##
# This module requires Metasploit: https:\/\/metasploit.com\/download
# Current source: https:\/\/github.com\/rapid7\/metasploit-framework
##<\/p>\n
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report<\/p>\n
def initialize
super(
‘Name’ => ‘TFTP Brute Forcer’,
‘Description’ => ‘This module uses a dictionary to brute force valid TFTP image names from a TFTP server.’,
‘Author’ => ‘antoine’,
‘License’ => BSD_LICENSE
)<\/p>\n
register_options(
[
Opt::RPORT(69),
Opt::CHOST,
OptPath.new(‘DICTIONARY’, [ true, ‘The list of filenames’,
File.join(Msf::Config.data_directory, “wordlists”, “tftp.txt”) ])
])
end<\/p>\n
def run_host(ip)
begin<\/p>\n
# Create an unbound UDP socket if no CHOST is specified, otherwise
# create a UDP socket bound to CHOST (in order to avail of pivoting)
udp_sock = Rex::Socket::Udp.create(
{
‘LocalHost’ => datastore[‘CHOST’] || nil,
‘Context’ =>
{
‘Msf’ => framework,
‘MsfExploit’ => self,
}
}
)
add_socket(udp_sock)<\/p>\n
fd = File.open(datastore[‘DICTIONARY’], ‘rb’)
fd.read(fd.stat.size).split(“\\n”).each do |filename|
filename.strip!
pkt = “\\x00\\x01” + filename + “\\x00” + “netascii” + “\\x00”
udp_sock.sendto(pkt, ip, datastore[‘RPORT’])
resp = udp_sock.get(3)
if resp and resp.length >= 2 and resp[0, 2] == “\\x00\\x03”
print_good(“Found #{filename} on #{ip}”)
#Add Report
report_note(
:host => ip,
:proto => ‘udp’,
:sname => ‘tftp’,
:port => datastore[‘RPORT’],
:type => “Found #{filename}”,
:data => “Found #{filename}”
)
end
end
fd.close
rescue
ensure
udp_sock.close
end
end
end<\/p>\n","protected":false},"excerpt":{"rendered":"
### This module requires Metasploit: https:\/\/metasploit.com\/download# Current source: https:\/\/github.com\/rapid7\/metasploit-framework## class MetasploitModule < Msf::Auxiliaryinclude Msf::Auxiliary::Scannerinclude Msf::Auxiliary::Report def initializesuper(‘Name’ => ‘TFTP Brute Forcer’,‘Description’ => ‘This module uses a dictionary to brute force valid TFTP image names from a TFTP server.’,‘Author’ => ‘antoine’,‘License’ => BSD_LICENSE) register_options([Opt::RPORT(69),Opt::CHOST,OptPath.new(‘DICTIONARY’, [ true, ‘The list of filenames’,File.join(Msf::Config.data_directory, “wordlists”, “tftp.txt”) ])])end def run_host(ip)begin # …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-59327","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59327","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=59327"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/59327\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=59327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=59327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=59327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}