Commit Graph

16 Commits (5b8b5fe533e36db5c452673c7e2dc70249f0cd4d)

Author SHA1 Message Date
RageLtMan 9f49903b14 Initial implementation of Rex::Proto::DNS
Add Rex::Proto::DNS and Rex::Proto::DNS::Constants namespaces
Create Rex::Proto::DNS::Resolver from Net::DNS::Resolver
Create Rex::Proto::DNS::Server and Rex::Proto::DNS::Server::Cache

Constants -
  A Rex::Socket style MATCH_HOSTNAME regex has been added to
help validate DNS names.

Resolver -
  Based off of old work creating Rex socket overrides in the
Net::DNS::Resolver as well as allowing for proxying and making
automatic adjustments to use TCP for proxied connections. This
resolver pivots with MSF, uses proxies, and doesnt pull in the
default /etc/resolv.conf information which can lead to info leak.
  Automatically sends Net::DNS::Packet and Resolv::DNS::Message
objects to the appropriate nameservers.
  TODO: Review for potential low level concurrent resolution impl.

Server::Cache -
  Threadsafe wrapper around a Hash which holds Net::DNS::RR keys
with Time.to_i values for counting eviction/stale time without
altering the original record.
  Takes records with a TTL of < 1 as static entries which are not
flushed or pruned by the monitor thread.

Server -
  A standard Rex level server allowing for client connections with
TCP and UDP listeners. Provides common framework for handling the
different transports by creating a "client" type object as a Rex
UDP socket and passing it back to the dispatch/sender methods.
This server can host listeners on remote pivot targets since it
utilizes Rex sockets, and should not leak internal information
from the resolver as easily either.
  Can be configured with a custom resolver regardless of its own
listener configuration (UDP/TCP mix is fine), and carries a
threadsafe wrapper for swapping the resolvers nameservers under
a Mutex.synchronize. Since listeners and resolvers can pivot,
a compromised host in one environment can serve DNS information
obtained by the resolver pivoting through a completely different
target.
  The server takes blocks for dispatch and send functions which
when defined, will intercept the standard execution flow which is
to parse the request, check the cache for corresponding records,
then forward the remaining questions in a request via the resolver,
and build + send a response back to the client.
  The accessors for dispatch and send, resolver, and cache are
accessible at runtime, though it is likely unsafe to replace the
cache and resolver while they are accessed from other threads.

-----

Testing:
  Initial testing performed in IRB/Pry generating manual requests.
  Subsequent checks performed using the running server as the sys
resolver.
  Additional testing is needed - the default dispatch_request
behavior may not be correct (i need to check the RFCs for this) as
it handles multiple questions for A records. This should be tuned
to be RFC compliant, with inheriting classes changing behavior as
needed. We also need to ensure that we're not leaking our own DNS
information to our targets, so all sorts of abuse is in order.

-----

TODO:
  Create Msf::Exploit::DNS namespace utilizing this functionality.
  - Move the threaded enum_dns work, as well as work from 6187,
into the namespace
  - Review existing modules for functional overlap and move here
as needed. This should be done in separate commits/PRs.
  Create specific DNS servers for spoofing, exploit delivery, and
finally handling DNS tunnels (the primary reason for this work).
  Write spec
  - Convince/coerce a friendly soul in the community to handle
spec for this fiasco while building further functionality.
2017-06-23 19:58:29 -04:00
wchen-r7 dc13b84189 Bring mms branch up to date w/ master 2017-03-07 16:13:39 -06:00
wchen-r7 fae05f2e98 And API to send an MMS message to mobile devices
This API allows you to send a malicious attachment to mobile
devices.
2017-03-07 12:34:45 -06:00
wchen-r7 6ad8afb8b3 Add API to send a text message (SMS) to mobile devices 2017-03-02 16:47:55 -06:00
jvazquez-r7 d5dfd75e71 Add initial model and support to OutputStream 2015-01-05 18:52:13 -06:00
jvazquez-r7 c5865c6fec Add initial design draft 2014-12-09 15:53:29 -06:00
HD Moore d656e3185f Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00
HD Moore 842bfdebe8 Lets just leave this here (insurance against my laptop melting down between now and tomorrow morning). Nothing to see here, move along ;)
git-svn-id: file:///home/svn/framework3/trunk@13483 4d416f70-5f16-0410-b530-b9f4589650da
2011-08-03 22:58:55 +00:00
HD Moore 9ce47c01bd Reverting the autoload changes until we can upgrade to a new ActiveSupport library or find a workaround
git-svn-id: file:///home/svn/framework3/trunk@12600 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-12 20:03:55 +00:00
Joshua Drake 05f107f466 Fixes #4371, Converts many uses of require to autoload
git-svn-id: file:///home/svn/framework3/trunk@12554 4d416f70-5f16-0410-b530-b9f4589650da
2011-05-06 18:47:10 +00:00
amaloteaux 5f6995e8d3 enable ntlmv2 and signing for smb client stack (pth implementation is coming), fixes #11678 and #152
git-svn-id: file:///home/svn/framework3/trunk@11893 4d416f70-5f16-0410-b530-b9f4589650da
2011-03-07 19:57:53 +00:00
Tod Beardsley 359e1ad53a See #726. Adds a DB2 scanner and brute forcer.
git-svn-id: file:///home/svn/framework3/trunk@8223 4d416f70-5f16-0410-b530-b9f4589650da
2010-01-25 15:58:24 +00:00
Ramon de C Valle f124597a56 Code cleanups
git-svn-id: file:///home/svn/framework3/trunk@5773 4d416f70-5f16-0410-b530-b9f4589650da
2008-10-19 21:03:39 +00:00
HD Moore b931b02c14 Changes from Brian Caswell
git-svn-id: file:///home/svn/incoming/trunk@3161 4d416f70-5f16-0410-b530-b9f4589650da
2005-11-30 19:42:19 +00:00
Matt Miller 654b7f034c service allocation draft
git-svn-id: file:///home/svn/incoming/trunk@2844 4d416f70-5f16-0410-b530-b9f4589650da
2005-08-22 04:34:40 +00:00
Matt Miller 934c50c878 rex proto stuff
git-svn-id: file:///home/svn/incoming/trunk@2826 4d416f70-5f16-0410-b530-b9f4589650da
2005-07-25 02:44:07 +00:00