Commit Graph

177 Commits (bcb73486489095fc725c6e710b7cd0cfe4c8a3e5)

Author SHA1 Message Date
RageLtMan 812d7ca739 Update native DNS spoofer for Dnsruby
Fix methods relating to answer/question data structures which were
set up for Net::DNS objects in the original implementation
utilizing uppercase letters in the exact same method names.

Testing:
  None yet, completely forgot i even wrote this module till i saw
it in my merge conflicts after upstream merged the PR.
2018-01-31 23:44:51 -05:00
Brent Cook 03d1523d43
Land #6611, add native DNS to Rex, MSF mixin, sample modules 2018-01-22 23:54:32 -06:00
Brent Cook a6e5944ec5 fix msftidy, add nicer errors on bind failure 2018-01-22 23:37:39 -06:00
Brent Cook aa0ac57238 use implicit RuntimeError 2017-10-31 04:53:14 -05:00
Brent Cook 9389052f61 fix more broken RuntimeError calls 2017-10-31 04:45:19 -05:00
h00die a40429158f 40% done 2017-08-28 20:17:58 -04:00
h00die dc358dd087 unknow to unknown 2017-08-18 11:33:48 -04:00
Brent Cook 6300758c46 use https for metaploit.com links 2017-07-24 06:26:21 -07:00
g0tmi1k ef826b3f2c OCD - print_good & print_error 2017-07-19 12:48:52 +01:00
g0tmi1k b8d80d87f1 Remove last newline after class - Make @wvu-r7 happy 2017-07-19 11:19:49 +01:00
g0tmi1k 4720d1a31e OCD fixes - Spaces 2017-07-14 08:46:59 +01:00
g0tmi1k fd843f364b Removed extra lines 2017-07-14 08:17:16 +01:00
g0tmi1k 67310fa96c print_status -> print_good. [When it is successful, show it!] 2017-07-14 00:09:35 +01:00
RageLtMan e1e159fa2d DNS spoofer - capture BRE block 2017-06-23 19:59:02 -04:00
RageLtMan 1a253f92a1 Finalize DNS spoofing module
DNS spoofing module should be feature complete, with forwarding of
requests which do not have cached answers (can be disabled same as
the native server module), empty replies to reduce client wait on
outstanding DNS requests, and post-send output in verbose mode
to reduce garbage and execution time in the critical/racy path.

This module is best used in conditions where MITM is achieved by
way of MAC spoofing, route interception, or compromise of an inline
host on the datapath. The attacker should avoid forwarding
original requests to the intended destination, or if this is not
possible, prevent replies from traversing the MITM space in order
to avoid race conditions between the spoofer and victim.

Example iptables configuration on MITM host:
 iptables -t nat -A POSTROUTING -o eth0 -p udp ! --dport 53 -j ...

Testing:
  Internal testing in Virtualbox local network, atop 802.11, and
mostly in Neutron (with port security disabled on the VIFs) atop
OpenStack Liberty ML2+OVS.
2017-06-23 19:59:02 -04:00
RageLtMan c6c104d370 Performance and entropy improvement
Move all output lines out of the execution path in order to reduce
execution time and help win the race against the real response.

Update the IP header ID for responses so as not to return the sent
header value on the wire and alert clever IDS.
2017-06-23 19:59:02 -04:00
RageLtMan deef4a94fe Allow DNS::Server::Cache to find '*' names
Allow retrieval of '*' from stored static entries for spoofing
all domains to any IP using wildcard names. Replace the wildcard
response with the name submitted to the search in the response.

Fix improper checks in DNS::Packet for Resolv objects from decode
to encode.

Misc cleanup for records not responding to :address, convenience
methods, and packet structure.
2017-06-23 19:59:01 -04:00
RageLtMan 07dd59fb85 Import native DNS spoofing module and cleanup
Import PCAP-based DNS spoofing server module:
This module uses the Capture mixin to sniff and parse packets off
the wire, then match answers to sniffed requests from static
entries in the server's cache. If answers are found, they are
appended to a cloned packet with reverse saddr/daddr pairs at
layers 2-4, the qr bit is set, and it is injected back into the
interface from where it came.

