Skip to content

Commit df0ff30

Browse files
author
Brent Cook
committed
Land rapid7#6642, make ipv6_neighbor_router_advertisement discovery smarter
2 parents d20731c + 635e319 commit df0ff30

File tree

1 file changed

+14
-11
lines changed

1 file changed

+14
-11
lines changed

modules/auxiliary/scanner/discovery/ipv6_neighbor_router_advertisement.rb

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ def initialize
2020
the host portion of the IPv6 address. Use NDP host solicitation to
2121
determine if the IP address is valid'
2222
},
23-
'Author' => 'wuntee',
23+
'Author' => ['wuntee', 'd0lph1n98'],
2424
'License' => MSF_LICENSE,
2525
'References' =>
2626
[
@@ -33,20 +33,22 @@ def initialize
3333
OptInt.new('TIMEOUT_NEIGHBOR', [true, "Time (seconds) to listen for a solicitation response.", 1])
3434
], self.class)
3535

36-
register_advanced_options(
37-
[
38-
OptString.new('PREFIX', [true, "Prefix that each host should get an IPv6 address from",
39-
"2001:1234:DEAD:BEEF::"]
40-
)
41-
], self.class)
42-
4336
deregister_options('SNAPLEN', 'FILTER', 'RHOST', 'PCAPFILE')
4437
end
4538

39+
def generate_prefix()
40+
max = 16 ** 4
41+
prefix = "2001:"
42+
(0..2).each do
43+
prefix << "%x:" % Random.rand(0..max)
44+
end
45+
return prefix << ':'
46+
end
47+
4648
def listen_for_neighbor_solicitation(opts = {})
4749
hosts = []
4850
timeout = opts['TIMEOUT'] || datastore['TIMEOUT']
49-
prefix = opts['PREFIX'] || datastore['PREFIX']
51+
prefix = @prefix
5052

5153
max_epoch = ::Time.now.to_i + timeout
5254
autoconf_prefix = IPAddr.new(prefix).to_string().slice(0..19)
@@ -94,7 +96,7 @@ def create_router_advertisment(opts={})
9496
smac = @smac
9597
shost = opts['SHOST'] || datastore['SHOST'] || ipv6_link_address
9698
lifetime = opts['LIFETIME'] || datastore['TIMEOUT']
97-
prefix = opts['PREFIX'] || datastore['PREFIX']
99+
prefix = @prefix
98100
plen = 64
99101
dmac = "33:33:00:00:00:01"
100102

@@ -141,7 +143,7 @@ def router_advertisement_payload
141143
checksum = 0
142144
hop_limit = 0
143145
flags = 0x08
144-
lifetime = 1800
146+
lifetime = 0
145147
reachable = 0
146148
retrans = 0
147149
[type, code, checksum, hop_limit, flags,
@@ -152,6 +154,7 @@ def run
152154
# Start capture
153155
open_pcap({'FILTER' => "icmp6"})
154156

157+
@prefix = generate_prefix()
155158
@netifaces = true
156159
if not netifaces_implemented?
157160
print_error("WARNING : Pcaprub is not uptodate, some functionality will not be available")

0 commit comments

Comments
 (0)