infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use meterp dns lookup

bug/bundler_fix
Meatballs 2013-09-24 19:58:09 +01:00
parent f1e563d375
commit b6fd14fd66
1 changed files with 29 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
modules/post/windows/gather/enum_ad_computers.rb
View File

@ -87,6 +87,7 @@ class Metasploit3 < Msf::Post
return return
end end
# Results table holds raw string data
results_table = Rex::Ui::Text::Table.new( results_table = Rex::Ui::Text::Table.new(
'Header' => "#{defaultNamingContext} Domain Computers", 'Header' => "#{defaultNamingContext} Domain Computers",
'Indent' => 1, 'Indent' => 1,
@ -94,6 +95,10 @@ class Metasploit3 < Msf::Post
'Columns' => attributes 'Columns' => attributes
) )
# Hostnames holds DNS Names to Resolve
hostnames = []
# Reports are collections for easy database insertion
reports = []
results.each do |result| results.each do |result|
row = [] row = []
@ -110,39 +115,51 @@ class Metasploit3 < Msf::Post
case attr['name'] case attr['name']
when 'dNSHostName' when 'dNSHostName'
dns = attr['values'] dns = attr['values']
ip = resolve_hostname(dns) report[:name] = dns
report.merge!( {:name => dns, :host => ip } ) hostnames << dns
when 'operatingSystem' when 'operatingSystem'
os = attr['values'] os = attr['values']
index = os.index(/windows/i) index = os.index(/windows/i)
unless index.nil? unless index.nil?
name = 'Microsoft Windows' name = 'Microsoft Windows'
flavour = os[index..-1] flavour = os[index..-1]
report.merge!( {:os_name => name, :os_flavor => flavour} ) report[:os_name] = name
report[:os_flavor] = flavour
else else
# Incase there are non-windows domain computers?! # Incase there are non-windows domain computers?!
report.merge!( {:os_name => os } ) report[:os_name] = os
end end
when 'distinguishedName' when 'distinguishedName'
if attr['values'] =~ /Domain Controllers/i if attr['values'] =~ /Domain Controllers/i
report.merge!( {:purpose => "DC"} ) report[:purpose] = "DC"
end end
when 'operatingSystemServicePack' when 'operatingSystemServicePack'
report.merge!( {:os_sp => attr['values']} ) report[:os_sp] = attr['values']
when 'description' when 'description'
report.merge!( {:info => attr['values']} ) report[:info] = attr['values']
end end
end end
end end
end end
vprint_good("Database report: #{report.inspect}") reports << report
if report.include? :host
report_host(report)
end
results_table << row results_table << row
end
if db and datastore['STORE_DB']
print_status("Resolving IP addresses...")
ip_results = client.net.resolve.resolve_hosts(hostnames, AF_INET)
# Merge resolved array with reports
reports.each do |report|
ip_results.each do |ip_result|
if ip_result[:hostname] == report[:name]
report[:host] = ip_result[:ip]
vprint_good("Database report: #{report.inspect}")
report_host(report)
end
end
end
end end
print_line results_table.to_s print_line results_table.to_s
@ -152,38 +169,6 @@ class Metasploit3 < Msf::Post
end end
end end
# This really needs migrating to a meterpreter function
def resolve_hostname(hostname)
if client.platform =~ /^x64/
size = 64
addrinfoinmem = 32
else
size = 32
addrinfoinmem = 24
end
begin
vprint_status("Looking up IP for #{hostname}")
result = client.railgun.ws2_32.getaddrinfo(hostname, nil, nil, 4 )
if result['GetLastError'] == 11001
return nil
end
addrinfo = client.railgun.memread( result['ppResult'], size )
ai_addr_pointer = addrinfo[addrinfoinmem,4].unpack('L').first
sockaddr = client.railgun.memread( ai_addr_pointer, size/2 )
ip = sockaddr[4,4].unpack('N').first
hostip = Rex::Socket.addr_itoa(ip)
if hostip =~ /0\.0\.0\.0/
hostip = client.session_host
end
rescue ::Exception => e
print_error(e.to_s)
end
vprint_status("IP for #{hostname}: #{hostip}")
return hostip
end
def wldap32 def wldap32
return client.railgun.wldap32 return client.railgun.wldap32
end end