Fixup on checkpoint firewall module
get() should get get_once() (intent is to get 4 bytes, not timeout after 4 seconds), no need to escape equals signs in regexes, no need to newline the unexpected responses.
This commit is contained in:
parent
f9471d6009
commit
ed4c6ded2c
|
@ -51,19 +51,19 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
sock.put("\x51\x00\x00\x00")
|
sock.put("\x51\x00\x00\x00")
|
||||||
sock.put("\x00\x00\x00\x21")
|
sock.put("\x00\x00\x00\x21")
|
||||||
res = sock.get(4)
|
res = sock.get_once(4)
|
||||||
if (res == "Y\x00\x00\x00")
|
if (res == "Y\x00\x00\x00")
|
||||||
print_good("Appears to be a CheckPoint Firewall...")
|
print_good("Appears to be a CheckPoint Firewall...")
|
||||||
sock.put("\x00\x00\x00\x0bsecuremote\x00")
|
sock.put("\x00\x00\x00\x0bsecuremote\x00")
|
||||||
res = sock.get_once
|
res = sock.get_once
|
||||||
if (res =~ /CN\=(.+),O\=(.+)\./i)
|
if (res =~ /CN=(.+),O=(.+)\./i)
|
||||||
fw_hostname = $1
|
fw_hostname = $1
|
||||||
sc_hostname = $2
|
sc_hostname = $2
|
||||||
print_good("Firewall Host: #{fw_hostname}")
|
print_good("Firewall Host: #{fw_hostname}")
|
||||||
print_good("SmartCenter Host: #{sc_hostname}")
|
print_good("SmartCenter Host: #{sc_hostname}")
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
print_error("Unexpected response:\r\n#{res.inspect}")
|
print_error("Unexpected response: '#{res.inspect}'")
|
||||||
end
|
end
|
||||||
|
|
||||||
report_info(fw_hostname,sc_hostname)
|
report_info(fw_hostname,sc_hostname)
|
||||||
|
|
Loading…
Reference in New Issue