digininja Posted February 27, 2010 Share Posted February 27, 2010 I've just updated my Metasploit DHCP and DNS server modules on my site. You can get them, and more information on how to use them, from: http://www.digininja.org/metasploit/dns_dhcp_beta.php As a bonus I've also updated my sound plug-in so that it now reads the IP address and port number of the victim who connected to you. http://www.digininja.org/metasploit/session_created.php Enjoy. Quote Link to comment Share on other sites More sharing options...
zerox123 Posted March 20, 2010 Share Posted March 20, 2010 i try this and this is what i get step by step: With DHCP exhaustion msf > use auxiliary/digininja/dhcp_exhaustion/exhaust msf auxiliary(exhaust) > set Global ====== No entries in data store. Module: digininja/dhcp_exhaustion/exhaust ========================================= Name Value ---- ----- DHCPSERVER 255.255.255.255 NETMASK 24 SNAPLEN 65535 TIMEOUT 10 UDP_SECRET 1297303091 msf auxiliary(exhaust) > run [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: RHOST. and with DNS MiTM msf auxiliary(exhaust) > use auxiliary/digininja/dns_mitm/dns_mitm msf auxiliary(dns_mitm) > set Global ====== No entries in data store. Module: digininja/dns_mitm/dns_mitm =================================== Name Value ---- ----- RELOAD digininja.reload SRVHOST 0.0.0.0 SRVPORT 53 msf auxiliary(dns_mitm) > run [-] Auxiliary failed: Msf::OptionValidateError The following options failed to validate: REALDNS, FILENAME. msf auxiliary(dns_mitm) > set iary(dns_mitm) > set FILENAME /usr/scr/metasploit/auxiliary/dns_mitm/dns.txt FILENAME => /usr/scr/metasploit/auxiliary/dns_mitm/dns.txt msf auxiliary(dns_mitm) > set REALDNS 192.168.0.8 REALDNS => 192.168.0.8 msf auxiliary(dns_mitm) > set Global ====== No entries in data store. Module: digininja/dns_mitm/dns_mitm =================================== Name Value ---- ----- FILENAME /usr/scr/metasploit/auxiliary/dns_mitm/dns.txt REALDNS 192.168.0.8 RELOAD digininja.reload SRVHOST 0.0.0.0 SRVPORT 53 msf auxiliary(dns_mitm) > run [*] Auxiliary module execution completed msf auxiliary(dns_mitm) > [*] Loading hosts file [*] Could not open /usr/scr/metasploit/auxiliary/dns_mitm/dns.txt for reading. Quitting. any help will be sweet. thanks Quote Link to comment Share on other sites More sharing options...
Bercik Posted March 21, 2010 Share Posted March 21, 2010 (edited) You probably did not unpack all required files. try this: #!/bin/bash mkdir stuff cd stuff wget http://www.metasploit.com/releases/framework-3.3.3.tar.bz2 wget http://www.digininja.org/files/msf_dns_dhcp.tar.bz2 tar -xf framework-3.3.3.tar.bz2 tar -C msf3 -xf msf_dns_dhcp.tar.bz2 ifconfig eth0 promisc echo "/******************/" echo "/Â Â Â Â Â Â Â Â EÂ Â NÂ Â DÂ Â Â Â Â Â Â Â Â Â Â Â */" echo "/Â Â go to stuff/msf3Â Â Â Â */" echo "/Â Â and run msfconsol */" echo "/******************/" /edit I see there is little problem with text formatting ;p but it works fine for me Edited March 21, 2010 by Bercik Quote Link to comment Share on other sites More sharing options...
digininja Posted March 21, 2010 Author Share Posted March 21, 2010 If you read the error message then you can see what is going on: line 77 [*] Could not open /usr/scr/metasploit/auxiliary/dns_mitm/dns.txt for reading. Quitting. And is 192.168.0.8 your real dns server? Quote Link to comment Share on other sites More sharing options...
lief480 Posted March 24, 2010 Share Posted March 24, 2010 hi i got everthing installed i think but im getting alittle error any help appreciated [*] DHCP attack started [*] DHCP offer of address: 192.168.1.112 Timeout waiting for ACK [*] Error: return can't jump across threads (eval):171:in `run' /opt/metasploit3/msf3/lib/msf/base/simple/auxiliary.rb:94:in `job_run_proc' /opt/metasploit3/msf3/lib/msf/base/simple/auxiliary.rb:73:in `run_simple' /opt/metasploit3/msf3/lib/msf/base/simple/auxiliary.rb:82:in `run_simple' /opt/metasploit3/msf3/lib/msf/ui/console/command_dispatcher/auxiliary.rb:143:in `cmd_run' /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:239:in `send' /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:239:in `run_command' /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:201:in `run_single' /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:195:in `each' /opt/metasploit3/msf3/lib/rex/ui/text/dispatcher_shell.rb:195:in `run_single' /opt/metasploit3/msf3/lib/rex/ui/text/shell.rb:144:in `run' ./msfconsole:93 Quote Link to comment Share on other sites More sharing options...
