Merge branch 'mubix-dns_postmods'

Author: sinn3r

modules/post/windows/recon/resolve_hostname.rb

@@ -15,19 +15,19 @@ def initialize(info={})
 				'Name'          => 'Windows Recon Resolve Hostname',
 				'Description'   => %q{ This module resolves a hostname to IP address via the victim, similiar to the Unix dig command},
 				'License'       => MSF_LICENSE,
-				'Author'        => [ 'Rob Fuller <mubix[at]hak5.org>'],
+				'Author'        => [ 'mubix <mubix[at]hak5.org>'],
 				'Platform'      => [ 'windows' ],
 				'SessionTypes'  => [ 'meterpreter' ]
 			))
 
 		register_options(
 			[
-				OptString.new('HOSTNAME', [true, 'Hostname to lookup', nil])
+				OptString.new('HOSTNAME', [false, 'Hostname to lookup', nil]),
+				OptPath.new('HOSTFILE', [false, 'Line separated file with hostnames to resolve', nil])
 			], self.class)
 	end
 
-	def run
-		### MAIN ###
+	def resolve_hostname(hostname)
 
 		if client.platform =~ /^x64/
 			size = 64
@@ -37,14 +37,11 @@ def run
 			addrinfoinmem = 24
 		end
 
-		hostname = datastore['HOSTNAME']
-
-		## get IP for host
 		begin
 			vprint_status("Looking up IP for #{hostname}")
 			result = client.railgun.ws2_32.getaddrinfo(hostname, nil, nil, 4 )
 			if result['GetLastError'] == 11001
-				print_error("Failed to resolve the host")
+				print_error("Failed to resolve #{hostname}")
 				return
 			end
 			addrinfo = client.railgun.memread( result['ppResult'], size )
@@ -53,9 +50,23 @@ def run
 			ip = sockaddr[4,4].unpack('N').first
 			hostip = Rex::Socket.addr_itoa(ip)
 			print_status("#{hostname} resolves to #{hostip}")
-		rescue ::Exception => e
-			print_error(e)
+		rescue Rex::Post::Meterpreter::RequestError
 			print_status('Windows 2000 and prior does not support getaddrinfo')
 		end
+
+	end
+
+	def run
+		if datastore['HOSTNAME']
+			resolve_hostname(datastore['HOSTNAME'])
+		end
+
+		if datastore['HOSTFILE']
+			::File.open(datastore['HOSTFILE'], "rb").each_line do |hostname|
+				if hostname.strip != ""
+					resolve_hostname(hostname.strip)
+				end
+			end
+		end
 	end
 end

modules/post/windows/recon/resolve_ip.rb

@@ -0,0 +1,61 @@
+##
+# $Id $
+##
+
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+require 'rex'
+
+class Metasploit3 < Msf::Post
+
+	def initialize(info={})
+		super( update_info( info,
+				'Name'          => 'Windows Recon Resolve IP',
+				'Description'   => %q{ This module reverse resolves a range or IP to a hostname},
+				'License'       => MSF_LICENSE,
+				'Author'        => [ 'mubix <mubix[at]hak5.org>'],
+				'Version'       => '$Revision$',
+				'Platform'      => [ 'windows' ],
+				'SessionTypes'  => [ 'meterpreter' ]
+			))
+		register_options(
+			[
+				OptAddress.new("ADDRESS" , [ false, "Enumerate currently configured shares"]),
+				OptAddressRange.new("RANGE"  , [ false, "Enumerate Recently mapped shares"])
+			], self.class)
+
+	end
+
+	def resolve_ip(ip)
+		ip_ino = Rex::Socket.addr_aton(ip)
+		begin
+			ptr2dns = session.railgun.ws2_32.gethostbyaddr(ip_ino,4,2)
+			memtext = client.railgun.memread(ptr2dns['return'],255)
+			host_inmem = memtext.split(ip_ino)[1].split("\00")[0]
+			print_good("#{ip} resolves to #{host_inmem}")
+		rescue Rex::Post::Meterpreter::RequestError
+			print_error("Failed to resolve #{ip}")
+		end
+	end
+
+	def run
+		if datastore['ADDRESS']
+			resolve_ip(datastore['ADDRESS'])
+		end
+
+		if datastore['RANGE']
+			rexrange = Rex::Socket::RangeWalker.new(datastore['RANGE'])
+			rexrange.each do |ip|
+				resolve_ip(ip)
+			end
+		end
+	end
+
+end
+