* add request fragmentation as an IDS evasion

git-svn-id: file:///home/svn/incoming/trunk@3563 4d416f70-5f16-0410-b530-b9f4589650da
2006-03-08 19:14:10 +00:00 · 2006-03-08 19:14:10 +00:00 · 1f9b1d3806
parent 223d22c2e6
commit 1f9b1d3806
1 changed files with 12 additions and 2 deletions
--- a/lib/msf/core/exploit/sunrpc.rb
+++ b/lib/msf/core/exploit/sunrpc.rb
@ -17,10 +17,16 @@ module Exploit::Remote::SunRPC

 	def initialize(info = {})
 		super
-	
+
+		register_evasion_options(
+			[
+				OptBool.new('ONCRPC::tcp_request_fragmentation', [false, 'Enable fragmentation of TCP ONC/RPC requests', 'false']),
+			], Msf::Exploit::Remote::SunRPC
+		)
+
+
 		register_advanced_options(
 			[
-# XXX: Frags...
 # XXX: Use portmapper to do call
 			], Msf::Exploit::Remote::SunRPC)

@ -35,6 +41,10 @@ module Exploit::Remote::SunRPC

 	def sunrpc_create(protocol, program, version)
 		self.rpcobj = Rex::Proto::SunRPC::Client.new(datastore['RHOST'], datastore['RPORT'], protocol, program, version)
+		if datastore['ONCRPC::tcp_request_fragmentation'] == true
+			self.rpcobj.should_fragment = 1
+		end
+
 #		if datastore['XPORT']
 #			rpcobj.pport = datastore['XPORT']
 #		else