73,9 @@ class Metasploit3 < Msf::Auxiliary
case ip.protocol
when 1
icmp = Racket::ICMP.new(ip.payload)
if(icmp.id != datastore['ECHOID'].to_i)
return
end
reply = {:raw => r, :eth => eth, :ip => ip, :icmp => icmp}
reply[:type] = :icmp
return if(icmp.payload[4,2] != [datastore['ECHOID']].pack('n')
reply[:internal] = Rex::Socket.addr_ntoa(icmp.payload[0,4])
reply[:external] = ip.src_ip
return reply

4
modules/auxiliary/scanner/rogue/rogue_send.rb
View File

@ -83,9 +83,9 @@ class Metasploit3 < Msf::Auxiliary
n.l4 = Racket::ICMP.new
n.l4.type = 8
n.l4.id = datastore['ECHOID'].to_i
n.l4.id = rand(0x10000)
n.l4.seq = 1
n.l4.payload = Rex::Socket.addr_aton(dst) + Rex::Text.rand_text(28)
n.l4.payload = Rex::Socket.addr_aton(dst) + [datastore['ECHOID']].pack('n') + Rex::Text.rand_text(26)
n.l4.fix!