Page 58

Chapter 3

def run_host(ip)
connect()

sock.puts('HELLO SERVER')

data = sock.recv(1024)

print_status("Received: #{data} from #{ip}")

disconnect()
end
end

This simple scanner uses the

Msf::Exploit::Remote::Tcp

mixin to handle

the TCP networking, and the

Msf::Auxiliary::Scanner

mixin exposes the vari-

ous settings that are required for scanners within the Framework  . This
scanner is configured to use the default port of 12345  , and upon connect-
ing to the server, it sends a message  , receives the reply from the server, and
then prints it out to the screen along with the server IP address  .

We have saved this custom script under

modules/auxiliary/scanner/

simple_tcp.rb

. The saved location is important in Metasploit. For example, if

the module is saved under

modules/auxiliary/scanner/http/

, it would show up

in the modules list as

scanner/http/simple_tcp

To test this rudimentary scanner, we set up a

netcat

listener on port 12345

and pipe in a text file to act as the server response.

root@bt:/#

echo "Hello Metasploit" > banner.txt

root@bt:/#

nc -lvnp 12345 < banner.txt

listening on [any] 12345...

Next, we load up

msfconsole

, select our scanner module, set its param-

eters, and run it to see if it works.

msf >

use auxiliary/scanner/simple_tcp

msf auxiliary(simple_tcp) >

show options

Module options:

   Name   Current Setting Required Description
   ----   --------------- -------- -----------
   RHOSTS             yes     The target address range or CIDR identifier
   RPORT 12345         yes     The target port
   THREADS 1           yes     The number of concurrent threads

msf auxiliary(simple_tcp) >

set RHOSTS 192.168.1.101

RHOSTS => 192.168.1.101
msf auxiliary(simple_tcp) >

run

[*] Received: Hello Metasploit from 192.168.1.101
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(simple_tcp) >