Minor cleanup in the Rex::Proto::DNS::Server::Cache class to allow
multiple address->name pairs and fix issues when adding multiple
static entries.
2017-06-23 19:58:43 -04:00
James Lee c1372456e2
Land #8326, support LLMNR ANY responses 2017-06-14 14:01:44 -05:00
William Vu 64452de06d Fix msf/core and self.class msftidy warnings
Also fixed rex requires.
2017-05-03 15:44:51 -05:00
Joe Testa cf74cb81a7 Removed unnecessary 'msf/core' include. 2017-05-03 09:02:05 -04:00
Joe Testa 012081eed2 Added support for ANY queries. Silently ignore unsupported queries instead of spamming stdout. 2017-05-01 17:28:56 -04:00
Joe Testa 5d255f11e1 Added MDNS query spoofing service. 2017-01-26 16:18:11 -06:00
Brent Cook f69b4a330e handle Ruby 2.4 Fixnum/Bignum -> Integer deprecations 2017-01-22 10:20:03 -06:00
朱雄宇 e9d85750c2 fix get_ipv4_addr(@interface) usage
get_ipv4_addr(@interface) returns a string not list, so get_ipv4_addr(@interface)[0] only got the first character of IP, which raises an error.
2016-11-06 19:04:57 +08:00
William Vu e699d3f05b Fix empty output in nbns_response
Normally, the module prints nothing unless VERBOSE is true. In practice,
we at least want to see responded-to hosts. We leave details to be
printed when VERBOSE is set.
2016-07-31 09:47:19 -07:00
Brent Cook b08d1ad8d8
Revert "Land #6812, remove broken OSVDB references"
This reverts commit 2b016e0216, reversing
changes made to 7b1d9596c7.
2016-07-15 12:00:31 -05:00
Brent Cook 2b016e0216
Land #6812, remove broken OSVDB references 2016-07-11 22:59:11 -05:00
Brent Cook 128f802928 use the regex source when generating or displaying a regex 2016-07-11 22:05:50 -05:00
sho-luv 5361aaadbd Update nbns_response.rb
Just correcting the description section of this module
2016-05-14 15:24:38 -07:00
wchen-r7 816bc91e45 Resolve #6807, remove all OSVDB references.
OSVDB is no longer a vulnerability database, therefore all the
references linked to it are invalid.

Resolve #6807
2016-04-23 12:32:34 -05:00
Brent Cook 57ab974737 File.exists? must die 2016-04-21 00:47:07 -04:00
Sonny Gonzalez fa5acba400
TTL setting honors TTL option
* change hard-coded ttl value to TTL option
* set TTL option default to 30
2016-04-07 10:59:05 -05:00
Brent Cook dabe5c8465
Land #6655, use MetasploitModule as module class name 2016-03-13 13:48:31 -05:00
Christian Mehlmauer 3123175ac7
use MetasploitModule as a class name 2016-03-08 14:02:44 +01:00
Brent Cook f703fa21d6 Revert "change Metasploit3 class names"
This reverts commit 666ae14259.
2016-03-07 13:19:55 -06:00
Christian Mehlmauer 666ae14259
change Metasploit3 class names 2016-03-07 09:56:58 +01:00
Brent Cook bb36cd016e Fix #6643, Pcap.lookupaddrs does not exist 2016-03-06 22:15:39 -06:00
Spencer McIntyre 4e492a1b0c
Add an additional grammar change to the listener option 2015-12-13 12:04:20 -05:00
radekk 90a523fb0a Typos inside parameters description. 2015-12-12 22:48:20 +01:00
g0tmi1k ce9481d2b7 Inconstancy - If datastore['VERBOSE'] vs vprint 2015-06-18 09:27:01 +01:00
jvazquez-r7 ab94f15a60
Take care of modules using the 'DEBUG' option 2015-04-21 12:13:40 -05:00
root 4bd40fed7f yard doc and comment corrections for auxiliary 2015-04-03 16:12:23 +05:00
James Lee d7fa0ec669
Let IPAddr#hton do the calculating 2015-03-17 17:36:45 -05:00
HD Moore 2ea984423b while(true)->loop, use thread.join 2015-03-16 14:08:01 -05:00
HD Moore 1b1716bcf6 Fix a handful of bugs that broke this modules. Fixes #4799 2015-02-22 22:01:01 -06:00
HD Moore 9730a1655e Small cleanups to the LLMR responder module 2015-02-22 22:00:42 -06:00
HD Moore 615d71de6e Remove extraneous calls to GC.start() 2015-02-22 21:51:33 -06:00
Christian Mehlmauer 4f11dc009a
fixes #4490, class.to_s should not be used for checks 2014-12-31 10:46:24 +01:00
Jon Hart 52851d59c0
Update GATEWAY to GATEWAY_PROBE_HOST, add GATEWAY_PROBE_PORT 2014-12-04 13:26:16 -08:00