metasploit-framework/lib/msf/core/auxiliary/llmnr.rb

# -*- coding: binary -*-
require 'rex/proto/llmnr'
require 'msf/core/exploit'
module Msf

###
#
# This module provides methods for working with LLMNR
#
###
module Auxiliary::LLMNR

  include Auxiliary::UDPScanner

  #
  # Initializes an instance of an auxiliary module that uses LLMNR
  #

  def initialize(info = {})
    super
    register_options(
    [
      OptAddressRange.new('RHOSTS', [true, 'The multicast address or CIDR range of targets to query', '224.0.0.252']),
      Opt::RPORT(5355),
      OptString.new('NAME', [true, 'The name to query', 'localhost']),
      OptString.new('TYPE', [true, 'The query type (name, # or TYPE#)', 'A']),
      OptString.new('CLASS', [true, 'The query class (name, # or CLASS#)', 'IN'])
    ], self.class)
  end

  def setup
    query_class_name
    query_type_name
  end

  def query_class
    if datastore['CLASS'] =~ /^\d+$/
      datastore['CLASS'].to_i
    else
      datastore['CLASS'].upcase
    end
  end

  def query_class_name
    Net::DNS::RR::Classes.new(query_class).to_s
  end

  def query_class_num
    Net::DNS::RR::Classes.new(query_class).to_i
  end

  def query_type
    if datastore['TYPE'] =~ /^\d+$/
      datastore['TYPE'].to_i
    else
      datastore['TYPE'].upcase
    end
  end

  def query_type_name
    Net::DNS::RR::Types.new(query_type).to_s
  end

  def query_type_num
    Net::DNS::RR::Types.new(query_type).to_i
  end
end
end
Initial commit of some code for LLMNR research This is largely useless right now because LLMNR is only supposed to work in the same multicast/broadcast domain and implementations are supposed to ignore requests with an IP TTL != 1. 2014-10-09 02:03:07 +00:00			`# -- coding: binary --`
			`require 'rex/proto/llmnr'`
			`require 'msf/core/exploit'`
			`module Msf`

			`###`
			`#`
			`# This module provides methods for working with LLMNR`
			`#`
			`###`
			`module Auxiliary::LLMNR`

Use LLMNR multicast address for RHOSTS by default 2014-10-21 19:59:54 +00:00			`include Auxiliary::UDPScanner`
Initial commit of some code for LLMNR research This is largely useless right now because LLMNR is only supposed to work in the same multicast/broadcast domain and implementations are supposed to ignore requests with an IP TTL != 1. 2014-10-09 02:03:07 +00:00
			`#`
			`# Initializes an instance of an auxiliary module that uses LLMNR`
			`#`

			`def initialize(info = {})`
			`super`
			`register_options(`
			`[`
Use LLMNR multicast address for RHOSTS by default 2014-10-21 19:59:54 +00:00			`OptAddressRange.new('RHOSTS', [true, 'The multicast address or CIDR range of targets to query', '224.0.0.252']),`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00			`Opt::RPORT(5355),`
			`OptString.new('NAME', [true, 'The name to query', 'localhost']),`
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`OptString.new('TYPE', [true, 'The query type (name, # or TYPE#)', 'A']),`
			`OptString.new('CLASS', [true, 'The query class (name, # or CLASS#)', 'IN'])`
Initial commit of some code for LLMNR research This is largely useless right now because LLMNR is only supposed to work in the same multicast/broadcast domain and implementations are supposed to ignore requests with an IP TTL != 1. 2014-10-09 02:03:07 +00:00			`], self.class)`
			`end`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00
			`def setup`
			`query_class_name`
			`query_type_name`
			`end`

			`def query_class`
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`if datastore['CLASS'] =~ /^\d+$/`
			`datastore['CLASS'].to_i`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00			`else`
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`datastore['CLASS'].upcase`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00			`end`
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`end`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`def query_class_name`
			`Net::DNS::RR::Classes.new(query_class).to_s`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00			`end`

			`def query_class_num`
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`Net::DNS::RR::Classes.new(query_class).to_i`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00			`end`

			`def query_type`
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`if datastore['TYPE'] =~ /^\d+$/`
			`datastore['TYPE'].to_i`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00			`else`
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`datastore['TYPE'].upcase`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00			`end`
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`end`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`def query_type_name`
			`Net::DNS::RR::Types.new(query_type).to_s`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00			`end`

			`def query_type_num`
Better handling of TYPE#/CLASS#, tests 2014-11-03 19:07:08 +00:00			`Net::DNS::RR::Types.new(query_type).to_i`
Allow friendly LLMNR type (PTR, ptr, 12) and class (IN, in, 1) 2014-10-31 23:20:10 +00:00			`end`
Initial commit of some code for LLMNR research This is largely useless right now because LLMNR is only supposed to work in the same multicast/broadcast domain and implementations are supposed to ignore requests with an IP TTL != 1. 2014-10-09 02:03:07 +00:00			`end`
			`end`