Browse Source

Just use a straight RPORT, don't sneak 593.

Incidentally, the endmap scanner doesn't appear to work at all for
http-rpc-epmap, so no harm done anyway (tested against Windows 2008
server).

It looks like a bigger change than it realy is, thanks to the indentaton
changes by removing the itertor. Diff this without whitespace changes to
get a better idea of what's actually different.
Tod Beardsley 6 years ago
parent
commit
ac1fb2d1da
No account linked to committer's email address
1 changed files with 9 additions and 15 deletions
  1. 9
    15
      lib/msf/core/exploit/dcerpc_epm.rb

+ 9
- 15
lib/msf/core/exploit/dcerpc_epm.rb View File

@@ -43,26 +43,20 @@ module Exploit::Remote::DCERPC_EPM
43 43
     print_status("Connecting to the endpoint mapper service...")
44 44
     begin
45 45
       eps   = nil
46
-      dport = nil
46
+      dport = datastore['RPORT'] || 135
47 47
 
48
-      [datastore['RPORT'], 135, 593,].uniq.each do |i|
49
-        dport = i
50
-        begin
51
-          eps = Rex::Socket::Tcp.create(
48
+      begin
49
+        eps = Rex::Socket::Tcp.create(
52 50
           'PeerHost'  => rhost,
53 51
           'PeerPort'  => dport,
54 52
           'Proxies'   => proxies,
55 53
           'Context'   =>
56
-            {
57
-              'Msf'        => framework,
58
-              'MsfExploit' => self,
59
-            }
60
-          )
61
-
62
-          break
63
-
64
-        rescue ::Exception
65
-        end
54
+          {
55
+            'Msf'        => framework,
56
+            'MsfExploit' => self,
57
+          }
58
+        )
59
+      rescue ::Exception
66 60
       end
67 61
 
68 62
       if (not eps)

Loading…
Cancel
Save