Land #3841, @jabra-'s modifications to ssdp_amp to support spoofing

2014-09-22 12:28:46 -07:00 · 2014-09-22 12:28:46 -07:00 · 259a368577
parent fc4c1907d3 b7a0847114
commit 259a368577
1 changed files with 7 additions and 1 deletions
--- a/modules/auxiliary/scanner/upnp/ssdp_amp.rb
+++ b/modules/auxiliary/scanner/upnp/ssdp_amp.rb
@ -7,6 +7,7 @@ require 'msf/core'

 class Metasploit3 < Msf::Auxiliary
  include Msf::Auxiliary::Report
+  include Msf::Exploit::Capture
  include Msf::Auxiliary::UDPScanner
  include Msf::Auxiliary::DRDoS

@ -45,7 +46,12 @@ class Metasploit3 < Msf::Auxiliary
  end

  def scan_host(ip)
-    scanner_send(@msearch_probe, ip, datastore['RPORT'])
+    if spoofed?
+      datastore['ScannerRecvWindow'] = 0
+      scanner_spoof_send(@msearch_probe, ip, datastore['RPORT'], datastore['SRCIP'], datastore['NUM_REQUESTS'])
+    else
+      scanner_send(@msearch_probe, ip, datastore['RPORT'])
+    end
  end

  def scanner_process(data, shost, sport)