infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

See #782. Updated xmas.rb (again), now uses the nicer frontend function sendto. Diff against r8026 to get an idea of what's changed for module writers. 

git-svn-id: file:///home/svn/framework3/trunk@8259 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Tod Beardsley 2010-01-27 18:12:02 +00:00
parent 77771ca5be
commit 3053bd702a
2 changed files with 12 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/msf/core/exploit/capture.rb
View File

@ -26,8 +26,7 @@ module Exploit::Capture
OptString.new('FILTER', [false, 'The filter string for capturing traffic']), OptString.new('FILTER', [false, 'The filter string for capturing traffic']),
OptInt.new('SNAPLEN', [true, 'The number of bytes to capture', 65535]), OptInt.new('SNAPLEN', [true, 'The number of bytes to capture', 65535]),
OptInt.new('TIMEOUT', [true, 'The number of seconds to wait for new data', 500]), OptInt.new('TIMEOUT', [true, 'The number of seconds to wait for new data', 500]),
OptAddress.new('GATEWAY', [false, 'The gateway IP address']), OptAddress.new('GATEWAY', [false, 'The gateway IP address'])
OptAddress.new('LHOST', [false, 'The local IP address'])
], Msf::Exploit::Capture ], Msf::Exploit::Capture
) )

26
modules/auxiliary/scanner/portscan/xmas.rb
View File

@ -39,12 +39,12 @@ class Metasploit3 < Msf::Auxiliary
register_options([ register_options([
OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "1-10000"]), OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "1-10000"]),
OptInt.new('BATCHSIZE', [true, "The number of hosts to scan per set", 256]) OptInt.new('TIMEOUT', [true, "The reply read timeout in milliseconds", 500]),
OptInt.new('BATCHSIZE', [true, "The number of hosts to scan per set", 256]),
OptString.new('INTERFACE', [false, 'The name of the interface'])
], self.class) ], self.class)
deregister_options('FILTER','PCAPFILE') deregister_options('FILTER','PCAPFILE')
end end
def run_batch_size def run_batch_size
@ -52,38 +52,34 @@ class Metasploit3 < Msf::Auxiliary
end end
def run_batch(hosts) def run_batch(hosts)
open_pcap
raise "Pcaprub is not available" if not @@havepcap raise "Pcaprub is not available" if not @@havepcap
pcap = self.capture
ports = Rex::Socket.portspec_crack(datastore['PORTS']) ports = Rex::Socket.portspec_crack(datastore['PORTS'])
pcap = open_pcap
if ports.empty? if ports.empty?
print_error("Error: No valid ports specified") print_error("Error: No valid ports specified")
return return
end end
to = (datastore['TIMEOUT'] || 1000).to_f / 1000.0 to = (datastore['TIMEOUT'] || 500).to_f / 1000.0
# Spread the load across the hosts # Spread the load across the hosts
ports.each do |dport| ports.each do |dport|
hosts.each do |dhost| hosts.each do |dhost|
shost, sport = getsource(dhost) shost, sport = getsource(dhost)
dst_mac,src_mac = lookup_eth(dhost) pcap.setfilter(getfilter(shost, sport, dhost, dport))
next if dst_mac == "ff:ff:ff:ff:ff:ff" # Skip unresolvable addresses
self.capture.setfilter(getfilter(shost, sport, dhost, dport))
begin begin
probe = buildprobe(shost, sport, dhost, dport) probe = buildprobe(shost, sport, dhost, dport)
inject_eth(:payload => probe, sendto(probe, dhost)
:eth_daddr => dst_mac,
:eth_saddr => src_mac
)
reply = probereply(self.capture, to) reply = readreply(pcap, to)
next if reply # Got a RST back next if reply # Got a RST back
@ -134,7 +130,7 @@ class Metasploit3 < Msf::Auxiliary
n.pack n.pack
end end
def probereply(pcap, to) def readreply(pcap, to)
reply = nil reply = nil
begin begin