Adds support for resolving multiple host ips

[cgranleese-r7]

Note

Ensure the following PR has been landed before landing this one. This PR will also require a rebase before landing.
Remove hardcoded branches and repos before merging.

This PR is in conjunction with a PR in metasploit-payloads.

This PR updates the resolve_host and resolve_hosts to now support resolving multiple host IPs.

The changes support backwards compatibility for old Meterpreter sessions by checking for TLV types off TLV_TYPE_IP that follows the existing logic, as well as the new TLV_TYPE_RESOLVE_HOST_ENTRY TLV.

Verification

Needs to be tested in tandem with the metasploit-payloads PR.

resolve_host

• Start msfconsole
• use php/meterpreter/reverse_tcp
• Get a Meterpreter session
• Run the following command irb -e "framework.sessions.values.last.net.resolve.resolve_host 'rapid7.com'"
• Add a breakpoint and verify you get multiple IPs being resolved
• Verify you see the following outputs

{:hostname=>"rapid7.com", :ip=>"108.156.39.19", :ips=>["108.156.39.19", "108.156.39.105", "108.156.39.48", "108.156.39.8"]}

resolve_hosts

• Start msfconsole
• use php/meterpreter/reverse_tcp
• Get a Meterpreter session
• Run the following command irb -e "framework.sessions.values.last.net.resolve.resolve_hosts ['rapid7.com', 'google.com']"
• Add a breakpoint and verify you get multiple IPs being resolved
• Verify you see the following output:

[{:hostname=>"rapid7.com", :ip=>"108.156.39.19", :ips=>["108.156.39.19", "108.156.39.105", "108.156.39.48", "108.156.39.8"]}, {:hostname=>"google.com", :ip=>"216.58.201.110", :ips=>["216.58.201.110"]}]

[adfoster-r7]

It'd be good to update the test notes to verify that an ipv6 target works as expected

[adfoster-r7]

Will attic for now until we can pick this up again in the new year when we've got the other priorities out for this year 👍

[github-actions]

Thanks for your contribution to Metasploit Framework! We've looked at this pull request, and we agree that it seems like a good addition to Metasploit, but it looks like it is not quite ready to land. We've labeled it attic and closed it for now.

What does this generally mean? It could be one or more of several things:

• It doesn't look like there has been any activity on this pull request in a while
• We may not have the proper access or equipment to test this pull request, or the contributor doesn't have time to work on it right now.
• Sometimes the implementation isn't quite right and a different approach is necessary.

We would love to land this pull request when it's ready. If you have a chance to address all comments, we would be happy to reopen and discuss how to merge this!

[adfoster-r7]

If we throw in this code to enhance the resolve meterpreter command it'll expose the functionality to the user more cleanly, and it's easier to test too 😄

diff --git a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb
index 01818ae2d7..573fc2f8cf 100644
--- a/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb
+++ b/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb
@@ -654,10 +654,13 @@ class Console::CommandDispatcher::Stdapi::Net
     )
 
     response.each do |result|
-      if result[:ip].nil?
+      if result[:ips].empty?
         table << [result[:hostname], '[Failed To Resolve]']
       else
-        table << [result[:hostname], result[:ip]]
+        require 'pry-byebug'; binding.pry
+        result[:ips].each do |ip|
+          table << [result[:hostname], ip]
+        end
       end
     end

Usage:

msf6 payload(php/meterpreter_reverse_tcp) > sessions -i -1
[*] Starting interaction with 6...

meterpreter > resolve example.com

Host resolutions
================

    Hostname     IP Address
    --------     ----------
    example.com  23.215.0.136
    example.com  23.215.0.138
    example.com  96.7.128.175
    example.com  96.7.128.198
    example.com  23.192.228.80
    example.com  23.192.228.84

meterpreter > 

[adfoster-r7]

It'd be great to rebase against master, and have a run through of the test suite pointing towards your payload PR(s) since the test suite is failing

[adfoster-r7]

I'm not sure if it's your PR or not, but looks like it fails against unresolved hosts with a python exception which I don't think is expected

meterpreter > resolve foo
[-] stdapi_net_resolve_hosts: Operation failed: Python exception: KeyError

Whilst with php:

Host resolutions
================

    Hostname  IP Address
    --------  ----------
    foo       [Failed To Resolve]

[adfoster-r7]

Attic'ing this again; Everything appeared to be working other than failing OSX support and some extra verification on Python - comment above, some of the language runtimes seem to inconsistently handle ipv6. If this gets revived again in the future, we'll want to spend the cycles on that 👍

[github-actions]

Thanks for your contribution to Metasploit Framework! We've looked at this pull request, and we agree that it seems like a good addition to Metasploit, but it looks like it is not quite ready to land. We've labeled it attic and closed it for now.

What does this generally mean? It could be one or more of several things:

• It doesn't look like there has been any activity on this pull request in a while
• We may not have the proper access or equipment to test this pull request, or the contributor doesn't have time to work on it right now.
• Sometimes the implementation isn't quite right and a different approach is necessary.

We would love to land this pull request when it's ready. If you have a chance to address all comments, we would be happy to reopen and discuss how to merge this!