Working version
parent
1ec231c28d
commit
c4fc2132d8
|
@ -31,19 +31,12 @@ class Metasploit3 < Msf::Post
|
|||
[
|
||||
OptAddress.new('TARGET' , [ true, 'Destination IP address.']),
|
||||
OptString.new('PORTS', [true, 'Ports to test (e.g. 80,443,100-110).','80,443']),
|
||||
OptInt.new('TIMEOUT', [true, 'Timeout for the ICMP socket.', 500]),
|
||||
OptInt.new('THREADS' , [true, 'Number of simultaneous threads/connections to try.','20']),
|
||||
], self.class)
|
||||
end
|
||||
|
||||
def tcp_setup
|
||||
handler = client.railgun.ws2_32.socket('AF_INET', 'SOCK_STREAM', 'IPPROTO_TCP')
|
||||
if handler['GetLastError'] == 0
|
||||
vprint_status('TCP socket created successfully')
|
||||
return handler
|
||||
else
|
||||
print_error("There was an error setting the TCP socket; GetLastError: #{handler['GetLastError']}")
|
||||
return nil
|
||||
end
|
||||
client.railgun.ws2_32.socket('AF_INET', 'SOCK_STREAM', 'IPPROTO_TCP')
|
||||
end
|
||||
|
||||
def connections(remote, dst_port, h_tcp)
|
||||
|
@ -56,23 +49,71 @@ class Metasploit3 < Msf::Post
|
|||
|
||||
def run
|
||||
session.railgun.ws2_32
|
||||
h_tcp = tcp_setup
|
||||
successful = []
|
||||
|
||||
remote = datastore['TARGET']
|
||||
to = datastore['TIMEOUT']
|
||||
|
||||
thread_num = datastore['THREADS']
|
||||
ports = Rex::Socket.portspec_crack(datastore['PORTS'])
|
||||
ports.each do |dport|
|
||||
print_status("Connecting to #{remote}:#{dport}")
|
||||
r = connections(remote, dport, h_tcp['return'])
|
||||
if r['GetLastError'] == 0
|
||||
print_status('TCP socket created successfully')
|
||||
else
|
||||
print_error("There was an error setting the TCP socket; GetLastError: #{r['GetLastError']}")
|
||||
end
|
||||
|
||||
workload_ports = []
|
||||
workload_cycle = 0
|
||||
completed_cycle = false
|
||||
|
||||
# Now we need to divvy up the ports into pots for each thread
|
||||
while(not ports.nil? and not ports.empty?) do
|
||||
|
||||
# If that group hasn't had its own ports array yet, give it some
|
||||
workload_ports[workload_cycle] = [] if workload_ports[workload_cycle].nil?
|
||||
|
||||
# Add the port to the array to test
|
||||
workload_ports[workload_cycle] << ports.shift
|
||||
|
||||
# Now increase the cycle until it goes above threads
|
||||
workload_cycle = workload_cycle + 1
|
||||
if workload_cycle > thread_num
|
||||
completed_cycle = true
|
||||
workload_cycle = 0
|
||||
end
|
||||
|
||||
end
|
||||
client.railgun.ws2_32.closesocket(h_tcp['return'])
|
||||
return 0
|
||||
|
||||
if completed_cycle == false and thread_num > workload_cycle
|
||||
thread_num = workload_cycle
|
||||
print_status("Reduced threads to #{thread_num} because there is not enough work for the remaining threads.")
|
||||
else
|
||||
print_status("Number of threads: #{thread_num}")
|
||||
end
|
||||
|
||||
print_status("Generating traffic to #{remote}...")
|
||||
|
||||
a = []
|
||||
0.upto(thread_num-1) do |num|
|
||||
a << framework.threads.spawn("Module(#{self.refname})", false, workload_ports[num]) do |portlist|
|
||||
h_tcp = tcp_setup
|
||||
if h_tcp['return'] == 0
|
||||
print_error("[#{num}] Error setting up socket for #{remote}; Error: #{h_tcp['GetLastError']}")
|
||||
break
|
||||
else
|
||||
print_status("[#{num}] Set up socket for #{remote}; Handle: #{h_tcp['return']}")
|
||||
end
|
||||
|
||||
portlist.each do |dport|
|
||||
vprint_status("[#{num}] Connecting to #{remote}:#{dport}")
|
||||
r = connections(remote, dport, h_tcp['return'])
|
||||
if r['GetLastError'] == 0
|
||||
vprint_status("[#{num}] Connection made successfully #{dport}")
|
||||
successful << dport
|
||||
else
|
||||
vprint_status("[#{num}] There was an error setting the TCP socket (port #{dport}) Error: #{r['GetLastError']}")
|
||||
end
|
||||
end
|
||||
client.railgun.ws2_32.closesocket(h_tcp['return'])
|
||||
end
|
||||
end
|
||||
a.map { |x| x.join }
|
||||
|
||||
print_status("Traffic generation to #{remote} completed.")
|
||||
return 0
|
||||
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue