2013-05-20 21:21:03 +00:00
|
|
|
# -*- coding: binary -*-
|
2012-10-20 15:32:23 +00:00
|
|
|
|
|
|
|
##
|
2014-10-17 16:47:33 +00:00
|
|
|
# This module requires Metasploit: http://metasploit.com/download
|
2013-10-15 18:50:46 +00:00
|
|
|
# Current source: https://github.com/rapid7/metasploit-framework
|
2012-10-20 15:32:23 +00:00
|
|
|
##
|
|
|
|
|
|
|
|
require 'msf/core'
|
|
|
|
require 'rex'
|
|
|
|
|
2016-03-08 13:02:44 +00:00
|
|
|
class MetasploitModule < Msf::Post
|
2012-10-20 15:32:23 +00:00
|
|
|
|
2013-08-30 21:28:54 +00:00
|
|
|
def initialize(info={})
|
|
|
|
super( update_info( info,
|
|
|
|
'Name' => 'Windows Recon Resolve IP',
|
|
|
|
'Description' => %q{ This module reverse resolves a range or IP to a hostname},
|
|
|
|
'License' => MSF_LICENSE,
|
|
|
|
'Author' => [ 'mubix' ],
|
|
|
|
'Platform' => [ 'win' ],
|
|
|
|
'SessionTypes' => [ 'meterpreter' ]
|
|
|
|
))
|
|
|
|
register_options(
|
|
|
|
[
|
|
|
|
OptAddress.new("ADDRESS" , [ false, "Enumerate currently configured shares"]),
|
|
|
|
OptAddressRange.new("RANGE" , [ false, "Enumerate Recently mapped shares"])
|
|
|
|
], self.class)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
def resolve_ip(ip)
|
|
|
|
ip_ino = Rex::Socket.addr_aton(ip)
|
|
|
|
begin
|
|
|
|
ptr2dns = session.railgun.ws2_32.gethostbyaddr(ip_ino,4,2)
|
|
|
|
memtext = client.railgun.memread(ptr2dns['return'],255)
|
|
|
|
host_inmem = memtext.split(ip_ino)[1].split("\00")[0]
|
|
|
|
print_good("#{ip} resolves to #{host_inmem}")
|
|
|
|
rescue Rex::Post::Meterpreter::RequestError
|
|
|
|
print_error("Failed to resolve #{ip}")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def run
|
|
|
|
if datastore['ADDRESS']
|
|
|
|
resolve_ip(datastore['ADDRESS'])
|
|
|
|
end
|
|
|
|
|
|
|
|
if datastore['RANGE']
|
|
|
|
rexrange = Rex::Socket::RangeWalker.new(datastore['RANGE'])
|
|
|
|
rexrange.each do |ip|
|
|
|
|
resolve_ip(ip)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2012-10-20 15:32:23 +00:00
|
|
|
|
|
|
|
end
|
|
|
|
|