infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Better handling of AXFR if ns records won't resolve on target NS

bug/bundler_fix
Jon Hart 2016-02-18 22:15:06 -08:00
parent 42c64b51bb
commit 1f5285bca7
No known key found for this signature in database
GPG Key ID: 2FA9F0A3AFA8E9D3
1 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
modules/auxiliary/gather/enum_dns.rb
View File

@ -84,11 +84,11 @@ class Metasploit3 < Msf::Auxiliary
def dns_query(domain, type) def dns_query(domain, type)
begin begin
nameserver = datastore['NS']
if nameserver.blank?
dns = Net::DNS::Resolver.new dns = Net::DNS::Resolver.new
nameserver = "#{datastore['NS']}" else
unless nameserver.blank? dns = Net::DNS::Resolver.new(nameservers: ::Rex::Socket.resolv_to_dotted(nameserver))
dns.nameservers -= dns.nameservers
dns.nameservers = "#{datastore['NS']}"
end end
dns.use_tcp = datastore['TCP_DNS'] dns.use_tcp = datastore['TCP_DNS']
dns.udp_timeout = datastore['TIMEOUT'] dns.udp_timeout = datastore['TIMEOUT']
@ -389,6 +389,7 @@ class Metasploit3 < Msf::Auxiliary
return if nameservers.blank? return if nameservers.blank?
records = [] records = []
nameservers.each do |nameserver| nameservers.each do |nameserver|
next if nameserver.blank?
print_status("Attempting DNS AXFR for #{domain} from #{nameserver}") print_status("Attempting DNS AXFR for #{domain} from #{nameserver}")
dns = Net::DNS::Resolver.new dns = Net::DNS::Resolver.new
dns.use_tcp = datastore['TCP_DNS'] dns.use_tcp = datastore['TCP_DNS']
@ -396,14 +397,14 @@ class Metasploit3 < Msf::Auxiliary
dns.retry_number = datastore['RETRY'] dns.retry_number = datastore['RETRY']
dns.retry_interval = datastore['RETRY_INTERVAL'] dns.retry_interval = datastore['RETRY_INTERVAL']
next if nameserver.blank? ns_a_records = []
ns = get_a(nameserver) # try to get A record for nameserver from target NS, which may fail
next if ns.blank? target_ns_a = get_a(nameserver)
ns_a_records |= target_ns_a if target_ns_a
ns.each do |r| ns_a_records << ::Rex::Socket.resolv_to_dotted(nameserver)
begin begin
dns.nameservers -= dns.nameservers dns.nameservers -= dns.nameservers
dns.nameservers = "#{r}" dns.nameservers = ns_a_records
zone = dns.axfr(domain) zone = dns.axfr(domain)
rescue ResolverArgumentError, Errno::ECONNREFUSED, Errno::ETIMEDOUT, ::NoResponseError, ::Timeout::Error => e rescue ResolverArgumentError, Errno::ECONNREFUSED, Errno::ETIMEDOUT, ::NoResponseError, ::Timeout::Error => e
print_error("Query #{domain} DNS AXFR - exception: #{e}") print_error("Query #{domain} DNS AXFR - exception: #{e}")
@ -412,7 +413,6 @@ class Metasploit3 < Msf::Auxiliary
records << "#{zone}" records << "#{zone}"
print_good("#{domain} Zone Transfer: #{zone}") print_good("#{domain} Zone Transfer: #{zone}")
end end
end
return if records.blank? return if records.blank?
records records
end end