Adds antoine's tftp brute forcer

git-svn-id: file:///home/svn/framework3/trunk@6667 4d416f70-5f16-0410-b530-b9f4589650da
2009-06-17 20:52:47 +00:00 · 2009-06-17 20:52:47 +00:00 · c72263e9c3
parent 5fb2b95190
commit c72263e9c3
2 changed files with 132 additions and 0 deletions
--- a/data/wordlists/tftp.txt
+++ b/data/wordlists/tftp.txt
@ -0,0 +1,78 @@
+000000000000.cfg
+000000000000-directory~.xml
+323tosip1_1.bin
+4601_02_readme_R2_3.txt
+4601dbte1_82.bin
+4602_02SWSIPreadme_R1_1.txt
+4602dbte1_82.bin
+4602sbte1_82.bin
+4610_20_readme_R2_3.txt
+4610_20_readme_SIP_R2_2.txt
+4624_12_06readme_1_8_3.txt
+4625_readme_2_5.txt
+4690_010707.bin
+4690_readme_1_7_7.txt
+46xxreadme_111405.txt
+46xxsettings.txt
+46xxupgrade.scr
+a01d01b2_3.bin
+a02d01b2_3.bin
+a10d01b2_3.bin
+a20d01a2_3.bin
+a20d01b2_3.bin
+a25d01a2_5.bin
+b01d01b2_3.bin
+b02d01b2_3.bin
+b10d01b2_3.bin
+b20d01a2_3.bin
+b20d01b2_3.bin
+b25d01a2_5.bin
+bbla0_83.bin
+bootrom.ld
+cisco_util
+CP7912010301SIP050608A.sbin
+cvt01_2_3.bin
+cvt02_2_3.bin
+cvt02sw_2_3.bin
+def06r1_8_3.bin
+def24r1_8_3.bin
+dialplan.xml
+gkdefault.cfg
+infrared.txt
+merlin2.pcm
+OS79XX.TXT
+P003-07-5-00.bin
+P003-07-5-00.sbn
+P0S3-07-5-00.bin
+P0S3-07-5-00.loads
+P0S3-07-5-00.sb2
+phbook00e011010455.txt
+phone1.cfg
+release.xml
+RINGLIST.DAT
+s10d01b2_2.bin
+s20d01b2_2.bin
+SEP000F34118045.cnf
+SEP001562EA69E8.cnf
+SEPDefault.cnf
+SIP000F34118045.cnf
+SIPinsertMAChere.cnf
+SIPinsertMAChere.cnf
+sip_4602ap1_1.ebin
+sip_4602bt1_1.ebin
+sip_4602D01A.txt
+sip_4602D02A.txt
+sip.cfg
+SIPDefault.cnf
+sip.ld
+sipto323_1_1.ebin
+sip.ver
+SoundPointIPLocalization
+SoundPointIPWelcome.wav
+syncinfo.xml
+test
+test.txt
+uip200_463enc.pac
+uniden00e011030397.txt
+unidencom.txt
+XMLDefault.cnf.xml
--- a/modules/auxiliary/scanner/tftp/tftpbrute.rb
+++ b/modules/auxiliary/scanner/tftp/tftpbrute.rb
@ -0,0 +1,54 @@
+##
+# $Id$
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# Framework web site for more information on licensing and terms of use.
+# http://metasploit.com/projects/Framework/
+##
+
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Auxiliary
+
+	include Msf::Auxiliary::Scanner
+
+	def initialize
+		super(
+			'Name'        => 'TFTP Brute Forcer',
+			'Description' => 'This module is a TFTP filename Brute Forcer.',
+			'Author'      => 'antoine',
+			'Version'     => '$Revision$',
+			'License'     => BSD_LICENSE
+		)
+
+		register_options(
+			[
+				Opt::RPORT(69),
+				OptPath.new('DICTIONARY', [ true, 'The list of filenames', File.join(Msf::Config.install_root, "data", "wordlists", "tftp.txt") ])
+			], self.class)
+	end
+
+	def run_host(ip)
+		begin
+			udp_sock = Rex::Socket::Udp.create()
+			IO.foreach(datastore['DICTIONARY']) do |filename|
+				filename.chomp!
+				pkt = "\x00\x01" + filename + "\x00" + "netascii" + "\x00"
+				udp_sock.sendto(pkt, ip, rport)
+				resp = udp_sock.get(1)
+				if resp and resp.length >= 2 and resp[0, 2] == "\x00\x03"
+					print_status("Found #{filename} on #{ip}")
+				end
+			end
+		rescue
+		ensure
+			udp_sock.close
+		end
+	end
+
+end
+