Metasploit-framework: Rogue ] in AXFR results
Steps to reproduce
How'd you do it?
- use auxiliary/gather/enum_dns.rb
- set NS 127.0.0.1
- set ENUM_AXFR true
- set DOMAIN mytest.com
- set ENUM_A false
- set ENUM_BRT false
- set ENUM_MX false
- set ENUM_SOA false
- set ENUM_SRV false
- set ENUM_TXT false
- set ENUM_CNAME false
- set ENUM_NS false
- run
Basically, just do an AXFR on its own.
Were you following a specific guide/tutorial or reading documentation?
n/a
Expected behavior
No random ] at the end of the results
Current behaviour
There is an extra ] after the results.
It doesn't appear to be closing for anything opened earlier so I think it is just a print that isn't in the right place.
Metasploit version
d0778c7a547a0f49fdea54463862306764675090 (HEAD, upstream/master) Land #14228, Increase operations per run
Additional Information
digininja
All 13 comments
Hi @digininja are you able to tell me what type of record was returned on the last line? I can't seem to replicate this issue right now and after reviewing the source code I'm not finding any typo's where there is an extra ].
This is the code in the enum_dns.rb file that I believe is running your query:
def axfr(domain)
nameservers = get_ns(domain)
return if nameservers.blank?
records = []
nameservers.each do |nameserver|
next if nameserver.blank?
print_status("Attempting DNS AXFR for #{domain} from #{nameserver}")
dns = Net::DNS::Resolver.new
dns.use_tcp = datastore['TCP_DNS']
dns.udp_timeout = datastore['TIMEOUT']
dns.retry_number = datastore['RETRY']
dns.retry_interval = datastore['RETRY_INTERVAL']
ns_a_records = []
# try to get A record for nameserver from target NS, which may fail
target_ns_a = get_a(nameserver, 'DNS AXFR records')
ns_a_records |= target_ns_a if target_ns_a
ns_a_records << ::Rex::Socket.resolv_to_dotted(nameserver)
begin
dns.nameservers -= dns.nameservers
dns.nameservers = ns_a_records
zone = dns.axfr(domain)
rescue ResolverArgumentError, Errno::ECONNREFUSED, Errno::ETIMEDOUT, ::NoResponseError, ::Timeout::Error => e
print_error("Query #{domain} DNS AXFR - exception: #{e}")
end
next if zone.blank?
records << zone
print_good("#{domain} Zone Transfer: #{zone}")
end
return if records.blank?
records
end
The only lines that I can see which could be an issue are the ones where zone is being used. And zone appears to be assigned to the result of calling dns.axfr(domain).
I also ran this module against zonetransfer.me and the output suggests that this may be because of how this module operates. Take a look at the output here:
msf6 auxiliary(gather/enum_dns) > set DOMAIN zonetransfer.me
DOMAIN => zonetransfer.me
msf6 auxiliary(gather/enum_dns) > run
[*] Querying DNS NS records for zonetransfer.me
[+] zonetransfer.me NS: nsztm2.digi.ninja
[+] zonetransfer.me NS: nsztm1.digi.ninja
[*] Attempting DNS AXFR for zonetransfer.me from nsztm2.digi.ninja
W, [2020-10-09T08:32:43.675458 #42051] WARN -- : Failed to parse RR packet from offset: 657
W, [2020-10-09T08:32:43.675644 #42051] WARN -- : Failed to parse RR packet from offset: 726
W, [2020-10-09T08:32:43.676090 #42051] WARN -- : Failed to parse RR packet from offset: 1018
W, [2020-10-09T08:32:43.676210 #42051] WARN -- : Failed to parse RR packet from offset: 1073
W, [2020-10-09T08:32:43.676866 #42051] WARN -- : Failed to parse RR packet from offset: 1589
W, [2020-10-09T08:32:43.676921 #42051] WARN -- : Failed to parse RR packet from offset: 1654
W, [2020-10-09T08:33:13.796717 #42051] WARN -- : Failed to parse RR packet from offset: 657
