New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add SOAP PortMapping UPnP auxiliary module #5776
Conversation
You should fix any errors from msftidy and push to this PR. |
header = "POST http://#{rhost}:#{rport}/#{ctrlurl} HTTP/1.0\r\n" | ||
header << "Content-Type: text/xml;charset=\"utf-8\"\r\n" | ||
header << "SOAPAction: #{soapaction}\n\r" | ||
header << "User-Agent: SOAP AddPortMapping Metasploit Module\r\n" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd leave the "User-Agent" less obvious. Like: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmmm, on second thought, one hard coded value is not legal. Use Rex::UserAgent.random
is more appropriate.
Thx i will modify it |
Looks like mostly msftidy errors:
|
## | ||
|
||
require 'msf/core' | ||
class Metasploit3 < Msf::Auxiliary |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should really go in modules/auxiliary/admin/upnp
, instead.
) | ||
register_options( | ||
[ | ||
OptString.new('CTRL_URL', [ true, 'UPnP Control URL']), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should use Msf::Exploit::Remote::HttpClient
for this
UDP is fun too. Are there others?
My testing having applied St0rn#1 so far. I've got a box running miniupnpd 1.7 with the SOAP interface bound to 12345/TCP. Confirm that there are chains ready and clear:
Create a mapping:
Confirm it with
|
Clean-up and enhance soap_addportmapping.rb
@jhart-r7 thx |
def initialize | ||
super( | ||
'Name' => 'UPnP AddPortMapping', | ||
'Description' => 'UPnP AddPortMapping SOAP request', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a better name and description.
Auxiliary module to add Port Mapping into routers which allow UPnP SOAP request.
The success status is verified by router response to a request (HTTP code 200).
Example Output