infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update natpmp_external_address to use Msf::Auxiliary::UDPScanner

bug/bundler_fix
Jon Hart 2014-08-22 11:53:39 -07:00
parent 5c57f9b4eb
commit 246f021437
1 changed files with 15 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
modules/auxiliary/gather/natpmp_external_address.rb
View File

@ -8,7 +8,8 @@ require 'msf/core'
class Metasploit3 < Msf::Auxiliary class Metasploit3 < Msf::Auxiliary
include Msf::Auxiliary::Report include Msf::Auxiliary::Report
include Msf::Auxiliary::Scanner include Msf::Exploit::Remote::Udp
include Msf::Auxiliary::UDPScanner
include Msf::Auxiliary::NATPMP include Msf::Auxiliary::NATPMP
include Rex::Proto::NATPMP include Rex::Proto::NATPMP
@ -22,39 +23,20 @@ class Metasploit3 < Msf::Auxiliary
end end
def run_host(host) def scan_host(ip)
begin scanner_send(@probe, ip, datastore['RPORT'])
udp_sock = Rex::Socket::Udp.create({
'LocalHost' => datastore['CHOST'] || nil,
'Context' => {'Msf' => framework, 'MsfExploit' => self}
})
add_socket(udp_sock)
vprint_status "#{host}:#{datastore['RPORT']} - NATPMP - Probing for external address"
udp_sock.sendto(external_address_request, host, datastore['RPORT'].to_i, 0)
while (r = udp_sock.recvfrom(12, 1.0) and r[1])
handle_reply(host, r)
end
rescue ::Interrupt
raise $!
rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused
nil
rescue ::Exception => e
print_error("#{host}:#{datastore['RPORT']} Unknown error: #{e.class} #{e}")
end
end end
def handle_reply(host, pkt) def scanner_prescan(batch)
return if not pkt[1] @probe = external_address_request
end
if(pkt[1] =~ /^::ffff:/) def scanner_process(data, shost, sport)
pkt[1] = pkt[1].sub(/^::ffff:/, '') (ver, op, result, epoch, external_address) = parse_external_address_response(data)
end
(ver, op, result, epoch, external_address) = parse_external_address_response(pkt[0])
peer = "#{shost}:#{sport}"
if (ver == 0 && op == 128 && result == 0) if (ver == 0 && op == 128 && result == 0)
print_status("#{host} -- external address #{external_address}") print_good("#{peer} -- external address #{external_address}")
# report its external address as alive # report its external address as alive
if inside_workspace_boundary?(external_address) if inside_workspace_boundary?(external_address)
report_host( report_host(
@ -63,19 +45,19 @@ class Metasploit3 < Msf::Auxiliary
) )
end end
else else
print_error("#{host} -- unexpected version/opcode/result/address: #{ver}/#{op}/#{result}/#{external_address}") print_error("#{peer} -- unexpected version/opcode/result/address: #{ver}/#{op}/#{result}/#{external_address}")
end end
# report the host we scanned as alive # report the host we scanned as alive
report_host( report_host(
:host => host, :host => shost,
:state => Msf::HostState::Alive :state => Msf::HostState::Alive
) )
# report NAT-PMP as being open # report NAT-PMP as being open
report_service( report_service(
:host => host, :host => shost,
:port => pkt[2], :port => sport,
:proto => 'udp', :proto => 'udp',
:name => 'natpmp', :name => 'natpmp',
:state => Msf::ServiceState::Open :state => Msf::ServiceState::Open