modules/auxiliary/scanner/pcanywhere/pcanywhere_udp.rb
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Auxiliary::Report
include Msf::Auxiliary::UDPScanner
def initialize
super(
'Name' => 'PcAnywhere UDP Service Discovery',
'Description' => 'Discover active pcAnywhere services through UDP',
'Author' => 'hdm',
'License' => MSF_LICENSE,
'References' =>
[
['URL', 'http://www.unixwiz.net/tools/pcascan.txt']
]
)
register_options(
[
Opt::RPORT(5632)
])
end
def scanner_prescan(batch)
print_status("Sending pcAnywhere discovery requests to #{batch[0]}->#{batch[-1]} (#{batch.length} hosts)")
@results = {}
end
def scan_host(ip)
scanner_send("NQ", ip, datastore['RPORT'])
scanner_send("ST", ip, datastore['RPORT'])
end
def scanner_postscan(batch)
@results.keys.each do |ip|
data = @results[ip]
info = ""
if data[:name]
info << "Name: #{data[:name]} "
end
if data[:stat]
info << "- #{data[:stat]} "
end
if data[:caps]
info << "( #{data[:caps]} ) "
end
report_service(:host => ip, :port => datastore['RPORT'], :proto => 'udp', :name => "pcanywhere_stat", :info => info)
report_note(:host => ip, :port => datastore['RPORT'], :proto => 'udp', :name => "pcanywhere_stat", :update => :unique, :ntype => "pcanywhere.status", :data => data )
print_good("#{ip}:#{datastore['RPORT']} #{info}")
end
end
def scanner_process(data, shost, sport)
case data
when /^NR(........................)(........)/
name = $1.dup
caps = $2.dup
name = name.gsub(/_+$/, '').gsub("\x00", '').strip
caps = caps.gsub(/_+$/, '').gsub("\x00", '').strip
@results[shost] ||= {}
@results[shost][:name] = name
@results[shost][:caps] = caps
when /^ST(.+)/
@results[shost] ||= {}
buff = $1.dup
stat = 'Unknown'
if buff[2,1].unpack("C")[0] == 67
stat = "Available"
end
if buff[2,1].unpack("C")[0] == 11
stat = "Busy"
end
@results[shost][:stat] = stat
else
print_error("#{shost} Unknown: #{data.inspect}")
end
end
end