a few ruby cleanups
esmnemon
parent
b44ec34bfd
commit
81e56663fd
|
|
@ -9,10 +9,12 @@
|
|||
## MODBUS/TCP scanner to find correct Unit_ID/StationID
|
||||
|
||||
require 'msf/core'
|
||||
|
||||
class Metasploit3 < Msf::Auxiliary
|
||||
include Msf::Exploit::Remote::Tcp
|
||||
include Msf::Auxiliary::Fuzzer
|
||||
|
||||
|
||||
def initialize(info = {})
|
||||
super(update_info(info,
|
||||
'Name' => 'Modbus_findunitID',
|
||||
|
|
@ -49,38 +51,28 @@ class Metasploit3 < Msf::Auxiliary
|
|||
start="\x21\x00\x00\x00\x00\x06"
|
||||
theend="\x04\x00\x01\x00\x00"
|
||||
noll="\x00"
|
||||
# between, \01..\0fe (1-254)
|
||||
if datastore['UNIT_ID_FROM'] < 1 then
|
||||
print_status("unit ID must be between 1 and 254 adjust to 1")
|
||||
# between, \01..\0ff (1-255)
|
||||
unless (1..255).include? datastore['UNIT_ID_FROM']
|
||||
print_status("unit ID must be between 1 and 254 adjusting UNIT_ID_FROM to 1")
|
||||
datastore['UNIT_ID_FROM']=1
|
||||
end
|
||||
if datastore['UNIT_ID_FROM'] > 254 then
|
||||
print_status("unit ID must be between 1 and 254 adjust to 1")
|
||||
datastore['UNIT_ID_FROM']=1
|
||||
end
|
||||
if datastore['UNIT_ID_TO'] < 1 then
|
||||
print_status("unit ID must be between 1 and 254, adjusing to #{datastore['UNIT_ID_FROM']+1} ")
|
||||
datastore['UNIT_ID_TO']=datastore['UNIT_ID_FROM'] + 1
|
||||
end
|
||||
if datastore['UNIT_ID_TO'] > 254 then
|
||||
print_status("unit ID must be between 1 and 254, adjusing to #{datastore['UNIT_ID_FROM']+1} ")
|
||||
datastore['UNIT_ID_TO']=datastore['UNIT_ID_FROM'] + 1
|
||||
unless (1..255).include? datastore['UNIT_ID_TO']
|
||||
print_status("unit ID must be between #{datastore['UNIT_ID_FROM']} and 255, adjusting UNIT_ID_TO to #{datastore['UNIT_ID_FROM']} ")
|
||||
datastore['UNIT_ID_TO']=datastore['UNIT_ID_FROM']
|
||||
end
|
||||
if datastore['UNIT_ID_FROM'] > datastore['UNIT_ID_TO'] then
|
||||
print_status("UNIT_ID_TO is less than UNIT_ID_FROM, setting them equal")
|
||||
datastore['UNIT_ID_TO']=datastore['UNIT_ID_FROM']
|
||||
end
|
||||
|
||||
counter=datastore['UNIT_ID_FROM']
|
||||
while counter <= datastore['UNIT_ID_TO']
|
||||
datastore['UNIT_ID_FROM'].upto(datastore['UNIT_ID_TO']) do |counter|
|
||||
sploit=start
|
||||
sploit+=[counter].pack("C")
|
||||
sploit+=theend
|
||||
#sleep(datastore['BENICE'])
|
||||
select(nil,nil,nil,datastore['BENICE'])
|
||||
connect()
|
||||
sock.put(sploit)
|
||||
#debug: print_status("sent to unit_id #{counter} ")
|
||||
#debug: print_status("sent to unit_id #{counter} ")
|
||||
data = sock.get_once(12, datastore['TIMEOUT'])
|
||||
if (data.nil?)
|
||||
data=noll+noll+noll+noll
|
||||
|
|
@ -88,10 +80,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
if data[0,4] == "\x21\x00\x00\x00" #return of the same trans-id+proto-id
|
||||
print_good("Received: correct MODBUS/TCP from stationID #{counter}")
|
||||
else
|
||||
print_error("Received: incorrect/none data from stationID #{counter} (probably not in use)")
|
||||
print_status("Received: incorrect/none data from stationID #{counter} (probably not in use)")
|
||||
end
|
||||
disconnect()
|
||||
counter=counter + 1
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue