From e8e2a3dd61d377f3dfb2b03e6be72364d5e7aa5a Mon Sep 17 00:00:00 2001 From: h00die Date: Sun, 23 Apr 2017 11:38:29 -0400 Subject: [PATCH 1/3] chargen_probe docs --- .../scanner/chargen/chargen_probe.md | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 documentation/modules/auxiliary/scanner/chargen/chargen_probe.md diff --git a/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md b/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md new file mode 100644 index 0000000000..332f25b9c5 --- /dev/null +++ b/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md @@ -0,0 +1,48 @@ +## Vulnerable Application + +Chargen is a debugging and measurement tool and a character generator service. Often chargen is included in `xinetd`, along with `echo` `time`, `daytime`, and `discard`. +While its possible to run chargen on TCP, the most common implementation is UDP. +The following was done on Kali linux: + + 1. `apt-get install xinetd` + 2. edit `/etc/xinetd.d/chargen` and changed `disabled = yes` to `disabled = no`. The first one is for `TCP` and the second is for `UDP`. + 3. Restart the service: `service xinetd restart` + +## Verification Steps + + 1. Install and configure chargen + 2. Start msfconsole + 3. Do: `use auxiliary/scanner/chargen/chargen_probe` + 4. Do: `run` + +## Scenarios + + A run against the configuration from these docs + + ``` + msf > use auxiliary/scanner/chargen/chargen_probe + msf auxiliary(chargen_probe) > set rhosts 127.0.0.1 + rhosts => 127.0.0.1 + msf auxiliary(chargen_probe) > set verbose true + verbose => true + msf auxiliary(chargen_probe) > run + + [*] 127.0.0.1:19 - Response: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefgh + "#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi + #$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij + $%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijk + %&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijkl + &'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklm + '()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmn + ()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmno + )*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnop + *+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopq + +,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqr + ,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrs + -./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrst + ./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghi + + [+] 127.0.0.1:19 answers with 1022 bytes (headers + UDP payload) + [*] Scanned 1 of 1 hosts (100% complete) + [*] Auxiliary module execution completed + ``` From c6109f713853e9bcc644bfe2e5668b90203fb0d5 Mon Sep 17 00:00:00 2001 From: h00die Date: Sun, 23 Apr 2017 11:41:08 -0400 Subject: [PATCH 2/3] add newline --- documentation/modules/auxiliary/scanner/chargen/chargen_probe.md | 1 + 1 file changed, 1 insertion(+) diff --git a/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md b/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md index 332f25b9c5..b8522c8751 100644 --- a/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md +++ b/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md @@ -2,6 +2,7 @@ Chargen is a debugging and measurement tool and a character generator service. Often chargen is included in `xinetd`, along with `echo` `time`, `daytime`, and `discard`. While its possible to run chargen on TCP, the most common implementation is UDP. + The following was done on Kali linux: 1. `apt-get install xinetd` From 562389df577b4a7e9d0b7aab74c55e267ab164a9 Mon Sep 17 00:00:00 2001 From: h00die Date: Sun, 23 Apr 2017 11:49:52 -0400 Subject: [PATCH 3/3] add comma --- .../modules/auxiliary/scanner/chargen/chargen_probe.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md b/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md index b8522c8751..d9cb416d0c 100644 --- a/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md +++ b/documentation/modules/auxiliary/scanner/chargen/chargen_probe.md @@ -1,6 +1,7 @@ ## Vulnerable Application -Chargen is a debugging and measurement tool and a character generator service. Often chargen is included in `xinetd`, along with `echo` `time`, `daytime`, and `discard`. +Chargen is a debugging and measurement tool and a character generator service. Often `chargen` is included in `xinetd`, +along with `echo`, `time`, `daytime`, and `discard`. While its possible to run chargen on TCP, the most common implementation is UDP. The following was done on Kali linux: