Adds resolve host mixin

cgranleese-r7 · Nov 1, 2023 · d6e59c1 · d6e59c1
1 parent bd3a606
commit d6e59c1
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 24 deletions.
diff --git a/lib/msf/core/post/dns.rb b/lib/msf/core/post/dns.rb
@@ -0,0 +1,4 @@
+# -*- coding: binary -*-
+
+module Msf::Post::DNS
+end
diff --git a/lib/msf/core/post/dns/resolve_host.rb b/lib/msf/core/post/dns/resolve_host.rb
@@ -0,0 +1,39 @@
+# -*- coding: binary -*-
+
+module Msf
+  class Post
+    module DNS
+      ###
+      #
+      # This module resolves session DNS
+      #
+      ###
+      module ResolveHost
+        # Takes the host name and makes use of nslookup to resolve the IP
+        #
+        # @param [String] host Hostname
+        # @return [Array, nil] result[:ips], ips The resolved IPs
+        def resolve_host(host)
+          if client.respond_to?(:net) && client.commands.include?(Rex::Post::Meterpreter::Extensions::Stdapi::COMMAND_ID_STDAPI_NET_RESOLVE_HOST)
+            result = client.net.resolve.resolve_host(host)
+            result[:ips]
+          else
+            ips = []
+            data = cmd_exec("nslookup #{host}")
+            if data =~ /Name/
+              # Remove unnecessary data and get the section with the addresses
+              returned_data = data.split(/Name:/)[1]
+              # check each element of the array to see if they are IP
+              returned_data.gsub(/\r\n\t |\r\n|Aliases:|Addresses:|Address:/, ' ').split(' ').each do |e|
+                if Rex::Socket.dotted_ip?(e)
+                  ips << e
+                end
+              end
+            end
+            ips
+          end
+        end
+      end
+    end
+  end
+end
diff --git a/modules/post/windows/gather/enum_computers.rb b/modules/post/windows/gather/enum_computers.rb
@@ -7,6 +7,7 @@ class MetasploitModule < Msf::Post
   include Msf::Post::File
   include Msf::Post::Windows::Accounts
   include Msf::Post::Windows::Registry
+  include Msf::Post::DNS::ResolveHost
 
   def initialize(info = {})
     super(
@@ -60,34 +61,16 @@ def run
   #
   # @param [String] host Hostname
   # @return [String] ip The resolved IP
-  def resolve_host(host)
-    vprint_status("Looking up IP for #{host}")
-    return host if Rex::Socket.dotted_ip?(host)
-
-    ip = []
-    data = cmd_exec("nslookup #{host}")
-    if data =~ /Name/
-      # Remove unnecessary data and get the section with the addresses
-      returned_data = data.split(/Name:/)[1]
-      # check each element of the array to see if they are IP
-      returned_data.gsub(/\r\n\t |\r\n|Aliases:|Addresses:|Address:/, ' ').split(' ').each do |e|
-        if Rex::Socket.dotted_ip?(e)
-          ip << e
-        end
-      end
-    end
-
-    if ip.blank?
-      'Not resolvable'
-    else
-      ip.join(', ')
-    end
+  def gethost(hostname)
+    ## get IP for host
+    vprint_status("Looking up IP for #{hostname}")
+    resolve_host(hostname).join(', ')
   end
 
   def get_domain_computers
     computer_list = []
     divisor = "-------------------------------------------------------------------------------\r\n"
-    net_view_response = cmd_exec('net view')
+    net_view_response = cmd_exec("cmd.exe", "/c net view")
     unless net_view_response.include?(divisor)
       print_error("The net view command failed with: #{net_view_response}")
       return []
@@ -115,7 +98,7 @@ def list_computers(domain, hosts)
         ]
     )
     hosts.each do |hostname|
-      hostip = resolve_host(hostname)
+      hostip = gethost(hostname)
       tbl << [domain, hostname, hostip]
     end