github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-05 14:57:30 +01:00
Code Releases Activity

Code and doc tweaks (minor).

Browse Source 
Only one behavior change in the scan loop of zstumbler.rb to, when doing a scan across all the channels, keep it from retrying channel 11 again one last time just before it exits.
This commit is contained in:
Pearce Barry 2017-03-16 21:43:36 -05:00
parent 4e9b8946d8
commit 095a110e65
No known key found for this signature in database
GPG Key ID: 0916F4DEA5C5DE0A
6 changed files with 65 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
documentation/modules/post/hardware/zigbee/zstumbler.md
View File

@ -4,24 +4,24 @@ Actively scans the Zigbee channels by sending a beacon broadcast packet and list
**DEVICE**
Zigbee Device ID. Defaults to the target device that is specified via the target command or if
one device is presented when runnign 'supported_devices' it will use that device.
ZigBee Device ID. Defaults to the target device that is specified via the target command or if
one device is presented when running 'supported_devices' it will use that device.
**CHANNEL**
The Channel to scan. This will prevent the stumbler from changing channels. Range is 11-25
The channel to scan. Setting this options will prevent the stumbler from changing channels. Range is 11-26, inclusive. Default: not set
n
**LOOP**
How many times to loop over the channels. Specifying a -1 will loop forever. The default is once.
How many times to loop over the channels. Specifying a -1 will loop forever. Default: 1
**DELAY**
The delay in seconds to listen to each channel. The default is 2
The delay in seconds to listen to each channel. Default: 2
## Scenarios
Scanning channel 11 for other Zigbee devices in the area.
Scanning channel 11 for other ZigBee devices in the area.
```
hwbridge > run post/hardware/zigbee/zstumbler channel=11

86
lib/msf/core/post/hardware/zigbee/utils.rb
View File

@ -42,14 +42,27 @@ module Utils
DOT154_CRYPT_ENC_MIC64 = 0x06 #: Encryption, 64-bit MIC
DOT154_CRYPT_ENC_MIC128 = 0x07 #: Encryption, 128-bit MIC
# Infer if the current session is for a ZigBee device.
# @return [Boolean] true if session is for a ZigBee device, false otherwise
def is_zigbee_hwbridge_session?
return true if client.zigbee
print_error("Not a ZigBee hwbridge session")
false
end
# Verify if a device has been specified.
# @return [Boolean] true if device is specified, false otherwise
def verify_device(device)
return true if device
print_line("No target device set, use 'target' or specify bus via the options.")
false
end
# Retrieves the target Zigbee device. This is typically set by the user via the
# interactive HWBridge command line
# @return [String] Zigbee device ID
def get_target_device
if not client.zigbee
print_error("Not a Zigbee hwbridge session")
return
end
return unless is_zigbee_hwbridge_session?
return client.zigbee.get_target_device
end
@ -57,10 +70,7 @@ module Utils
# Instead the user is expected to set this via the interactive HWBridge commandline
# @param device [String] Zigbee device ID
def set_target_device(device)
if not client.zigbee
print_error("Not a Zigbee hwbridge session")
return
end
return unless is_zigbee_hwbridge_session?
client.zigbee.set_target_device device
end
@ -68,15 +78,9 @@ module Utils
# @param device [String] Zigbee device ID
# @param channel [Integer] Channel number, typically 11-25
def set_channel(device, channel)
if not client.zigbee
print_error("Not a Zigbee hwbridge session")
return {}
end
device = client.zigbee.target_device if not device
if not device
print_line("No target device set, use 'target' or specify bus via the options")
return {}
end
return {} unless is_zigbee_hwbridge_session?
device = client.zigbee.target_device unless device
return {} unless verify_device(device)
client.zigbee.set_channel(device, channel)
end
@ -84,15 +88,9 @@ module Utils
# @param device [String] Zigbee device ID
# @param data [String] Raw binary data sent as a string
def inject(device, data)
if not client.zigbee
print_error("Not a Zigbee hwbridge session")
return {}
end
device = client.zigbee.target_device if not device
if not device
print_line("No target device set, use 'target' or specify bus via the options")
return {}
end
return {} unless is_zigbee_hwbridge_session?
