infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix up titles/add boundary check for reporting external host

unstable
HD Moore 2012-02-08 12:23:46 -06:00
parent 6685a65c39
commit 29b99aa7b4
3 changed files with 40 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
modules/auxiliary/admin/natpmp/natpmp_map.rb
View File

@ -8,7 +8,7 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'NAT-PMP port mapper',
'Name' => 'NAT-PMP Port Mapper',
'Description' => 'Map (forward) TCP and UDP ports on NAT devices using NAT-PMP',
'Author' => 'Jon Hart <jhart[at]spoofed.org>',
'License' => MSF_LICENSE
@ -30,9 +30,9 @@ class Metasploit3 < Msf::Auxiliary
def run_host(host)
begin
udp_sock = Rex::Socket::Udp.create(
{ 'LocalHost' => datastore['CHOST'] || nil,
'Context' => {'Msf' => framework, 'MsfExploit' => self}
udp_sock = Rex::Socket::Udp.create({
'LocalHost' => datastore['CHOST'] || nil,
'Context' => {'Msf' => framework, 'MsfExploit' => self}
})
add_socket(udp_sock)
@ -96,11 +96,13 @@ class Metasploit3 < Msf::Auxiliary
)
# report the external port as being open
report_service(
:host => external_address,
:port => external_port,
:proto => datastore['PROTOCOL'].to_s.downcase,
:state => Msf::ServiceState::Open
)
if inside_workspace_boundary(external_address)
report_service(
:host => external_address,
:port => external_port,
:proto => datastore['PROTOCOL'].to_s.downcase,
:state => Msf::ServiceState::Open
)
end
end
end

26
modules/auxiliary/gather/natpmp_external_address.rb
View File

@ -8,7 +8,7 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'NAT-PMP External address scanner',
'Name' => 'NAT-PMP External Address Scanner',
'Description' => 'Scan NAT devices for their external address using NAT-PMP',
'Author' => 'Jon Hart <jhart[at]spoofed.org>',
'License' => MSF_LICENSE
@ -25,15 +25,15 @@ class Metasploit3 < Msf::Auxiliary
def run_host(host)
begin
udp_sock = Rex::Socket::Udp.create(
{ 'LocalHost' => datastore['CHOST'] || nil,
'Context' => {'Msf' => framework, 'MsfExploit' => self}
udp_sock = Rex::Socket::Udp.create({
'LocalHost' => datastore['CHOST'] || nil,
'Context' => {'Msf' => framework, 'MsfExploit' => self}
})
add_socket(udp_sock)
print_status "#{host}:#{datastore['RPORT']} - NATPMP - Probing for external address" if (datastore['VERBOSE'])
udp_sock.sendto(Rex::Proto::NATPMP.external_address_request, host, datastore['RPORT'].to_i, 0)
while (r = udp_sock.recvfrom(12, 0.25) and r[1])
while (r = udp_sock.recvfrom(12, 1.0) and r[1])
handle_reply(host, r)
end
rescue ::Interrupt
@ -41,7 +41,7 @@ class Metasploit3 < Msf::Auxiliary
rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused
nil
rescue ::Exception => e
print_error("Unknown error: #{e.class} #{e}")
print_error("#{host}:#{datastore['RPORT']} Unknown error: #{e.class} #{e}")
end
end
@ -65,18 +65,20 @@ class Metasploit3 < Msf::Auxiliary
)
# also report its external address as alive
report_host(
:host => external_address,
:state => Msf::HostState::Alive
)
if inside_workspace_boundary(external_address)
report_host(
:host => external_address,
:state => Msf::HostState::Alive
)
end
# report NAT-PMP as being open
report_service(
:host => host,
:port => pkt[2],
:proto => 'udp',
:name => 'natpmp',
:state => Msf::ServiceState::Open
:name => 'natpmp',
:state => Msf::ServiceState::Open
)
end
end

26
modules/auxiliary/scanner/natpmp/natpmp_portscan.rb
View File

@ -10,7 +10,7 @@ class Metasploit3 < Msf::Auxiliary
def initialize
super(
'Name' => 'NAT-PMP External port scanner',
'Name' => 'NAT-PMP External Port Scanner',
'Description' => 'Scan NAT devices for their external listening ports using NAT-PMP',
'Author' => 'Jon Hart <jhart[at]spoofed.org>',
'License' => MSF_LICENSE
@ -27,9 +27,9 @@ class Metasploit3 < Msf::Auxiliary
def run_host(host)
begin
udp_sock = Rex::Socket::Udp.create(
{ 'LocalHost' => datastore['CHOST'] || nil,
'Context' => {'Msf' => framework, 'MsfExploit' => self} }
udp_sock = Rex::Socket::Udp.create({
'LocalHost' => datastore['CHOST'] || nil,
'Context' => {'Msf' => framework, 'MsfExploit' => self} }
)
add_socket(udp_sock)
print_status "Scanning #{datastore['PROTOCOL']} ports #{datastore['PORTS']} on #{host} using NATPMP" if (datastore['VERBOSE'])
@ -52,13 +52,13 @@ class Metasploit3 < Msf::Auxiliary
# send one request to clear the mapping if *we've* created it before
clear_req = Rex::Proto::NATPMP.map_port_request(port, port, Rex::Proto::NATPMP.const_get(datastore['PROTOCOL']), 0)
udp_sock.sendto(clear_req, host, datastore['RPORT'].to_i, 0)
while (r = udp_sock.recvfrom(16, 0.25) and r[1])
while (r = udp_sock.recvfrom(16, 1.0) and r[1])
end
# now try the real mapping
map_req = Rex::Proto::NATPMP.map_port_request(port, port, Rex::Proto::NATPMP.const_get(datastore['PROTOCOL']), 1)
udp_sock.sendto(map_req, host, datastore['RPORT'].to_i, 0)
while (r = udp_sock.recvfrom(16, 0.25) and r[1])
while (r = udp_sock.recvfrom(16, 1.0) and r[1])
handle_reply(host, external_address, r)
end
end
@ -98,12 +98,14 @@ class Metasploit3 < Msf::Auxiliary
print_status("#{external_addr} - #{int}/#{protocol} #{state} because of code #{result} response") if (datastore['DEBUG'])
end
report_service(
:host => external_addr,
:port => int,
:proto => protocol,
:state => state
)
if inside_workspace_boundary(external_addr)
report_service(
:host => external_addr,
:port => int,
:proto => protocol,
:state => state
)
end
report_service(
:host => host,