Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Exploit::Remote::SMB::Client
8
  include Msf::Auxiliary::Fuzzer
9

10
  def initialize(info = {})
11
    super(update_info(info,
12
      'Name'           => 'SMB Create Pipe Request Fuzzer',
13
      'Description'    => %q{
14
        This module sends a series of SMB create pipe
15
      requests using malicious strings.
16
      },
17
      'Author'         => [ 'hdm' ],
18
      'License'        => MSF_LICENSE
19
    ))
20
  end
21

22
  def do_smb_create(pkt,opts={})
23
    @connected = false
24
    connect
25
    smb_login
26
    @connected = true
27
    smb_create("\\" + pkt)
28
  end
29

30
  def run
31
    last_str = nil
32
    last_inp = nil
33
    last_err = nil
34

35
    cnt = 0
36

37
    fuzz_strings do |str|
38
      cnt += 1
39

40
      if(cnt % 100 == 0)
41
        print_status("Fuzzing with iteration #{cnt} using #{@last_fuzzer_input}")
42
      end
43

44
      begin
45
        do_smb_create(str, 0.25)
46
      rescue ::Interrupt
47
        print_status("Exiting on interrupt: iteration #{cnt} using #{@last_fuzzer_input}")
48
        raise $!
49
      rescue ::Exception => e
50
        last_err = e
51
      ensure
52
        disconnect
53
      end
54

55
      if(not @connected)
56
        if(last_str)
57
          print_status("The service may have crashed: iteration:#{cnt-1} method=#{last_inp} string=#{last_str.unpack("H*")[0]} error=#{last_err}")
58
        else
59
          print_status("Could not connect to the service: #{last_err}")
60
        end
61
        return
62
      end
63

64
      last_str = str
65
      last_inp = @last_fuzzer_input
66
    end
67
  end
68
end
69

70