Adds mixin and test module

cgranleese-r7 · cgranleese-r7 · commit 02b243534535 · 2025-02-07T13:24:23.000Z
diff --git a/lib/msf/core/post/dns.rb b/lib/msf/core/post/dns.rb
@@ -0,0 +1,4 @@
+# -*- coding: binary -*-
+
+module Msf::Post::DNS
+end
diff --git a/lib/msf/core/post/dns/resolve_host.rb b/lib/msf/core/post/dns/resolve_host.rb
@@ -0,0 +1,72 @@
+# -*- coding: binary -*-
+
+require 'rex/post/meterpreter/extensions/stdapi/constants'
+
+module Msf
+  class Post
+    module DNS
+      ###
+      #
+      # This module resolves session DNS
+      #
+      ###
+      module ResolveHost
+        # Takes the host name and resolves the IP
+        #
+        # @param [String] host
+        # @param [Integer] family AF_INET for IPV4 and AF_INET6 for IPV6
+        # @return [Hash] The resolved IPs
+        def resolve_host(host, family)
+          if client.respond_to?(:net) && client.commands.include?(Rex::Post::Meterpreter::Extensions::Stdapi::COMMAND_ID_STDAPI_NET_RESOLVE_HOST)
+            resolved_host = client.net.resolve.resolve_host(host, family)
+            resolved_host.reject { |k, _v| k == :ip }
+          else
+            ips = []
+            data = cmd_exec("nslookup #{host}")
+            if data =~ /Name/
+              # Remove unnecessary data and get the section with the addresses
+              returned_data = data.split(/Name:/)[1..]
+              # check each element of the array to see if they are IP
+              returned_data.each do |entry|
+                ip_list = entry.gsub(/\r\n\t |\r\n|Aliases:|Addresses:|Address:/, ' ').split(' ') - [host]
+                filtered_ips = filter_ips(ip_list, family)
+                ips = filtered_ips unless filtered_ips.empty?
+              end
+              # If nslookup responds with "no answer", fall back to resolving via host command
+            elsif data =~ /No answer/
+              data = cmd_exec("host #{host}")
+              if data =~ /has address/
+                # Remove unnecessary data and get the section with the addresses
+                returned_data = data.split("\n")[...-1]
+                # check each element of the array to see if they are IP
+                ip_list = returned_data.map { |entry| entry.split(' ').last }
+                filtered_ips = filter_ips(ip_list, family)
+                ips = filtered_ips unless filtered_ips.empty?
+              end
+            end
+            { hostname: host, ips: ips }
+          end
+        end
+
+        # Takes the host and family and returns the IP address if it matches the appropriate family
+        # Needed to handle request that fallback to nslookup or host, as they return both IPV4 and IPV6.
+        #
+        # @param [Array] ips
+        # @param [Integer] family
+        # @return [Array] ips
+        def filter_ips(ips, family)
+          filtered_ips = []
+          ips.each do |ip|
+            if family == AF_INET
+              filtered_ips << ip if !!(ip =~ Resolv::IPv4::Regex)
+            elsif family == AF_INET6
+              filtered_ips << ip if !!(ip =~ Resolv::IPv6::Regex)
+            end
+          end
+
+          filtered_ips
+        end
+      end
+    end
+  end
+end
diff --git a/modules/post/windows/gather/enum_computers.rb b/modules/post/windows/gather/enum_computers.rb
@@ -3,10 +3,13 @@
 # Current source: https://github.com/rapid7/metasploit-framework
 ##
 
