allow settings the RPORT option for pipe_dcerpc_auditor

Author: NtAlexio2

modules/auxiliary/scanner/smb/pipe_dcerpc_auditor.rb

@@ -24,13 +24,20 @@ def initialize
       'License'     => MSF_LICENSE,
     )
 
-    deregister_options('RPORT')
     register_options(
       [
         OptString.new('SMBPIPE', [ true,  "The pipe name to use (BROWSER)", 'BROWSER']),
       ])
   end
 
+  def connect(*args, **kwargs)
+    super(*args, **kwargs, direct: @smb_direct)
+  end
+
+  def rport
+    @rport
+  end
+
   @@target_uuids = [
     [ '00000131-0000-0000-c000-000000000046', '0.0' ],
     [ '00000134-0000-0000-c000-000000000046', '0.0' ],
@@ -253,59 +260,69 @@ def initialize
 
   # Fingerprint a single host
   def run_host(ip)
-    ports = [139, 445]
-
     if session
       print_status("Using existing session #{session.sid}")
       client = session.client
+      @rport = datastore['RPORT'] = session.port
       self.simple = ::Rex::Proto::SMB::SimpleClient.new(client.dispatcher.tcp_socket, client: client)
-      ports = [simple.port]
       self.simple.connect("\\\\#{simple.address}\\IPC$") # smb_login connects to this share for some reason and it doesn't work unless we do too
-    end
-
-    ports.each do |port|
-      datastore['RPORT'] = port
+      check_uuids(ip)
+    else
+      if datastore['RPORT'].blank? || datastore['RPORT'] == 0
+        smb_services = [
+          { port: 445, direct: true },
+          { port: 139, direct: false }
+        ]
+      else
+        smb_services = [
+          { port: datastore['RPORT'], direct: datastore['SMBDirect'] }
+        ]
+      end
 
-      begin
-        unless session
-          connect()
-          smb_login()
+      smb_services.each do |smb_service|
+        @rport = smb_service[:port]
+        @smb_direct = smb_service[:direct]
+  
+        begin
+          connect
+          smb_login
+          check_uuids(ip)
+          disconnect
+        rescue ::Exception
+          print_line($!.to_s)
         end
 
-        @@target_uuids.each do |uuid|
-
-          handle = dcerpc_handle_target(
-            uuid[0], uuid[1],
-            'ncacn_np', ["\\#{datastore['SMBPIPE']}"], self.simple.address
-          )
+      end
+    end
 
-          begin
-            dcerpc_bind(handle)
-            print_line("UUID #{uuid[0]} #{uuid[1]} OPEN VIA #{datastore['SMBPIPE']}")
-            # Add Report
-            report_note(
-              :host	=> ip,
-              :proto => 'tcp',
-              :sname	=> 'smb',
-              :port	=> rport,
-              :type	=> "UUID #{uuid[0]} #{uuid[1]}",
-              :data	=> "UUID #{uuid[0]} #{uuid[1]} OPEN VIA #{datastore['SMBPIPE']}"
-            )
-          rescue ::Rex::Proto::SMB::Exceptions::ErrorCode => e
-            print_line("UUID #{uuid[0]} #{uuid[1]} ERROR 0x%.8x" % e.error_code)
-          rescue StandardError => e
-            print_line("UUID #{uuid[0]} #{uuid[1]} ERROR #{$!}")
-          end
-        end
+  end
 
-        disconnect()
+  def check_uuids(ip)
+    @@target_uuids.each do |uuid|
+  
+      handle = dcerpc_handle_target(
+        uuid[0], uuid[1],
+        'ncacn_np', ["\\#{datastore['SMBPIPE']}"], self.simple.address
+      )
 
-        return
-      rescue ::Exception
-        print_line($!.to_s)
+      begin
+        dcerpc_bind(handle)
+        print_line("UUID #{uuid[0]} #{uuid[1]} OPEN VIA #{datastore['SMBPIPE']}")
+        # Add Report
+        report_note(
+          :host	=> ip,
+          :proto => 'tcp',
+          :sname	=> 'smb',
+          :port	=> rport,
+          :type	=> "UUID #{uuid[0]} #{uuid[1]}",
+          :data	=> "UUID #{uuid[0]} #{uuid[1]} OPEN VIA #{datastore['SMBPIPE']}"
+        )
+      rescue ::Rex::Proto::SMB::Exceptions::ErrorCode => e
+        print_line("UUID #{uuid[0]} #{uuid[1]} ERROR 0x%.8x" % e.error_code)
+      rescue StandardError => e
+        print_line("UUID #{uuid[0]} #{uuid[1]} ERROR #{$!}")
       end
     end
   end
 
-
 end