Class: Rex::Proto::DHCP::Server
- Inherits:
-
Object
- Object
- Rex::Proto::DHCP::Server
- Includes:
- Socket
- Defined in:
- lib/rex/proto/dhcp/server.rb
Overview
DHCP Server class not completely configurable - written specifically for a PXE server
-
scriptjunkie
extended to support testing/exploiting CVE-2011-0997
Constant Summary
Constants included from Socket
Socket::MATCH_IPV4, Socket::MATCH_IPV4_PRIVATE, Socket::MATCH_IPV6
Instance Attribute Summary collapse
-
#broadcasta ⇒ Object
Returns the value of attribute broadcasta.
-
#context ⇒ Object
Returns the value of attribute context.
-
#current_ip ⇒ Object
Returns the value of attribute current_ip.
-
#dnsserv ⇒ Object
Returns the value of attribute dnsserv.
-
#domain_name ⇒ Object
Returns the value of attribute domain_name.
-
#end_ip ⇒ Object
Returns the value of attribute end_ip.
-
#give_hostname ⇒ Object
Returns the value of attribute give_hostname.
-
#ipstring ⇒ Object
Returns the value of attribute ipstring.
-
#leasetime ⇒ Object
Returns the value of attribute leasetime.
-
#listen_host ⇒ Object
Returns the value of attribute listen_host.
-
#listen_port ⇒ Object
Returns the value of attribute listen_port.
-
#myfilename ⇒ Object
Returns the value of attribute myfilename.
-
#netmaskn ⇒ Object
Returns the value of attribute netmaskn.
-
#pxealtconfigfile ⇒ Object
Returns the value of attribute pxealtconfigfile.
-
#pxeconfigfile ⇒ Object
Returns the value of attribute pxeconfigfile.
-
#pxepathprefix ⇒ Object
Returns the value of attribute pxepathprefix.
-
#pxereboottime ⇒ Object
Returns the value of attribute pxereboottime.
-
#relayip ⇒ Object
Returns the value of attribute relayip.
-
#reporter ⇒ Object
Returns the value of attribute reporter.
-
#router ⇒ Object
Returns the value of attribute router.
-
#served ⇒ Object
Returns the value of attribute served.
-
#served_hostname ⇒ Object
Returns the value of attribute served_hostname.
-
#served_over ⇒ Object
Returns the value of attribute served_over.
-
#serveOnce ⇒ Object
Returns the value of attribute serveOnce.
-
#serveOnlyPXE ⇒ Object
Returns the value of attribute serveOnlyPXE.
-
#servePXE ⇒ Object
Returns the value of attribute servePXE.
-
#sock ⇒ Object
Returns the value of attribute sock.
-
#start_ip ⇒ Object
Returns the value of attribute start_ip.
-
#thread ⇒ Object
Returns the value of attribute thread.
-
#url ⇒ Object
Returns the value of attribute url.
Attributes included from Socket
#ipv, #localhost, #localport, #peerhost, #peerport
Instance Method Summary collapse
-
#initialize(hash, context = {}) ⇒ Server
constructor
A new instance of Server.
- #report(&block) ⇒ Object
-
#send_packet(ip, pkt) ⇒ Object
Send a single packet to the specified host.
-
#set_option(opts) ⇒ Object
Set an option.
-
#start ⇒ Object
Start the DHCP server.
-
#stop ⇒ Object
Stop the DHCP server.
Methods included from Socket
addr_atoc, addr_atoi, addr_atoi_list, addr_aton, addr_ctoa, addr_itoa, addr_iton, addr_ntoa, addr_ntoi, bit2netmask, cidr_crack, compress_address, create, create_ip, create_param, create_tcp, create_tcp_server, create_udp, dotted_ip?, eth_aton, eth_ntoa, #fd, from_sockaddr, getaddress, getaddresses, gethostbyname, #getlocalname, #getpeername, #getsockname, #initsock, ipv6_link_address, ipv6_mac, is_internal?, is_ipv4?, is_ipv6?, net2bitmask, portlist_to_portspec, portspec_crack, portspec_to_portlist, resolv_nbo, resolv_nbo_i, resolv_nbo_i_list, resolv_nbo_list, resolv_to_dotted, source_address, support_ipv6?, tcp_socket_pair, to_sockaddr, #type?, udp_socket_pair
Constructor Details
#initialize(hash, context = {}) ⇒ Server
Returns a new instance of Server.
