sempervictus
diff --git a/‎.mailmap
Lines changed: 7 additions & 6 deletions b/‎.mailmap
Lines changed: 7 additions & 6 deletions
diff --git a/‎lib/msf/core/exploit/capture.rb
Lines changed: 45 additions & 58 deletions b/‎lib/msf/core/exploit/capture.rb
Lines changed: 45 additions & 58 deletions
diff --git a/‎lib/msf/core/exploit/ipv6.rb
Lines changed: 0 additions & 1 deletion b/‎lib/msf/core/exploit/ipv6.rb
Lines changed: 0 additions & 1 deletion
@@ -13,11 +13,6 @@ jhart-r7 <jhart-r7@github>         Jon Hart <[email protected]>
 jlee-r7 <jlee-r7@github>           egypt <[email protected]> # aka egypt
 jlee-r7 <jlee-r7@github>           James Lee <[email protected]> # aka egypt
 jlee-r7 <jlee-r7@github>           James Lee <[email protected]>
-joev-r7 <joev-r7@github>           Joe Vennix <[email protected]>
-joev-r7 <joev-r7@github>           Joe Vennix <[email protected]>
-joev-r7 <joev-r7@github>           joev <[email protected]>
-joev-r7 <joev-r7@github>           jvennix-r7 <[email protected]>
-joev-r7 <joev-r7@github>           jvennix-r7 <[email protected]>
 jvazquez-r7 <jvazquez-r7@github>   jvazquez-r7 <[email protected]>
 jvazquez-r7 <jvazquez-r7@github>   jvazquez-r7 <[email protected]>
 kgray-r7 <kgray-r7@github>         Kyle Gray <[email protected]>
@@ -80,9 +75,15 @@ jcran <jcran@github>                   Jonathan Cran <[email protected]>
 jcran <jcran@github>                   Jonathan Cran <[email protected]>
 jduck <jduck@github>                   Joshua Drake <[email protected]>
 jgor <jgor@github>                     jgor <[email protected]>
+joevennix <joevennix@github>           joe <[email protected]>
+joevennix <joevennix@github>           Joe Vennix <[email protected]>
+joevennix <joevennix@github>           Joe Vennix <[email protected]>
+joevennix <joevennix@github>           joev <[email protected]>
+joevennix <joevennix@github>           jvennix-r7 <[email protected]>
+joevennix <joevennix@github>           jvennix-r7 <[email protected]>
 kernelsmith <kernelsmith@github>       Joshua Smith <[email protected]>
-kernelsmith <kernelsmith@github>       kernelsmith <kernelsmith@kernelsmith>
 kernelsmith <kernelsmith@github>       Joshua Smith <[email protected]>
+kernelsmith <kernelsmith@github>       kernelsmith <kernelsmith@kernelsmith>
 kost <kost@github>                     Vlatko Kosturjak <[email protected]>
 kris <kris@???>                        kris <>
 m-1-k-3 <m-1-k-3@github>               m-1-k-3 <[email protected]>
 
@@ -42,7 +42,7 @@ def initialize(info = {})
                            [
                              true,
                              'Send a TTL=1 random UDP datagram to this host to discover the default gateway\'s MAC',
-                             'www.metasploit.com']),
+                             '8.8.8.8']),
             OptPort.new('GATEWAY_PROBE_PORT',
                         [
                           false,
@@ -143,7 +143,6 @@ def close_pcap
         return unless self.capture
         self.capture     = nil
         self.arp_capture = nil
-        GC.start()
       end
 
       def capture_extract_ies(raw)
@@ -163,26 +162,15 @@ def capture_extract_ies(raw)
       end
 
       #
-      # This monstrosity works around a series of bugs in the interrupt
-      # signal handling of Ruby 1.9
+      # Loop through each packet
       #
       def each_packet
         return unless capture
-        begin
-          @capture_count = 0
-          reader         = framework.threads.spawn("PcapReceiver", false) do
-            capture.each do |pkt|
-              yield(pkt)
-              @capture_count += 1
-            end
-          end
-          reader.join
-        rescue ::Exception
-          raise $!
-        ensure
-          reader.kill if reader.alive?
+        @capture_count ||= 0
+        capture.each do |pkt|
+          yield(pkt)
+          @capture_count += 1
         end
-
         @capture_count
       end
 
@@ -242,10 +230,9 @@ def inject_pcap(pcap_file, filter=nil, delay = 0, pcap=self.capture)
           pcap.inject(pkt)
           Rex.sleep((delay * 1.0)/1000)
         end
-        GC.start
       end
 
-      # Capture_sendto is intended to replace the old Rex::Socket::Ip.sendto method. It requires
+      # capture_sendto is intended to replace the old Rex::Socket::Ip.sendto method. It requires
       # a payload and a destination address. To send to the broadcast address, set bcast
       # to true (this will guarantee that packets will be sent even if ARP doesn't work
       # out).
@@ -262,24 +249,20 @@ def capture_sendto(payload="", dhost=nil, bcast=false, dev=nil)
 
