Fix up the stored banner for SMTP
git-svn-id: file:///home/svn/framework3/trunk@8661 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
parent
be0fc489b1
commit
2cbf64b85a
|
@ -11,7 +11,7 @@ require 'msf/core/exploit/tcp'
|
|||
module Exploit::Remote::Smtp
|
||||
|
||||
include Exploit::Remote::Tcp
|
||||
|
||||
|
||||
#
|
||||
# Creates an instance of an SMTP exploit module.
|
||||
#
|
||||
|
@ -27,7 +27,7 @@ module Exploit::Remote::Smtp
|
|||
OptString.new('MAILTO', [ true, 'TO address of the e-mail', 'human@ahhhzombies111.net']),
|
||||
], Msf::Exploit::Remote::Smtp)
|
||||
register_autofilter_ports([ 25, 465, 587, 2525, 25025, 25000])
|
||||
register_autofilter_services(%W{ smtp smtps})
|
||||
register_autofilter_services(%W{ smtp smtps})
|
||||
end
|
||||
|
||||
#
|
||||
|
@ -36,21 +36,16 @@ module Exploit::Remote::Smtp
|
|||
# message is read in and stored in the 'banner' attribute.
|
||||
#
|
||||
def connect(global = true)
|
||||
print_status("Connecting to SMTP server #{rhost}:#{rport}...")
|
||||
|
||||
fd = super
|
||||
|
||||
# Wait for a banner to arrive...
|
||||
self.banner = fd.get_once
|
||||
|
||||
print_status("Connected to target SMTP server.")
|
||||
print_status("Banner: #{self.banner.split("\n")[0].strip}")
|
||||
# Wait for a banner to arrive...
|
||||
self.banner = fd.get_once(-1, 30)
|
||||
# Return the file descriptor to the caller
|
||||
fd
|
||||
end
|
||||
|
||||
#
|
||||
# Connect to the remote SMTP server, and begin a DATA transfer
|
||||
# Connect to the remote SMTP server, and begin a DATA transfer
|
||||
#
|
||||
def connect_login(global = true)
|
||||
smtpsock = connect(global)
|
||||
|
@ -59,10 +54,10 @@ module Exploit::Remote::Smtp
|
|||
raw_send_recv("MAIL FROM: #{datastore['MAILFROM']}\r\n")
|
||||
raw_send_recv("RCPT TO: #{datastore['MAILTO']}\r\n")
|
||||
raw_send_recv("DATA\r\n")
|
||||
|
||||
|
||||
return true
|
||||
end
|
||||
|
||||
|
||||
#
|
||||
# This method transmits an IMAP command and waits for a response. If one is
|
||||
# received, it is returned to the caller.
|
||||
|
@ -83,3 +78,4 @@ protected
|
|||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
##
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# This file is part of the Metasploit Framework and may be subject to
|
||||
# redistribution and commercial restrictions. Please see the Metasploit
|
||||
# Framework web site for more information on licensing and terms of use.
|
||||
# http://metasploit.com/framework/
|
||||
|
@ -26,33 +26,19 @@ class Metasploit3 < Msf::Auxiliary
|
|||
'License' => MSF_LICENSE
|
||||
)
|
||||
deregister_options('MAILFROM', 'MAILTO')
|
||||
|
||||
end
|
||||
|
||||
def run_host(target_host)
|
||||
|
||||
def run_host(ip)
|
||||
begin
|
||||
|
||||
res = connect(true)
|
||||
|
||||
if res
|
||||
report_note(
|
||||
:host => target_host,
|
||||
:proto => 'SMTP',
|
||||
:port => rport,
|
||||
:type => 'BANNER',
|
||||
:data => banner.strip!
|
||||
)
|
||||
|
||||
print_status("#{target_host}:#{rport} is running (#{banner})")
|
||||
|
||||
res = connect
|
||||
banner_sanitized = banner.to_s.gsub(/[\x00-\x19\x7f-\xff]/) { |s| "\\x%02x" % s[0,1].unpack("C")[0] }
|
||||
print_status("#{ip}:#{rport} SMTP #{banner_sanitized}")
|
||||
report_service(:host => rhost, :port => rport, :name => "smtp", :info => banner)
|
||||
rescue ::Rex::ConnectionError
|
||||
rescue ::Exception => e
|
||||
print_error("#{rhost}:#{rport} #{e} #{e.backtrace}")
|
||||
end
|
||||
|
||||
disconnect
|
||||
|
||||
rescue ::Interrupt
|
||||
raise $!
|
||||
rescue ::Rex::ConnectionError, ::IOError
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue