Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Various fixes for auxiliary/spoof/llmnr/llmnr_response and related stuff #2464

Merged
merged 5 commits into from Dec 10, 2013
Merged

Various fixes for auxiliary/spoof/llmnr/llmnr_response and related stuff #2464

merged 5 commits into from Dec 10, 2013

Conversation

jlee-r7
Copy link
Contributor

@jlee-r7 jlee-r7 commented Oct 4, 2013

  • Converts to use Net::DNS instead of hardcoded packets. This incidentally gives us the ability to respond to AAAA requests as well as A.
  • Fixes problems when recvfrom returns a mapped address like "::ffff:192.0.2.1". This happens on Linux, but I don't know exactly what the cause is.
  • Makes it only listen on the interface we're sending packets from so we don't end up putting packets on the wrong wire

Verification

  • Set up llmnr_response on a VMWare NAT interface with the host's NAT address for SPOOFIP
  • Run ping wpad from a Windows (Vista+) VM with a NAT interface
  • See the ping hit our spoofed address
  • Run ping wpad from a Windows VM with a host-only interface
  • See the ping fail to resolve

@egypt
Axe errant tabs and unused vars
b822a41
@egypt
Standardize prints, clean up whitespace/warnings
68ee692
@egypt
Serve wpad.dat and proxy.pac in the same server
c9cebfb
@egypt
Clean up tabs, warnings, modified datastore
8b84221
@egypt
Convert llmnr_response to use Net::DNS
541833e 
* Allows responding to AAAA requests in addition to the existing A
  support
* Prevents problems when recvfrom returns a mapped address like
  "::ffff:192.0.2.1"

Also:

* Fix a few typos
* capture: Don't shadow a method name (arp) with a local variable
* capture: Handle the case where our UDP send hits an ENETUNREACH
@wvu
Copy link
Contributor

wvu commented Oct 18, 2013

Checking this out.

@wvu
Copy link
Contributor

wvu commented Nov 8, 2013

Merge conflict is easy to fix.

@wvu
Copy link
Contributor

wvu commented Dec 10, 2013

Good stuff! Landing soon.

@wvu
Copy link
Contributor

wvu commented Dec 10, 2013

Successful test using rvmsudo:

msf > use auxiliary/spoof/llmnr/llmnr_response
msf auxiliary(llmnr_response) > set INTERFACE vmnet8
INTERFACE => vmnet8
msf auxiliary(llmnr_response) > set SPOOFIP 172.16.177.1
SPOOFIP => 172.16.177.1
msf auxiliary(llmnr_response) > run
[*] Auxiliary module execution completed
msf auxiliary(llmnr_response) >
[*] LLMNR Spoofer started. Listening for LLMNR requests with REGEX "(?-mix:.*)" ...
[+] 172.16.177.129   llmnr - wpad. matches regex, responding with 172.16.177.1

wvu added a commit that referenced this pull request Dec 10, 2013
@wvu
Land #2464, fixes for llmnr_response and friends
ff9cb48 
Fixed conflict in lib/msf/core/exploit/http/server.rb.
@wvu wvu merged commit 541833e into rapid7:master Dec 10, 2013
@jlee-r7 jlee-r7 deleted the cleanup/mitm-stuff branch June 20, 2014 17:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@jlee-r7 @wvu @egypt