W, [2020-10-09T08:33:13.797441 #42051] WARN -- : Failed to parse RR packet from offset: 726
W, [2020-10-09T08:33:13.799244 #42051] WARN -- : Failed to parse RR packet from offset: 1018
W, [2020-10-09T08:33:13.799790 #42051] WARN -- : Failed to parse RR packet from offset: 1073
W, [2020-10-09T08:33:13.803513 #42051] WARN -- : Failed to parse RR packet from offset: 1589
W, [2020-10-09T08:33:13.803809 #42051] WARN -- : Failed to parse RR packet from offset: 1654
[+] zonetransfer.me Zone Transfer: [;; Answer received from 34.225.33.2:53 (2039 bytes)\n;;\n;; HEADER SECTION\n;; id = 62551\n;; qr = 1\topCode: QUERY\taa = 1\ttc = 0\trd = 0\n;; ra = 0\tad = 0\tcd = 0\trcode = NoError\n;; qdCount = 1\tanCount = 51\tnsCount = 0\tarCount = 0\n\n;; QUESTION SECTION (1 record):\n;; zonetransfer.me. IN AXFR \n\n;; ANSWER SECTION (51 records):\nzonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600\nzonetransfer.me. 300 IN HINFO Casio fx-700G\n Windows XP\xC0\nzonetransfer.me. 301 IN TXT \nzonetransfer.me. 7200 IN MX 0 ASPMX.L.GOOGLE.COM.\nzonetransfer.me. 7200 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM.\nzonetransfer.me. 7200 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM.\nzonetransfer.me. 7200 IN MX 20 ASPMX2.GOOGLEMAIL.COM.\nzonetransfer.me. 7200 IN MX 20 ASPMX3.GOOGLEMAIL.COM.\nzonetransfer.me. 7200 IN MX 20 ASPMX4.GOOGLEMAIL.COM.\nzonetransfer.me. 7200 IN MX 20 ASPMX5.GOOGLEMAIL.COM.\nzonetransfer.me. 7200 IN A 5.196.105.14\nzonetransfer.me. 7200 IN NS nsztm1.digi.ninja.\nzonetransfer.me. 7200 IN NS nsztm2.digi.ninja.\n_acme-challenge.zonetransfer.me. 301 IN TXT \n_acme-challenge.zonetransfer.me. 301 IN TXT \n_sip._tcp.zonetransfer.me. 14000 IN SRV \n14.105.196.5.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me.\nasfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1\ncanberra-office.zonetransfer.me. 7200 IN A 202.14.81.230\ncmdexec.zonetransfer.me. 300 IN TXT \ncontact.zonetransfer.me. 2592000 IN TXT \ndc-office.zonetransfer.me. 7200 IN A 143.228.181.132\ndeadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf::\nDZC.zonetransfer.me. 7200 IN TXT \nemail.zonetransfer.me. 7200 IN A 74.125.206.26\nHello.zonetransfer.me. 7200 IN TXT \nhome.zonetransfer.me. 7200 IN A 127.0.0.1\nInfo.zonetransfer.me. 7200 IN TXT \ninternal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me.\ninternal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me.\nintns1.zonetransfer.me. 300 IN A 81.4.108.41\nintns2.zonetransfer.me. 300 IN A 52.91.28.78\noffice.zonetransfer.me. 7200 IN A 4.23.39.254\nipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11::c100:1332\nowa.zonetransfer.me. 7200 IN A 207.46.197.32\nrobinwood.zonetransfer.me. 302 IN TXT \nsqli.zonetransfer.me. 300 IN TXT \nsshock.zonetransfer.me. 7200 IN TXT \nstaging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com.\nalltcpportsopen.firewall.test.zonetransfer.me. 301 IN A 127.0.0.1\ntesting.zonetransfer.me. 301 IN CNAME www.zonetransfer.me.\nvpn.zonetransfer.me. 4000 IN A 174.36.59.154\nwww.zonetransfer.me. 7200 IN A 5.196.105.14\nxss.zonetransfer.me. 300 IN TXT \nzonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600\n]
[*] Attempting DNS AXFR for zonetransfer.me from nsztm1.digi.ninja
W, [2020-10-09T08:33:14.747597 #42051] WARN -- : Failed to parse RR packet from offset: 601
W, [2020-10-09T08:33:14.747736 #42051] WARN -- : Failed to parse RR packet from offset: 670
W, [2020-10-09T08:33:14.748038 #42051] WARN -- : Failed to parse RR packet from offset: 962
W, [2020-10-09T08:33:14.748131 #42051] WARN -- : Failed to parse RR packet from offset: 1017
W, [2020-10-09T08:33:14.748739 #42051] WARN -- : Failed to parse RR packet from offset: 1533
W, [2020-10-09T08:33:14.748792 #42051] WARN -- : Failed to parse RR packet from offset: 1598
W, [2020-10-09T08:33:45.011632 #42051] WARN -- : Failed to parse RR packet from offset: 601
W, [2020-10-09T08:33:45.011783 #42051] WARN -- : Failed to parse RR packet from offset: 670
W, [2020-10-09T08:33:45.012126 #42051] WARN -- : Failed to parse RR packet from offset: 962
W, [2020-10-09T08:33:45.012220 #42051] WARN -- : Failed to parse RR packet from offset: 1017
W, [2020-10-09T08:33:45.012824 #42051] WARN -- : Failed to parse RR packet from offset: 1533
W, [2020-10-09T08:33:45.012879 #42051] WARN -- : Failed to parse RR packet from offset: 1598
[+] zonetransfer.me Zone Transfer: [;; Answer received from 81.4.108.41:53 (1983 bytes)\n;;\n;; HEADER SECTION\n;; id = 53308\n;; qr = 1\topCode: QUERY\taa = 1\ttc = 0\trd = 0\n;; ra = 0\tad = 0\tcd = 0\trcode = NoError\n;; qdCount = 1\tanCount = 50\tnsCount = 0\tarCount = 0\n\n;; QUESTION SECTION (1 record):\n;; zonetransfer.me. IN AXFR \n\n;; ANSWER SECTION (50 records):\nzonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600\nzonetransfer.me. 300 IN HINFO Casio fx-700G\n Windows XP\xC0\nzonetransfer.me. 301 IN TXT \nzonetransfer.me. 7200 IN MX 0 ASPMX.L.GOOGLE.COM.\nzonetransfer.me. 7200 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM.\nzonetransfer.me. 7200 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM.\nzonetransfer.me. 7200 IN MX 20 ASPMX2.GOOGLEMAIL.COM.\nzonetransfer.me. 7200 IN MX 20 ASPMX3.GOOGLEMAIL.COM.\nzonetransfer.me. 7200 IN MX 20 ASPMX4.GOOGLEMAIL.COM.\nzonetransfer.me. 7200 IN MX 20 ASPMX5.GOOGLEMAIL.COM.\nzonetransfer.me. 7200 IN A 5.196.105.14\nzonetransfer.me. 7200 IN NS nsztm1.digi.ninja.\nzonetransfer.me. 7200 IN NS nsztm2.digi.ninja.\n_acme-challenge.zonetransfer.me. 301 IN TXT \n_sip._tcp.zonetransfer.me. 14000 IN SRV \n14.105.196.5.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me.\nasfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1\ncanberra-office.zonetransfer.me. 7200 IN A 202.14.81.230\ncmdexec.zonetransfer.me. 300 IN TXT \ncontact.zonetransfer.me. 2592000 IN TXT \ndc-office.zonetransfer.me. 7200 IN A 143.228.181.132\ndeadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf::\nDZC.zonetransfer.me. 7200 IN TXT \nemail.zonetransfer.me. 7200 IN A 74.125.206.26\nHello.zonetransfer.me. 7200 IN TXT \nhome.zonetransfer.me. 7200 IN A 127.0.0.1\nInfo.zonetransfer.me. 7200 IN TXT \ninternal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me.\ninternal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me.\nintns1.zonetransfer.me. 300 IN A 81.4.108.41\nintns2.zonetransfer.me. 300 IN A 167.88.42.94\noffice.zonetransfer.me. 7200 IN A 4.23.39.254\nipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11::c100:1332\nowa.zonetransfer.me. 7200 IN A 207.46.197.32\nrobinwood.zonetransfer.me. 302 IN TXT \nsqli.zonetransfer.me. 300 IN TXT \nsshock.zonetransfer.me. 7200 IN TXT \nstaging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com.\nalltcpportsopen.firewall.test.zonetransfer.me. 301 IN A 127.0.0.1\ntesting.zonetransfer.me. 301 IN CNAME www.zonetransfer.me.\nvpn.zonetransfer.me. 4000 IN A 174.36.59.154\nwww.zonetransfer.me. 7200 IN A 5.196.105.14\nxss.zonetransfer.me. 300 IN TXT \nzonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600\n]