+require 'rex/post/meterpreter/extensions/stdapi/constants'
+
 class MetasploitModule < Msf::Post
   include Msf::Post::File
   include Msf::Post::Windows::Accounts
   include Msf::Post::Windows::Registry
+  include Msf::Post::DNS::ResolveHost
 
   def initialize(info = {})
     super(
@@ -58,36 +61,19 @@ def run
 
   # Takes the host name and makes use of nslookup to resolve the IP
   #
-  # @param [String] host Hostname
+  # @param [Object] hostname
+  # @param [Object] family
   # @return [String] ip The resolved IP
-  def resolve_host(host)
-    vprint_status("Looking up IP for #{host}")
-    return host if Rex::Socket.dotted_ip?(host)
-
-    ip = []
-    data = cmd_exec("nslookup #{host}")
-    if data =~ /Name/
-      # Remove unnecessary data and get the section with the addresses
-      returned_data = data.split(/Name:/)[1]
-      # check each element of the array to see if they are IP
-      returned_data.gsub(/\r\n\t |\r\n|Aliases:|Addresses:|Address:/, ' ').split(' ').each do |e|
-        if Rex::Socket.dotted_ip?(e)
-          ip << e
-        end
-      end
-    end
-
-    if ip.blank?
-      'Not resolvable'
-    else
-      ip.join(', ')
-    end
+  def gethost(hostname, family)
+    ## get IP for host
+    vprint_status("Looking up IP for #{hostname}")
+    resolve_host(hostname, family)
   end
 
   def get_domain_computers
     computer_list = []
     divisor = "-------------------------------------------------------------------------------\r\n"
-    net_view_response = cmd_exec('net view')
+    net_view_response = cmd_exec("cmd.exe", "/c net view")
     unless net_view_response.include?(divisor)
       print_error("The net view command failed with: #{net_view_response}")
       return []
@@ -104,6 +90,7 @@ def get_domain_computers
   end
 
   def list_computers(domain, hosts)
+    meterpreter_dns_resolving_errors = []
     tbl = Rex::Text::Table.new(
       'Header' => 'List of identified Hosts.',
       'Indent' => 1,
@@ -115,12 +102,28 @@ def list_computers(domain, hosts)
         ]
     )
     hosts.each do |hostname|
-      hostip = resolve_host(hostname)
-      tbl << [domain, hostname, hostip]
+      hostipv4 = gethost(hostname, AF_INET)
+      hostipv6 = gethost(hostname, AF_INET6)
+
+      if hostipv4[:ips].empty?
+        meterpreter_dns_resolving_errors << "IPV4: #{hostname} could not be resolved"
+      else
+        tbl << [domain, hostname, hostipv4[:ips].join(',')]
+      end
+
+      if hostipv6[:ips].empty?
+        meterpreter_dns_resolving_errors << "IPV6: #{hostname} could not be resolved" if hostipv6[:ips].empty?
+      else
+        tbl << [domain, hostname, hostipv6[:ips].join(',')] unless hostipv6[:ips].nil?
+      end
     end
 
     print_line("\n#{tbl}\n")
 
+    meterpreter_dns_resolving_errors.each do | error |
+      print_warning(error)
+    end
+
     report_note(
       host: session,
       type: 'domain.hosts',
diff --git a/spec/support/acceptance/command_shell/cmd.rb b/spec/support/acceptance/command_shell/cmd.rb
@@ -17,6 +17,38 @@ module Acceptance::Session
       }
     ],
     module_tests: [
+      {
+        name: 'post/test/resolve_host',
+        platforms: [
+          [
+            :linux,
+            {
+              skip: true,
+              reason: 'Payload not compiled for platform'
+            }
+          ],
+          [
+            :osx,
+            {
+              skip: true,
+              reason: 'Payload not compiled for platform'
+            }
+          ],
+          :windows
+        ],
+        skipped: false,
+        lines: {
+          linux: {
+            known_failures: []
+          },
+          osx: {
+            known_failures: []
+          },
+          windows: {
+            known_failures: []
+          }
+        }
+      },
       {
         name: 'post/test/cmd_exec',
         platforms: [
diff --git a/spec/support/acceptance/command_shell/linux.rb b/spec/support/acceptance/command_shell/linux.rb
@@ -49,6 +49,32 @@ module Acceptance::Session
           }
         }
       },
+      {
+        name: "post/test/resolve_host",
+        platforms: [
+          :linux,
+          :osx,
+          [
+            :windows,
+            {
+              skip: true,
+              reason: "Payload not compiled for platform"
+            }
+          ]
+        ],
+        skipped: false,
+        lines: {
+          linux: {
+            known_failures: []
+          },
+          osx: {
+            known_failures: []
+          },
+          windows: {
+            known_failures: []
+          }
+        }
+      },
       {
         name: "post/test/cmd_exec",
         platforms: [
diff --git a/spec/support/acceptance/command_shell/powershell.rb b/spec/support/acceptance/command_shell/powershell.rb
@@ -17,6 +17,38 @@ module Acceptance::Session
       }
     ],
     module_tests: [
+      {
+        name: 'post/test/resolve_host',
+        platforms: [
+          [
+            :linux,
+            {
+              skip: true,
+              reason: 'Payload not compiled for platform'
+            }
+          ],
+          [
+            :osx,
+            {
+              skip: true,
+              reason: 'Payload not compiled for platform'
+            }
+          ],
+          :windows
+        ],
+        skipped: false,
+        lines: {
+          linux: {
+            known_failures: []
+          },
+          osx: {
+            known_failures: []
+          },
+          windows: {
+            known_failures: []
+          }
+        }
+      },
       {
         name: 'post/test/cmd_exec',
         platforms: [
diff --git a/spec/support/acceptance/session/java.rb b/spec/support/acceptance/session/java.rb
@@ -73,6 +73,22 @@ module Acceptance::Session
           }
         }
       },
+      {
+        name: "post/test/resolve_host",
+        platforms: [:linux, :osx, :windows],
+        skipped: false,
+        lines: {
+          linux: {
+            known_failures: []
+          },
+          osx: {
+            known_failures: []
+          },
+          windows: {
+            known_failures: []
+          }
+        }
+      },
       {
         name: "post/test/cmd_exec",
         platforms: [:linux, :osx, :windows],
diff --git a/spec/support/acceptance/session/mettle.rb b/spec/support/acceptance/session/mettle.rb
@@ -1,3 +1,4 @@
+
 module Acceptance::Session
   METTLE_METERPRETER = {
     payloads: [
@@ -69,6 +70,32 @@ module Acceptance::Session
           }
         }
       },
+      {
+        name: "post/test/resolve_host",
+        platforms: [
+          :linux,
+          :osx,
+          [
+            :windows,
+            {
+              skip: true,
+              reason: "Payload not compiled for platform"
+            }
+          ]
+        ],
+        skipped: false,
+        lines: {
+          linux: {
+            known_failures: []
+          },
+          osx: {
+            known_failures: []
+          },
+          windows: {
+            known_failures: []
+          }
+        }
+      },
       {
         name: "post/test/cmd_exec",
         platforms: [
diff --git a/spec/support/acceptance/session/php.rb b/spec/support/acceptance/session/php.rb
@@ -60,6 +60,23 @@ module Acceptance::Session
           }
         }
       },
+      {
+        name: "post/test/resolve_host",
+        platforms: [:linux, :osx, :windows],
+        skipped: false,
+        lines: {
+          linux: {
+            known_failures: []
+          },
+          osx: {
+            known_failures: []
+          },
+          windows: {
+            known_failures: [
+            ]
+          }
+        }
+      },
       {
         name: "post/test/cmd_exec",
         platforms: [:linux, :osx, :windows],
diff --git a/spec/support/acceptance/session/python.rb b/spec/support/acceptance/session/python.rb
@@ -72,6 +72,22 @@ module Acceptance::Session
           }
         }
       },
+      {
+        name: "post/test/resolve_host",
+        platforms: [:linux, :osx, :windows],
+        skipped: false,
+        lines: {
+          linux: {
+            known_failures: []
+          },
+          osx: {
+            known_failures: []
+          },
+          windows: {
+            known_failures: []
+          }
+        }
+      },
       {
         name: "post/test/cmd_exec",
         platforms: [:linux, :osx, :windows],
diff --git a/spec/support/acceptance/session/windows_meterpreter.rb b/spec/support/acceptance/session/windows_meterpreter.rb
diff --git a/test/modules/post/test/resolve_host.rb b/test/modules/post/test/resolve_host.rb

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +# -*- coding: binary -*-
++
 +module Msf::Post::DNS
 +end