Fix bailiwicked_domain to allow support of check()
parent
5025736d87
commit
8d411d2037
|
@ -75,14 +75,9 @@ class Metasploit3 < Msf::Auxiliary
|
|||
calculate_race(targ, dom)
|
||||
end
|
||||
|
||||
def cmd_check(*args)
|
||||
targ = args[0] || rhost()
|
||||
if !(targ and targ.length > 0)
|
||||
print_status("usage: check [dns-server]")
|
||||
return
|
||||
end
|
||||
def check
|
||||
targ = rhost
|
||||
|
||||
print_status("Using the Metasploit service to verify exploitability...")
|
||||
srv_sock = Rex::Socket.create_udp(
|
||||
'PeerHost' => targ,
|
||||
'PeerPort' => 53
|
||||
|
@ -111,7 +106,7 @@ class Metasploit3 < Msf::Auxiliary
|
|||
if (name.to_s == txt and data.strings.join('') =~ /^([^\s]+)\s+.*red\.metasploit\.com/m)
|
||||
t_addr, t_port = $1.split(':')
|
||||
|
||||
print_status(" >> ADDRESS: #{t_addr} PORT: #{t_port}")
|
||||
vprint_status(" >> ADDRESS: #{t_addr} PORT: #{t_port}")
|
||||
t_port = t_port.to_i
|
||||
if(lport and lport != t_port)
|
||||
random = true
|
||||
|
@ -132,24 +127,29 @@ class Metasploit3 < Msf::Auxiliary
|
|||
srv_sock.close
|
||||
|
||||
if(ports.keys.length == 0)
|
||||
print_error("ERROR: This server is not replying to recursive requests")
|
||||
return
|
||||
vprint_error("ERROR: This server is not replying to recursive requests")
|
||||
return Exploit::CheckCode::Unknown
|
||||
end
|
||||
|
||||
if(reps < 30)
|
||||
print_warning("WARNING: This server did not reply to all of our requests")
|
||||
vprint_warning("WARNING: This server did not reply to all of our requests")
|
||||
end
|
||||
|
||||
if(random)
|
||||
ports_u = ports.keys.length
|
||||
ports_r = ((ports.keys.length/30.0)*100).to_i
|
||||
print_status("PASS: This server does not use a static source port. Randomness: #{ports_u}/30 %#{ports_r}")
|
||||
vprint_status("PASS: This server does not use a static source port. Randomness: #{ports_u}/30 %#{ports_r}")
|
||||
if(ports_r != 100)
|
||||
print_status("INFO: This server's source ports are not really random and may still be exploitable, but not by this tool.")
|
||||
vprint_status("INFO: This server's source ports are not really random and may still be exploitable, but not by this tool.")
|
||||
# Not exploitable by this tool, so we lower this to Appears on purpose to lower the user's confidence
|
||||
return Exploit::CheckCode::Appears
|
||||
end
|
||||
else
|
||||
print_error("FAIL: This server uses a static source port and is vulnerable to poisoning")
|
||||
vprint_error("FAIL: This server uses a static source port and is vulnerable to poisoning")
|
||||
return Exploit::CheckCode::Vulnerable
|
||||
end
|
||||
|
||||
Exploit::CheckCode::Safe
|
||||
end
|
||||
|
||||
def run
|
||||
|
|
Loading…
Reference in New Issue