Land #4670, dns_amp RA flag fix

2015-01-30 14:46:15 -06:00 · 2015-01-30 14:46:15 -06:00 · efd7a8c962
parent 0cc41b1e92 42ef5716e8
commit efd7a8c962
1 changed files with 5 additions and 3 deletions
--- a/modules/auxiliary/scanner/dns/dns_amp.rb
+++ b/modules/auxiliary/scanner/dns/dns_amp.rb
@ -86,7 +86,7 @@ class Metasploit3 < Msf::Auxiliary
    print_status("Sending DNS probes to #{batch[0]}->#{batch[-1]} (#{batch.length} hosts)")
    # Standard packet is 60 bytes. Add the domain size to this
    sendpacketsize = 60 + datastore['DOMAINNAME'].length
-    print_status("Sending #{sendpacketsize} bytes to each host using the IN ANY #{datastore['DOMAINNAME']} request")
+    print_status("Sending #{sendpacketsize} bytes to each host using the IN #{datastore['QUERYTYPE']} #{datastore['DOMAINNAME']} request")
    @results = {}
  end

@ -112,8 +112,10 @@ class Metasploit3 < Msf::Auxiliary
      # Response Code
      rcode = flags[12] + flags[13] + flags[14] + flags[15]

-      # If these flags are set, we get a valid response and recursion is available
-      if qr == "1" and ra == "1" and rcode == "0000"
+      # If these flags are set, we get a valid response
+      # don't test recursion available if correct answer received
+      # at least the case with bind and "additional-from-cache no" or version < 9.5+
+      if qr == "1" and rcode == "0000"
        sendlength = 60 + datastore['DOMAINNAME'].length
        receivelength = 42 + data.length
        amp = receivelength / sendlength.to_f