Fixes #3939 by setting the racket bits correctly.

git-svn-id: file:///home/svn/framework3/trunk@11958 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-14 15:58:17 +00:00 · 2011-03-14 15:58:17 +00:00 · 70127c09fb
parent 03f227817e
commit 70127c09fb
2 changed files with 6 additions and 5 deletions
--- a/modules/auxiliary/scanner/rogue/rogue_recv.rb
+++ b/modules/auxiliary/scanner/rogue/rogue_recv.rb
@ -42,7 +42,7 @@ class Metasploit3 < Msf::Auxiliary
 	end

 	def build_filter
-		"icmp or (" +
+		"(icmp and icmp[0] == 0) or (" +
 			"tcp and (tcp[13] == 0x12 or (tcp[13] & 0x04) != 0) and " +
 			"src port #{datastore['RPORT']} and dst port #{datastore['CPORT']} " +
 		")"
@ -76,8 +76,8 @@ class Metasploit3 < Msf::Auxiliary
 			icmp = Racket::L4::ICMP.new(ip.payload)
 			reply = {:raw => r, :eth => eth, :ip => ip, :icmp => icmp}
 			reply[:type]     = :icmp
-			return if(icmp.payload[4,2] != [datastore['ECHOID']].pack('n'))
-			reply[:internal] = Rex::Socket.addr_ntoa(icmp.payload[0,4])
+			return if(icmp.payload[0,2] != [datastore['ECHOID']].pack('n'))
+			reply[:internal] = Rex::Socket.addr_ntoa(icmp.payload[4,4])
 			reply[:external] = ip.src_ip
 			return reply
 		when 6
--- a/modules/auxiliary/scanner/rogue/rogue_send.rb
+++ b/modules/auxiliary/scanner/rogue/rogue_send.rb
@ -89,8 +89,9 @@ class Metasploit3 < Msf::Auxiliary
 		n.l3.id = rand(0x10000)
 		n.l3.ttl = 255

-		n.l4 = Racket::L4::ICMP.new
-		n.l4.type = 8
+		n.l4 = Racket::L4::ICMPEcho.new
+		n.l4.id = datastore['ECHOID']
+		n.l4.sequence = 1
 		n.l4.payload = Rex::Socket.addr_aton(dst) + [datastore['ECHOID']].pack('n') + Rex::Text.rand_text(26)

 		n.l4.fix!