Module: Msf::Exploit::Remote::DNS::Server

Includes:
Common, SocketServer
Defined in:
lib/msf/core/exploit/dns/server.rb

Constant Summary

Constants included from Common

Common::MATCH_HOSTNAME, Common::Packet

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from SocketServer

#_determine_server_comm, #cleanup, #exploit, #on_client_data, #primer, #regenerate_payload, #srvhost, #srvport, #via_string_for_ip

Instance Attribute Details

#serviceObject

:nodoc:


41
42
43
# File 'lib/msf/core/exploit/dns/server.rb', line 41

def service
  @service
end

Instance Method Details

#add_static_hosts(entries = datastore['STATIC_ENTRIES'], type = 'A') ⇒ Array

Process static entries

Parameters:

  • entries (String) (defaults to: datastore['STATIC_ENTRIES'])

    Filename or String containing static entries

  • type (String) (defaults to: 'A')

    Type of record for which to add static entries

Returns:

  • (Array)

    List of static entries in the cache


50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
# File 'lib/msf/core/exploit/dns/server.rb', line 50

def add_static_hosts(entries = datastore['STATIC_ENTRIES'], type = 'A')
  return if entries.nil? or entries.empty?
  if File.file?(File.expand_path(entries))
    data = File.read(File.expand_path(entries)).split("\n")
  else
    data = entries.split(';')
  end
  data.each do |entry|
    next if entry.gsub(/\s/,'').empty?
    addr, names = entry.split(' ', 2)
    names.split.each do |name|
      name << '.' unless name[-1] == '.' or name == '*'
      service.cache.add_static(name, addr, type)
    end
  end
  service.cache.records.select {|r,e| e == 0}
end

#flush_cache(static = false) ⇒ Object

Flush cache entries

Parameters:

  • static (TrueClass, FalseClass) (defaults to: false)

    flush static hosts


80
81
82
83
84
# File 'lib/msf/core/exploit/dns/server.rb', line 80

def flush_cache(static = false)
  self.service.cache.stop(true)
  flush_static_hosts if static
  self.service.cache.start
end

#flush_static_hostsObject

Flush all static entries


71
72
73
74
75
# File 'lib/msf/core/exploit/dns/server.rb', line 71

def flush_static_hosts
  data.cache.records.select {|r,e| e == 0}.each do |flush|
    data.cache.delete(flush)
  end
end

#initialize(info = {}) ⇒ Object

Initializes an exploit module that serves DNS requests


21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# File 'lib/msf/core/exploit/dns/server.rb', line 21

def initialize(info = {})
  super

  register_options(
    [
      OptPort.new('SRVPORT', [true, 'The local port to listen on.', 53]),
      OptString.new('STATIC_ENTRIES', [ false, "DNS domain search list (hosts file or space/semicolon separate entries)"]),
      OptBool.new('DISABLE_RESOLVER', [ false, "Disable DNS request forwarding", false]),
      OptBool.new('DISABLE_NS_CACHE', [ false, "Disable DNS response caching", false])
    ], Exploit::Remote::DNS::Server
  )

  register_advanced_options(
    [
      OptBool.new('DnsServerUdp', [true, "Serve UDP DNS requests", true]),
      OptBool.new('DnsServerTcp', [true, "Serve TCP DNS requests", false])
    ], Exploit::Remote::DNS::Server
  )
end

#on_dispatch_request(cli, data) ⇒ Object

Handle incoming requests Override this method in modules to take flow control


90
91
92
# File 'lib/msf/core/exploit/dns/server.rb', line 90

def on_dispatch_request(cli, data)
  service.default_dispatch_request(cli,data)
end

#on_send_response(cli, data) ⇒ Object

Handle incoming requests Override this method in modules to take flow control


98
99
100
# File 'lib/msf/core/exploit/dns/server.rb', line 98

def on_send_response(cli, data)
  cli.write(data)
end

#reset_serviceObject

Resets the DNS server


149
150
151
152
# File 'lib/msf/core/exploit/dns/server.rb', line 149

def reset_service
  stop_service(true)
  start_service
end

#start_serviceObject

Starts the server


105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# File 'lib/msf/core/exploit/dns/server.rb', line 105

def start_service
  begin

    comm = _determine_server_comm
    self.service = Rex::ServiceManager.start(
      Rex::Proto::DNS::Server,
      datastore['SRVHOST'],
      datastore['SRVPORT'],
      datastore['DnsServerUdp'],
      datastore['DnsServerTcp'],
      (use_resolver? ? setup_resolver : false),
      comm,
      {'Msf' => framework, 'MsfExploit' => self}
    )

    self.service.dispatch_request_proc = Proc.new do |cli, data|
      on_dispatch_request(cli,data)
    end
    self.service.send_response_proc = Proc.new do |cli, data|
      on_send_response(cli,data)
    end

    add_static_hosts
    self.service.start(!datastore['DISABLE_NS_CACHE'])

  rescue ::Errno::EACCES => e
    raise Rex::BindFailed.new(e.message)
  end
end

#stop_service(destroy = false) ⇒ Object

Stops the server

Parameters:

  • destroy (TrueClass, FalseClass) (defaults to: false)

    Dereference the server object


138
139
140
141
142
143
144
# File 'lib/msf/core/exploit/dns/server.rb', line 138

def stop_service(destroy = false)
  Rex::ServiceManager.stop_service(self.service) if self.service
  if destroy
    @dns_resolver = nil if @dns_resolver
    self.service = nil if self.service
  end
end

#use_resolver?Boolean

Determines if resolver is available and configured for use

Returns:

  • (Boolean)

157
158
159
# File 'lib/msf/core/exploit/dns/server.rb', line 157

def use_resolver?
  !datastore['DISABLE_RESOLVER'] and self.respond_to?(:setup_resolver)
end