From 9456d264672fbe347d30771c8b708bbfa3209325 Mon Sep 17 00:00:00 2001 From: Matt Andreko Date: Thu, 9 Jan 2014 14:25:28 -0500 Subject: [PATCH] Added Scanner module for SerComm backdoor --- .../scanner/misc/sercomm_backdoor_scanner.rb | 52 +++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb diff --git a/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb b/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb new file mode 100644 index 0000000000..0f62cba6c1 --- /dev/null +++ b/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb @@ -0,0 +1,52 @@ +## +# This module requires Metasploit: http//metasploit.com/download +# Current source: https://github.com/rapid7/metasploit-framework +## + +require 'msf/core' + +class Metasploit3 < Msf::Auxiliary + + include Msf::Exploit::Remote::Tcp + include Msf::Auxiliary::Scanner + + def initialize(info={}) + super(update_info(info, + 'Name' => 'SerComm Network Device Backdoor Detection', + 'Description' => %q{ + This module can identify SerComm manufactured network devices which + contain a backdoor, allowing command injection or account disclosure. + }, + 'Author' => 'Matt "hostess" Andreko ', + 'License' => MSF_LICENSE + )) + + register_options([ + Opt::RPORT(32764) + ]) + end + + def run_host(ip) + + begin + connect + + sock.put(Rex::Text.rand_text(5)) + res = sock.get_once + + disconnect + + if (res && res.start_with?("MMcS")) + print_good("#{ip}:#{rport} - Possible backdoor detected - Big Endian") + elsif (res && res.start_with?("ScMM")) + print_good("#{ip}:#{rport} - Possible backdoor detected - Little Endian") + else + print_error("#{ip}:#{rport} - Backdoor not detected.") + end + + rescue Rex::ConnectionError => e + print_error("Connection failed: #{e.class}: #{e}") + end + + end +end