Skip to content

Commit 469f04d

Browse files
committed
Merge branch 'mubix-dns_postmods'
2 parents 997d5b9 + a3c86f3 commit 469f04d

File tree

2 files changed

+82
-10
lines changed

2 files changed

+82
-10
lines changed

modules/post/windows/recon/resolve_hostname.rb

Lines changed: 21 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -15,19 +15,19 @@ def initialize(info={})
1515
'Name' => 'Windows Recon Resolve Hostname',
1616
'Description' => %q{ This module resolves a hostname to IP address via the victim, similiar to the Unix dig command},
1717
'License' => MSF_LICENSE,
18-
'Author' => [ 'Rob Fuller <mubix[at]hak5.org>'],
18+
'Author' => [ 'mubix <mubix[at]hak5.org>'],
1919
'Platform' => [ 'windows' ],
2020
'SessionTypes' => [ 'meterpreter' ]
2121
))
2222

2323
register_options(
2424
[
25-
OptString.new('HOSTNAME', [true, 'Hostname to lookup', nil])
25+
OptString.new('HOSTNAME', [false, 'Hostname to lookup', nil]),
26+
OptPath.new('HOSTFILE', [false, 'Line separated file with hostnames to resolve', nil])
2627
], self.class)
2728
end
2829

29-
def run
30-
### MAIN ###
30+
def resolve_hostname(hostname)
3131

3232
if client.platform =~ /^x64/
3333
size = 64
@@ -37,14 +37,11 @@ def run
3737
addrinfoinmem = 24
3838
end
3939

40-
hostname = datastore['HOSTNAME']
41-
42-
## get IP for host
4340
begin
4441
vprint_status("Looking up IP for #{hostname}")
4542
result = client.railgun.ws2_32.getaddrinfo(hostname, nil, nil, 4 )
4643
if result['GetLastError'] == 11001
47-
print_error("Failed to resolve the host")
44+
print_error("Failed to resolve #{hostname}")
4845
return
4946
end
5047
addrinfo = client.railgun.memread( result['ppResult'], size )
@@ -53,9 +50,23 @@ def run
5350
ip = sockaddr[4,4].unpack('N').first
5451
hostip = Rex::Socket.addr_itoa(ip)
5552
print_status("#{hostname} resolves to #{hostip}")
56-
rescue ::Exception => e
57-
print_error(e)
53+
rescue Rex::Post::Meterpreter::RequestError
5854
print_status('Windows 2000 and prior does not support getaddrinfo')
5955
end
56+
57+
end
58+
59+
def run
60+
if datastore['HOSTNAME']
61+
resolve_hostname(datastore['HOSTNAME'])
62+
end
63+
64+
if datastore['HOSTFILE']
65+
::File.open(datastore['HOSTFILE'], "rb").each_line do |hostname|
66+
if hostname.strip != ""
67+
resolve_hostname(hostname.strip)
68+
end
69+
end
70+
end
6071
end
6172
end
Lines changed: 61 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,61 @@
1+
##
2+
# $Id $
3+
##
4+
5+
##
6+
# This file is part of the Metasploit Framework and may be subject to
7+
# redistribution and commercial restrictions. Please see the Metasploit
8+
# web site for more information on licensing and terms of use.
9+
# http://metasploit.com/
10+
##
11+
12+
require 'msf/core'
13+
require 'rex'
14+
15+
class Metasploit3 < Msf::Post
16+
17+
def initialize(info={})
18+
super( update_info( info,
19+
'Name' => 'Windows Recon Resolve IP',
20+
'Description' => %q{ This module reverse resolves a range or IP to a hostname},
21+
'License' => MSF_LICENSE,
22+
'Author' => [ 'mubix <mubix[at]hak5.org>'],
23+
'Version' => '$Revision$',
24+
'Platform' => [ 'windows' ],
25+
'SessionTypes' => [ 'meterpreter' ]
26+
))
27+
register_options(
28+
[
29+
OptAddress.new("ADDRESS" , [ false, "Enumerate currently configured shares"]),
30+
OptAddressRange.new("RANGE" , [ false, "Enumerate Recently mapped shares"])
31+
], self.class)
32+
33+
end
34+
35+
def resolve_ip(ip)
36+
ip_ino = Rex::Socket.addr_aton(ip)
37+
begin
38+
ptr2dns = session.railgun.ws2_32.gethostbyaddr(ip_ino,4,2)
39+
memtext = client.railgun.memread(ptr2dns['return'],255)
40+
host_inmem = memtext.split(ip_ino)[1].split("\00")[0]
41+
print_good("#{ip} resolves to #{host_inmem}")
42+
rescue Rex::Post::Meterpreter::RequestError
43+
print_error("Failed to resolve #{ip}")
44+
end
45+
end
46+
47+
def run
48+
if datastore['ADDRESS']
49+
resolve_ip(datastore['ADDRESS'])
50+
end
51+
52+
if datastore['RANGE']
53+
rexrange = Rex::Socket::RangeWalker.new(datastore['RANGE'])
54+
rexrange.each do |ip|
55+
resolve_ip(ip)
56+
end
57+
end
58+
end
59+
60+
end
61+

0 commit comments

Comments
 (0)