Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auxiliary/gather/enum_dns ENUM_AXFR - Failed to parse RR packet from offset #13955

Open
bcoles opened this issue Aug 7, 2020 · 1 comment
Open

auxiliary/gather/enum_dns ENUM_AXFR - Failed to parse RR packet from offset #13955

bcoles opened this issue Aug 7, 2020 · 1 comment
Labels
bug not-stale Label to stop an issue from being auto closed

Comments

@bcoles
Copy link
Contributor

bcoles commented Aug 7, 2020

See #13952 for context.

msf6 auxiliary(gather/enum_dns) > run

[*] Querying DNS NS records for zonetransfer.me
[+] zonetransfer.me NS: nsztm2.digi.ninja
[+] zonetransfer.me NS: nsztm1.digi.ninja
[*] Attempting DNS AXFR for zonetransfer.me from nsztm2.digi.ninja
W, [2020-08-07T04:52:15.744616 #1725954]  WARN -- : Failed to parse RR packet from offset: 657
W, [2020-08-07T04:52:15.745641 #1725954]  WARN -- : Failed to parse RR packet from offset: 726
W, [2020-08-07T04:52:15.748193 #1725954]  WARN -- : Failed to parse RR packet from offset: 1018
W, [2020-08-07T04:52:15.748895 #1725954]  WARN -- : Failed to parse RR packet from offset: 1073
W, [2020-08-07T04:52:15.752108 #1725954]  WARN -- : Failed to parse RR packet from offset: 1589
W, [2020-08-07T04:52:15.752272 #1725954]  WARN -- : Failed to parse RR packet from offset: 1654
W, [2020-08-07T04:52:45.984802 #1725954]  WARN -- : Failed to parse RR packet from offset: 657
W, [2020-08-07T04:52:45.985328 #1725954]  WARN -- : Failed to parse RR packet from offset: 726
W, [2020-08-07T04:52:45.986725 #1725954]  WARN -- : Failed to parse RR packet from offset: 1018
W, [2020-08-07T04:52:45.987217 #1725954]  WARN -- : Failed to parse RR packet from offset: 1073
W, [2020-08-07T04:52:45.989867 #1725954]  WARN -- : Failed to parse RR packet from offset: 1589
W, [2020-08-07T04:52:45.990139 #1725954]  WARN -- : Failed to parse RR packet from offset: 1654
[+] zonetransfer.me Zone Transfer: [;; Answer received from 34.225.33.2:53 (2039 bytes)
;;
;; HEADER SECTION
;; id = 28412
;; qr = 1	opCode: QUERY	aa = 1	tc = 0	rd = 0
;; ra = 0	ad = 0	cd = 0	rcode = NoError
;; qdCount = 1	anCount = 51	nsCount = 0	arCount = 0

