Support check for bailiwicked_host

2014-01-23 15:31:37 -06:00 · 2014-01-23 15:31:37 -06:00 · f5a935a186
parent 8d411d2037
commit f5a935a186
1 changed files with 13 additions and 13 deletions
--- a/modules/auxiliary/spoof/dns/bailiwicked_host.rb
+++ b/modules/auxiliary/spoof/dns/bailiwicked_host.rb
@ -73,14 +73,9 @@ class Metasploit3 < Msf::Auxiliary
    calculate_race(targ, dom)
  end

-  def cmd_check(*args)
-    targ = args[0] || rhost()
-    if !(targ and targ.length > 0)
-      print_status("usage: check [dns-server]")
-      return
-    end
+  def check
+    targ = rhost

-    print_status("Using the Metasploit service to verify exploitability...")
    srv_sock = Rex::Socket.create_udp(
      'PeerHost' => targ,
      'PeerPort' => 53
@ -109,7 +104,7 @@ class Metasploit3 < Msf::Auxiliary
          if (name.to_s == txt and data.strings.join('') =~ /^([^\s]+)\s+.*red\.metasploit\.com/m)
            t_addr, t_port = $1.split(':')

-            print_status(" >> ADDRESS: #{t_addr}  PORT: #{t_port}")
+            vprint_status(" >> ADDRESS: #{t_addr}  PORT: #{t_port}")
            t_port = t_port.to_i
            if(lport and lport != t_port)
              random = true
@ -130,12 +125,12 @@ class Metasploit3 < Msf::Auxiliary
    srv_sock.close

    if(ports.keys.length == 0)
-      print_error("ERROR: This server is not replying to recursive requests")
-      return
+      vprint_error("ERROR: This server is not replying to recursive requests")
+      return Exploit::CheckCode::Unknown
    end

    if(reps < 30)
-      print_warning("WARNING: This server did not reply to all of our requests")
+      vprint_warning("WARNING: This server did not reply to all of our requests")
    end

    if(random)
@ -143,11 +138,16 @@ class Metasploit3 < Msf::Auxiliary
      ports_r = ((ports.keys.length/30.0)*100).to_i
      print_status("PASS: This server does not use a static source port. Randomness: #{ports_u}/30 %#{ports_r}")
      if(ports_r != 100)
-        print_status("INFO: This server's source ports are not really random and may still be exploitable, but not by this tool.")
+        vprint_status("INFO: This server's source ports are not really random and may still be exploitable, but not by this tool.")
+        # Not exploitable by this tool, so we lower this to Appears on purpose to lower the user's confidence
+        return Exploit::CheckCode::Appears 
      end
    else
-      print_error("FAIL: This server uses a static source port and is vulnerable to poisoning")
+      vprint_error("FAIL: This server uses a static source port and is vulnerable to poisoning")
+      return Exploit::CheckCode::Vulnerable
    end
+
+    Exploit::CheckCode::Safe
  end

  def run