adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Land #8282, Add module doc for auxiliary/scanner/chargen/chargen_probe

Browse Source
This commit is contained in:
wchen-r7
2017-04-24 16:14:19 -05:00
parent 5bbb4d755a 562389df57
commit 35bc1fbf28
1 changed files with 50 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
documentation/modules/auxiliary/scanner/chargen/chargen_probe.md
+50
View File
@@ -0,0 +1,50 @@
## Vulnerable Application
Chargen is a debugging and measurement tool and a character generator service. Often `chargen` is included in `xinetd`,
along with `echo`, `time`, `daytime`, and `discard`.
While its possible to run chargen on TCP, the most common implementation is UDP.
The following was done on Kali linux:
1. `apt-get install xinetd`
2. edit `/etc/xinetd.d/chargen` and changed `disabled = yes` to `disabled = no`. The first one is for `TCP` and the second is for `UDP`.
3. Restart the service: `service xinetd restart`
## Verification Steps
1. Install and configure chargen
2. Start msfconsole
3. Do: `use auxiliary/scanner/chargen/chargen_probe`
4. Do: `run`
## Scenarios
A run against the configuration from these docs
```
msf > use auxiliary/scanner/chargen/chargen_probe
msf auxiliary(chargen_probe) > set rhosts 127.0.0.1
rhosts => 127.0.0.1
msf auxiliary(chargen_probe) > set verbose true
verbose => true
msf auxiliary(chargen_probe) > run
[*] 127.0.0.1:19 - Response: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh
"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi
#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij
$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk
%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl
&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm
'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn
()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno
)*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop
*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq
+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr
,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs
-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst
./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi
[+] 127.0.0.1:19 answers with 1022 bytes (headers + UDP payload)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```