Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/auxiliary/fuzzers/smtp/smtp_fuzzer.rb
19591 views
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
##

7
# A Very simple Module to fuzzer some SMTP commands.

8
# It allows to respect the order or just throw everything at it....

9
##

10


11
require 'English'

12
class MetasploitModule < Msf::Auxiliary

13
  include Msf::Exploit::Remote::Smtp

14
  include Msf::Auxiliary::Fuzzer

15
  include Msf::Auxiliary::Scanner

16


17
  def initialize

18
    super(

19
      'Name' => 'SMTP Simple Fuzzer',

20
      'Description' => 'SMTP Simple Fuzzer',

21
      'References' => [

22
        ['URL', 'http://www.ietf.org/rfc/rfc2821.txt'],

23
      ],

24
      'Author' => 'justme',

25
      'License' => MSF_LICENSE,

26
      'Notes' => {

27
        'Stability' => [CRASH_SERVICE_DOWN],

28
        'SideEffects' => [],

29
        'Reliability' => []

30
      }

31
    )

32


33
    register_options([

34
      Opt::RPORT(25),

35
      OptInt.new('STARTLEN', [true, 'Length of the string - start number', 100]),

36
      OptInt.new('INTERACTIONS', [false, 'Number of interactions to run', 100]),

37
      OptBool.new('RESPECTORDER', [false, 'Respect order of commands', true]),

38
      OptEnum.new('CMD', [

39
        true, 'Command to fuzzer', 'EHLO',

40
        [

41
          'EHLO',

42
          'HELO',

43
          'MAILFROM',

44
          'RCPTTO',

45
          'DATA',

46
          'VRFY',

47
          'EXPN'

48
        ], 'EHLO'

49
      ])

50
    ])

51
  end

52


53
  def smtp_send(data = '', con: true)

54
    @result = ''

55
    @coderesult = ''

56
    if con

57
      @connected = false

58
      connect

59
    end

60
    @connected = true

61
    sock.put(data)

62
    @result = sock.get_once

63
    @codresult = @result[0..2]

64
  rescue StandardError => e

65
    print_error(e.to_s)

66
  end

67


68
  def run_host(_ip)

69
    last_str = nil

70
    last_inp = nil

71
    last_err = nil

72


73
    cnt = datastore['STARTLEN'] - 1

74


75
    1.upto(datastore['INTERACTIONS']) do |interaction|

76
      cnt += 1

77


78
      str = fuzzer_gen_string(cnt)

79
      cmd = datastore['CMD']

80


81
      begin

82
        if datastore['RESPECTORDER']

83
          case cmd

84
          when 'HELO', 'EHLO', 'VRFY', 'EXPN'

85
            c = datastore['CMD'] + ' ' + str + "\r\n"

86
            smtp_send(c)

87
            # print_status(c)

88
            disconnect

89


90
          when 'MAILFROM'

91
            c = "EHLO localhost\r\n"

92
            smtp_send(c)

93
            # print_status(c)

94
            c = 'MAIL FROM:<' + str + ">\r\n"

95
            smtp_send(c)

96
            disconnect

97
            # print_status(c)

98
          when 'RCPTTO'

99
            c = "EHLO localhost\r\n"

100
            smtp_send(c)

101
            # print_status(c)

102
            c = 'MAIL FROM:<' + datastore['MAILFROM'] + ">\r\n"

103
            smtp_send(c, con: false)

104
            # print_status(c)

105
            c = 'RCPT TO:<' + str + ">\r\n"

106
            smtp_send(c, con: false)

107
            # print_status(c)

108
            disconnect

109
          when 'DATA'

110
            c = "EHLO localhost\r\n"

111
            smtp_send(c)

112
            # print_status(c)

113
            c = 'MAIL FROM:<' + datastore['MAILFROM'] + ">\r\n"

114
            smtp_send(c, con: false)

115
            # print_status(c)

116
            c = 'RCPT TO:<' + datastore['MAILTO'] + ">\r\n"

117
            smtp_send(c, con: false)

118
            # print_status(c)

119
            c = "DATA \r\n"

120
            smtp_send(c, con: false)

121
            c = str + "\r\n.\r\n"

122
            smtp_send(c, con: false)

123
            # print_status(c)

124
            disconnect

125
          end

126
        else

127
          c = datastore['CMD'] + ' ' + str + "\r\n"

128
          smtp_send(c)

129
          # print_status(c)

130
          disconnect

131
        end

132


133
        print_status("Fuzzing with iteration #{interaction}\n #{@result}")

134
      rescue ::Interrupt

135
        print_status("Exiting on interrupt: iteration #{interaction} using string  #{str}")

136
        raise $ERROR_INFO

137
      rescue StandardError => e

138
        last_err = e

139
        # ensure

140
        # disconnect

141
      end

142


143
      if !@connected

144
        if last_str

145
          print_status("The service may have crashed: iteration:#{interection - 1} String=''#{last_str}'' error=#{last_err}")

146
        else

147
          print_status("Could not connect to the service: #{last_err}")

148
        end

149
        break

150
      end

151


152
      last_str = str

153
      last_inp = @last_fuzzer_input

154
    end

155
  end

156
end

157


158