Update natpmp_external_address to use Msf::Auxiliary::UDPScanner
Jon Hart
parent
5c57f9b4eb
commit
246f021437
|
|
@ -8,7 +8,8 @@ require 'msf/core'
|
|||
class Metasploit3 < Msf::Auxiliary
|
||||
|
||||
include Msf::Auxiliary::Report
|
||||
include Msf::Auxiliary::Scanner
|
||||
include Msf::Exploit::Remote::Udp
|
||||
include Msf::Auxiliary::UDPScanner
|
||||
include Msf::Auxiliary::NATPMP
|
||||
include Rex::Proto::NATPMP
|
||||
|
||||
|
|
@ -22,39 +23,20 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
end
|
||||
|
||||
def run_host(host)
|
||||
begin
|
||||
udp_sock = Rex::Socket::Udp.create({
|
||||
'LocalHost' => datastore['CHOST'] || nil,
|
||||
'Context' => {'Msf' => framework, 'MsfExploit' => self}
|
||||
})
|
||||
add_socket(udp_sock)
|
||||
vprint_status "#{host}:#{datastore['RPORT']} - NATPMP - Probing for external address"
|
||||
|
||||
udp_sock.sendto(external_address_request, host, datastore['RPORT'].to_i, 0)
|
||||
while (r = udp_sock.recvfrom(12, 1.0) and r[1])
|
||||
handle_reply(host, r)
|
||||
end
|
||||
rescue ::Interrupt
|
||||
raise $!
|
||||
rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused
|
||||
nil
|
||||
rescue ::Exception => e
|
||||
print_error("#{host}:#{datastore['RPORT']} Unknown error: #{e.class} #{e}")
|
||||
end
|
||||
def scan_host(ip)
|
||||
scanner_send(@probe, ip, datastore['RPORT'])
|
||||
end
|
||||
|
||||
def handle_reply(host, pkt)
|
||||
return if not pkt[1]
|
||||
def scanner_prescan(batch)
|
||||
@probe = external_address_request
|
||||
end
|
||||
|
||||
if(pkt[1] =~ /^::ffff:/)
|
||||
pkt[1] = pkt[1].sub(/^::ffff:/, '')
|
||||
end
|
||||
|
||||
(ver, op, result, epoch, external_address) = parse_external_address_response(pkt[0])
|
||||
def scanner_process(data, shost, sport)
|
||||
(ver, op, result, epoch, external_address) = parse_external_address_response(data)
|
||||
|
||||
peer = "#{shost}:#{sport}"
|
||||
if (ver == 0 && op == 128 && result == 0)
|
||||
print_status("#{host} -- external address #{external_address}")
|
||||
print_good("#{peer} -- external address #{external_address}")
|
||||
# report its external address as alive
|
||||
if inside_workspace_boundary?(external_address)
|
||||
report_host(
|
||||
|
|
@ -63,19 +45,19 @@ class Metasploit3 < Msf::Auxiliary
|
|||
)
|
||||
end
|
||||
else
|
||||
print_error("#{host} -- unexpected version/opcode/result/address: #{ver}/#{op}/#{result}/#{external_address}")
|
||||
print_error("#{peer} -- unexpected version/opcode/result/address: #{ver}/#{op}/#{result}/#{external_address}")
|
||||
end
|
||||
|
||||
# report the host we scanned as alive
|
||||
report_host(
|
||||
:host => host,
|
||||
:host => shost,
|
||||
:state => Msf::HostState::Alive
|
||||
)
|
||||
|
||||
# report NAT-PMP as being open
|
||||
report_service(
|
||||
:host => host,
|
||||
:port => pkt[2],
|
||||
:host => shost,
|
||||
:port => sport,
|
||||
:proto => 'udp',
|
||||
:name => 'natpmp',
|
||||
:state => Msf::ServiceState::Open
|
||||
|
|
|
|||
Loading…
Reference in New Issue