final polish on service enumeration via DNS code - thanks @raesene

inguardians · Nov 12, 2021 · 6232c43 · 6232c43
1 parent 45b4a51
commit 6232c43
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 39 deletions.
diff --git a/enumerate_dns.go b/enumerate_dns.go
@@ -1,16 +1,20 @@
 package peirates
 
 import (
+	"fmt"
 	"net"
+	"strconv"
 )
 
+// This is a workalike for @raesene's Ruby code: https://github.com/raesene/alpine-containertools/blob/master/scripts/k8s-dns-enum.rb
+
 type serviceHostIPPort struct {
 	hostName string
 	IP       string
 	port     uint16
 }
 
-// This routine pulls a list of all services via Core DNS --
+// This routine pulls a list of all services via Core DNS
 func getAllServicesViaDNS() (*[]serviceHostIPPort, error) {
 
 	wildcardRecord := "any.any.svc.cluster.local"
@@ -39,3 +43,40 @@ func getAllServicesViaDNS() (*[]serviceHostIPPort, error) {
 
 	return &serviceHostIPPorts, nil
 }
+
+func enumerateDNS() {
+
+	println("\nRequesting SRV record any.any.svc.cluster.local - thank @raesene:\n")
+	servicesSlicePointer, err := getAllServicesViaDNS()
+
+	if err != nil {
+		println("no services returned or some kind of error")
+	}
+	// Print the services' DNS names, IP addresses and ports, but also create a unique set of IPs and ports to portscan:
+	names := make(map[string]bool)
+	nameList := ""
+	ports := make(map[uint16]bool)
+	portList := ""
+
+	for _, svc := range *servicesSlicePointer {
+		fmt.Printf("Service: %s(%s):%d\n", svc.hostName, svc.IP, svc.port)
+		if _, present := names[svc.hostName]; !present {
+			names[svc.hostName] = true
+			nameList = nameList + " " + svc.hostName
+		}
+		if _, present := ports[svc.port]; !present {
+			ports[svc.port] = true
+			// Append the port to the portList, prepending with a , unless this is the first port.
+			if portList != "" {
+				portList = portList + ","
+			}
+			portList = portList + strconv.Itoa(int(svc.port))
+			// portList = portList + strconv.FormatUint(uint16(svc.port), 10)
+
+		}
+	}
+
+	// Now print a list of names and ports
+	println("\nPortscan these services via:")
+	println("nmap -sTVC -v -n -p " + portList + nameList)
+}
diff --git a/peirates.go b/peirates.go
@@ -2,8 +2,6 @@ package peirates
 
 // Peirates - an Attack tool for Kubernetes clusters
 //
-// You need to use "package main" for executables
-//
 // BTW always run `go fmt` before you check in code. go fmt is law.
 //
 
@@ -17,7 +15,6 @@ import (
 	"os"
 	"os/exec"
 	"regexp"
-	"strconv"
 	"strings"
 )
 
@@ -501,6 +498,15 @@ func Main() {
 			continue
 		}
 
+		// Handle enumerate-dns before the interactive menu
+		// const enumerateDNS = "enumerate-dns"
+		// if strings.HasPrefix(input, enumerateDNS) {
+		// 	// Run the DNS enumeration
+		// 	enumerateDNS()
+		// 	pauseToHitEnter(interactive)
+		// 	continue
+		// }
+
 		// Peirates MAIN MENU
 		switch input {
 
@@ -1186,39 +1192,7 @@ func Main() {
 
 		case "94", "enumerate-dns":
 
-			println("Requesting SRV record any.any.svc.cluster.local - thank @raesene:")
-			servicesSlicePointer, err := getAllServicesViaDNS()
-
-			if err != nil {
-				println("no services returned or some kind of error")
-			}
-			// Print the services' DNS names, IP addresses and ports, but also create a unique set of IPs and ports to portscan:
-			names := make(map[string]bool)
-			nameList := ""
-			ports := make(map[uint16]bool)
-			portList := ""
-
-			for _, svc := range *servicesSlicePointer {
-				fmt.Printf("Service: %s(%s):%d\n", svc.hostName, svc.IP, svc.port)
-				if _, present := names[svc.hostName]; !present {
-					names[svc.hostName] = true
-					nameList = nameList + " " + svc.hostName
-				}
-				if _, present := ports[svc.port]; !present {
-					ports[svc.port] = true
-					// Append the port to the portList, prepending with a , unless this is the first port.
-					if portList != "" {
-						portList = portList + ","
-					}
-					portList = portList + strconv.Itoa(int(svc.port))
-					// portList = portList + strconv.FormatUint(uint16(svc.port), 10)
-
-				}
-			}
-
-			// Now print a list of names and ports
-			println("\nPortscan these services via:")
-			println("nmap -sTVC -v -n -p " + portList + nameList)
+			enumerateDNS()
 
 		default:
 			fmt.Println("Command unrecognized.")
@@ -1266,7 +1240,7 @@ func printBanner(interactive bool) {
 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,`)
 	}
 	println(`________________________________________
-	Peirates v1.1.6alpha by InGuardians
+	Peirates v1.1.7-alpha by InGuardians
   https://www.inguardians.com/peirates
 ----------------------------------------------------------------`)
 }
@@ -1318,7 +1292,7 @@ Off-Menu         +
 [91] Make an HTTP request (GET or POST) to a user-specified URL [curl]
 [92] Deactivate "auth can-i" checking before attempting actions [set-auth-can-i] 
 [93] Run a simple all-ports TCP port scan against an IP address [tcpscan]
-[94] Enumerate services via DNS [enumerate-dns]
+[94] Enumerate services via DNS [enumerate-dns] *
 []  Run a shell command [shell <command and arguments>]
 
 [exit] Exit Peirates