metasploit-framework/modules/post/windows/recon/resolve_hostname.rb

73 lines
2.0 KiB
Ruby
Raw Normal View History

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Post
def initialize(info={})
super( update_info( info,
2012-02-20 18:38:43 +00:00
'Name' => 'Windows Recon Resolve Hostname',
2011-11-17 13:47:26 +00:00
'Description' => %q{ This module resolves a hostname to IP address via the victim, similiar to the Unix dig command},
'License' => MSF_LICENSE,
2012-10-22 21:01:58 +00:00
'Author' => [ 'mubix' ],
'Platform' => [ 'win' ],
'SessionTypes' => [ 'meterpreter' ]
))
register_options(
[
OptString.new('HOSTNAME', [false, 'Hostname to lookup', nil]),
2012-10-22 02:27:20 +00:00
OptPath.new('HOSTFILE', [false, 'Line separated file with hostnames to resolve', nil])
], self.class)
end
2012-10-20 22:10:51 +00:00
def resolve_hostname(hostname)
2011-11-11 00:00:50 +00:00
if client.platform =~ /^x64/
size = 64
addrinfoinmem = 32
else
size = 32
addrinfoinmem = 24
end
begin
vprint_status("Looking up IP for #{hostname}")
result = client.railgun.ws2_32.getaddrinfo(hostname, nil, nil, 4 )
if result['GetLastError'] == 11001
2012-10-20 22:10:51 +00:00
print_error("Failed to resolve #{hostname}")
return
end
addrinfo = client.railgun.memread( result['ppResult'], size )
ai_addr_pointer = addrinfo[addrinfoinmem,4].unpack('L').first
sockaddr = client.railgun.memread( ai_addr_pointer, size/2 )
ip = sockaddr[4,4].unpack('N').first
hostip = Rex::Socket.addr_itoa(ip)
print_status("#{hostname} resolves to #{hostip}")
rescue Rex::Post::Meterpreter::RequestError
print_status('Windows 2000 and prior does not support getaddrinfo')
end
end
def run
if datastore['HOSTNAME']
resolve_hostname(datastore['HOSTNAME'])
end
if datastore['HOSTFILE']
::File.open(datastore['HOSTFILE'], "rb").each_line do |hostname|
2012-10-20 22:10:51 +00:00
if hostname.strip != ""
resolve_hostname(hostname.strip)
end
end
end
end
end