Merge branch 'mubix-dns_postmods'

unstable
sinn3r 2012-10-22 02:04:46 -05:00
commit 469f04d3c4
2 changed files with 82 additions and 10 deletions

View File

@ -15,19 +15,19 @@ class Metasploit3 < Msf::Post
'Name' => 'Windows Recon Resolve Hostname',
'Description' => %q{ This module resolves a hostname to IP address via the victim, similiar to the Unix dig command},
'License' => MSF_LICENSE,
'Author' => [ 'Rob Fuller <mubix[at]hak5.org>'],
'Author' => [ 'mubix <mubix[at]hak5.org>'],
'Platform' => [ 'windows' ],
'SessionTypes' => [ 'meterpreter' ]
))
register_options(
[
OptString.new('HOSTNAME', [true, 'Hostname to lookup', nil])
OptString.new('HOSTNAME', [false, 'Hostname to lookup', nil]),
OptPath.new('HOSTFILE', [false, 'Line separated file with hostnames to resolve', nil])
], self.class)
end
def run
### MAIN ###
def resolve_hostname(hostname)
if client.platform =~ /^x64/
size = 64
@ -37,14 +37,11 @@ class Metasploit3 < Msf::Post
addrinfoinmem = 24
end
hostname = datastore['HOSTNAME']
## get IP for host
begin
vprint_status("Looking up IP for #{hostname}")
result = client.railgun.ws2_32.getaddrinfo(hostname, nil, nil, 4 )
if result['GetLastError'] == 11001
print_error("Failed to resolve the host")
print_error("Failed to resolve #{hostname}")
return
end
addrinfo = client.railgun.memread( result['ppResult'], size )
@ -53,9 +50,23 @@ class Metasploit3 < Msf::Post
ip = sockaddr[4,4].unpack('N').first
hostip = Rex::Socket.addr_itoa(ip)
print_status("#{hostname} resolves to #{hostip}")
rescue ::Exception => e
print_error(e)
rescue Rex::Post::Meterpreter::RequestError
print_status('Windows 2000 and prior does not support getaddrinfo')
end
end
def run
if datastore['HOSTNAME']
resolve_hostname(datastore['HOSTNAME'])
end
if datastore['HOSTFILE']
::File.open(datastore['HOSTFILE'], "rb").each_line do |hostname|
if hostname.strip != ""
resolve_hostname(hostname.strip)
end
end
end
end
end

View File

@ -0,0 +1,61 @@
##
# $Id $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
class Metasploit3 < Msf::Post
def initialize(info={})
super( update_info( info,
'Name' => 'Windows Recon Resolve IP',
'Description' => %q{ This module reverse resolves a range or IP to a hostname},
'License' => MSF_LICENSE,
'Author' => [ 'mubix <mubix[at]hak5.org>'],
'Version' => '$Revision$',
'Platform' => [ 'windows' ],
'SessionTypes' => [ 'meterpreter' ]
))
register_options(
[
OptAddress.new("ADDRESS" , [ false, "Enumerate currently configured shares"]),
OptAddressRange.new("RANGE" , [ false, "Enumerate Recently mapped shares"])
], self.class)
end
def resolve_ip(ip)
ip_ino = Rex::Socket.addr_aton(ip)
begin
ptr2dns = session.railgun.ws2_32.gethostbyaddr(ip_ino,4,2)
memtext = client.railgun.memread(ptr2dns['return'],255)
host_inmem = memtext.split(ip_ino)[1].split("\00")[0]
print_good("#{ip} resolves to #{host_inmem}")
rescue Rex::Post::Meterpreter::RequestError
print_error("Failed to resolve #{ip}")
end
end
def run
if datastore['ADDRESS']
resolve_ip(datastore['ADDRESS'])
end
if datastore['RANGE']
rexrange = Rex::Socket::RangeWalker.new(datastore['RANGE'])
rexrange.each do |ip|
resolve_ip(ip)
end
end
end
end