[*] Auxiliary module execution completed
Therefore I suppose it may be better for me to ask if this matches the output you are seeing as if so then it may just be a question of why its trying to output an array....I agree that the format from that perspective looks a little odd
gwillcox-r7
on 9 Oct 2020
I'm seeing different in my scan
msf6 auxiliary(gather/enum_dns) > run
[*] Querying DNS NS records for zonetransfer.me
[+] zonetransfer.me NS: nsztm1.digi.ninja
[+] zonetransfer.me NS: nsztm2.digi.ninja
[*] Attempting DNS AXFR for zonetransfer.me from nsztm1.digi.ninja
W, [2020-10-09T15:13:22.713240 #2652578] WARN -- : Failed to parse RR packet from offset: 601
W, [2020-10-09T15:13:22.713375 #2652578] WARN -- : Failed to parse RR packet from offset: 670
W, [2020-10-09T15:13:22.713681 #2652578] WARN -- : Failed to parse RR packet from offset: 962
W, [2020-10-09T15:13:22.713769 #2652578] WARN -- : Failed to parse RR packet from offset: 1017
W, [2020-10-09T15:13:22.714454 #2652578] WARN -- : Failed to parse RR packet from offset: 1533
W, [2020-10-09T15:13:22.714488 #2652578] WARN -- : Failed to parse RR packet from offset: 1598
[+] zonetransfer.me Zone Transfer: [;; Answer received from 81.4.108.41:53 (1983 bytes)
;;
;; HEADER SECTION
;; id = 9330
;; qr = 1 opCode: QUERY aa = 1 tc = 0 rd = 0
;; ra = 0 ad = 0 cd = 0 rcode = NoError
;; qdCount = 1 anCount = 50 nsCount = 0 arCount = 0
;; QUESTION SECTION (1 record):
;; zonetransfer.me. IN AXFR
;; ANSWER SECTION (50 records):
zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
zonetransfer.me. 300 IN HINFO Casio fx-700G
Windows XP�
zonetransfer.me. 301 IN TXT
zonetransfer.me. 7200 IN MX 0 ASPMX.L.GOOGLE.COM.
zonetransfer.me. 7200 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM.
zonetransfer.me. 7200 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX2.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX3.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX4.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX5.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN A 5.196.105.14
zonetransfer.me. 7200 IN NS nsztm1.digi.ninja.
zonetransfer.me. 7200 IN NS nsztm2.digi.ninja.
_acme-challenge.zonetransfer.me. 301 IN TXT
_sip._tcp.zonetransfer.me. 14000 IN SRV
14.105.196.5.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me.
asfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1
canberra-office.zonetransfer.me. 7200 IN A 202.14.81.230
cmdexec.zonetransfer.me. 300 IN TXT
contact.zonetransfer.me. 2592000 IN TXT
dc-office.zonetransfer.me. 7200 IN A 143.228.181.132
deadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf::
DZC.zonetransfer.me. 7200 IN TXT
email.zonetransfer.me. 7200 IN A 74.125.206.26
Hello.zonetransfer.me. 7200 IN TXT
home.zonetransfer.me. 7200 IN A 127.0.0.1
Info.zonetransfer.me. 7200 IN TXT
internal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me.
internal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me.
intns1.zonetransfer.me. 300 IN A 81.4.108.41
intns2.zonetransfer.me. 300 IN A 167.88.42.94
office.zonetransfer.me. 7200 IN A 4.23.39.254
ipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11::c100:1332
owa.zonetransfer.me. 7200 IN A 207.46.197.32
robinwood.zonetransfer.me. 302 IN TXT
sqli.zonetransfer.me. 300 IN TXT
sshock.zonetransfer.me. 7200 IN TXT
staging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com.
alltcpportsopen.firewall.test.zonetransfer.me. 301 IN A 127.0.0.1
testing.zonetransfer.me. 301 IN CNAME www.zonetransfer.me.