24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
# File 'lib/rex/proto/dhcp/server.rb', line 24 def initialize(hash, context = {}) self.listen_host = '0.0.0.0' # clients don't already have addresses. Needs to be 0.0.0.0 self.listen_port = 67 # mandatory (bootps) self.context = context self.sock = nil self.myfilename = hash['FILENAME'] || "" self.myfilename << ("\x00" * (128 - self.myfilename.length)) source = hash['SRVHOST'] || Rex::Socket.source_address self.ipstring = Rex::Socket.addr_aton(source) ipstart = hash['DHCPIPSTART'] if ipstart self.start_ip = Rex::Socket.addr_atoi(ipstart) else # Use the first 3 octects of the server's IP to construct the # default range of x.x.x.32-254 self.start_ip = "#{self.ipstring[0..2]}\x20".unpack("N").first end self.current_ip = start_ip ipend = hash['DHCPIPEND'] if ipend self.end_ip = Rex::Socket.addr_atoi(ipend) else # Use the first 3 octects of the server's IP to construct the # default range of x.x.x.32-254 self.end_ip = "#{self.ipstring[0..2]}\xfe".unpack("N").first end # netmask netmask = hash['NETMASK'] || "255.255.255.0" self.netmaskn = Rex::Socket.addr_aton(netmask) # router router = hash['ROUTER'] || source self.router = Rex::Socket.addr_aton(router) # dns dnsserv = hash['DNSSERVER'] || source self.dnsserv = Rex::Socket.addr_aton(dnsserv) # broadcast if hash['BROADCAST'] self.broadcasta = Rex::Socket.addr_aton(hash['BROADCAST']) else self.broadcasta = Rex::Socket.addr_itoa( self.start_ip | (Rex::Socket.addr_ntoi(self.netmaskn) ^ 0xffffffff) ) end self.served = {} self.serveOnce = hash.include?('SERVEONCE') self.servePXE = (hash.include?('PXE') or hash.include?('FILENAME') or hash.include?('PXEONLY')) self.serveOnlyPXE = hash.include?('PXEONLY') # Always assume we don't give out hostnames ... self.give_hostname = false self.served_over = 0 if (hash['HOSTNAME']) self.give_hostname = true self.served_hostname = hash['HOSTNAME'] if ( hash['HOSTSTART'] ) self.served_over = hash['HOSTSTART'].to_i end end self.leasetime = 600 self.relayip = "\x00\x00\x00\x00" # relay ip - not currently suported self.pxeconfigfile = "update2" self.pxealtconfigfile = "update0" self.pxepathprefix = "" self.pxereboottime = 2000 self.domain_name = hash['DOMAINNAME'] || nil self.url = hash['URL'] if hash.include?('URL') end |
Instance Attribute Details
#broadcasta ⇒ Object
Returns the value of attribute broadcasta.
159 160 161 |
# File 'lib/rex/proto/dhcp/server.rb', line 159 def broadcasta @broadcasta end |
#context ⇒ Object
Returns the value of attribute context.
156 157 158 |
# File 'lib/rex/proto/dhcp/server.rb', line 156 def context @context end |
#current_ip ⇒ Object
Returns the value of attribute current_ip.
159 160 161 |
# File 'lib/rex/proto/dhcp/server.rb', line 159 def current_ip @current_ip end |
#dnsserv ⇒ Object
Returns the value of attribute dnsserv.
156 157 158 |
# File 'lib/rex/proto/dhcp/server.rb', line 156 def dnsserv @dnsserv end |
#domain_name ⇒ Object
Returns the value of attribute domain_name.
157 158 159 |
# File 'lib/rex/proto/dhcp/server.rb', line 157 def domain_name @domain_name end |
#end_ip ⇒ Object
Returns the value of attribute end_ip.
159 160 161 |
# File 'lib/rex/proto/dhcp/server.rb', line 159 def end_ip @end_ip end |
#give_hostname ⇒ Object
Returns the value of attribute give_hostname.
161 162 163 |
# File 'lib/rex/proto/dhcp/server.rb', line 161 def give_hostname @give_hostname end |
#ipstring ⇒ Object
Returns the value of attribute ipstring.
158 159 160 |
# File 'lib/rex/proto/dhcp/server.rb', line 158 def ipstring @ipstring end |
#leasetime ⇒ Object
Returns the value of attribute leasetime.
156 157 158 |
# File 'lib/rex/proto/dhcp/server.rb', line 156 def leasetime @leasetime end |
#listen_host ⇒ Object
Returns the value of attribute listen_host.
156 157 158 |
# File 'lib/rex/proto/dhcp/server.rb', line 156 def listen_host @listen_host end |
#listen_port ⇒ Object
Returns the value of attribute listen_port.
156 157 158 |
# File 'lib/rex/proto/dhcp/server.rb', line 156 def listen_port @listen_port end |
#myfilename ⇒ Object
Returns the value of attribute myfilename.
158 159 160 |
# File 'lib/rex/proto/dhcp/server.rb', line 158 def myfilename @myfilename end |
#netmaskn ⇒ Object
Returns the value of attribute netmaskn.
159 160 161 |
# File 'lib/rex/proto/dhcp/server.rb', line 159 def netmaskn @netmaskn end |
#pxealtconfigfile ⇒ Object
Returns the value of attribute pxealtconfigfile.
160 161 162 |
# File 'lib/rex/proto/dhcp/server.rb', line 160 def pxealtconfigfile @pxealtconfigfile end |
#pxeconfigfile ⇒ Object
Returns the value of attribute pxeconfigfile.
