Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
Path: blob/master/modules/auxiliary/fuzzers/smb/smb_tree_connect.rb
19851 views
1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5
6
require 'English'
7
class MetasploitModule < Msf::Auxiliary
8
include Msf::Exploit::Remote::SMB::Client
9
include Msf::Auxiliary::Fuzzer
10
11
def initialize(info = {})
12
super(
13
update_info(
14
info,
15
'Name' => 'SMB Tree Connect Request Fuzzer',
16
'Description' => %q{
17
This module sends a series of SMB tree connect
18
requests using malicious strings.
19
},
20
'Author' => [ 'hdm' ],
21
'License' => MSF_LICENSE,
22
'Notes' => {
23
'Stability' => [CRASH_SERVICE_DOWN],
24
'SideEffects' => [],
25
'Reliability' => []
26
}
27
)
28
)
29
end
30
31
def do_smb_connect(pkt, _opts = {})
32
@connected = false
33
connect
34
simple.login(
35
datastore['SMBName'],
36
datastore['SMBUser'],
37
datastore['SMBPass'],
38
datastore['SMBDomain']
39
)
40
41
@connected = true
42
simple.connect("\\\\#{datastore['RHOST']}\\#{pkt}")
43
end
44
45
def run
46
last_str = nil
47
last_inp = nil
48
last_err = nil
49
50
cnt = 0
51
52
fuzz_strings do |str|
53
cnt += 1
54
55
if (cnt % 100 == 0)
56
print_status("Fuzzing with iteration #{cnt} using #{@last_fuzzer_input}")
57
end
58
59
begin
60
do_smb_connect(str, 0.25)
61
rescue ::Interrupt
62
print_status("Exiting on interrupt: iteration #{cnt} using #{@last_fuzzer_input}")
63
raise $ERROR_INFO
64
rescue StandardError => e
65
last_err = e
66
ensure
67
disconnect
68
end
69
70
if !@connected
71
if last_str
72
print_status("The service may have crashed: iteration:#{cnt - 1} method=#{last_inp} string=#{last_str.unpack('H*')[0]} error=#{last_err}")
73
else
74
print_status("Could not connect to the service: #{last_err}")
75
end
76
return
77
end
78
79
last_str = str
80
last_inp = @last_fuzzer_input
81
end
82
end
83
end
84
85