Commit the modified auxiliary modules to include a CHOST option so the relevant modules can avail of the new UDP pivoting.

git-svn-id: file:///home/svn/framework3/trunk@8432 4d416f70-5f16-0410-b530-b9f4589650da

modules/auxiliary/scanner/discovery/udp_sweep.rb

@@ -29,7 +29,8 @@ class Metasploit3 < Msf::Auxiliary
 
 		register_options(
 		[
-			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]),
+			Opt::CHOST,
+			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256])
 		], self.class)
 
 		# Intialize the probes array
@@ -62,29 +63,30 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = nil
 			idx = 0
 
-			# Create an unbound UDP socket
+		# Create an unbound UDP socket if no CHOST is specified, otherwise
-			udp_sock = Rex::Socket::Udp.create()
+		# create a UDP socket bound to CHOST (in order to avail of pivoting)
+		udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )
 
 			# Send each probe to each host
 			@probes.each do |probe|
-			batch.each   do |ip|
+				batch.each   do |ip|
-				begin
+					begin
-					data, port = self.send(probe, ip)
+						data, port = self.send(probe, ip)
-					udp_sock.sendto(data, ip, port, 0)
+						udp_sock.sendto(data, ip, port, 0)
-				rescue ::Interrupt
+					rescue ::Interrupt
-					raise $!
+						raise $!
-				rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused
+					rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::Rex::ConnectionRefused
-					nil
+						nil
-				end
-
-				if (idx % 30 == 0)
-					while (r = udp_sock.recvfrom(65535, 0.1) and r[1])
-						parse_reply(r)
 					end
+	
+					if (idx % 30 == 0)
+						while (r = udp_sock.recvfrom(65535, 0.1) and r[1])
+							parse_reply(r)
+						end
+					end
+	
+					idx += 1
 				end
-
-				idx += 1
-			end
 			end
 
 			while (r = udp_sock.recvfrom(65535, 3) and r[1])

modules/auxiliary/scanner/netbios/nbname.rb

@@ -29,6 +29,7 @@ class Metasploit3 < Msf::Auxiliary
 
 		register_options(
 		[
+		Opt::CHOST,
 			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]),
 			Opt::RPORT(137)
 		], self.class)
@@ -54,9 +55,10 @@ class Metasploit3 < Msf::Auxiliary
 		begin
 			udp_sock = nil
 			idx = 0
-
+		
-			# Create an unbound UDP socket
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
-			udp_sock = Rex::Socket::Udp.create()
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )
 
 			batch.each do |ip|
 				begin

modules/auxiliary/scanner/ntp/ntp_monlist.rb

@@ -30,6 +30,7 @@ class Metasploit3 < Msf::Auxiliary
 		register_options(
 		[
 			Opt::RPORT(123),
+			Opt::CHOST,
 			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256])
 		], self.class)
 
@@ -58,8 +59,9 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = nil
 			idx = 0
 
-			# Create an unbound UDP socket
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
-			udp_sock = Rex::Socket::Udp.create()
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )
 
 			# Try three times since NTP servers can be a bit busy
 			1.upto(3)  do

modules/auxiliary/scanner/sip/enumerator.rb

@@ -31,6 +31,7 @@ class Metasploit3 < Msf::Auxiliary
 			OptInt.new('PADLEN',   [true, 'Cero padding maximum length', 4]),
 			OptString.new('METHOD', [true, 'Enumeration method to use OPTIONS/REGISTER','REGISTER']),  		
 			Opt::RPORT(5060),
+			Opt::CHOST,
 			Opt::CPORT(5060)
 		], self.class)		
 	end
@@ -48,8 +49,14 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = nil
 			idx = 0
 			
-			# Create an unbound UDP socket
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
-			udp_sock = Rex::Socket::Udp.create('LocalPort' => datastore['CPORT'].to_i)
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create( 
+				{
+					'LocalHost' => datastore['CHOST'] || nil,
+					'LocalPort' => datastore['CPORT'].to_i
+				}
+			)
 
 			mini = datastore['MINEXT']
 			maxi = datastore['MAXEXT']

modules/auxiliary/scanner/sip/options.rb

@@ -32,6 +32,7 @@ class Metasploit3 < Msf::Auxiliary
 			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]),
 			OptString.new('TO',   [ false, "The destination username to probe at each host", "nobody"]),
 			Opt::RPORT(5060),
+			Opt::CHOST,
 			Opt::CPORT(5060)
 		], self.class)		
 	end
@@ -49,10 +50,15 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = nil
 			idx = 0
 			
-			# Create an unbound UDP socket
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
-			udp_sock = Rex::Socket::Udp.create('LocalPort' => datastore['CPORT'].to_i)
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create(
+				{
+					'LocalHost' => datastore['CHOST'] || nil,
+					'LocalPort' => datastore['CPORT'].to_i
+				}
+			)
 
-				
 			batch.each do |ip|
 				data = create_probe(ip)
 

modules/auxiliary/scanner/snmp/community.rb

@@ -29,6 +29,7 @@ class Metasploit3 < Msf::Auxiliary
 
 		register_options(
 		[
+			Opt::CHOST,
 			OptInt.new('BATCHSIZE', [true, 'The number of hosts to probe in each set', 256]),
 			OptPath.new('COMMUNITIES',   [ false, "The list of communities that should be attempted per host",
 					File.join(Msf::Config.install_root, "data", "wordlists", "snmp.txt")
@@ -67,8 +68,9 @@ class Metasploit3 < Msf::Auxiliary
 			udp_sock = nil
 			idx = 0
 
-			# Create an unbound UDP socket
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
-			udp_sock = Rex::Socket::Udp.create()
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
+			udp_sock = Rex::Socket::Udp.create( { 'LocalHost' => datastore['CHOST'] || nil } )
 
 			print_status(">> progress (#{batch[0]}-#{batch[-1]}) #{idx}/#{@comms.length * batch.length}...")
 			@comms.each do |comm|

modules/auxiliary/scanner/tftp/tftpbrute.rb

@@ -28,6 +28,7 @@ class Metasploit3 < Msf::Auxiliary
 		register_options(
 			[
 				Opt::RPORT(69),
+				Opt::CHOST,
 				OptPath.new('DICTIONARY', [ true, 'The list of filenames',
 					File.join(Msf::Config.install_root, "data", "wordlists", "tftp.txt") ])
 			], self.class)
@@ -35,14 +36,18 @@ class Metasploit3 < Msf::Auxiliary
 
 	def run_host(ip)
 		begin
-
+			
-			# Create an unbound UDP socket
+			# Create an unbound UDP socket if no CHOST is specified, otherwise
-			udp_sock = Rex::Socket::Udp.create(
+			# create a UDP socket bound to CHOST (in order to avail of pivoting)
-				'Context'   =>
+			udp_sock = Rex::Socket::Udp.create( 
-					{
+				{ 
-						'Msf'        => framework,
+					'LocalHost' => datastore['CHOST'] || nil,
-						'MsfExploit' => self,
+					'Context'   =>
-					}
+						{
+							'Msf'        => framework,
+							'MsfExploit' => self,
+						}
+				}
 			)
 
 			fd = File.open(datastore['DICTIONARY'], 'r')