2014-10-09 02:03:07 +00:00
##
2015-02-25 16:54:08 +00:00
# This module requires Metasploit: http://metasploit.com/download
2014-10-09 02:03:07 +00:00
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 < Msf :: Auxiliary
include Msf :: Auxiliary :: Report
include Msf :: Auxiliary :: UDPScanner
include Msf :: Auxiliary :: LLMNR
def initialize ( info = { } )
2014-10-31 21:27:06 +00:00
super (
update_info (
info ,
'Name' = > 'LLMNR Query' ,
'Description' = > %q(
2014-11-03 19:53:38 +00:00
This module sends LLMNR queries , which are really just normal UDP DNS
queries done ( usually ) over multicast on a different port , 5355 .
Targets other than the default RHOSTS ' 224 . 0 . 0 . 252 should not respond
but may anyway .
2014-10-31 21:27:06 +00:00
) ,
'Author' = >
[
'Jon Hart <jon_hart[at]rapid7.com>'
] ,
'License' = > MSF_LICENSE
2014-10-09 02:03:07 +00:00
)
)
end
def scanner_prescan ( batch )
2015-01-07 17:52:43 +00:00
print_status ( " Sending LLMNR #{ query_type_name } / #{ query_class_name } queries for #{ query_name } to #{ batch [ 0 ] } -> #{ batch [ - 1 ] } port #{ rport } ( #{ batch . length } hosts) " )
2014-10-31 21:52:35 +00:00
@results = { }
2014-10-09 02:03:07 +00:00
end
def scanner_postscan ( _batch )
2015-09-02 23:30:03 +00:00
found = { }
2014-10-22 02:21:29 +00:00
@results . each_pair do | peer , resps |
2014-10-22 02:12:50 +00:00
resps . each do | resp |
2015-09-02 23:30:03 +00:00
found [ peer ] || = { }
next if found [ peer ] [ resp ]
2015-09-02 17:31:46 +00:00
response_info = describe_response ( resp )
print_good ( " #{ peer } responded with #{ response_info } " )
2015-09-02 23:30:03 +00:00
report_service ( host : peer , port : rport , proto : " udp " , name : " llmnr " , info : response_info )
found [ peer ] [ resp ] = true
2014-10-22 02:12:50 +00:00
end
2014-10-09 02:03:07 +00:00
end
end
end