160 161 162 |
# File 'lib/rex/proto/dhcp/server.rb', line 160 def pxeconfigfile @pxeconfigfile end |
#pxepathprefix ⇒ Object
Returns the value of attribute pxepathprefix.
160 161 162 |
# File 'lib/rex/proto/dhcp/server.rb', line 160 def pxepathprefix @pxepathprefix end |
#pxereboottime ⇒ Object
Returns the value of attribute pxereboottime.
160 161 162 |
# File 'lib/rex/proto/dhcp/server.rb', line 160 def pxereboottime @pxereboottime end |
#relayip ⇒ Object
Returns the value of attribute relayip.
156 157 158 |
# File 'lib/rex/proto/dhcp/server.rb', line 156 def relayip @relayip end |
#reporter ⇒ Object
Returns the value of attribute reporter.
161 162 163 |
# File 'lib/rex/proto/dhcp/server.rb', line 161 def reporter @reporter end |
#router ⇒ Object
Returns the value of attribute router.
156 157 158 |
# File 'lib/rex/proto/dhcp/server.rb', line 156 def router @router end |
#served ⇒ Object
Returns the value of attribute served.
158 159 160 |
# File 'lib/rex/proto/dhcp/server.rb', line 158 def served @served end |
#served_hostname ⇒ Object
Returns the value of attribute served_hostname.
161 162 163 |
# File 'lib/rex/proto/dhcp/server.rb', line 161 def served_hostname @served_hostname end |
#served_over ⇒ Object
Returns the value of attribute served_over.
161 162 163 |
# File 'lib/rex/proto/dhcp/server.rb', line 161 def served_over @served_over end |
#serveOnce ⇒ Object
Returns the value of attribute serveOnce.
158 159 160 |
# File 'lib/rex/proto/dhcp/server.rb', line 158 def serveOnce @serveOnce end |
#serveOnlyPXE ⇒ Object
Returns the value of attribute serveOnlyPXE.
160 161 162 |
# File 'lib/rex/proto/dhcp/server.rb', line 160 def serveOnlyPXE @serveOnlyPXE end |
#servePXE ⇒ Object
Returns the value of attribute servePXE.
160 161 162 |
# File 'lib/rex/proto/dhcp/server.rb', line 160 def servePXE @servePXE end |
#sock ⇒ Object
Returns the value of attribute sock.
158 159 160 |
# File 'lib/rex/proto/dhcp/server.rb', line 158 def sock @sock end |
#start_ip ⇒ Object
Returns the value of attribute start_ip.
159 160 161 |
# File 'lib/rex/proto/dhcp/server.rb', line 159 def start_ip @start_ip end |
#thread ⇒ Object
Returns the value of attribute thread.
158 159 160 |
# File 'lib/rex/proto/dhcp/server.rb', line 158 def thread @thread end |
#url ⇒ Object
Returns the value of attribute url.
161 162 163 |
# File 'lib/rex/proto/dhcp/server.rb', line 161 def url @url end |
Instance Method Details
#report(&block) ⇒ Object
102 103 104 |
# File 'lib/rex/proto/dhcp/server.rb', line 102 def report(&block) self.reporter = block end |
#send_packet(ip, pkt) ⇒ Object
Send a single packet to the specified host
145 146 147 148 149 150 151 152 153 154 |
# File 'lib/rex/proto/dhcp/server.rb', line 145 def send_packet(ip, pkt) port = 68 # bootpc if ip self.sock.sendto( pkt, ip, port ) else if not self.sock.sendto( pkt, '255.255.255.255', port ) self.sock.sendto( pkt, self.broadcasta, port ) end end end |
#set_option(opts) ⇒ Object
Set an option
128 129 130 131 132 133 134 135 136 137 138 139 140 141 |
# File 'lib/rex/proto/dhcp/server.rb', line 128 def set_option(opts) = [ :serveOnce, :pxealtconfigfile, :servePXE, :relayip, :leasetime, :dnsserv, :pxeconfigfile, :pxepathprefix, :pxereboottime, :router, :give_hostname, :served_hostname, :served_over, :serveOnlyPXE, :domain_name, :url ] opts.each_pair { |k,v| next if not v if .include?(k) self.instance_variable_set("@#{k}", v) end } end |
#start ⇒ Object
Start the DHCP server
107 108 109 110 111 112 113 114 115 116 117 |
# File 'lib/rex/proto/dhcp/server.rb', line 107 def start self.sock = Rex::Socket::Udp.create( 'LocalHost' => listen_host, 'LocalPort' => listen_port, 'Context' => context ) self.thread = Rex::ThreadFactory.spawn("DHCPServerMonitor", false) { monitor_socket } end |
#stop ⇒ Object
Stop the DHCP server
120 121 122 123 124 |
# File 'lib/rex/proto/dhcp/server.rb', line 120 def stop self.thread.kill self.served = {} self.sock.close rescue nil end |