Merge pull request #3 from BoLaMN/random-port

get random port for http server

Author: Nathan

package.json

@@ -1,6 +1,6 @@
 {
   "name": "tch-exploit",
-  "version": "1.0.7",
+  "version": "1.0.8",
   "main": "dist/index.js",
   "bin": "dist/index.js",
   "scripts": {

src/index.coffee

@@ -22,6 +22,7 @@ route = require './router'
 cwmp = require './cwmp'
 file = require './file'
 args = require './args'
+http = require './port'
 
 if args.sts
   try
@@ -72,125 +73,129 @@ ask (intr) ->
   ip.pop()
   ip = ip.join '.'
 
-  dhcpd
-    .createServer
-      range: [
-        ip + '.10'
-        ip + '.15'
-      ]
-      forceOptions: [ 'router', 'hostname', 'vendor' ]
-      randomIP: true
-      vendor: [
-        1,
-        18,
-        104,
-        116,
-        116,
-        112,
-        58,
-        47,
-        47,
-        53,
-        56,
-        46,
-        49,
-        54,
-        50,
-        46,
-        48,
-        46,
-        49,
-        47,
-        2,
-        7,
-        84,
-        101,
-        108,
-        115,
-        116,
-        114,
-        97
-      ]
-      netmask: '255.255.255.0'
-      router: [ ip + '.1' ]
-      hostname: 'second.gateway'
-      broadcast: ip + '.255'
-      #bootFile: args.bootp
-      server: ip + '.1'
-    .on 'message', (data) ->
-      console.log '### MESSAGE', JSON.stringify data
-    .on 'bound', (state, ans) ->
-      console.log '### BOUND', JSON.stringify state
-    .on 'error', (err, data) ->
-      return unless data
-
-      console.log '!!! ERROR', err, data
-    .listen 67
-
-  route
-    .get '/file.sts', (req, res) ->
-      console.log '>>> STS REQUEST'
-
-      file = file.custom or file.sts
-
-      headers =
-        'Content-Type': 'text/plain'
-        'Content-Length': file.length
-
-      console.log '>>> STS RESPONSE'
-      console.dir [headers, file.toString('utf8')]
-
-      res.writeHead 200, headers
-
-      stream = new Duplex()
-      stream.push file
-      stream.push null
-      stream.pipe res
-    .get '/done', (req, res) ->
-      console.log '>>> WPS CALLBACK'
-      console.log """\n
-        All done,
-
-        - change network card settings back to dhcp and move the cable back to a lan port
-        - try ssh connection to the gateways ip (usually 192.168.0.1) with username root and password root (change password immediately with passwd!)
-
-        ssh [email protected]"""
-
-      setTimeout ->
-        process.exit 1
-      , 20000
-
-      res.writeHead 200
-      res.end()
-    .get '/{rbi}(.*?).rbi', (req, res) ->
-      console.log '>>> RBI REQUEST'
-
-      fp = path.join process.cwd(), req.params.rbi, '.rbi'
-
-      if existsSync fp
-        stats = statSync fp
+  http().then (port) ->
+    
+    dhcpd
+      .createServer
+        range: [
+          ip + '.10'
+          ip + '.15'
+        ]
+        forceOptions: [ 'router', 'hostname', 'vendor' ]
+        randomIP: true
+        vendor: [
+          1,
+          18,
+          104,
+          116,
+          116,
+          112,
+          58,
+          47,
+          47,
+          53,
+          56,
+          46,
+          49,
+          54,
+          50,
+          46,
+          48,
+          46,
+          49,
+          47,
+          2,
+          7,
+          84,
+          101,
+          108,
+          115,
+          116,
+          114,
+          97
+        ]
+        netmask: '255.255.255.0'
+        router: [ ip + '.1' ]
+        hostname: 'second.gateway'
+        broadcast: ip + '.255'
+        #bootFile: args.bootp
+        server: ip + '.1'
+      .on 'listening', (sock, type) ->
+        address = sock.address()
+
+        console.log "Waiting for DHCP#{type} request...", address.address + ':' + address.port
+      .on 'message', (data) ->
+        console.log '### MESSAGE', JSON.stringify data
+      .on 'bound', (state, ans) ->
+        console.log '### BOUND', JSON.stringify state
+      .on 'error', (err, data) ->
+        return unless data
+
+        console.log '!!! ERROR', err, data
+      .listen 67
+
+    route
+      .get '/file.sts', (req, res) ->
+        console.log '>>> STS REQUEST'
+
+        file = file.custom or file.sts
 
         headers =
           'Content-Type': 'text/plain'
-          'Content-Length': stats.size
+          'Content-Length': file.length
 
-        stream = createReadStream fp
-
-        console.log '>>> RBI RESPONSE'
-        console.dir [headers, fp]
+        console.log '>>> STS RESPONSE'
+        console.dir [headers, file.toString('utf8')]
 
         res.writeHead 200, headers
+
+        stream = new Duplex()
+        stream.push file
+        stream.push null
         stream.pipe res
-      else
-        res.writeHead 404
+      .get '/done', (req, res) ->
+        console.log '>>> WPS CALLBACK'
+        console.log """\n
+          All done,
+
+          - change network card settings back to dhcp and move the cable back to a lan port
+          - try ssh connection to the gateways ip (usually 192.168.0.1) with username root and password root (change password immediately with passwd!)
+
+          ssh [email protected]"""
+
+        setTimeout ->
+          process.exit 1
+        , 20000
+
+        res.writeHead 200
+        res.end()
+      .get '/{rbi}(.*?).rbi', (req, res) ->
+        console.log '>>> RBI REQUEST'
+
+        fp = path.join process.cwd(), req.params.rbi, '.rbi'
+
+        if existsSync fp
+          stats = statSync fp
+
+          headers =
+            'Content-Type': 'text/plain'
+            'Content-Length': stats.size
+
+          stream = createReadStream fp
+
+          console.log '>>> RBI RESPONSE'
+          console.dir [headers, fp]
 
-    .post '/', cwmp(intr.ip)
+          res.writeHead 200, headers
+          stream.pipe res
+        else
+          res.writeHead 404
 
-  srv = createServer route
-  srv.keepAliveTimeout = 30000
+      .post '/', cwmp(intr.ip + ':' + port)
 
-  srv.listen 80, intr.ip
+    srv = createServer route
+    srv.keepAliveTimeout = 30000
 
-  readline.close()
+    srv.listen port, intr.ip
 
-  console.log 'Waiting for DHCP request... ', intr.ip
+    readline.close()

src/port.coffee

@@ -0,0 +1,14 @@
+net = require 'net'
+
+module.exports = ->
+  new Promise (resolve, reject) ->
+    server = net.createServer()
+    server.unref()
+
+    server.on 'error', reject
+
+    server.listen 0, ->
+      port = server.address().port
+
+      server.close ->
+        resolve port