;; QUESTION SECTION (1 record):
;; zonetransfer.me.             IN      AXFR    

;; ANSWER SECTION (51 records):
zonetransfer.me.        7200    IN      SOA     nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
zonetransfer.me.        300     IN      HINFO   Casio fx-700G
 Windows XP�
zonetransfer.me.        301     IN      TXT     
zonetransfer.me.        7200    IN      MX      0 ASPMX.L.GOOGLE.COM.
zonetransfer.me.        7200    IN      MX      10 ALT1.ASPMX.L.GOOGLE.COM.
zonetransfer.me.        7200    IN      MX      10 ALT2.ASPMX.L.GOOGLE.COM.
zonetransfer.me.        7200    IN      MX      20 ASPMX2.GOOGLEMAIL.COM.
zonetransfer.me.        7200    IN      MX      20 ASPMX3.GOOGLEMAIL.COM.
zonetransfer.me.        7200    IN      MX      20 ASPMX4.GOOGLEMAIL.COM.
zonetransfer.me.        7200    IN      MX      20 ASPMX5.GOOGLEMAIL.COM.
zonetransfer.me.        7200    IN      A       5.196.105.14
zonetransfer.me.        7200    IN      NS      nsztm1.digi.ninja.
zonetransfer.me.        7200    IN      NS      nsztm2.digi.ninja.
_acme-challenge.zonetransfer.me.   301   IN   TXT   
_acme-challenge.zonetransfer.me.   301   IN   TXT   
_sip._tcp.zonetransfer.me.   14000   IN   SRV   
14.105.196.5.IN-ADDR.ARPA.zonetransfer.me.   7200   IN   PTR   www.zonetransfer.me.
asfdbbox.zonetransfer.me.   7200   IN   A   127.0.0.1
canberra-office.zonetransfer.me.   7200   IN   A   202.14.81.230
cmdexec.zonetransfer.me.   300   IN   TXT   
contact.zonetransfer.me.   2592000   IN   TXT   
dc-office.zonetransfer.me.   7200   IN   A   143.228.181.132
deadbeef.zonetransfer.me.   7201   IN   AAAA   dead:beaf::
DZC.zonetransfer.me.    7200    IN      TXT     
email.zonetransfer.me.  7200    IN      A       74.125.206.26
Hello.zonetransfer.me.  7200    IN      TXT     
home.zonetransfer.me.   7200    IN      A       127.0.0.1
Info.zonetransfer.me.   7200    IN      TXT     
internal.zonetransfer.me.   300   IN   NS   intns1.zonetransfer.me.
internal.zonetransfer.me.   300   IN   NS   intns2.zonetransfer.me.
intns1.zonetransfer.me. 300     IN      A       81.4.108.41
intns2.zonetransfer.me. 300     IN      A       52.91.28.78
office.zonetransfer.me. 7200    IN      A       4.23.39.254
ipv6actnow.org.zonetransfer.me.   7200   IN   AAAA   2001:67c:2e8:11::c100:1332
owa.zonetransfer.me.    7200    IN      A       207.46.197.32
robinwood.zonetransfer.me.   302   IN   TXT   
sqli.zonetransfer.me.   300     IN      TXT     
sshock.zonetransfer.me. 7200    IN      TXT     
staging.zonetransfer.me.   7200   IN   CNAME   www.sydneyoperahouse.com.
alltcpportsopen.firewall.test.zonetransfer.me.   301   IN   A   127.0.0.1
testing.zonetransfer.me.   301   IN   CNAME   www.zonetransfer.me.
vpn.zonetransfer.me.    4000    IN      A       174.36.59.154
www.zonetransfer.me.    7200    IN      A       5.196.105.14
xss.zonetransfer.me.    300     IN      TXT     
zonetransfer.me.        7200    IN      SOA     nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
]
[*] Attempting DNS AXFR for zonetransfer.me from nsztm1.digi.ninja
W, [2020-08-07T04:52:47.093142 #1725954]  WARN -- : Failed to parse RR packet from offset: 601
W, [2020-08-07T04:52:47.093844 #1725954]  WARN -- : Failed to parse RR packet from offset: 670
W, [2020-08-07T04:52:47.095402 #1725954]  WARN -- : Failed to parse RR packet from offset: 962
W, [2020-08-07T04:52:47.095664 #1725954]  WARN -- : Failed to parse RR packet from offset: 1017
W, [2020-08-07T04:52:47.097182 #1725954]  WARN -- : Failed to parse RR packet from offset: 1533
W, [2020-08-07T04:52:47.097303 #1725954]  WARN -- : Failed to parse RR packet from offset: 1598

W, [2020-08-07T04:53:17.329773 #1725954]  WARN -- : Failed to parse RR packet from offset: 601
W, [2020-08-07T04:53:17.330757 #1725954]  WARN -- : Failed to parse RR packet from offset: 670
W, [2020-08-07T04:53:17.331905 #1725954]  WARN -- : Failed to parse RR packet from offset: 962
W, [2020-08-07T04:53:17.332248 #1725954]  WARN -- : Failed to parse RR packet from offset: 1017
W, [2020-08-07T04:53:17.333736 #1725954]  WARN -- : Failed to parse RR packet from offset: 1533
W, [2020-08-07T04:53:17.333877 #1725954]  WARN -- : Failed to parse RR packet from offset: 1598
[+] zonetransfer.me Zone Transfer: [;; Answer received from 81.4.108.41:53 (1983 bytes)
;;
;; HEADER SECTION
;; id = 52584
;; qr = 1	opCode: QUERY	aa = 1	tc = 0	rd = 0
;; ra = 0	ad = 0	cd = 0	rcode = NoError
;; qdCount = 1	anCount = 50	nsCount = 0	arCount = 0

