github/metasploit-framework
1
Fork 0
mirror of https://github.com/rapid7/metasploit-framework synced 2024-11-12 11:52:01 +01:00
Code Releases Activity

DNS and SNMP decoding

Browse Source 
git-svn-id: file:///home/svn/framework3/trunk@3841 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
HD Moore 2006-08-24 05:37:40 +00:00
parent 66b99d69ae
commit d38e41e96b
1 changed files with 93 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
modules/auxiliary/scanner/discovery/sweep_udp.rb
View File

@ -101,10 +101,23 @@ class Auxiliary::Scanner::Discovery::SweepUDP < Msf::Auxiliary
case pkt[2] case pkt[2]
when 53 when 53
app = 'DNS' app = 'DNS'
ver = nil
if (not ver and pkt[0] =~ /([6789]\.[\w\.\-_\:\(\)\[\]\/\=\+\|\{\}]+)/i)
ver = 'BIND ' + $1
end
ver = 'Microsoft' if (not ver and pkt[0][2,4] == "\x81\x04\x00\x01")
ver = 'TinyDNS' if (not ver and pkt[0][2,4] == "\x81\x81\x00\x01")
ver = pkt[0].unpack('H*')[0] if not ver
inf = ver if ver
when 137 when 137
app = 'NetBIOS' app = 'NetBIOS'
# inf = pkt[0].unpack('H*')[0]
when 111 when 111
app = 'Portmap' app = 'Portmap'
# inf = pkt[0].unpack('H*')[0]
when 1434 when 1434
app = 'SQL Server' app = 'SQL Server'
mssql_ping_parse(pkt[0]).each_pair { |k,v| mssql_ping_parse(pkt[0]).each_pair { |k,v|
@ -113,6 +126,15 @@ class Auxiliary::Scanner::Discovery::SweepUDP < Msf::Auxiliary
when 161 when 161
app = 'SNMP' app = 'SNMP'
begin
asn = ASNData.new(pkt[0])
inf = asn.access("L0.L0.L0.L0.V1.value")
if (inf)
inf.gsub!(/\r|\n/, ' ')
inf.gsub!(/\s+/, ' ')
end
rescue ::Exception
end
when 5093 when 5093
app = 'Sentinel' app = 'Sentinel'
end end
@ -121,6 +143,75 @@ class Auxiliary::Scanner::Discovery::SweepUDP < Msf::Auxiliary
end end
#
# Parse a asn1 buffer into a hash tree
#
class ASNData < Hash
def initialize(data)
_parse_asn1(data, self)
end
def _parse_asn1(data, tree)
x = 0
while (data.length > 0)
t = data[0]
l = data[1]
i = 2
if (l > 0x7f)
lb = l - 0x80
l = (("\x00" * (4-lb)) + data[i, lb]).unpack('N')[0]
i += lb
end
buff = data[i, l]
tree[:v] ||= []
tree[:l] ||= []
case t
when 0x00...0x29
tree[:v] << [t, buff]
else
tree[:l][x] ||= ASNData.new(buff)
x += 1
end
data = data[i + l, data.length - l]
end
end
def access(desc)
path = desc.split('.')
node = self
path.each_index do |i|
case path[i]
when /^V(\d+)$/
if (node[:v] and node[:v][$1.to_i])
node = node[:v][$1.to_i]
next
else
return nil
end
when /^L(\d+)$/
if (node[:l] and node[:l][$1.to_i])
node = node[:l][$1.to_i]
next
else
return nil
end
when 'type'
return (node and node[0]) ? node[0] : nil
when 'value'
return (node and node[1]) ? node[1] : nil
else
return nil
end
end
return node
end
end
# #
# Parse a 'ping' response and format as a hash # Parse a 'ping' response and format as a hash
# #
@ -151,8 +242,8 @@ class Auxiliary::Scanner::Discovery::SweepUDP < Msf::Auxiliary
def probe_pkt_dns(ip) def probe_pkt_dns(ip)
data = [rand(0xffff)].pack('n') + data = [rand(0xffff)].pack('n') +
"\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00"+ "\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00"+
"\x07"+ "PROBER!"+ "\x07"+ "VERSION"+
"\x04"+ "TEST"+ "\x04"+ "BIND"+
"\x00\x00\x10\x00\x03" "\x00\x00\x10\x00\x03"
return [data, 53] return [data, 53]