digininja Posted March 24, 2010 Author Share Posted March 24, 2010 Ye, the DHCP attack doesn't work with ruby 1.9 due to a change they made to jumping around. I'm not sure how to fix it and at the moment a bit too busy. Best solution is to install the rvm gem and roll back to a 1.8 release to use this attack. I've added a note to my site about this. Quote Link to comment Share on other sites More sharing options...
lief480 Posted March 24, 2010 Share Posted March 24, 2010 Hey robin i checked my version of ruby and im running ruby 1.8.7 so i dont think thats the problem. Any other suggestions? Quote Link to comment Share on other sites More sharing options...
digininja Posted March 24, 2010 Author Share Posted March 24, 2010 Going to be a pain here and say, are you sure? I'm on 1.8.7 and it works fine, if I roll forward to 1.9.x then it fails with that error. Everyone else who has reported that error is also on 1.9. Some distros allow multiple versions of ruby. A way to check from within metasploit is to start an irb shell: msf auxiliary(exhaust) > irb [*] Starting IRB shell... >> RUBY_VERSION => "1.8.7" Quote Link to comment Share on other sites More sharing options...
lief480 Posted March 25, 2010 Share Posted March 25, 2010 (edited) When i put it in this is what i get. msf auxiliary(exhaust) > irb [*] Starting IRB shell... /usr/lib/ruby/1.8/i486-linux/readline.so: warning: already initialized constant HISTORY /usr/lib/ruby/1.8/i486-linux/readline.so: warning: already initialized constant FILENAME_COMPLETION_PROC /usr/lib/ruby/1.8/i486-linux/readline.so: warning: already initialized constant USERNAME_COMPLETION_PROC /usr/lib/ruby/1.8/i486-linux/readline.so: warning: already initialized constant VERSION >> edit** BTW im running Backtrack 4 Final also when i run rvm list i get this root@bt:/pentest/exploits/framework3# rvm list rvm Rubies   ruby-1.8.7-p249 [ i386 ] System Ruby   system [ ] root@bt:/pentest/exploits/framework3# Edited March 25, 2010 by lief480 Quote Link to comment Share on other sites More sharing options...
digininja Posted March 25, 2010 Author Share Posted March 25, 2010 That definitely looks like a 1.8 release, in which case I've no idea what is going on every 1.8 machine I've ran it on has worked. The bug needs fixing so I'll look at it at some point but over the next few days I know I'm busy so it could be a while. Quote Link to comment Share on other sites More sharing options...
lief480 Posted March 26, 2010 Share Posted March 26, 2010 Thanks man, im looking forward to trying it out Quote Link to comment Share on other sites More sharing options...
lief480 Posted March 26, 2010 Share Posted March 26, 2010 i just decided to try doing it on my eth0 instead of wlan0 and i didnt get any of the errors. Then i went back to wlan0 and tried it again. I got the errors but it seems like it still exhausted the dhcp server. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 27, 2010 Author Share Posted March 27, 2010 Thats good, despite the bug it still works! Quote Link to comment Share on other sites More sharing options...
lief480 Posted March 28, 2010 Share Posted March 28, 2010 The only problem is when im running with wireless and get the errors, it is very slow. Without the errors it was very quick. Quote Link to comment Share on other sites More sharing options...
digininja Posted March 29, 2010 Author Share Posted March 29, 2010 ye, the jump is to get out of a loop, because of the error it can't so things will slow down Quote Link to comment Share on other sites More sharing options...
Oni Posted April 5, 2010 Share Posted April 5, 2010 Arg! I get the RHOST error as well. Im working with the SVN version of metasploit. I believe there are two dirs within the zip; a lib and modules dir. I've copied these into my metasploit dir and although msf picks them up, I still get this little error. Im new to metasploit so its likely something i've4 missed. Running Ruby 1.8.7 atm Quote Link to comment Share on other sites More sharing options...
digininja Posted April 5, 2010 Author Share Posted April 5, 2010 And so do I! Looks like it is a new mandatory field, I'll have an ask on the Metasploit mail list and see what they say about how to fix it. I'll report back as soon as I have news. Quote Link to comment Share on other sites More sharing options...
digininja Posted April 5, 2010 Author Share Posted April 5, 2010 For now just do set RHOST 0.0.0.0 and that will let it run. Just wiped out my DHCP range with it. Quote Link to comment Share on other sites More sharing options...
Oni Posted April 5, 2010 Share Posted April 5, 2010 (edited) Arg! I get the RHOST error as well. Im working with the SVN version of metasploit. I believe there are two dirs within the zip; a lib and modules dir. I've copied these into my metasploit dir and although msf picks them up, I still get this little error. Im new to metasploit so its likely something i've4 missed. Running Ruby 1.8.7 atm Ok sorry, jumped too soon. Set the RHOST and started attack. Not sure on exact settings TBH. I had to install pcaprub with gem and then set INTERFACE to wlan0 as well as setting the RHOST. Not sure what the RHOSTvariable does in the exhaustion attack. Sadly it seems that no packets are being sent out the router/dns server as wireshark isnt showing any :( msf auxiliary(exhaust) > set Global ====== No entries in data store. Module: digininja/dhcp_exhaustion/exhaust ========================================= Name Value ---- ----- DEVICE wlan0 DHCPSERVER 192.168.1.254 INTERFACE wlan0 NETMASK 24 RHOST 192.168.1.254 SNAPLEN 65535 TIMEOUT 10 UDP_SECRET 1297303091 Edited April 5, 2010 by Oni Quote Link to comment Share on other sites More sharing options...
digininja Posted April 5, 2010 Author Share Posted April 5, 2010 You shouldn't have to set it and actually it isn't used so I'll find a way to either remove it or at least remove the mandatory setting. Quote Link to comment Share on other sites More sharing options...
Oni Posted April 5, 2010 Share Posted April 5, 2010 (edited) Actually, I should stop lying. Im seeing something going on with wireshark nowz. Will investigate after more sleep final thoughts: msf auxiliary(exhaust) > run [*] DHCP attack started [*] Timeout waiting for OFFER [*] returning [*] Got a timeout, assuming DHCP exhausted. You Win [*] Finished [*] Auxiliary module execution completed msf auxiliary(exhaust) > use auxiliary/digininja/dns_mitm/dns_mitm nslookups on local machine work as planned. Will test with other laptops tomorrow and see how things progress :D Edited April 5, 2010 by Oni Quote Link to comment Share on other sites More sharing options...
joker Posted May 2, 2010 Share Posted May 2, 2010 [*] WARNING! The following modules could not be loaded! /opt/metasploit3/msf3/modules/auxiliary/digininja/dhcp_exhaustion/exhaust.rb: /opt/metasploit3/msf3/modules/auxiliary/digininja/dhcp_exhaustion/exhaust.rb: MissingSourceFile no such file to load -- lib/dhcp _ _ _ _ | | | | (_) | _ __ ___ ___| |_ __ _ ___ _ __ | | ___ _| |_ | '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __| | | | | | | __/ || (_| \__ \ |_) | | (_) | | |_ |_| |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__| | | |_| =[ metasploit v3.4.0-dev [core:3.4 api:1.0] + -- --=[ 546 exploits - 260 auxiliary + -- --=[ 208 payloads - 23 encoders - 8 nops =[ svn r9185 updated today (2010.05.01) msf > u said DHCP attack won't work under Ruby 1.9 but i am running ruby 1.9.2dev (2010-05-01 trunk 27570) so thats above 1.9 Quote Link to comment Share on other sites More sharing options...
digininja Posted May 2, 2010 Author Share Posted May 2, 2010 The error message looks like you didn't unpack the tarball correctly so the module can't find the library it needs. Running under 1.9 means running with or in not greater/less than Quote Link to comment Share on other sites More sharing options...
joker Posted May 3, 2010 Share Posted May 3, 2010 The error message looks like you didn't unpack the tarball correctly so the module can't find the library it needs. Running under 1.9 means running with or in not greater/less than no its all there i checked, in ruby 1.9.1 it just gave error when running (run) but now in 1.9.2 it cant even load what can i do to make it more verbose Quote Link to comment Share on other sites More sharing options...
digininja Posted May 3, 2010 Author Share Posted May 3, 2010 It will not run in any version of ruby from 1.9 onwards, 1.9.1, 1.9.2 and beyond it will fail. It only runs in 1.8.x, as far as I know 1.8.7 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.