vpn.zonetransfer.me. 4000 IN A 174.36.59.154
www.zonetransfer.me. 7200 IN A 5.196.105.14
xss.zonetransfer.me. 300 IN TXT
zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
]
[*] Attempting DNS AXFR for zonetransfer.me from nsztm2.digi.ninja
W, [2020-10-09T15:13:53.210499 #2652578] WARN -- : Failed to parse RR packet from offset: 657
W, [2020-10-09T15:13:53.210639 #2652578] WARN -- : Failed to parse RR packet from offset: 726
W, [2020-10-09T15:13:53.211017 #2652578] WARN -- : Failed to parse RR packet from offset: 1018
W, [2020-10-09T15:13:53.211120 #2652578] WARN -- : Failed to parse RR packet from offset: 1073
W, [2020-10-09T15:13:53.211784 #2652578] WARN -- : Failed to parse RR packet from offset: 1589
W, [2020-10-09T15:13:53.211821 #2652578] WARN -- : Failed to parse RR packet from offset: 1654
[+] zonetransfer.me Zone Transfer: [;; Answer received from 34.225.33.2:53 (2039 bytes)
;;
;; HEADER SECTION
;; id = 17495
;; qr = 1 opCode: QUERY aa = 1 tc = 0 rd = 0
;; ra = 0 ad = 0 cd = 0 rcode = NoError
;; qdCount = 1 anCount = 51 nsCount = 0 arCount = 0
;; QUESTION SECTION (1 record):
;; zonetransfer.me. IN AXFR
;; ANSWER SECTION (51 records):
zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
zonetransfer.me. 300 IN HINFO Casio fx-700G
Windows XP�
zonetransfer.me. 301 IN TXT
zonetransfer.me. 7200 IN MX 0 ASPMX.L.GOOGLE.COM.
zonetransfer.me. 7200 IN MX 10 ALT1.ASPMX.L.GOOGLE.COM.
zonetransfer.me. 7200 IN MX 10 ALT2.ASPMX.L.GOOGLE.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX2.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX3.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX4.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN MX 20 ASPMX5.GOOGLEMAIL.COM.
zonetransfer.me. 7200 IN A 5.196.105.14
zonetransfer.me. 7200 IN NS nsztm1.digi.ninja.
zonetransfer.me. 7200 IN NS nsztm2.digi.ninja.
_acme-challenge.zonetransfer.me. 301 IN TXT
_acme-challenge.zonetransfer.me. 301 IN TXT
_sip._tcp.zonetransfer.me. 14000 IN SRV
14.105.196.5.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me.
asfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1
canberra-office.zonetransfer.me. 7200 IN A 202.14.81.230
cmdexec.zonetransfer.me. 300 IN TXT
contact.zonetransfer.me. 2592000 IN TXT
dc-office.zonetransfer.me. 7200 IN A 143.228.181.132
deadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf::
DZC.zonetransfer.me. 7200 IN TXT
email.zonetransfer.me. 7200 IN A 74.125.206.26
Hello.zonetransfer.me. 7200 IN TXT
home.zonetransfer.me. 7200 IN A 127.0.0.1
Info.zonetransfer.me. 7200 IN TXT
internal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me.
internal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me.
intns1.zonetransfer.me. 300 IN A 81.4.108.41
intns2.zonetransfer.me. 300 IN A 52.91.28.78
office.zonetransfer.me. 7200 IN A 4.23.39.254
ipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11::c100:1332
owa.zonetransfer.me. 7200 IN A 207.46.197.32
robinwood.zonetransfer.me. 302 IN TXT
sqli.zonetransfer.me. 300 IN TXT
sshock.zonetransfer.me. 7200 IN TXT
staging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com.
alltcpportsopen.firewall.test.zonetransfer.me. 301 IN A 127.0.0.1
testing.zonetransfer.me. 301 IN CNAME www.zonetransfer.me.
vpn.zonetransfer.me. 4000 IN A 174.36.59.154
www.zonetransfer.me. 7200 IN A 5.196.105.14
xss.zonetransfer.me. 300 IN TXT
zonetransfer.me. 7200 IN SOA nsztm1.digi.ninja. robin.digi.ninja. 2019100801 172800 900 1209600 3600
]
[*] Auxiliary module execution completed
msf6 auxiliary(gather/enum_dns) >
I've just looked at your output and I can see it in there as well, look at the end of the second to last line:
900 1209600 3600\n]
Woops nm ignore my last comment I'm also getting the same output. The output I posted earlier was due to an experiment I was running which I forgot to clear out prior to testing.
gwillcox-r7
on 9 Oct 2020
My guess is that its something to do with the dns variable which is set to Net::DNS::Resolver.new, and the way that library's axfr function works. I have no idea why its trying to put everything as a array though, thats very odd...
