CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!

1
##
2
# This module requires Metasploit: https://metasploit.com/download
3
# Current source: https://github.com/rapid7/metasploit-framework
4
##
5

6
class MetasploitModule < Msf::Auxiliary
7
  include Msf::Auxiliary::Report
8
  include Msf::Auxiliary::Scanner
9
  include Msf::Exploit::Remote::Udp
10

11
  def initialize
12
    super(
13
      'Name'           => 'DB2 Discovery Service Detection',
14
      'Description'    => 'This module simply queries the DB2 discovery service for information.',
15
      'Author'         => [ 'MC' ],
16
      'License'        => MSF_LICENSE
17
    )
18

19
    register_options([Opt::RPORT(523),])
20
  end
21

22
  def run_host(ip)
23

24
    pkt = "DB2GETADDR" + "\x00" + "SQL05000" + "\x00"
25

26
    begin
27

28
      connect_udp
29
      udp_sock.put(pkt)
30
      res = udp_sock.read(1024)
31

32
      unless res
33
        print_error("Unable to determine version info for #{ip}")
34
        return
35
      end
36

37
      res = res.split(/\x00/)
38

39
      report_note(
40
        :host   => ip,
41
        :proto  => 'udp',
42
        :port   => datastore['RPORT'],
43
        :type   => 'SERVICE_INFO',
44
        :data   => "#{res[2]}_#{res[1]}"
45
        )
46

47
      report_service(
48
        :host => ip,
49
        :port => datastore['RPORT'],
50
        :proto => 'udp',
51
        :name => "ibm-db2",
52
        :info => "#{res[2]}_#{res[1]}"
53
      )
54

55
      print_good("Host #{ip} node name is " + res[2] + " with a product id of " + res[1] )
56

57
    rescue ::Rex::ConnectionError
58
    rescue ::Errno::EPIPE
59
    ensure
60
      disconnect_udp
61
    end
62

63
  end
64
end
65

66