See #782. Updated xmas.rb (again), now uses the nicer frontend function sendto. Diff against r8026 to get an idea of what's changed for module writers.
git-svn-id: file:///home/svn/framework3/trunk@8259 4d416f70-5f16-0410-b530-b9f4589650daunstable
Tod Beardsley
parent
77771ca5be
commit
3053bd702a
|
|
@ -26,8 +26,7 @@ module Exploit::Capture
|
|||
OptString.new('FILTER', [false, 'The filter string for capturing traffic']),
|
||||
OptInt.new('SNAPLEN', [true, 'The number of bytes to capture', 65535]),
|
||||
OptInt.new('TIMEOUT', [true, 'The number of seconds to wait for new data', 500]),
|
||||
OptAddress.new('GATEWAY', [false, 'The gateway IP address']),
|
||||
OptAddress.new('LHOST', [false, 'The local IP address'])
|
||||
OptAddress.new('GATEWAY', [false, 'The gateway IP address'])
|
||||
|
||||
], Msf::Exploit::Capture
|
||||
)
|
||||
|
|
|
|||
|
|
@ -39,12 +39,12 @@ class Metasploit3 < Msf::Auxiliary
|
|||
|
||||
register_options([
|
||||
OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "1-10000"]),
|
||||
OptInt.new('BATCHSIZE', [true, "The number of hosts to scan per set", 256])
|
||||
OptInt.new('TIMEOUT', [true, "The reply read timeout in milliseconds", 500]),
|
||||
OptInt.new('BATCHSIZE', [true, "The number of hosts to scan per set", 256]),
|
||||
OptString.new('INTERFACE', [false, 'The name of the interface'])
|
||||
], self.class)
|
||||
|
||||
deregister_options('FILTER','PCAPFILE')
|
||||
|
||||
|
||||
end
|
||||
|
||||
def run_batch_size
|
||||
|
|
@ -52,38 +52,34 @@ class Metasploit3 < Msf::Auxiliary
|
|||
end
|
||||
|
||||
def run_batch(hosts)
|
||||
open_pcap
|
||||
|
||||
raise "Pcaprub is not available" if not @@havepcap
|
||||
|
||||
pcap = self.capture
|
||||
|
||||
ports = Rex::Socket.portspec_crack(datastore['PORTS'])
|
||||
pcap = open_pcap
|
||||
|
||||
if ports.empty?
|
||||
print_error("Error: No valid ports specified")
|
||||
return
|
||||
end
|
||||
|
||||
to = (datastore['TIMEOUT'] || 1000).to_f / 1000.0
|
||||
to = (datastore['TIMEOUT'] || 500).to_f / 1000.0
|
||||
|
||||
# Spread the load across the hosts
|
||||
ports.each do |dport|
|
||||
hosts.each do |dhost|
|
||||
shost, sport = getsource(dhost)
|
||||
|
||||
dst_mac,src_mac = lookup_eth(dhost)
|
||||
next if dst_mac == "ff:ff:ff:ff:ff:ff" # Skip unresolvable addresses
|
||||
|
||||
self.capture.setfilter(getfilter(shost, sport, dhost, dport))
|
||||
pcap.setfilter(getfilter(shost, sport, dhost, dport))
|
||||
|
||||
begin
|
||||
probe = buildprobe(shost, sport, dhost, dport)
|
||||
|
||||
inject_eth(:payload => probe,
|
||||
:eth_daddr => dst_mac,
|
||||
:eth_saddr => src_mac
|
||||
)
|
||||
sendto(probe, dhost)
|
||||
|
||||
reply = probereply(self.capture, to)
|
||||
reply = readreply(pcap, to)
|
||||
|
||||
next if reply # Got a RST back
|
||||
|
||||
|
|
@ -134,7 +130,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
n.pack
|
||||
end
|
||||
|
||||
def probereply(pcap, to)
|
||||
def readreply(pcap, to)
|
||||
reply = nil
|
||||
|
||||
begin
|
||||
|
|
|
|||
Loading…
Reference in New Issue