device = client.zigbee.target_device unless device
return {} unless verify_device(device)
client.zigbee.inject(device, data)
end
@ -100,45 +98,27 @@ module Utils
# @param device [String] Zigbee device ID
# @return [String] Binary blob of returned data
def recv(device)
if not client.zigbee
print_error("Not a Zigbee hwbridge session")
return {}
end
device = client.zigbee.target_device if not device
if not device
print_line("No target device set, use 'target' or specify bus via the options")
return {}
end
return {} unless is_zigbee_hwbridge_session?
device = client.zigbee.target_device unless device
return {} unless verify_device(device)
client.zigbee.recv(device)
end
# Turn off Zigbee receiving
# @param device [String] Zigbee device ID
def sniffer_off(device)
if not client.zigbee
print_error("Not a Zigbee hwbridge session")
return {}
end
device = client.zigbee.target_device if not device
if not device
print_line("No target device set, use 'target' or specify bus via the options")
return {}
end
return {} unless is_zigbee_hwbridge_session?
device = client.zigbee.target_device unless device
return {} unless verify_device(device)
client.zigbee.sniffer_off(device)
end
# Turn on Zigbee receiving
# @param device [String] Zigbee device ID
def sniffer_on(device)
if not client.zigbee
print_error("Not a Zigbee hwbridge session")
return {}
end
device = client.zigbee.target_device if not device
if not device
print_line("No target device set, use 'target' or specify bus via the options")
return {}
end
return {} unless is_zigbee_hwbridge_session?
device = client.zigbee.target_device unless device
return {} unless verify_device(device)
client.zigbee.sniffer_on(device)
end

2
lib/rex/post/hwbridge/ui/console/command_dispatcher/automotive.rb
View File

@ -63,7 +63,7 @@ class Console::CommandDispatcher::Automotive
def cmd_busconfig(*args)
bus = ''
bus_config_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-h' => [ false, 'Help banner' ],
'-b' => [ true, 'Target bus']
)
bus_config_opts.parse(args) do |opt, _idx, val|

21
lib/rex/post/hwbridge/ui/console/command_dispatcher/zigbee.rb
View File

@ -6,6 +6,7 @@ module Rex
module Post
module HWBridge
module Ui
###
# Zigbee extension - set of commands to be executed on Zigbee compatible devices
###
@ -18,7 +19,7 @@ class Console::CommandDispatcher::Zigbee
#
def commands
all = {
'supported_devices' => 'Get supported zigbee devices',
'supported_devices' => 'Get supported ZigBee devices',
'target' => 'Set the target device id',
'channel' => 'Set the channel'
}
@ -38,19 +39,19 @@ class Console::CommandDispatcher::Zigbee
#
def cmd_supported_devices
devices = client.zigbee.supported_devices
if not devices or not devices.has_key? "devices"
if !devices or !devices.has_key? "devices"
print_line("error retrieving list of devices")
return
end
devices = devices["devices"]
if not devices.size > 0
unless devices.size > 0
print_line("none")
return
end
set_target_device(devices[0]) if devices.size == 1
str = "Supported Devices: "
str += devices.join(', ')
str += "\nUse device name to set your desired device, default is: #{self.target_device}"
str << devices.join(', ')
str << "\nUse device name to set your desired device, default is: #{self.target_device}"
print_line(str)
end
@ -60,7 +61,7 @@ class Console::CommandDispatcher::Zigbee
def cmd_target(*args)
self.target_device = ""
device_opts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-h' => [ false, 'Help banner' ],
'-d' => [ true, 'Device ID' ]
)
device_opts.parse(args) do |opt, _idx, val|
@ -83,9 +84,9 @@ class Console::CommandDispatcher::Zigbee
chan = 11
dev = self.target_device if self.target_device
xopts = Rex::Parser::Arguments.new(
'-h' => [ false, 'Help Banner' ],
'-d' => [ true, 'Zigbee Device' ],
