From af71cdafe2eb86de57e006aa41b9b4140bb2a3d2 Mon Sep 17 00:00:00 2001 From: Jose Selvi Date: Sun, 25 Mar 2012 13:44:50 +0300 Subject: [PATCH] Update modules/auxiliary/server/fakedns.rb --- modules/auxiliary/server/fakedns.rb | 70 +++++++++++++++-------------- 1 file changed, 37 insertions(+), 33 deletions(-) diff --git a/modules/auxiliary/server/fakedns.rb b/modules/auxiliary/server/fakedns.rb index b57fb1c286..a061ae1c13 100644 --- a/modules/auxiliary/server/fakedns.rb +++ b/modules/auxiliary/server/fakedns.rb @@ -46,7 +46,7 @@ class Metasploit3 < Msf::Auxiliary OptPort.new('SRVPORT', [ true, "The local port to listen on.", 53 ]), OptAddress.new('TARGETHOST', [ false, "The address that all names should resolve to", nil ]), OptString.new('TARGETDOMAIN', [ true, "The list of target domain names we want to fully resolver (bypass) or fake resolve (fake)", 'www.google.com']), - OptString.new('TARGETACTION', [ true, "Action for TARGETDOMAIN (fake|bypass)", 'BYPASS']), + OptString.new('TARGETACTION', [ true, "Action for TARGETDOMAIN (fake|bypass)", 'BYPASS']), ], self.class) register_advanced_options( @@ -88,13 +88,14 @@ class Metasploit3 < Msf::Auxiliary @sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_REUSEADDR, 1) @sock.bind(datastore['SRVHOST'], @port) @run = true - @domain_target_list = datastore['DOMAINTARGET'].split + @domain_target_list = datastore['TARGETDOMAIN'].split @bypass = ( datastore['TARGETACTION'].upcase == "BYPASS" ) print_status("DNS server started") begin while @run + @error_resolving = false packet, addr = @sock.recvfrom(65535) break if packet.length == 0 @@ -139,37 +140,36 @@ class Metasploit3 < Msf::Auxiliary # Identify potential domain exceptions @match_target = false - @match_name = "" - @domain_target_list.each do |ex| - escaped = Regexp.escape(ex).gsub('\*','.*?') - regex = Regexp.new "^#{escaped}$", Regexp::IGNORECASE - #if ( ex == name.to_s ) - if ( name.to_s =~ regex ) - @match_target = true - @match_name = ex - end - end + @match_name = name.to_s + @domain_target_list.each do |ex| + escaped = Regexp.escape(ex).gsub('\*','.*?') + regex = Regexp.new "^#{escaped}$", Regexp::IGNORECASE + if ( name.to_s =~ regex ) + @match_target = true + @match_name = ex + end + end - if (@match_target and not @bypass) or (not @match_target and @bypass) - # Resolve FAKE response - if (@log_console) - print_status("DNS target domain found: #{@match_name}") - print_status("DNS target domain #{@match_name} faked") - end - else - # Resolve the exception domain - begin - ip = Resolv::DNS.new().getaddress(name).to_s - answer = Resolv::DNS::Resource::IN::A.new( ip ) - rescue ::Exception => e - print_error("Error resolving #{name.to_s}") - next - end - if (@log_console) - print_status("DNS bypass domain found: #{@match_name}") - print_status("DNS bypass domain #{@match_name} resolved #{ip}") - end - end + if (@match_target and not @bypass) or (not @match_target and @bypass) + # Resolve FAKE response + if (@log_console) + print_status("DNS target domain found: #{@match_name}") + print_status("DNS target domain #{name.to_s} faked") + end + else + # Resolve the exception domain + begin + ip = Resolv::DNS.new().getaddress(name).to_s + answer = Resolv::DNS::Resource::IN::A.new( ip ) + rescue ::Exception => e + @error_resolving = true + next + end + if (@log_console) + print_status("DNS bypass domain found: #{@match_name}") + print_status("DNS bypass domain #{name.to_s} resolved #{ip}") + end + end request.add_answer(name, 60, answer) @@ -209,7 +209,11 @@ class Metasploit3 < Msf::Auxiliary } if(@log_console) - print_status("DNS #{addr[3]}:#{addr[1]} XID #{request.id} (#{lst.join(", ")})") + if(@error_resolving) + print_error("DNS #{addr[3]}:#{addr[1]} XID #{request.id} (#{lst.join(", ")}) - Error resolving") + else + print_status("DNS #{addr[3]}:#{addr[1]} XID #{request.id} (#{lst.join(", ")})") + end end if(@log_database)