Module: Msf::Exploit::Remote::DNS::Server

Includes:

Common, SocketServer

Defined in:

lib/msf/core/exploit/dns/server.rb

Constant Summary

Constants included from Common

Common::MATCH_HOSTNAME, Common::Packet

Instance Attribute Summary

• #service ⇒ Object

  :nodoc:.

Instance Method Summary

• #add_static_hosts(entries = datastore['STATIC_ENTRIES'], type = 'A') ⇒ Array

  Process static entries.

• #flush_cache(static = false) ⇒ Object

  Flush cache entries.

• #flush_static_hosts ⇒ Object

  Flush all static entries.

• #initialize(info = {}) ⇒ Object

  Initializes an exploit module that serves DNS requests.

• #on_dispatch_request(cli, data) ⇒ Object

  Handle incoming requests Override this method in modules to take flow control.

• #on_send_response(cli, data) ⇒ Object

  Handle incoming requests Override this method in modules to take flow control.

• #reset_service ⇒ Object

  Resets the DNS server.

• #start_service ⇒ Object

  Starts the server.

• #stop_service(destroy = false) ⇒ Object

  Stops the server.

• #use_resolver? ⇒ Boolean

  Determines if resolver is available and configured for use.

Methods included from SocketServer

#_determine_server_comm, #cleanup, #exploit, #on_client_data, #primer, #regenerate_payload, #srvhost, #srvport, #via_string_for_ip

Instance Attribute Details

#service ⇒ Object

:nodoc:

# File 'lib/msf/core/exploit/dns/server.rb', line 41

def service
  @service
end

Instance Method Details

#add_static_hosts(entries = datastore['STATIC_ENTRIES'], type = 'A') ⇒ Array

Process static entries

Parameters:

• entries (String) (defaults to: datastore['STATIC_ENTRIES']) —

  Filename or String containing static entries

• type (String) (defaults to: 'A') —

  Type of record for which to add static entries

Returns:

• (Array) —

  List of static entries in the cache

# File 'lib/msf/core/exploit/dns/server.rb', line 50

def add_static_hosts(entries = datastore['STATIC_ENTRIES'], type = 'A')
  return if entries.nil? or entries.empty?
  if File.file?(File.expand_path(entries))
    data = File.read(File.expand_path(entries)).split("\n")
  else
    data = entries.split(';')
  end
  data.each do |entry|
    next if entry.gsub(/\s/,'').empty?
    addr, names = entry.split(' ', 2)
    names.split.each do |name|
      name << '.' unless name[-1] == '.' or name == '*'
      service.cache.add_static(name, addr, type)
    end
  end
  service.cache.records.select {|r,e| e == 0}
end

#flush_cache(static = false) ⇒ Object

Flush cache entries

Parameters:

• static (TrueClass, FalseClass) (defaults to: false) —

  flush static hosts

# File 'lib/msf/core/exploit/dns/server.rb', line 80

def flush_cache(static = false)
  self.service.cache.stop(true)
  flush_static_hosts if static
  self.service.cache.start
end

#flush_static_hosts ⇒ Object

Flush all static entries

# File 'lib/msf/core/exploit/dns/server.rb', line 71

def flush_static_hosts
  data.cache.records.select {|r,e| e == 0}.each do |flush|
    data.cache.delete(flush)
  end
end

#initialize(info = {}) ⇒ Object

Initializes an exploit module that serves DNS requests

# File 'lib/msf/core/exploit/dns/server.rb', line 21

def initialize(info = {})
  super

  register_options(
    [
      OptPort.new('SRVPORT', [true, 'The local port to listen on.', 53]),
      OptString.new('STATIC_ENTRIES', [ false, "DNS domain search list (hosts file or space/semicolon separate entries)"]),
      OptBool.new('DISABLE_RESOLVER', [ false, "Disable DNS request forwarding", false]),
      OptBool.new('DISABLE_NS_CACHE', [ false, "Disable DNS response caching", false])
    ], Exploit::Remote::DNS::Server
  )

  register_advanced_options(
    [
      OptBool.new('DnsServerUdp', [true, "Serve UDP DNS requests", true]),
      OptBool.new('DnsServerTcp', [true, "Serve TCP DNS requests", false])
    ], Exploit::Remote::DNS::Server
  )
end

#on_dispatch_request(cli, data) ⇒ Object

Handle incoming requests Override this method in modules to take flow control

# File 'lib/msf/core/exploit/dns/server.rb', line 90

def on_dispatch_request(cli, data)
  service.default_dispatch_request(cli,data)
end

#on_send_response(cli, data) ⇒ Object

Handle incoming requests Override this method in modules to take flow control

# File 'lib/msf/core/exploit/dns/server.rb', line 98

def on_send_response(cli, data)
  cli.write(data)
end

#reset_service ⇒ Object

Resets the DNS server

# File 'lib/msf/core/exploit/dns/server.rb', line 149

def reset_service
  stop_service(true)
  start_service
end

#start_service ⇒ Object

Starts the server

# File 'lib/msf/core/exploit/dns/server.rb', line 105

def start_service
  begin

    comm = _determine_server_comm
    self.service = Rex::ServiceManager.start(
      Rex::Proto::DNS::Server,
      datastore['SRVHOST'],
      datastore['SRVPORT'],
      datastore['DnsServerUdp'],
      datastore['DnsServerTcp'],
      (use_resolver? ? setup_resolver : false),
      comm,
      {'Msf' => framework, 'MsfExploit' => self}
    )

    self.service.dispatch_request_proc = Proc.new do |cli, data|
      on_dispatch_request(cli,data)
    end
    self.service.send_response_proc = Proc.new do |cli, data|
      on_send_response(cli,data)
    end

    add_static_hosts
    self.service.start(!datastore['DISABLE_NS_CACHE'])

  rescue ::Errno::EACCES => e
    raise Rex::BindFailed.new(e.message)
  end
end

#stop_service(destroy = false) ⇒ Object

Stops the server

Parameters:

• destroy (TrueClass, FalseClass) (defaults to: false) —

  Dereference the server object

# File 'lib/msf/core/exploit/dns/server.rb', line 138

def stop_service(destroy = false)
  Rex::ServiceManager.stop_service(self.service) if self.service
  if destroy
    @dns_resolver = nil if @dns_resolver
    self.service = nil if self.service
  end
end

#use_resolver? ⇒ Boolean

Determines if resolver is available and configured for use

Returns:

• (Boolean)

# File 'lib/msf/core/exploit/dns/server.rb', line 157

def use_resolver?
  !datastore['DISABLE_RESOLVER'] and self.respond_to?(:setup_resolver)
end