Merge branch 'modbus-aux' of git://github.com/esmnemon/metasploit-framework into esmnemon-modbus-aux

sinn3r · sinn3r · commit 66fe8ade52df · 2012-11-12T22:40:34.000-06:00
diff --git a/modules/auxiliary/scanner/scada/modbus_findunitid.rb b/modules/auxiliary/scanner/scada/modbus_findunitid.rb
@@ -9,10 +9,12 @@
 ## MODBUS/TCP  scanner to find correct Unit_ID/StationID
 
 require 'msf/core'
+
 class Metasploit3 < Msf::Auxiliary
 	include Msf::Exploit::Remote::Tcp
 	include Msf::Auxiliary::Fuzzer
 
+
 	def initialize(info = {})
 		super(update_info(info,
 			'Name'           => 'Modbus_findunitID',
@@ -49,49 +51,38 @@ def run
 	start="\x21\x00\x00\x00\x00\x06"
 	theend="\x04\x00\x01\x00\x00"
 	noll="\x00"
-	# between, \01..\0fe  (1-254)
-	if  datastore['UNIT_ID_FROM'] < 1 then
-		print_status("unit ID must be between 1 and 254 adjust to 1")
-		datastore['UNIT_ID_FROM']=1
-	end
-	if  datastore['UNIT_ID_FROM'] > 254 then
-		print_status("unit ID must be between 1 and 254 adjust to 1")
+	# between, \01..\0ff  (1-255)
+	unless (1..255).include? datastore['UNIT_ID_FROM']
+		print_status("unit ID must be between 1 and 254 adjusting  UNIT_ID_FROM to 1")
 		datastore['UNIT_ID_FROM']=1
 	end
-	if  datastore['UNIT_ID_TO'] < 1 then
-		print_status("unit ID must be between 1 and 254, adjusing to #{datastore['UNIT_ID_FROM']+1} ")
-		datastore['UNIT_ID_TO']=datastore['UNIT_ID_FROM'] + 1
-	end
-	if  datastore['UNIT_ID_TO'] > 254 then
-		print_status("unit ID must be between 1 and 254, adjusing to #{datastore['UNIT_ID_FROM']+1} ")
-		datastore['UNIT_ID_TO']=datastore['UNIT_ID_FROM'] + 1
+	unless (1..255).include? datastore['UNIT_ID_TO']
+		print_status("unit ID must be between #{datastore['UNIT_ID_FROM']} and 255, adjusting UNIT_ID_TO to #{datastore['UNIT_ID_FROM']} ")
+		datastore['UNIT_ID_TO']=datastore['UNIT_ID_FROM']
 	end
 	if datastore['UNIT_ID_FROM'] > datastore['UNIT_ID_TO'] then
 		print_status("UNIT_ID_TO is less than UNIT_ID_FROM, setting them equal")
 		datastore['UNIT_ID_TO']=datastore['UNIT_ID_FROM']
 	end
 
-	counter=datastore['UNIT_ID_FROM']
-	while counter <= datastore['UNIT_ID_TO']
+	datastore['UNIT_ID_FROM'].upto(datastore['UNIT_ID_TO']) do |counter|
 		sploit=start
 		sploit+=[counter].pack("C")
 		sploit+=theend
-		#sleep(datastore['BENICE'])
 		select(nil,nil,nil,datastore['BENICE'])
 		connect()
 		sock.put(sploit)
-		#debug:  print_status("sent to unit_id #{counter} ")
+			#debug: print_status("sent to unit_id #{counter} ")
 		data = sock.get_once(12, datastore['TIMEOUT'])
 		if (data.nil?)
 			data=noll+noll+noll+noll
 		end
 		if data[0,4]  == "\x21\x00\x00\x00"  #return of the same trans-id+proto-id
 			print_good("Received: correct MODBUS/TCP from stationID  #{counter}")
 		else
-			print_error("Received: incorrect/none data from stationID #{counter} (probably not in use)")
+			print_status("Received: incorrect/none data from stationID #{counter} (probably not in use)")
 		end
 		disconnect()
-		counter=counter + 1
 	end
 	end
 end
