Mirror upstream PacketFu fix on ICMP size

2012-12-27 14:56:49 -06:00 · 2012-12-27 14:56:49 -06:00 · c695f429d5
parent 121353b360
commit c695f429d5
2 changed files with 5 additions and 2 deletions
--- a/lib/packetfu/packetfu/protos/icmp.rb
+++ b/lib/packetfu/packetfu/protos/icmp.rb
@ -124,7 +124,7 @@ module PacketFu
 		attr_accessor :eth_header, :ip_header, :icmp_header

 		def self.can_parse?(str)
-			return false unless str.size >= 54
+			return false unless str.size >= 38
 			return false unless EthPacket.can_parse? str
 			return false unless IPPacket.can_parse? str
 			return false unless str[23,1] == "\x01"
--- a/modules/auxiliary/server/icmp_exfil.rb
+++ b/modules/auxiliary/server/icmp_exfil.rb
@ -34,7 +34,7 @@ class Metasploit3 < Msf::Auxiliary
 			'References'  =>
 				[
 					# packetfu
-					['URL','http://code.google.com/p/packetfu/'],
+					['URL','https://github.com/todb/packetfu'],
 					# nping
 					['URL', 'http://nmap.org/book/nping-man.html'],
 					# simple icmp
@ -98,6 +98,7 @@ class Metasploit3 < Msf::Auxiliary

 	def icmp_listener
 		# start icmp listener
+		$stderr.puts "Starting for real"

 		print_status("ICMP Listener started on #{@interface} (#{@iface_ip}). Monitoring for trigger packet containing #{datastore['START_TRIGGER']}")
 		if datastore['FNAME_IN_PACKET']
@ -114,6 +115,8 @@ class Metasploit3 < Msf::Auxiliary
 			cap.stream.each do | pkt |
 				packet = PacketFu::Packet.parse(pkt)
 				data = packet.payload[4..-1]
+				$stderr.puts packet.inspect
+				$stderr.puts packet.inspect_hex

 				if packet.is_icmp? and data =~ /#{datastore['START_TRIGGER']}/
 					# start of new file detected