From df52bfaa4f770367890115a4dc3ae8ebf04ca531 Mon Sep 17 00:00:00 2001 From: Tod Beardsley Date: Wed, 27 Jul 2011 20:21:47 +0000 Subject: [PATCH] Ensure that we check for pcaprub before doing much anything else for those modules that actually require it. In some cases, that means moving open_pcap() up to be the first method call, in others, insert check_pcaprub_loaded first. Also removes a few cases of redundant checking (the Capture mixin does all this already anyway). git-svn-id: file:///home/svn/framework3/trunk@13381 4d416f70-5f16-0410-b530-b9f4589650da --- modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb | 2 +- modules/auxiliary/dos/mdns/avahi_portzero.rb | 4 ++-- modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb | 4 ++-- modules/auxiliary/dos/ssl/dtls_changecipherspec.rb | 2 +- modules/auxiliary/dos/wireshark/chunked.rb | 3 +-- modules/auxiliary/dos/wireshark/ldap.rb | 4 ++-- modules/auxiliary/scanner/discovery/arp_sweep.rb | 5 +---- modules/auxiliary/scanner/discovery/ipv6_neighbor.rb | 5 ++--- modules/auxiliary/scanner/ip/ipidseq.rb | 8 -------- modules/auxiliary/scanner/portscan/ack.rb | 9 --------- modules/auxiliary/scanner/portscan/syn.rb | 9 --------- modules/auxiliary/scanner/portscan/xmas.rb | 9 --------- modules/auxiliary/scanner/rogue/rogue_recv.rb | 2 +- modules/auxiliary/sniffer/psnuffle.rb | 1 + modules/auxiliary/spoof/arp/arp_poisoning.rb | 2 +- modules/auxiliary/spoof/dns/bailiwicked_domain.rb | 1 + modules/auxiliary/spoof/dns/bailiwicked_host.rb | 2 ++ modules/auxiliary/spoof/nbns/nbns_response.rb | 1 + modules/auxiliary/spoof/replay/pcap_replay.rb | 1 + .../exploits/multi/misc/wireshark_lwres_getaddrbyname.rb | 1 + .../multi/misc/wireshark_lwres_getaddrbyname_loop.rb | 1 + modules/exploits/windows/misc/wireshark_packet_dect.rb | 1 + 22 files changed, 23 insertions(+), 54 deletions(-) diff --git a/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb b/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb index 28e385b42d..b8bdf80f38 100644 --- a/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb +++ b/modules/auxiliary/dos/dhcp/isc_dhcpd_clientid.rb @@ -49,8 +49,8 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("Creating DHCP Request with 0-length ClientID") open_pcap + print_status("Creating DHCP Request with 0-length ClientID") p = PacketFu::UDPPacket.new p.ip_daddr = "255.255.255.255" p.udp_sport = 68 diff --git a/modules/auxiliary/dos/mdns/avahi_portzero.rb b/modules/auxiliary/dos/mdns/avahi_portzero.rb index ba20687244..bef7c90ad6 100644 --- a/modules/auxiliary/dos/mdns/avahi_portzero.rb +++ b/modules/auxiliary/dos/mdns/avahi_portzero.rb @@ -40,10 +40,10 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("Sending to #{rhost}") - open_pcap + print_status("Sending to #{rhost}") + p = PacketFu::UDPPacket.new p.ip_saddr = "0.0.0.0" p.ip_daddr = rhost diff --git a/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb b/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb index 54041ff079..bea76942ca 100644 --- a/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb +++ b/modules/auxiliary/dos/ntp/ntpd_reserved_dos.rb @@ -51,10 +51,10 @@ class Metasploit3 < Msf::Auxiliary end def run_host(ip) - print_status("Sending a mode 7 packet to host #{ip} from #{datastore['LHOST']}") - open_pcap + print_status("Sending a mode 7 packet to host #{ip} from #{datastore['LHOST']}") + p = PacketFu::UDPPacket.new p.ip_saddr = datastore['LHOST'] p.ip_daddr = ip diff --git a/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb