Land rapid7#6010, capture_sendto fixes

wvu · wvu · commit 2ab779ad3d9f · 2015-10-01T10:54:24.000-05:00
diff --git a/lib/msf/core/auxiliary/udp_scanner.rb b/lib/msf/core/auxiliary/udp_scanner.rb
@@ -86,7 +86,7 @@ def scanner_spoof_send(data, ip, port, srcip, num_packets=1)
     p.recalc
     print_status("Sending #{num_packets} packet(s) to #{ip} from #{srcip}")
     1.upto(num_packets) do |x|
-      capture_sendto(p, ip)
+      break unless capture_sendto(p, ip)
     end
     close_pcap
   end
diff --git a/modules/auxiliary/bnat/bnat_scan.rb b/modules/auxiliary/bnat/bnat_scan.rb
@@ -89,7 +89,7 @@ def run_host(ip)
 
       ackbpf = "tcp [8:4] == 0x#{(p.tcp_seq + 1).to_s(16)}"
       pcap.setfilter("tcp and tcp[13] == 18 and not host #{ip} and src port #{p.tcp_dst} and dst port #{p.tcp_src} and #{ackbpf}")
-      capture_sendto(p, ip)
+      break unless capture_sendto(p, ip)
       reply = probe_reply(pcap, to)
       next if reply.nil?
 
diff --git a/modules/auxiliary/dos/mdns/avahi_portzero.rb b/modules/auxiliary/dos/mdns/avahi_portzero.rb
@@ -45,10 +45,7 @@ def run
     p.udp_dport = datastore['RPORT'].to_i
     p.payload = Rex::Text.rand_text(rand(0x20)) # UDP needs at least one data byte, may as well send a few.
     p.recalc
-    capture_sendto(p, rhost)
-
+    capture_sendto(p, rhost) and print_status("Avahi should be down now")
     close_pcap
-
-    print_status("Avahi should be down now")
   end
 end
diff --git a/modules/auxiliary/dos/tcp/synflood.rb b/modules/auxiliary/dos/tcp/synflood.rb
@@ -60,7 +60,7 @@ def run
       p.tcp_sport = sport
       p.tcp_seq = rand(0x100000000)
       p.recalc
-      capture_sendto(p,rhost)
+      break unless capture_sendto(p,rhost)
       sent += 1
     end
 
diff --git a/modules/auxiliary/scanner/ip/ipidseq.rb b/modules/auxiliary/scanner/ip/ipidseq.rb
@@ -69,7 +69,7 @@ def run_host(ip)
 
       probe = buildprobe(shost, sport, ip, rport)
 
-      capture_sendto(probe, ip)
+      next unless capture_sendto(probe, ip)
 
       reply = probereply(pcap, to)
 
diff --git a/modules/auxiliary/scanner/portscan/ack.rb b/modules/auxiliary/scanner/portscan/ack.rb
@@ -55,17 +55,22 @@ def run_batch(hosts)
 
     to = (datastore['TIMEOUT'] || 500).to_f / 1000.0
 
+    # we copy the hosts because some may not be reachable and need to be ejected
+    host_queue = hosts.dup
     # Spread the load across the hosts
     ports.each do |dport|
-      hosts.each do |dhost|
+      host_queue.each do |dhost|
         shost, sport = getsource(dhost)
 
         pcap.setfilter(getfilter(shost, sport, dhost, dport))
 
         begin
           probe = buildprobe(shost, sport, dhost, dport)
 
-          capture_sendto(probe, dhost)
+          unless capture_sendto(probe, dhost)
+            host_queue.delete(dhost)
+            next
+          end
 
           reply = probereply(pcap, to)
 
diff --git a/modules/auxiliary/scanner/portscan/syn.rb b/modules/auxiliary/scanner/portscan/syn.rb
@@ -53,17 +53,22 @@ def run_batch(hosts)
 
     to = (datastore['TIMEOUT'] || 500).to_f / 1000.0
 
+    # we copy the hosts because some may not be reachable and need to be ejected
+    host_queue = hosts.dup
     # Spread the load across the hosts
     ports.each do |dport|
-      hosts.each do |dhost|
+      host_queue.each do |dhost|
         shost, sport = getsource(dhost)
 
         self.capture.setfilter(getfilter(shost, sport, dhost, dport))
 
         begin
           probe = buildprobe(shost, sport, dhost, dport)
 
-          capture_sendto(probe, dhost)
+          unless capture_sendto(probe, dhost)
+            host_queue.delete(dhost)
+            next
+          end
 
           reply = probereply(self.capture, to)
 
diff --git a/modules/auxiliary/scanner/portscan/xmas.rb b/modules/auxiliary/scanner/portscan/xmas.rb
@@ -55,17 +55,22 @@ def run_batch(hosts)
 
     to = (datastore['TIMEOUT'] || 500).to_f / 1000.0
 
+    # we copy the hosts because some may not be reachable and need to be ejected
+    host_queue = hosts.dup
     # Spread the load across the hosts
     ports.each do |dport|
-      hosts.each do |dhost|
+      host_queue.each do |dhost|
         shost, sport = getsource(dhost)
 
         pcap.setfilter(getfilter(shost, sport, dhost, dport))
 
         begin
           probe = buildprobe(shost, sport, dhost, dport)
 
-          capture_sendto(probe, dhost)
+          unless capture_sendto(probe, dhost)
+            host_queue.delete(dhost)
+            next
+          end
 
           reply = probereply(pcap, to)
 
diff --git a/modules/auxiliary/scanner/rogue/rogue_send.rb b/modules/auxiliary/scanner/rogue/rogue_send.rb
@@ -43,9 +43,7 @@ def run_host(ip)
 
     pcap = self.capture
 
-    capture_sendto(build_tcp_syn(ip), ip)
-
-    capture_sendto(build_icmp(ip), ip)
+    capture_sendto(build_tcp_syn(ip), ip) and capture_sendto(build_icmp(ip), ip)
 
     close_pcap
   end
diff --git a/modules/exploits/multi/ids/snort_dce_rpc.rb b/modules/exploits/multi/ids/snort_dce_rpc.rb
@@ -97,7 +97,7 @@ def exploit
 
     print_status("#{rhost}:#{rport} Sending crafted SMB packet from #{shost}...")
 
-    capture_sendto(p, rhost)
+    return unless capture_sendto(p, rhost)
 
     handler
   end
diff --git a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname.rb
@@ -204,10 +204,10 @@ def exploit
       p.payload = sploit
       p.recalc
 
-      capture_sendto(p, rhost)
+      sent = capture_sendto(p, rhost)
       close_pcap
 
-      handler
+      handler if sent
     else
       print_status("Sending malformed LWRES packet to #{rhost}")
       connect_udp
diff --git a/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb b/modules/exploits/multi/misc/wireshark_lwres_getaddrbyname_loop.rb
@@ -215,7 +215,7 @@ def exploit
 
       while true
         break if session_created? and datastore['ExitOnSession']
-        capture_sendto(p, rhost)
+        break unless capture_sendto(p, rhost)
         select(nil,nil,nil,datastore['DELAY'])
       end
 
