Changeset 5605
- Timestamp:
- 07/26/08 16:09:36 (2 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
framework3/trunk/modules/auxiliary/spoof/dns/bailiwicked_domain.rb
r5602 r5605 88 88 89 89 random = false 90 ports = []90 ports = {} 91 91 lport = nil 92 93 1.upto(5) do |i| 92 reps = 0 93 94 1.upto(30) do |i| 94 95 95 96 req = Resolv::DNS::Message.new … … 99 100 100 101 srv_sock.put(req.encode) 101 res, addr = srv_sock.recvfrom( )102 102 res, addr = srv_sock.recvfrom(65535, 1.0) 103 103 104 104 105 if res and res.length > 0 106 reps += 1 105 107 res = Resolv::DNS::Message.decode(res) 106 108 res.each_answer do |name, ttl, data| … … 114 116 end 115 117 lport = t_port 116 ports << t_port 117 end 118 end 118 ports[t_port] ||=0 119 ports[t_port] +=1 120 end 121 end 122 end 123 124 125 if(i>5 and ports.keys.length == 0) 126 break 119 127 end 120 128 end … … 122 130 srv_sock.close 123 131 124 if(ports. length < 5)125 print_status(" UNKNOWN: This server did not reply to our vulnerability checkrequests")132 if(ports.keys.length == 0) 133 print_status("ERROR: This server is not replying to recursive requests") 126 134 return 127 135 end 128 136 137 if(reps < 30) 138 print_status("WARNING: This server did not reply to all of our requests") 139 end 140 129 141 if(random) 130 print_status("PASS: This server does not use a static source port. Ports: #{ports.join(", ")}") 131 print_status(" This server may still be exploitable, but not by this tool.") 142 ports_u = ports.keys.length 143 ports_r = ((ports.keys.length/30.0)*100).to_i 144 print_status("PASS: This server does not use a static source port. Randomness: #{ports_u}/30 %#{ports_r}") 145 if(ports_r != 100) 146 print_status("INFO: This server's source ports are not really random and may still be exploitable, but not by this tool.") 147 end 132 148 else 133 print_status("FAIL: This server uses static source portsand is vulnerable to poisoning")149 print_status("FAIL: This server uses a static source port and is vulnerable to poisoning") 134 150 end 135 151 end 136 152 137 153 def run 138 154 target = rhost() framework3/trunk/modules/auxiliary/spoof/dns/bailiwicked_host.rb
r5602 r5605 82 82 83 83 random = false 84 ports = []84 ports = {} 85 85 lport = nil 86 87 1.upto(5) do |i| 86 reps = 0 87 88 1.upto(30) do |i| 88 89 89 90 req = Resolv::DNS::Message.new … … 93 94 94 95 srv_sock.put(req.encode) 95 res, addr = srv_sock.recvfrom( )96 96 res, addr = srv_sock.recvfrom(65535, 1.0) 97 97 98 98 99 if res and res.length > 0 100 reps += 1 99 101 res = Resolv::DNS::Message.decode(res) 100 102 res.each_answer do |name, ttl, data| … … 108 110 end 109 111 lport = t_port 110 ports << t_port 111 end 112 end 112 ports[t_port] ||=0 113 ports[t_port] +=1 114 end 115 end 116 end 117 118 119 if(i>5 and ports.keys.length == 0) 120 break 113 121 end 114 122 end … … 116 124 srv_sock.close 117 125 118 if(ports. length < 5)119 print_status(" UNKNOWN: This server did not reply to our vulnerability checkrequests")126 if(ports.keys.length == 0) 127 print_status("ERROR: This server is not replying to recursive requests") 120 128 return 121 129 end 122 130 131 if(reps < 30) 132 print_status("WARNING: This server did not reply to all of our requests") 133 end 134 123 135 if(random) 124 print_status("PASS: This server does not use a static source port. Ports: #{ports.join(", ")}") 125 print_status(" This server may still be exploitable, but not by this tool.") 136 ports_u = ports.keys.length 137 ports_r = ((ports.keys.length/30.0)*100).to_i 138 print_status("PASS: This server does not use a static source port. Randomness: #{ports_u}/30 %#{ports_r}") 139 if(ports_r != 100) 140 print_status("INFO: This server's source ports are not really random and may still be exploitable, but not by this tool.") 141 end 126 142 else 127 print_status("FAIL: This server uses static source portsand is vulnerable to poisoning")143 print_status("FAIL: This server uses a static source port and is vulnerable to poisoning") 128 144 end 129 145 end
