Module: Msf::Exploit::Remote::DNS::Server

Includes:

Common, SocketServer

Defined in:

lib/msf/core/exploit/remote/dns/server.rb

Constant Summary

Constants included from Common

Common::MATCH_HOSTNAME, Common::Packet

Instance Attribute Summary

• #service ⇒ Object

  :nodoc:.

Instance Method Summary

• #add_static_hosts(entries = , type = 'A') ⇒ Array

  Process static entries.

• #cleanup ⇒ Object

  Dereference the DNS service.

• #flush_cache(static = false) ⇒ Object

  Flush cache entries.

• #flush_static_hosts ⇒ Object

  Flush all static entries.

• #initialize(info = {}) ⇒ Object

  Initializes an exploit module that serves DNS requests.

• #on_dispatch_request(cli, data) ⇒ Object

  Handle incoming requests Override this method in modules to take flow control.

• #on_send_response(cli, data) ⇒ Object

  Handle incoming requests Override this method in modules to take flow control.

• #start_service ⇒ Object

  Starts the server.

• #use_resolver? ⇒ Boolean

  Determines if resolver is available and configured for use.

Methods included from SocketServer

#_determine_server_comm, #bindhost, #bindport, #cleanup_service, #exploit, #on_client_data, #primer, #regenerate_payload, #srvhost, #srvport, #via_string

Instance Attribute Details

#service ⇒ Object

:nodoc:

# File 'lib/msf/core/exploit/remote/dns/server.rb', line 38

def service
  @service
end

Instance Method Details

#add_static_hosts(entries = , type = 'A') ⇒ Array

Process static entries

Parameters:

• entries (String) (defaults to: ) —

  Filename or String containing static entries

• type (String) (defaults to: 'A') —

  Type of record for which to add static entries

Returns:

• (Array) —

  List of static entries in the cache

# File 'lib/msf/core/exploit/remote/dns/server.rb', line 47

def add_static_hosts(entries = datastore['STATIC_ENTRIES'], type = 'A')
  return if entries.nil? or entries.empty?
  if File.file?(File.expand_path(entries))
    data = File.read(File.expand_path(entries)).split("\n")
  else
    data = entries.split(';')
  end
  data.each do |entry|
    next if entry.gsub(/\s/, '').empty?

    address, names = entry.split(' ', 2)
    names.split.each do |name|
      name << '.' unless name.end_with?('.') || name == '*'

      unless Rex::Socket.is_ip_addr?(address.to_s) && (name.to_s.match(MATCH_HOSTNAME) || name == '*')
        raise "Invalid parameters for static entry - #{name}, #{address}, #{type}"
      end

      service.cache.cache_record(Dnsruby::RR.create(name: name, type: type, address: address), expire: false)
    end
  end
  service.cache.records.select {|r,e| e == 0}
end

#cleanup ⇒ Object

Dereference the DNS service

# File 'lib/msf/core/exploit/remote/dns/server.rb', line 141

def cleanup
  super
  @dns_resolver = nil if @dns_resolver
end

#flush_cache(static = false) ⇒ Object

Flush cache entries

Parameters:

• static (TrueClass, FalseClass) (defaults to: false) —

  flush static hosts

# File 'lib/msf/core/exploit/remote/dns/server.rb', line 83

def flush_cache(static = false)
  self.service.cache.stop(true)
  flush_static_hosts if static
  self.service.cache.start
end

#flush_static_hosts ⇒ Object

Flush all static entries

# File 'lib/msf/core/exploit/remote/dns/server.rb', line 74

def flush_static_hosts
  data.cache.records.select {|r,e| e == 0}.each do |flush|
    data.cache.delete(flush)
  end
end

#initialize(info = {}) ⇒ Object

Initializes an exploit module that serves DNS requests

# File 'lib/msf/core/exploit/remote/dns/server.rb', line 18

def initialize(info = {})
  super

  register_options(
    [
      OptPort.new('SRVPORT', [true, 'The local port to listen on.', 53]),
      OptString.new('STATIC_ENTRIES', [ false, "DNS domain search list (hosts file or space/semicolon separate entries)"]),
      OptBool.new('DISABLE_RESOLVER', [ false, "Disable DNS request forwarding", false]),
      OptBool.new('DISABLE_NS_CACHE', [ false, "Disable DNS response caching", false])
    ], Exploit::Remote::DNS::Server
  )

  register_advanced_options(
    [
      OptBool.new('DnsServerUdp', [true, "Serve UDP DNS requests", true]),
      OptBool.new('DnsServerTcp', [true, "Serve TCP DNS requests", false])
    ], Exploit::Remote::DNS::Server
  )
end

#on_dispatch_request(cli, data) ⇒ Object

Handle incoming requests Override this method in modules to take flow control

# File 'lib/msf/core/exploit/remote/dns/server.rb', line 93

def on_dispatch_request(cli, data)
  service.default_dispatch_request(cli,data)
end

#on_send_response(cli, data) ⇒ Object

Handle incoming requests Override this method in modules to take flow control

# File 'lib/msf/core/exploit/remote/dns/server.rb', line 101

def on_send_response(cli, data)
  cli.write(data)
end

#start_service ⇒ Object

Starts the server

# File 'lib/msf/core/exploit/remote/dns/server.rb', line 108

def start_service
  begin

    comm = _determine_server_comm(bindhost)
    self.service = Rex::ServiceManager.start(
      Rex::Proto::DNS::Server,
      bindhost,
      bindport,
      datastore['DnsServerUdp'],
      datastore['DnsServerTcp'],
      !datastore['DISABLE_NS_CACHE'],
      (use_resolver? ? setup_resolver : false),
      comm,
      {'Msf' => framework, 'MsfExploit' => self}
    )

    self.service.dispatch_request_proc = Proc.new do |cli, data|
      on_dispatch_request(cli,data)
    end
    self.service.send_response_proc = Proc.new do |cli, data|
      on_send_response(cli,data)
    end

    add_static_hosts

  rescue ::Errno::EACCES => e
    raise Rex::BindFailed.new(e.message)
  end
end

#use_resolver? ⇒ Boolean

Determines if resolver is available and configured for use

Returns:

• (Boolean)

# File 'lib/msf/core/exploit/remote/dns/server.rb', line 149

def use_resolver?
  !datastore['DISABLE_RESOLVER'] and self.respond_to?(:setup_resolver)
end