infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Do minor module clean up

bug/bundler_fix
jvazquez-r7 2014-12-23 01:00:21 -06:00
parent 6480ae2c03
commit 49fef9e514
1 changed files with 44 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
modules/post/windows/recon/outbound_ports.rb
View File

@ -24,17 +24,17 @@ class Metasploit3 < Msf::Post
less noise in the network).
},
'License' => MSF_LICENSE,
'Author' => [ 'Borja Merino <bmerinofe[at]gmail.com>' ],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ],
'Author' => 'Borja Merino <bmerinofe[at]gmail.com>',
'Platform' => 'win',
'SessionTypes' => ['meterpreter'],
'References' => [
[ 'URL', 'http://www.shelliscoming.com/2014/11/getting-outbound-filtering-rules-by.html' ]
['URL', 'http://www.shelliscoming.com/2014/11/getting-outbound-filtering-rules-by.html']
]
))
register_options(
[
OptAddress.new("ADDRESS" , [ true, 'Destination IP address.']),
OptAddress.new('ADDRESS' , [ true, 'Destination IP address.']),
OptInt.new('HOPS', [true, 'Number of hops to get.', 3]),
OptInt.new('MIN_TTL', [true, 'Starting TTL value.', 1]),
OptString.new('PORTS', [true, 'Ports to test (e.g. 80,443,100-110).','80,443']),
@ -45,18 +45,20 @@ class Metasploit3 < Msf::Post
def icmp_setup
handler = client.railgun.ws2_32.socket("AF_INET", "SOCK_RAW", "IPPROTO_ICMP")
if handler['GetLastError'] != 0
if handler['GetLastError'] == 0
vprint_status("ICMP raw socket created successfully")
else
print_error("There was an error setting the ICMP raw socket; GetLastError: #{handler['GetLastError']}")
return nil
end
vprint_status("ICMP raw socket created successfully")
r = client.railgun.ws2_32.bind(handler['return'],"\x02\x00\x00\x00" << Rex::Socket.addr_aton(session.session_host) << "\x00"*8 ,16)
if r['GetLastError'] != 0
if r['GetLastError'] == 0
vprint_status("ICMP socket successfully bound to #{session.session_host}")
else
print_error("There was an error binding the ICMP socket to #{session.session_host}; GetLastError: #{r['GetLastError']}")
return nil
end
vprint_status("ICMP socket successfully bound to #{session.session_host}")
# int WSAIoctl(
# _In_ SOCKET s,
@ -71,32 +73,34 @@ class Metasploit3 < Msf::Post
# );
sio_rcvall = 0x98000001
r = client.railgun.ws2_32.WSAIoctl(handler['return'],sio_rcvall,"\x01",4,nil,0,4,nil,nil)
if r['GetLastError'] != 0
r = client.railgun.ws2_32.WSAIoctl(handler['return'], sio_rcvall, "\x01", 4, nil, 0 ,4, nil, nil)
if r['GetLastError'] == 0
return handler['return']
else
print_error("There was an error calling WSAIoctl (ICMP raw socket); GetLastError: #{r['GetLastError']}")
return nil
end
return handler['return']
end
def tcp_setup(ttl)
handler = client.railgun.ws2_32.socket("AF_INET", "SOCK_STREAM", "IPPROTO_TCP")
if handler['GetLastError'] != 0
handler = client.railgun.ws2_32.socket('AF_INET', 'SOCK_STREAM', 'IPPROTO_TCP')
if handler['GetLastError'] == 0
vprint_status('TCP socket created successfully')
else
print_error("There was an error setting the TCP socket; GetLastError: #{handler['GetLastError']}")
return nil
end
vprint_status("TCP socket created successfully")
# 0x8004667E = FIONBIO
# Enable non-blocking mode when *argp (third parameter in ioctlsocket) is set to a nonzero value
cmd = 0x8004667E
r = client.railgun.ws2_32.ioctlsocket(handler['return'], cmd, 1)
if r['GetLastError'] != 0
if r['GetLastError'] == 0
vprint_status('TCP socket successfully configured in non-blocking mode')
else
print_error("There was an error setting the TCP socket in non-blocking mode; GetLastError: #{r['GetLastError']}")
return nil
end
vprint_status("TCP socket successfully configured in non-blocking mode")
# int setsockopt(
# _In_ SOCKET s,
@ -105,28 +109,32 @@ class Metasploit3 < Msf::Post
# _In_ const char *optval,
#_In_ int optlen
# );
ipproto_ip = 0
ip_ttl = 4
r = client.railgun.ws2_32.setsockopt(handler['return'], ipproto_ip, ip_ttl, [ttl].pack('C'), 4)
if r['GetLastError'] != 0
if r['GetLastError'] == 0
vprint_status("TTL value successfully set to #{ttl}")
return handler['return']
else
print_error("There was an error setting the TTL value; GetLastError: #{r['GetLastError']}")
return nil
end
vprint_status("TTL value successfully set to #{ttl}")
return handler['return']
end
def connections(remote, dst_port, h_icmp, h_tcp, to)
r = client.railgun.ws2_32.connect(h_tcp, "\x02\x00" << [dst_port].pack("n") << Rex::Socket.addr_aton(remote) << "\x00"*8 , 16)
sock_addr = "\x02\x00"
sock_addr << [dst_port].pack('n')
sock_addr << Rex::Socket.addr_aton(remote)
sock_addr << "\x00" * 8
r = client.railgun.ws2_32.connect(h_tcp, sock_addr, 16)
# A GetLastError == 1035 is expected since the socket is set to non-blocking mode
if r['GetLastError'] != 10035
unless r['GetLastError'] == 10035
print_error("There was an error creating the connection to the peer #{remote}; GetLastError: #{r['GetLastError']}")
return
end
from = " " * 16
from = ' ' * 16
begin
::Timeout.timeout(to) do
@ -137,7 +145,6 @@ class Metasploit3 < Msf::Post
rescue ::Timeout::Error
return nil
end
end
def run
@ -163,27 +170,27 @@ class Metasploit3 < Msf::Post
ports.each do |dport|
pub_ip = false
print_status("Testing port #{dport}...")
0.upto(datastore['HOPS'] - 1) { |i|
0.upto(datastore['HOPS'] - 1) do |i|
i = i + datastore['MIN_TTL']
h_icmp = icmp_setup
return if h_icmp.nil?
h_tcp = tcp_setup(i)
return if h_tcp .nil?
return if h_tcp.nil?
hop = connections(remote, dport, h_icmp, h_tcp, to)
if hop != nil
print_good("#{i} #{hop}")
if !Rex::Socket.is_internal?(hop)
pub_ip = true
break if datastore['STOP'] == true
end
else
if hop.nil?
print_error("#{i} *")
else
print_good("#{i} #{hop}")
unless Rex::Socket.is_internal?(hop)
pub_ip = true
break if datastore['STOP']
end
end
client.railgun.ws2_32.closesocket(h_tcp)
client.railgun.ws2_32.closesocket(h_icmp)
}
print_good("Public IP reached. The TCP port #{dport} is not filtered") if pub_ip == true
end
print_good("Public IP reached. The TCP port #{dport} is not filtered") if pub_ip
end
end
end