;; QUESTION SECTION (1 record):
;; zonetransfer.me.             IN      AXFR    

;; ANSWER SECTION (50 records):
zonetransfer.me.        7200    IN      SOA     nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
zonetransfer.me.        300     IN      HINFO   Casio fx-700G
 Windows XP�
zonetransfer.me.        301     IN      TXT     
zonetransfer.me.        7200    IN      MX      0 ASPMX.L.GOOGLE.COM.
zonetransfer.me.        7200    IN      MX      10 ALT1.ASPMX.L.GOOGLE.COM.
zonetransfer.me.        7200    IN      MX      10 ALT2.ASPMX.L.GOOGLE.COM.
zonetransfer.me.        7200    IN      MX      20 ASPMX2.GOOGLEMAIL.COM.
zonetransfer.me.        7200    IN      MX      20 ASPMX3.GOOGLEMAIL.COM.
zonetransfer.me.        7200    IN      MX      20 ASPMX4.GOOGLEMAIL.COM.
zonetransfer.me.        7200    IN      MX      20 ASPMX5.GOOGLEMAIL.COM.
zonetransfer.me.        7200    IN      A       5.196.105.14
zonetransfer.me.        7200    IN      NS      nsztm1.digi.ninja.
zonetransfer.me.        7200    IN      NS      nsztm2.digi.ninja.
_acme-challenge.zonetransfer.me.   301   IN   TXT   
_sip._tcp.zonetransfer.me.   14000   IN   SRV   
14.105.196.5.IN-ADDR.ARPA.zonetransfer.me.   7200   IN   PTR   www.zonetransfer.me.
asfdbbox.zonetransfer.me.   7200   IN   A   127.0.0.1
canberra-office.zonetransfer.me.   7200   IN   A   202.14.81.230
cmdexec.zonetransfer.me.   300   IN   TXT   
contact.zonetransfer.me.   2592000   IN   TXT   
dc-office.zonetransfer.me.   7200   IN   A   143.228.181.132
deadbeef.zonetransfer.me.   7201   IN   AAAA   dead:beaf::
DZC.zonetransfer.me.    7200    IN      TXT     
email.zonetransfer.me.  7200    IN      A       74.125.206.26
Hello.zonetransfer.me.  7200    IN      TXT     
home.zonetransfer.me.   7200    IN      A       127.0.0.1
Info.zonetransfer.me.   7200    IN      TXT     
internal.zonetransfer.me.   300   IN   NS   intns1.zonetransfer.me.
internal.zonetransfer.me.   300   IN   NS   intns2.zonetransfer.me.
intns1.zonetransfer.me. 300     IN      A       81.4.108.41
intns2.zonetransfer.me. 300     IN      A       167.88.42.94
office.zonetransfer.me. 7200    IN      A       4.23.39.254
ipv6actnow.org.zonetransfer.me.   7200   IN   AAAA   2001:67c:2e8:11::c100:1332
owa.zonetransfer.me.    7200    IN      A       207.46.197.32
robinwood.zonetransfer.me.   302   IN   TXT   
sqli.zonetransfer.me.   300     IN      TXT     
sshock.zonetransfer.me. 7200    IN      TXT     
staging.zonetransfer.me.   7200   IN   CNAME   www.sydneyoperahouse.com.
alltcpportsopen.firewall.test.zonetransfer.me.   301   IN   A   127.0.0.1
testing.zonetransfer.me.   301   IN   CNAME   www.zonetransfer.me.
vpn.zonetransfer.me.    4000    IN      A       174.36.59.154
www.zonetransfer.me.    7200    IN      A       5.196.105.14
xss.zonetransfer.me.    300     IN      TXT     
zonetransfer.me.        7200    IN      SOA     nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
]
[*] Querying DNS CNAME records for zonetransfer.me
[*] Querying DNS NS records for zonetransfer.me
[+] zonetransfer.me NS: nsztm2.digi.ninja
[+] zonetransfer.me NS: nsztm1.digi.ninja
[*] Querying DNS MX records for zonetransfer.me
[+] zonetransfer.me MX: ASPMX2.GOOGLEMAIL.COM
[+] zonetransfer.me MX: ASPMX4.GOOGLEMAIL.COM
[+] zonetransfer.me MX: ALT2.ASPMX.L.GOOGLE.COM
[+] zonetransfer.me MX: ASPMX3.GOOGLEMAIL.COM
[+] zonetransfer.me MX: ASPMX.L.GOOGLE.COM
[+] zonetransfer.me MX: ASPMX5.GOOGLEMAIL.COM
[+] zonetransfer.me MX: ALT1.ASPMX.L.GOOGLE.COM
[*] Querying DNS SOA records for zonetransfer.me
[+] zonetransfer.me SOA: nsztm1.digi.ninja
[*] Querying DNS TXT records for zonetransfer.me
[+] zonetransfer.me TXT: google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA
[*] Querying DNS SRV records for zonetransfer.me
[+] _sip._tcp.zonetransfer.me SRV: {:host=>"_sip._tcp.zonetransfer.me", :port=>5060, :priority=>0}
[*] Auxiliary module execution completed
msf6 auxiliary(gather/enum_dns) >
@bcoles bcoles added the bug label Aug 7, 2020
@bcoles bcoles mentioned this issue Aug 7, 2020
Open
4 tasks
@github-actions
Copy link

github-actions bot commented Sep 7, 2020

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here.
If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.

@github-actions github-actions bot added the Stale Marks an issue as stale, to be closed if no action is taken label Sep 7, 2020
@bcoles bcoles added not-stale Label to stop an issue from being auto closed and removed Stale Marks an issue as stale, to be closed if no action is taken labels Sep 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug not-stale Label to stop an issue from being auto closed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bcoles