       # The return value either be a PacketFu::Packet object, or nil
       def inject_reply(proto=:udp, pcap=self.capture)
-        reply = nil
-        to    = (datastore['TIMEOUT'] || 500).to_f / 1000.0
-        if not pcap
-          raise RuntimeError, "Could not access the capture process (remember to open_pcap first!)"
-        else
-          begin
-            ::Timeout.timeout(to) do
-              pcap.each do |r|
-                packet = PacketFu::Packet.parse(r)
-                next unless packet.proto.map { |x| x.downcase.to_sym }.include? proto
-                reply = packet
-                break
-              end
+        # Defaults to ~2 seconds
+        to = (datastore['TIMEOUT'] * 4) / 1000.0
+        raise RuntimeError, "Could not access the capture process (remember to open_pcap first!)" if not pcap
+        begin
+          ::Timeout.timeout(to) do
+            pcap.each do |r|
+              packet = PacketFu::Packet.parse(r)
+              next unless packet.proto.map { |x| x.downcase.to_sym }.include? proto
+              return packet
             end
-          rescue ::Timeout::Error
           end
+        rescue ::Timeout::Error
         end
-        return reply
+       nil
       end
 
       # This ascertains the correct Ethernet addresses one should use to
@@ -328,20 +311,19 @@ def probe_gateway(addr)
         end
 
         begin
-          to = (datastore['TIMEOUT'] || 1500).to_f / 1000.0
+          to = ((datastore['TIMEOUT'] || 500).to_f * 8) / 1000.0
           ::Timeout.timeout(to) do
-            while (my_packet = inject_reply(:udp, self.arp_capture))
-              if my_packet.payload == secret
-                dst_mac = self.arp_cache[:gateway] = my_packet.eth_daddr
-                src_mac = self.arp_cache[Rex::Socket.source_address(addr)] = my_packet.eth_saddr
-                return [dst_mac, src_mac]
-              else
-                next
-              end
+            loop do
+              my_packet = inject_reply(:udp, self.arp_capture)
+              next unless my_packet
+              next unless my_packet.payload == secret
+              dst_mac = self.arp_cache[:gateway] = my_packet.eth_daddr
+              src_mac = self.arp_cache[Rex::Socket.source_address(addr)] = my_packet.eth_saddr
+              return [dst_mac, src_mac]
             end
           end
         rescue ::Timeout::Error
-          # Well, that didn't work (this common on networks where there's no gatway, like
+          # Well, that didn't work (this is common on networks where there's no gateway, like
           # VMWare network interfaces. We'll need to use a fake source hardware address.
           self.arp_cache[Rex::Socket.source_address(addr)] = "00:00:00:00:00:00"
         end
@@ -354,26 +336,31 @@ def arp(target_ip=nil)
         return self.arp_cache[:gateway] unless should_arp? target_ip
         source_ip = Rex::Socket.source_address(target_ip)
         raise RuntimeError, "Could not access the capture process." unless self.arp_capture
+
         p = arp_packet(target_ip, source_ip)
-        inject_eth(:eth_type  => 0x0806,
-          :payload   => p,
-          :pcap      => self.arp_capture,
-          :eth_saddr => self.arp_cache[Rex::Socket.source_address(target_ip)]
-        )
-        begin
-          to = (datastore['TIMEOUT'] || 500).to_f / 1000.0
-          ::Timeout.timeout(to) do
-            while (my_packet = inject_reply(:arp, self.arp_capture))
-              if my_packet.arp_saddr_ip == target_ip
+
+        # Try up to 3 times to get an ARP response
+        1.upto(3) do
+          inject_eth(:eth_type  => 0x0806,
+            :payload   => p,
+            :pcap      => self.arp_capture,
+            :eth_saddr => self.arp_cache[Rex::Socket.source_address(target_ip)]
+          )
+          begin
+            to = ((datastore['TIMEOUT'] || 500).to_f * 8) / 1000.0
+            ::Timeout.timeout(to) do
+              loop do
+                my_packet = inject_reply(:arp, self.arp_capture)
+                next unless my_packet
+                next unless my_packet.arp_saddr_ip == target_ip
                 self.arp_cache[target_ip] = my_packet.eth_saddr
                 return self.arp_cache[target_ip]
-              else
-                next
               end
             end
+          rescue ::Timeout::Error
           end
-        rescue ::Timeout::Error
         end
+        nil
       end
 
       # Creates a full ARP packet, mainly for use with inject_eth()
 
@@ -76,7 +76,6 @@ def close_icmp_pcap()
 
     return if not @ipv6_icmp6_capture
     @ipv6_icmp6_capture = nil
-    GC.start()
   end
 
   #
Original file line number	Diff line number	Diff line change
`@@ -76,7 +76,6 @@ def close_icmp_pcap()`
`76`	`76`
`77`	`77`	`return if not @ipv6_icmp6_capture`
`78`	`78`	`@ipv6_icmp6_capture = nil`
`79`		`- GC.start()`
`80`	`79`	`end`
`81`	`80`
`82`	`81`	`#`