Skip to content

Bailiwicked module exceptions #20172

New issue
New issue
Open
#20738
Open
Bailiwicked module exceptions#20172
#20738
Labels
bugeasynot-staleLabel to stop an issue from being auto closed
@smcintyre-r7

Description

@smcintyre-r7
smcintyre-r7
opened on May 12, 2025

Both bailiwicked modules are throwing exceptions on 7b5b57a. I'm guessing that the issue is related to DNS library changes that weren't ported into these modules.

Steps to reproduce

I was able to trigger these exceptions without a proper-vulnerable target, just by setting the options sufficiently to run the module.

msf6 auxiliary(spoof/dns/bailiwicked_domain) > run
[*] Running module against 192.168.250.4
[*] Targeting nameserver 192.168.250.4 for injection of example.com. nameservers as 192.168.250.4
[*] Querying recon nameserver for example.com.'s nameservers...
[*]  Got an NS record: example.com.            85411   IN      NS      b.iana-servers.net.
[*]   Querying recon nameserver for address of b.iana-servers.net....
[*]    Got an A record: b.iana-servers.net.     811     IN      A       199.43.133.53
E, [2025-05-12T12:32:12.526617 #16938] ERROR -- : undefined method `each' for #<IPAddr: IPv4:199.43.133.53/255.255.255.255> (NoMethodError)
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:293:in `nameservers'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:1104:in `block (2 levels) in parse_config_file'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:1096:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:1096:in `block in parse_config_file'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:1087:in `foreach'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:1087:in `parse_config_file'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:230:in `initialize'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:250:in `new'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:250:in `block (2 levels) in run'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:248:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:248:in `block in run'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:242:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:242:in `run'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/base/simple/auxiliary.rb:180:in `job_run_proc'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/base/simple/auxiliary.rb:87:in `run_simple'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/base/simple/auxiliary.rb:98:in `run_simple'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/ui/console/command_dispatcher/auxiliary.rb:81:in `block in cmd_run'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:68:in `block in each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:163:in `<<'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:163:in `block (3 levels) in parse'
/home/smcintyre/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.59/lib/rex/socket/range_walker.rb:234:in `each_host'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:158:in `block (2 levels) in parse'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:120:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:120:in `block in parse'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:67:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:67:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:67:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/ui/console/command_dispatcher/auxiliary.rb:77:in `cmd_run'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/dispatcher_shell.rb:582:in `run_command'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/dispatcher_shell.rb:531:in `block in run_single'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/dispatcher_shell.rb:525:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/dispatcher_shell.rb:525:in `run_single'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:165:in `block in run'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:309:in `block in with_history_manager_context'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell/history_manager.rb:35:in `with_context'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:306:in `with_history_manager_context'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:133:in `run'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/metasploit/framework/command/console.rb:54:in `start'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:23:in `<main>'
[*]     Checking Authoritativeness: Querying 199.43.133.53 for example.com....
W, [2025-05-12T12:32:17.528277 #16938]  WARN -- : Nameserver 199.43.133.53 not responding within UDP timeout, trying next one
F, [2025-05-12T12:32:17.528505 #16938] FATAL -- : No response from nameservers list: aborting
[-] Auxiliary failed: NoResponseError NoResponseError
[-] Call stack:
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:982:in `send'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:252:in `block (2 levels) in run'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:248:in `each'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:248:in `block in run'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:242:in `each'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_domain.rb:242:in `run'
[*] Auxiliary module execution completed
msf6 auxiliary(spoof/dns/bailiwicked_domain) > use auxiliary/spoof/dns/bailiwicked_host 
msf6 auxiliary(spoof/dns/bailiwicked_host) > show  options 

Module options (auxiliary/spoof/dns/bailiwicked_host):

   Name       Current Setting    Required  Description
   ----       ---------------    --------  -----------
   HOSTNAME   pwned.example.com  yes       Hostname to hijack
   INTERFACE                     no        The name of the interface
   NEWADDR    1.3.3.7            yes       New address for hostname
   RECONS     208.67.222.222     yes       The nameserver used for reconnaissance
   RHOSTS                        yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   SNAPLEN    65535              yes       The number of bytes to capture
   SRCADDR    Real               yes       The source address to use for sending the queries (Accepted: Real, Random)
   SRCPORT                       yes       The target server's source query port (0 for automatic)
   TIMEOUT    500                yes       The number of seconds to wait for new data
   TTL        47693              yes       The TTL for the malicious host entry
   XIDS       0                  yes       The number of XIDs to try for each query (0 for automatic)


View the full module info with the info, or info -d command.

msf6 auxiliary(spoof/dns/bailiwicked_host) > set RHOSTS 192.168.250.4
RHOSTS => 192.168.250.4
msf6 auxiliary(spoof/dns/bailiwicked_host) > set SRPORT 0
[!] Unknown datastore option: SRPORT. Did you mean SRCPORT?
SRPORT => 0
msf6 auxiliary(spoof/dns/bailiwicked_host) > run
[-] Msf::OptionValidateError One or more options failed to validate: SRCPORT.
msf6 auxiliary(spoof/dns/bailiwicked_host) > set SRCPORT 0
SRCPORT => 0
msf6 auxiliary(spoof/dns/bailiwicked_host) > run
[*] Running module against 192.168.250.4
[*] Targeting nameserver 192.168.250.4 for injection of pwned.example.com. as 1.3.3.7
[*] Querying recon nameserver for example.com.'s nameservers...
W, [2025-05-12T12:36:20.644839 #16938]  WARN -- : Nameserver 208.67.222.222 not responding within UDP timeout, trying next one
F, [2025-05-12T12:36:20.645103 #16938] FATAL -- : No response from nameservers list: aborting
[-] Auxiliary failed: NoResponseError NoResponseError
[-] Call stack:
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:982:in `send'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:234:in `run'
[*] Auxiliary module execution completed
msf6 auxiliary(spoof/dns/bailiwicked_host) >

msf6 auxiliary(spoof/dns/bailiwicked_host) > show options 

Module options (auxiliary/spoof/dns/bailiwicked_host):

   Name       Current Setting    Required  Description
   ----       ---------------    --------  -----------
   HOSTNAME   pwned.example.com  yes       Hostname to hijack
   INTERFACE                     no        The name of the interface
   NEWADDR    1.3.3.7            yes       New address for hostname
   RECONS     208.67.222.222     yes       The nameserver used for reconnaissance
   RHOSTS                        yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   SNAPLEN    65535              yes       The number of bytes to capture
   SRCADDR    Real               yes       The source address to use for sending the queries (Accepted: Real, Random)
   SRCPORT                       yes       The target server's source query port (0 for automatic)
   TIMEOUT    500                yes       The number of seconds to wait for new data
   TTL        40545              yes       The TTL for the malicious host entry
   XIDS       0                  yes       The number of XIDs to try for each query (0 for automatic)


View the full module info with the info, or info -d command.

msf6 auxiliary(spoof/dns/bailiwicked_host) > set RECONS 192.168.249.4
RECONS => 192.168.249.4
msf6 auxiliary(spoof/dns/bailiwicked_host) > set RHOSTS 192.168.250.4
RHOSTS => 192.168.250.4
msf6 auxiliary(spoof/dns/bailiwicked_host) > run
[-] Msf::OptionValidateError One or more options failed to validate: SRCPORT.
msf6 auxiliary(spoof/dns/bailiwicked_host) > set SRCPORT 0
SRCPORT => 0
msf6 auxiliary(spoof/dns/bailiwicked_host) > run
[*] Running module against 192.168.250.4
[*] Targeting nameserver 192.168.250.4 for injection of pwned.example.com. as 1.3.3.7
[*] Querying recon nameserver for example.com.'s nameservers...
[*]  Got an NS record: example.com.            84799   IN      NS      b.iana-servers.net.
[*]   Querying recon nameserver for address of b.iana-servers.net....
[*]    Got an A record: b.iana-servers.net.     199     IN      A       199.43.133.53
E, [2025-05-12T12:42:24.942364 #17229] ERROR -- : undefined method `each' for #<IPAddr: IPv4:199.43.133.53/255.255.255.255> (NoMethodError)
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:293:in `nameservers'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:1104:in `block (2 levels) in parse_config_file'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:1096:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:1096:in `block in parse_config_file'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:1087:in `foreach'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:1087:in `parse_config_file'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:230:in `initialize'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:246:in `new'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:246:in `block (2 levels) in run'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:244:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:244:in `block in run'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:238:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:238:in `run'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/base/simple/auxiliary.rb:180:in `job_run_proc'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/base/simple/auxiliary.rb:87:in `run_simple'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/base/simple/auxiliary.rb:98:in `run_simple'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/ui/console/command_dispatcher/auxiliary.rb:81:in `block in cmd_run'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:68:in `block in each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:163:in `<<'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:163:in `block (3 levels) in parse'
/home/smcintyre/.rvm/gems/ruby-3.2.5@metasploit-framework/gems/rex-socket-0.1.59/lib/rex/socket/range_walker.rb:234:in `each_host'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:158:in `block (2 levels) in parse'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:120:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:120:in `block in parse'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:67:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:67:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/core/rhosts_walker.rb:67:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/msf/ui/console/command_dispatcher/auxiliary.rb:77:in `cmd_run'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/dispatcher_shell.rb:582:in `run_command'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/dispatcher_shell.rb:531:in `block in run_single'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/dispatcher_shell.rb:525:in `each'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/dispatcher_shell.rb:525:in `run_single'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:165:in `block in run'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:309:in `block in with_history_manager_context'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell/history_manager.rb:35:in `with_context'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:306:in `with_history_manager_context'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/rex/ui/text/shell.rb:133:in `run'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/metasploit/framework/command/console.rb:54:in `start'
/home/smcintyre/Repositories/metasploit-framework.pr/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:23:in `<main>'
[*]     Checking Authoritativeness: Querying 199.43.133.53 for example.com....
W, [2025-05-12T12:42:29.944602 #17229]  WARN -- : Nameserver 199.43.133.53 not responding within UDP timeout, trying next one
F, [2025-05-12T12:42:29.944861 #17229] FATAL -- : No response from nameservers list: aborting
[-] Auxiliary failed: NoResponseError NoResponseError
[-] Call stack:
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/lib/net/dns/resolver.rb:982:in `send'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:248:in `block (2 levels) in run'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:244:in `each'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:244:in `block in run'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:238:in `each'
[-]   /home/smcintyre/Repositories/metasploit-framework.pr/modules/auxiliary/spoof/dns/bailiwicked_host.rb:238:in `run'
[*] Auxiliary module execution completed
msf6 auxiliary(spoof/dns/bailiwicked_host) >

These two modules should also probably be updated to default their SRCPORT to 0 since that's a supported value to select an port automatically.

Spotted while testing #20145.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugeasynot-staleLabel to stop an issue from being auto closed

    Type

    No type

    Projects

    Metasploit Kanban

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions