From 6d1ab101edc9ad44c5fbfa3458001bf06484335d Mon Sep 17 00:00:00 2001 From: Jon Hart Date: Wed, 2 Sep 2015 13:52:38 -0700 Subject: [PATCH] Back out all changes to llmnr_response --- .../auxiliary/spoof/llmnr/llmnr_response.rb | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/modules/auxiliary/spoof/llmnr/llmnr_response.rb b/modules/auxiliary/spoof/llmnr/llmnr_response.rb index 35799160cc..b94cb212c8 100644 --- a/modules/auxiliary/spoof/llmnr/llmnr_response.rb +++ b/modules/auxiliary/spoof/llmnr/llmnr_response.rb @@ -70,6 +70,14 @@ attr_accessor :sock, :thread dns_pkt.question.each do |question| name = question.qName + unless name =~ /#{datastore['REGEX']}/i + vprint_status("#{rhost.to_s.ljust 16} llmnr - #{name} did not match REGEX \"#{datastore['REGEX']}\"") + next + end + + if should_print_reply?(name) + print_good("#{rhost.to_s.ljust 16} llmnr - #{name} matches regex, responding with #{datastore['SPOOFIP']}") + end # qType is not a Fixnum, so to compare it with `case` we have to # convert it @@ -91,17 +99,9 @@ attr_accessor :sock, :thread :address => (spoof.ipv6? ? spoof : spoof.ipv4_mapped).to_s ) else - vprint_warning("#{rhost.to_s.ljust 16} LLMNR - Skipping unhandled RR query type #{question.qType}") + print_warning("#{rhost.to_s.ljust 16} llmnr - Unknown RR type, this shouldn't happen. Skipping") next end - - if name =~ /#{datastore['REGEX']}/i - if should_print_reply?(name) - print_good("#{rhost.to_s.ljust 16} LLMNR - #{name} matches regex, responding with #{datastore['SPOOFIP']}") - end - else - vprint_status("#{rhost.to_s.ljust 16} LLMNR - #{name} did not match REGEX \"#{datastore['REGEX']}\"") - end end # If we didn't find anything we want to spoof, don't send any @@ -163,7 +163,6 @@ attr_accessor :sock, :thread last_notified = now - @notified_times[host] if last_notified == 0 or last_notified > 10 @notified_times[host] = now - true else false end