Fix UDP detection when DNS resolution is not on

rapid7 · Nov 22, 2023 · 473ded3 · 473ded3
1 parent ef9a165
commit 473ded3
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 28 deletions.
diff --git a/lib/msf/ui/console/command_dispatcher/dns.rb b/lib/msf/ui/console/command_dispatcher/dns.rb
@@ -160,6 +160,8 @@ def cmd_dns(*args)
         print_dns
       when "help"
         cmd_dns_help
+      else
+        print_error("Invalid command. To view help: dns -h")
       end
     rescue ::ArgumentError => e
       print_error(e.message)
@@ -298,7 +300,7 @@ def prettify_comm(comm, dns_server)
   def print_dns_set(heading, result_set)
     return if result_set.length == 0
     if result_set[0][:wildcard_rules].any?
-      columns = ['ID', 'Rules(s)', 'DNS Server', 'Commm channel']
+      columns = ['ID', 'Rules(s)', 'DNS Server', 'Comm channel']
     else
       columns = ['ID', 'DNS Server', 'Commm channel']
     end

diff --git a/lib/net/dns/resolver.rb b/lib/net/dns/resolver.rb
@@ -975,7 +975,7 @@ def send(argument,type=Net::DNS::A,cls=Net::DNS::IN)
           end
         end
 
-        ans = self.old_send(method,packet,packet_data)
+        ans = self.old_send(method,packet,packet_data, nameservers.map {|ns| [ns, {}]})
 
         unless ans
           @logger.fatal "No response from nameservers list: aborting"
@@ -1027,7 +1027,8 @@ def axfr(name,cls=Net::DNS::IN)
 
         answers = []
         soa = 0
-        self.old_send(method, packet, packet_data) do |ans|
+        nameservers_and_hash = nameservers.map {|ns| [ns, {}]}
+        self.old_send(method, packet, packet_data, nameservers_and_hash) do |ans|
           @logger.info "Received #{ans[0].size} bytes from #{ans[1][2]+":"+ans[1][1].to_s}"
 
           begin
@@ -1161,12 +1162,12 @@ def make_query_packet(string,type,cls)
 
       end
 
-      def send_tcp(packet,packet_data)
+      def send_tcp(packet,packet_data, nameservers)
 
         ans = nil
         length = [packet_data.size].pack("n")
 
-        @config[:nameservers].each do |ns|
+        nameservers.each do |ns, _unused|
           begin
             socket = Socket.new(Socket::AF_INET,Socket::SOCK_STREAM,0)
             socket.bind(Socket.pack_sockaddr_in(@config[:source_port],@config[:source_address].to_s))
@@ -1233,13 +1234,13 @@ def send_tcp(packet,packet_data)
         return nil
       end
 
-      def send_udp(packet,packet_data)
+      def send_udp(packet, packet_data, nameservers)
         socket = UDPSocket.new
         socket.bind(@config[:source_address].to_s,@config[:source_port])
 
         ans = nil
         response = ""
-        @config[:nameservers].each do |ns|
+        nameservers.each do |ns, _unused|
           begin
             @config[:udp_timeout].timeout do
               @logger.info "Contacting nameserver #{ns} port #{@config[:port]}"

diff --git a/lib/rex/proto/dns/resolver.rb b/lib/rex/proto/dns/resolver.rb
@@ -117,7 +117,7 @@ def proxies=(prox, timeout_added = 250)
     # @return [Array<Array>] A list of nameservers, each with Rex::Socket options
     #
     def nameservers_for_packet(_dns_message)
-      @config[:nameservers].map {|ns| [ns, {}]}
+      @config[:nameservers].map {|ns| [ns.to_s, {}]}
     end
 
     #
@@ -213,30 +213,30 @@ def send_tcp(packet, packet_data, nameservers, prox = @config[:proxies])
       nameservers.each do |ns, socket_options|
         begin
           socket = nil
+          config = {
+            'PeerHost' => ns.to_s,
+            'PeerPort' => @config[:port].to_i,
+            'Proxies' => prox,
+            'Context' => @config[:context],
+            'Comm' => @config[:comm]
+          }
+          config.update(socket_options)
+          unless config['Comm'].nil? || config['Comm'].alive?
+            @logger.warn("Session #{config['Comm'].sid} not active, and cannot be used to resolve DNS")
+            throw :next_ns
+          end
+
+          suffix = " over session #{@config['Comm'].sid}" unless @config['Comm'].nil?
+          if @config[:source_port] > 0
+            config['LocalPort'] = @config[:source_port]
+          end
+          if @config[:source_host].to_s != '0.0.0.0'
+            config['LocalHost'] = @config[:source_host] unless @config[:source_host].nil?
+          end
           @config[:tcp_timeout].timeout do
             catch(:next_ns) do
               suffix = ''
               begin
-                config = {
-                  'PeerHost' => ns.to_s,
-                  'PeerPort' => @config[:port].to_i,
-                  'Proxies' => prox,
-                  'Context' => @config[:context],
-                  'Comm' => @config[:comm]
-                }
-                config.update(socket_options)
-                unless config['Comm'].nil? || config['Comm'].alive?
-                  @logger.warn("Session #{config['Comm'].sid} not active, and cannot be used to resolve DNS")
-                  throw :next_ns
-                end
-
-                suffix = " over session #{@config['Comm'].sid}" unless @config['Comm'].nil?
-                if @config[:source_port] > 0
-                  config['LocalPort'] = @config[:source_port]
-                end
-                if @config[:source_host].to_s != '0.0.0.0'
-                  config['LocalHost'] = @config[:source_host] unless @config[:source_host].nil?
-                end
                 socket = Rex::Socket::Tcp.create(config)
               rescue
                 @logger.warn "TCP Socket could not be established to #{ns}:#{@config[:port]} #{@config[:proxies]}#{suffix}"