Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: having a problem running udp_sweep module

From: Stephen Fewer <stephen_fewer () harmonysecurity com>
Date: Fri, 05 Mar 2010 01:28:55 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jason,

Is 10.0.1.51 the IP address of an interface on the box which you are
running metasploit?

If so the generated UDP socket should get bound to this address with no
error (The Rex::Socket::SwitchBoard will use the
Rex::Socket::Comm::Local communication factory).

If 10.0.1.51 is not a local interface address you must have an
appropriate route setup in order to pivot the udp_sweep through a
meterpreter session. The CHOST is the address you want to run the scan
out of via some meterpreter session.

If CHOST is not set you end up binding to INADDR_ANY (0.0.0.0) on your
local box.

- - Stephen.

On 05/03/2010 00:51, Jason Ross wrote:

Hi,
I'm getting the following error when running
modules/auxiliary/scanner/discovery/udp_sweep.rb :
====
msf auxiliary(udp_sweep) > run

[*] Sending 10 probes to 10.0.1.0->10.0.1.255 (256 hosts)
[*] Unknown error: Errno::EINVAL Invalid argument - bind(2)
[*] Scanned 256 of 256 hosts (100% complete)
[*] Auxiliary module execution completed
====


I've got the following options set up:
====
msf auxiliary(udp_sweep) > show options

Module options:

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   BATCHSIZE  256              yes       The number of hosts to probe
in each set
   CHOST      10.0.1.51        no        The local client address
   RHOSTS     10.0.1.0/24      yes       The target address range or
CIDR identifier
   THREADS    20               yes       The number of concurrent threads
   VERBOSE    false            no        Enable verbose output
====

I'm pretty sure the error is thrown from the socket bind on line 80:

   udp_sock = Rex::Socket::Udp.create( { 'LocalHost' =>
datastore['CHOST'] || nil } )

If I 'unset CHOST' the run works just fine, so this only appears to happen
when a value is present for the CHOST option.

My ruby foo is too weak to track down what the specific issue is quickly, but
I'm still playing ;-)

(If it's helpful, I'm running metasploit as root on Ubuntu 9.10 x86)

--
jason
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkuQXlcACgkQQIrmi1YdFr42oACfUcr2UXyLfpPG/jaD2uki73p9
TwUAnRiylCPxu9whyaxnKvSDxg555Brt
=KrUX
-----END PGP SIGNATURE-----
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: