VSploit Mariposa DNS Query Module - Metasploit
This page contains detailed information about how to use the auxiliary/vsploit/malware/dns/dns_mariposa metasploit module. For list of all metasploit modules, visit the Metasploit Module Library.
Module Overview
Name: VSploit Mariposa DNS Query Module
Module: auxiliary/vsploit/malware/dns/dns_mariposa
Source code: modules/auxiliary/vsploit/malware/dns/dns_mariposa.rb
Disclosure date: -
Last modification time: 2017-07-24 06:26:21 +0000
Supported architecture(s): -
Supported platform(s): -
Target service / protocol: -
Target network port(s): -
List of CVEs: -
This module queries known Mariposa Botnet DNS records.
Module Ranking and Traits
Module Ranking:
- normal: The exploit is otherwise reliable, but depends on a specific version and can't (or doesn't) reliably autodetect. More information about ranking can be found here.
Basic Usage
msf > use auxiliary/vsploit/malware/dns/dns_mariposa
msf auxiliary(dns_mariposa) > show targets
... a list of targets ...
msf auxiliary(dns_mariposa) > set TARGET target-id
msf auxiliary(dns_mariposa) > show options
... show and set options ...
msf auxiliary(dns_mariposa) > exploit
Go back to menu.
Msfconsole Usage
Here is how the vsploit/malware/dns/dns_mariposa auxiliary module looks in the msfconsole:
msf6 > use auxiliary/vsploit/malware/dns/dns_mariposa
msf6 auxiliary(vsploit/malware/dns/dns_mariposa) > show info
Name: VSploit Mariposa DNS Query Module
Module: auxiliary/vsploit/malware/dns/dns_mariposa
License: Metasploit Framework License (BSD)
Rank: Normal
Provided by:
MJC
Check supported:
No
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
COUNT 1 no Number of intervals to loop
DELAY 3 no Delay in seconds between intervals
DNS_SERVER no Specifies a DNS Server
Description:
This module queries known Mariposa Botnet DNS records.
References:
http://www.defintel.com/docs/Mariposa_Analysis.pdf
Module Options
This is a complete list of options available in the vsploit/malware/dns/dns_mariposa auxiliary module:
msf6 auxiliary(vsploit/malware/dns/dns_mariposa) > show options
Module options (auxiliary/vsploit/malware/dns/dns_mariposa):
Name Current Setting Required Description
---- --------------- -------- -----------
COUNT 1 no Number of intervals to loop
DELAY 3 no Delay in seconds between intervals
DNS_SERVER no Specifies a DNS Server
Advanced Options
Here is a complete list of advanced options supported by the vsploit/malware/dns/dns_mariposa auxiliary module:
msf6 auxiliary(vsploit/malware/dns/dns_mariposa) > show advanced
Module advanced options (auxiliary/vsploit/malware/dns/dns_mariposa):
Name Current Setting Required Description
---- --------------- -------- -----------
VERBOSE false no Enable detailed status messages
WORKSPACE no Specify the workspace for this module
Auxiliary Actions
This is a list of all auxiliary actions that the vsploit/malware/dns/dns_mariposa module can do:
msf6 auxiliary(vsploit/malware/dns/dns_mariposa) > show actions
Auxiliary actions:
Name Description
---- -----------
Evasion Options
Here is the full list of possible evasion options supported by the vsploit/malware/dns/dns_mariposa auxiliary module in order to evade defenses (e.g. Antivirus, EDR, Firewall, NIDS etc.):
msf6 auxiliary(vsploit/malware/dns/dns_mariposa) > show evasion
Module evasion options:
Name Current Setting Required Description
---- --------------- -------- -----------
Go back to menu.
Error Messages
This module may fail with the following error messages:
Check for the possible causes from the code snippets below found in the module source code. This can often times help in identifying the root cause of the problem.
<TIME> - <NAME> => No Record Found
Here is a relevant code snippet related to the "<TIME> - <NAME> => No Record Found" error message:
53: query = @res.query(name, "A")
54: time = Time.new
55: time = time.strftime("%Y-%m-%d %H:%M:%S")
56: print_status("#{time} - DNS Query sent for => #{name}")
57: if query.answer.length == 0
58: print_error("#{time} - #{name} => No Record Found")
59: else
60: a = query.answer[0].to_s.split(/[\s,]+/)
61: print_good("#{time} - #{name} => #{a[-1]}")
62: end
63: end
Go back to menu.
Related Pull Requests
- #8338 Merged Pull Request: Fix msf/core and self.class msftidy warnings
- #6655 Merged Pull Request: use MetasploitModule as a class name
- #6648 Merged Pull Request: Change metasploit class names
- #2525 Merged Pull Request: Change module boilerplate
- #1228 Merged Pull Request: MSFTIDY cleanup #1 - auxiliary
References
See Also
Check also the following modules related to this module:
- auxiliary/vsploit/malware/dns/dns_query
- auxiliary/vsploit/malware/dns/dns_zeus
- auxiliary/vsploit/pii/email_pii
- auxiliary/vsploit/pii/web_pii
- auxiliary/fuzzers/dns/dns_fuzzer
- auxiliary/scanner/dns/dns_amp
- payload/cmd/windows/powershell/dns_txt_query_exec
- payload/windows/dns_txt_query_exec
- post/linux/manage/dns_spoofing
- post/multi/gather/dns_bruteforce
- post/multi/gather/dns_reverse_lookup
- post/multi/gather/dns_srv_lookup
- auxiliary/admin/dns/dyn_dns_update
- auxiliary/dos/dns/bind_tkey
- auxiliary/dos/dns/bind_tsig
- auxiliary/dos/dns/bind_tsig_badtime
- auxiliary/server/dns/native_server
- auxiliary/server/dns/spoofhelper
- auxiliary/spoof/dns/bailiwicked_domain
- auxiliary/spoof/dns/bailiwicked_host
- auxiliary/spoof/dns/compare_results
- auxiliary/spoof/dns/native_spoofer
- auxiliary/dos/mdns/avahi_portzero
- auxiliary/dos/windows/llmnr/ms11_030_dnsapi
- auxiliary/gather/enum_dns
- auxiliary/scanner/mdns/query
- auxiliary/server/fakedns
- auxiliary/spoof/mdns/mdns_response
- exploit/osx/mdns/upnp_location
Authors
MJC
Version
This page has been produced using Metasploit Framework version 6.2.1-dev. For more modules, visit the Metasploit Module Library.
Go back to menu.
