Commit the modified auxiliary modules to include a CHOST option so the relevant modules can avail of the new UDP pivoting.

git-svn-id: file:///home/svn/framework3/trunk@8432 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-09 16:47:38 +00:00 · 2010-02-09 16:47:38 +00:00 · a03b7c3feb
parent 6335fde3e1
commit a03b7c3feb
7 changed files with 65 additions and 39 deletions
--- a/modules/auxiliary/scanner/discovery/udp_sweep.rb
+++ b/modules/auxiliary/scanner/discovery/udp_sweep.rb
@ -29,7 +29,8 @@ class Metasploit3 < Msf::Auxiliary

 		register_options(
 		[
-			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]),
+			Opt::CHOST,
+			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256])
 		], self.class)

 		# Intialize the probes array
@ -62,29 +63,30 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = nil
 			idx = 0

-			# Create an unbound UDP socket
-			udp_sock = Rex::Socket::Udp.create()
+		# Create an unbound UDP socket if no CHOST is specified, otherwise
+		# create a UDP socket bound to CHOST (in order to avail of pivoting)
+		udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )

 			# Send each probe to each host
 			@probes.each do |probe|
-			batch.each   do |ip|
-				begin
-					data, port = self.send(probe, ip)
-					udp_sock.sendto(data, ip, port, 0)
-				rescue ::Interrupt
-					raise $!
-				rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused
-					nil
-				end
-
-				if (idx % 30 == 0)
-					while (r = udp_sock.recvfrom(65535, 0.1) and r[1])
-						parse_reply(r)
+				batch.each   do |ip|
+					begin
+						data, port = self.send(probe, ip)
+						udp_sock.sendto(data, ip, port, 0)
+					rescue ::Interrupt
+						raise $!
+					rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused
+						nil
 					end
+	
+					if (idx % 30 == 0)
+						while (r = udp_sock.recvfrom(65535, 0.1) and r[1])
+							parse_reply(r)
+						end
+					end
+	
+					idx += 1
 				end
-
-				idx += 1
-			end
 			end

 			while (r = udp_sock.recvfrom(65535, 3) and r[1])
--- a/modules/auxiliary/scanner/netbios/nbname.rb
+++ b/modules/auxiliary/scanner/netbios/nbname.rb
@ -29,6 +29,7 @@ class Metasploit3 < Msf::Auxiliary

 		register_options(
 		[
+		Opt::CHOST,
 			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]),
 			Opt::RPORT(137)
 		], self.class)
@ -54,9 +55,10 @@ class Metasploit3 < Msf::Auxiliary
 		begin
 			udp_sock = nil
 			idx = 0
-
-			# Create an unbound UDP socket
-			udp_sock = Rex::Socket::Udp.create()
+		
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )

 			batch.each do |ip|
 				begin
--- a/modules/auxiliary/scanner/ntp/ntp_monlist.rb
+++ b/modules/auxiliary/scanner/ntp/ntp_monlist.rb
@ -30,6 +30,7 @@ class Metasploit3 < Msf::Auxiliary
 		register_options(
 		[
 			Opt::RPORT(123),
+			Opt::CHOST,
 			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256])
 		], self.class)

@ -58,8 +59,9 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = nil
 			idx = 0

-			# Create an unbound UDP socket
-			udp_sock = Rex::Socket::Udp.create()
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )

 			# Try three times since NTP servers can be a bit busy
 			1.upto(3)  do
--- a/modules/auxiliary/scanner/sip/enumerator.rb
+++ b/modules/auxiliary/scanner/sip/enumerator.rb
@ -31,6 +31,7 @@ class Metasploit3 < Msf::Auxiliary
 			OptInt.new('PADLEN',   [true, 'Cero padding maximum length', 4]),
 			OptString.new('METHOD', [true, 'Enumeration method to use OPTIONS/REGISTER','REGISTER']),  		
 			Opt::RPORT(5060),
+			Opt::CHOST,
 			Opt::CPORT(5060)
 		], self.class)		
 	end
@ -48,8 +49,14 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = nil
 			idx = 0
 			
-			# Create an unbound UDP socket
-			udp_sock = Rex::Socket::Udp.create('LocalPort' => datastore['CPORT'].to_i)
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create( 
+				{
+					'LocalHost' => datastore['CHOST'] || nil,
+					'LocalPort' => datastore['CPORT'].to_i
+				}
+			)

 			mini = datastore['MINEXT']
 			maxi = datastore['MAXEXT']
--- a/modules/auxiliary/scanner/sip/options.rb
+++ b/modules/auxiliary/scanner/sip/options.rb
@ -32,6 +32,7 @@ class Metasploit3 < Msf::Auxiliary
 			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]),
 			OptString.new('TO',   [ false, "The destination username to probe at each host", "nobody"]),
 			Opt::RPORT(5060),
+			Opt::CHOST,
 			Opt::CPORT(5060)
 		], self.class)		
 	end
@ -49,10 +50,15 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = nil
 			idx = 0
 			
-			# Create an unbound UDP socket
-			udp_sock = Rex::Socket::Udp.create('LocalPort' => datastore['CPORT'].to_i)
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create(
+				{
+					'LocalHost' => datastore['CHOST'] || nil,
+					'LocalPort' => datastore['CPORT'].to_i
+				}
+			)

-				
 			batch.each do |ip|
 				data = create_probe(ip)

--- a/modules/auxiliary/scanner/snmp/community.rb
+++ b/modules/auxiliary/scanner/snmp/community.rb
@ -29,6 +29,7 @@ class Metasploit3 < Msf::Auxiliary

 		register_options(
 		[
+			Opt::CHOST,
 			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]),
 			OptPath.new('COMMUNITIES',   [ false, "The list of communities that should be attempted per host",
 					File.join(Msf::Config.install_root, "data", "wordlists", "snmp.txt")
@ -67,8 +68,9 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = nil
 			idx = 0

-			# Create an unbound UDP socket
-			udp_sock = Rex::Socket::Udp.create()
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )

 			print_status(">> progress (#{batch[0]}-#{batch[-1]}) #{idx}/#{@comms.length * batch.length}...")
 			@comms.each do |comm|
--- a/modules/auxiliary/scanner/tftp/tftpbrute.rb
+++ b/modules/auxiliary/scanner/tftp/tftpbrute.rb
@ -28,6 +28,7 @@ class Metasploit3 < Msf::Auxiliary
 		register_options(
 			[
 				Opt::RPORT(69),
+				Opt::CHOST,
 				OptPath.new('DICTIONARY', [ true, 'The list of filenames',
 					File.join(Msf::Config.install_root, "data", "wordlists", "tftp.txt") ])
 			], self.class)
@ -35,14 +36,18 @@ class Metasploit3 < Msf::Auxiliary

 	def run_host(ip)
 		begin
-
-			# Create an unbound UDP socket
-			udp_sock = Rex::Socket::Udp.create(
-				'Context'   =>
-					{
-						'Msf'        => framework,
-						'MsfExploit' => self,
-					}
+			
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create( 
+				{ 
+					'LocalHost' => datastore['CHOST'] || nil,
+					'Context'   =>
+						{
+							'Msf'        => framework,
+							'MsfExploit' => self,
+						}
+				}
 			)

 			fd = File.open(datastore['DICTIONARY'], 'r')