'-c' => [ true, 'channel number' ]
'-h' => [ false, 'Help banner' ],
'-d' => [ true, 'ZigBee device' ],
'-c' => [ true, 'Channel number' ]
)
xopts.parse(args) do |opt, _idx, val|
case opt
@ -99,7 +100,7 @@ class Console::CommandDispatcher::Zigbee
chan = val.to_i
end
end
if not dev
if !dev
print_line("You must specify or set a target device")
return
end

15
modules/post/hardware/zigbee/zstumbler.rb
View File

@ -13,7 +13,7 @@ class MetasploitModule < Msf::Post
def initialize(info={})
super( update_info( info,
'Name' => 'Sends Beacons to Scan for Active Zigbee Networks',
'Name' => 'Sends Beacons to Scan for Active ZigBee Networks',
'Description' => %q{ Post Module to send beacon signals to the broadcast address while
channel hopping},
'License' => MSF_LICENSE,
@ -22,10 +22,10 @@ class MetasploitModule < Msf::Post
'SessionTypes' => ['hwbridge']
))
register_options([
OptInt.new('CHANNEL', [false, "Disable channel hopping by forcing a channel", nil]),
OptInt.new('LOOP', [false, "How many times to loop over the channels. -1 is forever", 1]),
OptInt.new('CHANNEL', [false, "Disable channel hopping by forcing a channel (11-26)", nil]),
OptInt.new('LOOP', [false, "How many times to loop over the channels (-1 will run in an endless loop)", 1]),
OptInt.new('DELAY', [false, "Delay in seconds to listen on each channel", 2]),
OptString.new('DEVICE', [false, "Zigbee device ID, defaults to target device", nil])
OptString.new('DEVICE', [false, "ZigBee device ID, defaults to target device", nil])
], self.class)
@seq = 0
@channel = 11
@ -55,8 +55,6 @@ class MetasploitModule < Msf::Post
end
def scan
@loop_count += 1 if @channel > 26 or datastore["CHANNEL"]
@channel = 11 if @channel > 26
@seq = 0 if @seq > 255
print_status("Scanning Channel #{@channel}")
set_channel(datastore["DEVICE"], @channel)
@ -80,14 +78,17 @@ class MetasploitModule < Msf::Post
sniffer_off(datastore["DEVICE"]) # Needed to clear receive buffers
@seq += 1
@channel += 1 if not datastore["CHANNEL"]
@loop_count += 1 if @channel > 26 or datastore["CHANNEL"]
@channel = 11 if @channel > 26
end
def run
if not get_target_device and not datastore["DEVICE"]
print_error "No target device set. Either set one with the 'target' command or specify the DEVICE"
print_error "No target device set. Either set one with the 'target' command or specify the DEVICE."
return
end
@channel = datastore["CHANNEL"] if datastore["CHANNEL"]
@channel = 11 if @channel > 26
if datastore["LOOP"] == -1
while(1) do
scan

10
tools/hardware/killerbee_msfrelay
View File

@ -1,4 +1,4 @@
#!/usr/bin/python
#!/usr/bin/env python
# KillerBee Metasploit relay server
import re
@ -171,7 +171,7 @@ class MSFHandler(BaseHTTPRequestHandler):
class Killerbee_MSFRelay(cmd.Cmd):
intro = """
Killerbee Metasploit Relay
KillerBee Metasploit Relay
"""
def __init__(self, ip='0.0.0.0', port=8080):
@ -191,7 +191,7 @@ class Killerbee_MSFRelay(cmd.Cmd):
try:
self._sock = HTTPServer((self._ip, self._port), MSFHandler)
starttime = int(time.time())
print("Killerbee MSFRelay running.")
print("KillerBee MSFRelay running.")
self._sock.serve_forever()
except KeyboardInterrupt:
self._sock.socket.close()
@ -236,13 +236,13 @@ if __name__ == "__main__":
if len(devs) > 0:
dev_found = True
elif not wait_msg:
print("Insert Killerbee compatible Zigbee device. (You may need to add permissions)")
print("Insert KillerBee compatible ZigBee device. (You may need to add permissions)")
wait_msg = True
except KeyboardInterrupt:
sys.exit()
except:
if not wait_msg:
print("Insert Killerbee compatible Zigbee device. (You may need to add permissions)")
print("Insert KillerBee compatible ZigBee device. (You may need to add permissions)")
wait_msg = True
beerelay = Killerbee_MSFRelay(ip, port)