b/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb index d7ff054c85..f3846b29c6 100644 --- a/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb +++ b/modules/auxiliary/dos/ssl/dtls_changecipherspec.rb @@ -40,8 +40,8 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("Creating DTLS ChangeCipherSpec Datagram...") open_pcap + print_status("Creating DTLS ChangeCipherSpec Datagram...") p = PacketFu::UDPPacket.new p.ip_daddr = datastore['RHOST'] p.ip_src = rand(0x100000000) diff --git a/modules/auxiliary/dos/wireshark/chunked.rb b/modules/auxiliary/dos/wireshark/chunked.rb index ce3fc0d30e..09101f28ce 100644 --- a/modules/auxiliary/dos/wireshark/chunked.rb +++ b/modules/auxiliary/dos/wireshark/chunked.rb @@ -43,11 +43,10 @@ class Metasploit3 < Msf::Auxiliary end def run + open_pcap print_status("Sending packet to #{rhost}") - open_pcap - p = PacketFu::TCPPacket.new p.ip_saddr = datastore['SHOST'] || Rex::Socket.source_address(rhost) p.ip_daddr = dhost diff --git a/modules/auxiliary/dos/wireshark/ldap.rb b/modules/auxiliary/dos/wireshark/ldap.rb index e720c37fd7..37c69802ab 100644 --- a/modules/auxiliary/dos/wireshark/ldap.rb +++ b/modules/auxiliary/dos/wireshark/ldap.rb @@ -43,12 +43,12 @@ class Metasploit3 < Msf::Auxiliary def run + open_pcap + print_status("Sending malformed LDAP packet to #{rhost}") m = Rex::Text.rand_text_alpha_lower(3) - open_pcap - p = PacketFu::TCPPacket.new p.ip_saddr = datastore['SHOST'] || Rex::Socket.source_address(rhost) p.ip_daddr = rhost diff --git a/modules/auxiliary/scanner/discovery/arp_sweep.rb b/modules/auxiliary/scanner/discovery/arp_sweep.rb index a03e706ae6..47ca40ac9a 100644 --- a/modules/auxiliary/scanner/discovery/arp_sweep.rb +++ b/modules/auxiliary/scanner/discovery/arp_sweep.rb @@ -43,8 +43,7 @@ class Metasploit3 < Msf::Auxiliary end def run_batch(hosts) - - check_pcaprub_loaded + open_pcap({'SNAPLEN' => 68, 'FILTER' => "arp[6:2] == 0x0002"}) @netifaces = true if not netifaces_implemented? @@ -62,8 +61,6 @@ class Metasploit3 < Msf::Auxiliary smac ||= get_mac(datastore['INTERFACE']) if @netifaces raise RuntimeError ,'SMAC should be defined' unless smac - open_pcap({'SNAPLEN' => 68, 'FILTER' => "arp[6:2] == 0x0002"}) - begin hosts.each do |dhost| diff --git a/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb b/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb index 3920a14669..7bd1edd89f 100644 --- a/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb +++ b/modules/auxiliary/scanner/discovery/ipv6_neighbor.rb @@ -46,16 +46,15 @@ class Metasploit3 < Msf::Auxiliary end def run_batch(hosts) + open_pcap({'SNAPLEN' => 68, 'FILTER' => "arp[6:2] == 0x0002"}) + print_status("Discovering IPv4 nodes via ARP...") - print_status("") shost = datastore['SHOST'] smac = datastore['SMAC'] addrs = [] - open_pcap({'SNAPLEN' => 68, 'FILTER' => "arp[6:2] == 0x0002"}) - begin found = {} hosts.each do |dhost| diff --git a/modules/auxiliary/scanner/ip/ipidseq.rb b/modules/auxiliary/scanner/ip/ipidseq.rb index 62f8b16bc6..42830bf360 100644 --- a/modules/auxiliary/scanner/ip/ipidseq.rb +++ b/modules/auxiliary/scanner/ip/ipidseq.rb @@ -39,13 +39,6 @@ class Metasploit3 < Msf::Auxiliary 'Version' => '$Revision$' ) - begin - require 'pcaprub' - @@havepcap = true - rescue ::LoadError - @@havepcap = false - end - register_options([ Opt::RPORT(80), OptInt.new('TIMEOUT', [true, "The reply read timeout in milliseconds", 500]), @@ -66,7 +59,6 @@ class Metasploit3 < Msf::Auxiliary def run_host(ip) open_pcap - raise "Pcaprub is not available" if not @@havepcap raise "SAMPLES option must be >= 2" if datastore['SAMPLES'] < 2 pcap = self.capture diff --git a/modules/auxiliary/scanner/portscan/ack.rb b/modules/auxiliary/scanner/portscan/ack.rb index db9610a25f..52b1713d5b 100644 --- a/modules/auxiliary/scanner/portscan/ack.rb +++ b/modules/auxiliary/scanner/portscan/ack.rb @@ -30,13 +30,6 @@ class Metasploit3 < Msf::Auxiliary 'License' => MSF_LICENSE ) - begin - require 'pcaprub' - @@havepcap = true - rescue ::LoadError - @@havepcap = false - end - register_options([ OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "1-10000"]), OptInt.new('TIMEOUT', [true, "The reply read timeout in milliseconds", 500]), @@ -54,8 +47,6 @@ class Metasploit3 < Msf::Auxiliary def run_batch(hosts) open_pcap - raise "Pcaprub is not available" if not @@havepcap - pcap = self.capture ports = Rex::Socket.portspec_crack(datastore['PORTS']) diff --git a/modules/auxiliary/scanner/portscan/syn.rb b/modules/auxiliary/scanner/portscan/syn.rb index 23726c9aea..887c5f72d2 100644 --- a/modules/auxiliary/scanner/portscan/syn.rb +++ b/modules/auxiliary/scanner/portscan/syn.rb @@ -28,13 +28,6 @@ class Metasploit3 < Msf::Auxiliary 'License' => MSF_LICENSE ) - begin - require 'pcaprub' - @@havepcap = true - rescue ::LoadError - @@havepcap = false - end - register_options([ OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "1-10000"]), OptInt.new('TIMEOUT', [true, "The reply read timeout in milliseconds", 500]), @@ -52,8 +45,6 @@ class Metasploit3 < Msf::Auxiliary def run_batch(hosts) open_pcap - raise "Pcaprub is not available" if not @@havepcap - pcap = self.capture ports = Rex::Socket.portspec_crack(datastore['PORTS']) diff --git a/modules/auxiliary/scanner/portscan/xmas.rb b/modules/auxiliary/scanner/portscan/xmas.rb index 83de73fb34..3a239d5124 100644 --- a/modules/auxiliary/scanner/portscan/xmas.rb +++ b/modules/auxiliary/scanner/portscan/xmas.rb @@ -30,13 +30,6 @@ class Metasploit3 < Msf::Auxiliary 'License' => MSF_LICENSE ) - begin - require 'pcaprub' - @@havepcap = true - rescue ::LoadError - @@havepcap = false - end - register_options([ OptString.new('PORTS', [true, "Ports to scan (e.g. 22-25,80,110-900)", "1-10000"]), OptInt.new('TIMEOUT', [true, "The reply read timeout in milliseconds", 500]), @@ -54,8 +47,6 @@ class Metasploit3 < Msf::Auxiliary def run_batch(hosts) open_pcap - raise "Pcaprub is not available" if not @@havepcap - pcap = self.capture ports = Rex::Socket.portspec_crack(datastore['PORTS']) diff --git a/modules/auxiliary/scanner/rogue/rogue_recv.rb b/modules/auxiliary/scanner/rogue/rogue_recv.rb index d7e4b422d9..16cd6aa326 100644 --- a/modules/auxiliary/scanner/rogue/rogue_recv.rb +++ b/modules/auxiliary/scanner/rogue/rogue_recv.rb @@ -48,8 +48,8 @@ class Metasploit3 < Msf::Auxiliary end def run - print_status("Opening the capture interface...") open_pcap('SNAPLEN' => 128, 'FILTER' => build_filter) + print_status("Opening the capture interface...") print_status("Waiting for responses to rogue_send...") begin diff --git a/modules/auxiliary/sniffer/psnuffle.rb b/modules/auxiliary/sniffer/psnuffle.rb index 26ecbd7528..440bc52301 100644 --- a/modules/auxiliary/sniffer/psnuffle.rb +++ b/modules/auxiliary/sniffer/psnuffle.rb @@ -86,6 +86,7 @@ class Metasploit3 < Msf::Auxiliary end def run + check_pcaprub_loaded # Check first # Load all of our existing protocols load_protocols diff --git a/modules/auxiliary/spoof/arp/arp_poisoning.rb b/modules/auxiliary/spoof/arp/arp_poisoning.rb index cbbfcf409e..1e8c3f3cc5 100644 --- a/modules/auxiliary/spoof/arp/arp_poisoning.rb +++ b/modules/auxiliary/spoof/arp/arp_poisoning.rb @@ -59,6 +59,7 @@ class Metasploit3 < Msf::Auxiliary end def run + open_pcap({'SNAPLEN' => 68, 'FILTER' => "arp[6:2] == 0x0002"}) @netifaces = true if not netifaces_implemented? print_error("WARNING : Pcaprub is not uptodate, some functionality will not be available") @@ -77,7 +78,6 @@ class Metasploit3 < Msf::Auxiliary end begin - open_pcap({'SNAPLEN' => 68, 'FILTER' => "arp[6:2] == 0x0002"}) @interface = datastore['INTERFACE'] || Pcap.lookupdev @smac = datastore['SMAC'] diff --git a/modules/auxiliary/spoof/dns/bailiwicked_domain.rb b/modules/auxiliary/spoof/dns/bailiwicked_domain.rb index f27f25cc3f..f278bedd87 100644 --- a/modules/auxiliary/spoof/dns/bailiwicked_domain.rb +++ b/modules/auxiliary/spoof/dns/bailiwicked_domain.rb @@ -160,6 +160,7 @@ class Metasploit3 < Msf::Auxiliary end def run + check_pcaprub_loaded # Check first target = rhost() source = Rex::Socket.source_address(target) saddr = datastore['SRCADDR'] diff --git a/modules/auxiliary/spoof/dns/bailiwicked_host.rb b/modules/auxiliary/spoof/dns/bailiwicked_host.rb index f9d5868894..441ab15a8e 100644 --- a/modules/auxiliary/spoof/dns/bailiwicked_host.rb +++ b/modules/auxiliary/spoof/dns/bailiwicked_host.rb @@ -150,6 +150,8 @@ class Metasploit3 < Msf::Auxiliary end def run + check_pcaprub_loaded # Check first. + target = rhost() source = Rex::Socket.source_address(target) saddr = datastore['SRCADDR'] diff --git a/modules/auxiliary/spoof/nbns/nbns_response.rb b/modules/auxiliary/spoof/nbns/nbns_response.rb index d9dca29fe6..1685e42755 100644 --- a/modules/auxiliary/spoof/nbns/nbns_response.rb +++ b/modules/auxiliary/spoof/nbns/nbns_response.rb @@ -56,6 +56,7 @@ class Metasploit3 < Msf::Auxiliary end def run + check_pcaprub_loaded() # Check first since otherwise this is all for naught # MacOS X workaround ::Socket.do_not_reverse_lookup = true diff --git a/modules/auxiliary/spoof/replay/pcap_replay.rb b/modules/auxiliary/spoof/replay/pcap_replay.rb index eada88c5cc..ce4335fac4 100644 --- a/modules/auxiliary/spoof/replay/pcap_replay.rb +++ b/modules/auxiliary/spoof/replay/pcap_replay.rb @@ -38,6 +38,7 @@ class Metasploit3 < Msf::Auxiliary end def run + check_pcaprub_loaded # Check first pkt_delay = datastore['PKT_DELAY'] delay = datastore['DELAY'] loop = datastore['LOOP'] diff --git a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb index afc1800a58..4e1709990a 100644 --- a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb +++ b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb @@ -145,6 +145,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit + check_pcaprub_loaded # Check first ret_offset = target['RetOff'] diff --git a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb index 7980f38e83..471a26603f 100644 --- a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb +++ b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb @@ -155,6 +155,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit + check_pcaprub_loaded # Check first ret_offset = target['RetOff'] diff --git a/modules/exploits/windows/misc/wireshark_packet_dect.rb b/modules/exploits/windows/misc/wireshark_packet_dect.rb index eda1c9f273..229a19c44e 100644 --- a/modules/exploits/windows/misc/wireshark_packet_dect.rb +++ b/modules/exploits/windows/misc/wireshark_packet_dect.rb @@ -82,6 +82,7 @@ class Metasploit3 < Msf::Exploit::Remote end def exploit + check_pcaprub_loaded # Check first ptype = "\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x23\x23"