gwillcox-r7
on 9 Oct 2020
Okay so orginally I thought the issue was appearing in this line:
https://github.com/rapid7/metasploit-framework/blob/4cbf4d9301571664e5311f3f53d05900b2b38531/modules/auxiliary/gather/enum_dns.rb#L324
Ironically enough though this line is nearly identical and somehow the module above is using this instead (for reasons I still don't understand):
https://github.com/rapid7/metasploit-framework/blob/4cbf4d9301571664e5311f3f53d05900b2b38531/lib/msf/core/exploit/dns/enumeration.rb#L65
The final part of the output of the offending line is retrieved from this part of the code, which appears to be unrelated as the value for this entry is set to a blank string just a few lines earlier:
https://github.com/rapid7/metasploit-framework/blob/61e17d3a2c25c8b19f887b4c55f4423fc984400b/lib/net/dns/packet.rb#L254
gwillcox-r7
on 9 Oct 2020
Hmm looking at this closer now, axfr appears to be a function that metasploit-framework/modules/auxiliary/gather/enum_dns.rb defines but never uses, and instead the module calls into the identical functionality at metasploit-framework/lib/msf/core/exploit/dns/enumeration.rb. Might be a good idea to remove that axfr function.
gwillcox-r7
on 9 Oct 2020
I think that was picked up on the last axfr ticket I raised. Can't remember
and not at machine to look it up.
It's funny, I thought this would be the easier of the two tickets, how hard
can it be to remove a ]?
On Fri, 9 Oct 2020, 19:24 Grant Willcox, notifications@github.com wrote:
Hmm looking at this closer now, axfr appears to be a function that
metasploit-framework/modules/auxiliary/gather/enum_dns.rb defines but
never uses, and instead the module calls into the identical functionality
at metasploit-framework/lib/msf/core/exploit/dns/enumeration.rb. Might be
a good idea to remove that axfr function.—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/14237#issuecomment-706335681,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAA4SWNCQC3HZ43QWX6A2KTSJ5IOZANCNFSM4SIP2GIA
.
digininja
on 9 Oct 2020
@digininja Tracing it down but at the moment it seems this may be in some library code so....more difficult than expected I guess? I'll try get this sorted as soon as possible though, just trying to figure out why its adding that in in the first place. :/
gwillcox-r7
on 9 Oct 2020
The easy jobs often turn out the way.
On Fri, 9 Oct 2020, 19:37 Grant Willcox, notifications@github.com wrote:
@digininja https://github.com/digininja Tracing it down but at the
moment it seems this may be in some library code so....more difficult than
expected I guess?—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/14237#issuecomment-706341221,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAA4SWO25UACRXSELD3KG3DSJ5J5BANCNFSM4SIP2GIA
.
digininja
on 9 Oct 2020
Ok debugged it down further and determined its cause the response in lib/net/dns/resolver.rb on line 1047 is returned as an array, which is then being passed as is back to the module. When this is converted into a string, which is the same as calling .to_s, Ruby will automatically try to show the array as...well an array converted to a string. Hence why you see those extra [ and ].
Got a fix working for this now which should solve this issue and help improve the output 👍 Will be making a PR for it shortly. Thanks for reporting this @digininja!
gwillcox-r7
on 9 Oct 2020
Good work.
On Fri, 9 Oct 2020, 19:53 Grant Willcox, notifications@github.com wrote:
Ok debugged it down further and determined its cause the response in
lib/net/dns/resolver.rb on line 1047 is returned as an array, which is
then being passed as is back to the module. When this is converted into a
string, which is the same as calling .to_s, Ruby will automatically try
to show the array as...well an array converted to a string. Hence why you
see those extra [ and ].Got a fix working for this now which should solve this issue and help
improve the output 👍 Will be making a PR for it shortly. Thanks for
reporting this @digininja https://github.com/digininja!—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/rapid7/metasploit-framework/issues/14237#issuecomment-706348642,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAA4SWKA2QX5TTY44IQO6ADSJ5L2PANCNFSM4SIP2GIA
.
digininja
on 9 Oct 2020
I agree that fixed it for me. Thanks.
For some reason though, it is very slow. Dig is instant, this takes around 30 seconds. But looking at that is for another day.
digininja
on 29 Oct 2020
Related issues
felipee07
·
3Comments
idetest41
·
3Comments
Funeoz
·
3Comments
0x27
·
3Comments
bugshere
·
3Comments