-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding LLMNR spoofing auxiliary module #524
Conversation
Easy to test module. Attacker and victim on the same network, launch browser and try to surf on a single work (ex:wpad,isatap,...) should trigger a DNS query, then a LLMNR query and finally a NBNS query. |
end | ||
|
||
rescue ::Exception => e | ||
print_error("llmnr: #{e.class} #{e} #{e.backtrace}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Modules should not print backtraces. Please add an elog
for that.
This is insanely verbose. On a network with one other system using LLMNR, I'm getting 9 lines of output every couple of seconds. |
I have changed the verbosity. Should be better when I will commit changes. |
@robin-francois I assume you were rof on Freenode asking about multicast addressing in Rex Sockets. This works: https://gist.github.com/211c9a7b381ffafe8d36 Please convert your ruby sockets to Rex sockets. |
Hi @todb-r7, I would be glad to use Rex sockets but I am having issues to get the same functionalities than the Ruby ones. For example, I cannot find how to bind to a port with the Rex sockets. Can you help me with these issues ? |
The best tactic for figuring out how to work with Rex sockets is to look at other modules that kind of do what you want. In this case, binding a UDP socket with Rex is accomplished by the TFTP server mixin, so take a look at lib/rex/proto/tftp/server.rb .
|
Still working on this pull request to use the Rex sockets. I will commit changes soon. |
This auxiliary module, greatly inspired by the NBNS spoofing, is spoofing LLMNR (Link Local Multicast Name Resolution - which is the successor of NetBIOS since Windows Vista) by responding to multicast queries with unicast spoofed responses.