Module: Rex::Proto::DNS::CustomNameserverProvider

Defined in:

lib/rex/proto/dns/custom_nameserver_provider.rb

Overview

Provides a DNS resolver the ability to use different nameservers for different requests, based on the domain being queried.

Defined Under Namespace

Classes: CommSink

Constant Summary

CONFIG_KEY_BASE =

'framework/dns'

CONFIG_VERSION =

Rex::Version.new('1.0')

Class Method Summary

• .extended(mod) ⇒ Object

Instance Method Summary

• #add_upstream_rule(resolvers, comm: nil, wildcard: '*', index: -1)) ⇒ Object

  Add a custom nameserver entry to the custom provider.

• #flush ⇒ Object
• #has_config? ⇒ Boolean

  Check whether or not there is configuration data in Metasploit’s configuration file which is persisted on disk.

• #init ⇒ Object
• #load_config ⇒ Object

  Load the custom settings from the MSF config file.

• #reinit ⇒ Object

  Reinitialize the configuration to its original state.

• #remove_ids(ids) ⇒ Array<UpstreamRule>

  Remove upstream rules with the given indexes Ignore entries that are not found.

• #save_config ⇒ Object

  Save the custom settings to the MSF config file.

• #set_framework(framework) ⇒ Object
• #upstream_resolvers_for_packet(packet) ⇒ Array<Array>

  The nameservers that match the given packet.

• #upstream_rules ⇒ Object

Class Method Details

.extended(mod) ⇒ Object

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 187

def self.extended(mod)
  mod.init
end

Instance Method Details

#add_upstream_rule(resolvers, comm: nil, wildcard: '*', index: -1)) ⇒ Object

Add a custom nameserver entry to the custom provider.

Parameters:

• resolvers (Array<String>) —

  The list of upstream resolvers that would be used for this custom rule.

• comm (Msf::Session::Comm) (defaults to: nil) —

  The communication channel to be used for these DNS requests.

• wildcard (String) (defaults to: '*') —

  The wildcard rule to match a DNS request against.

• index (Integer) (defaults to: -1)) —

  The index at which to insert the rule, defaults to -1 to append it at the end.

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 124

def add_upstream_rule(resolvers, comm: nil, wildcard: '*', index: -1)
  resolvers = [resolvers] if resolvers.is_a?(String) # coerce into an array of strings

  @upstream_rules.insert(index, UpstreamRule.new(
    wildcard: wildcard,
    resolvers: resolvers,
    comm: comm
  ))
end

#flush ⇒ Object

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 149

def flush
  @upstream_rules.clear
end

#has_config? ⇒ Boolean

Check whether or not there is configuration data in Metasploit’s configuration file which is persisted on disk.

Returns:

• (Boolean)

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 70

def has_config?
  config = Msf::Config.load
  version = config.fetch(CONFIG_KEY_BASE, {}).fetch('configuration_version', nil)
  if version.nil?
    @logger.info 'DNS configuration can not be loaded because the version is missing'
    return false
  end

  their_version = Rex::Version.new(version)
  if their_version > CONFIG_VERSION # if the config is newer, it's incompatible (we only guarantee backwards compat)
    @logger.info "DNS configuration version #{their_version} can not be loaded because it is too new"
    return false
  end

  my_minimum_version = Rex::Version.new(CONFIG_VERSION.canonical_segments.first.to_s)
  if their_version < my_minimum_version # can not be older than our major version
    @logger.info "DNS configuration version #{their_version} can not be loaded because it is too old"
    return false
  end

  true
end

#init ⇒ Object

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 36

def init
  @upstream_rules = []

  resolvers = [UpstreamResolver.create_static]
  if @config[:nameservers].empty?
    # if no nameservers are specified, fallback to the system
    resolvers << UpstreamResolver.create_system
  else
    # migrate the originally configured name servers
    resolvers += @config[:nameservers].map(&:to_s)
    @config[:nameservers].clear
  end

  add_upstream_rule(resolvers)

  nil
end

#load_config ⇒ Object

Load the custom settings from the MSF config file

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 109

def load_config
  unless has_config?
    raise ResolverError.new('There is no compatible configuration data to load')
  end

  load_config_entries
  load_config_static_hostnames
end

#reinit ⇒ Object

Reinitialize the configuration to its original state.

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 55

def reinit
  parse_config_file
  parse_environment_variables

  self.static_hostnames.flush
  self.static_hostnames.parse_hosts_file

  init

  cache.flush if respond_to?(:cache)

  nil
end

#remove_ids(ids) ⇒ Array<UpstreamRule>

Remove upstream rules with the given indexes Ignore entries that are not found

Parameters:

• ids (Array<Integer>) —

  The IDs to removed

Returns:

• (Array<UpstreamRule>) —

  The removed entries

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 139

def remove_ids(ids)
  removed = []
  ids.sort.reverse.each do |id|
    upstream_rule = @upstream_rules.delete_at(id)
    removed << upstream_rule if upstream_rule
  end

  removed.reverse
end

#save_config ⇒ Object

Save the custom settings to the MSF config file

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 96

def save_config
  new_config = {
    'configuration_version' => CONFIG_VERSION.to_s
  }
  Msf::Config.save(CONFIG_KEY_BASE => new_config)

  save_config_upstream_rules
  save_config_static_hostnames
end

#set_framework(framework) ⇒ Object

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 191

def set_framework(framework)
  self.feature_set = framework.features
end

#upstream_resolvers_for_packet(packet) ⇒ Array<Array>

The nameservers that match the given packet

Parameters:

• packet (Dnsruby::Message) —

  The DNS packet to be sent

Returns:

• (Array<Array>) —

  A list of nameservers, each with Rex::Socket options

Raises:

• (ResolveError) —

  If the packet contains multiple questions, which would end up sending to a different set of nameservers

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 158

def upstream_resolvers_for_packet(packet)
  unless feature_set.enabled?(Msf::FeatureManager::DNS)
    return super
  end
  # Leaky abstraction: a packet could have multiple question entries,
  # and each of these could have different nameservers, or travel via
  # different comm channels. We can't allow DNS leaks, so for now, we
  # will throw an error here.
  results_from_all_questions = []
  packet.question.each do |question|
    name = question.qname.to_s
    upstream_rule = self.upstream_rules.find { |ur| ur.matches_name?(name) }

    if upstream_rule
      upstream_resolvers = upstream_rule.resolvers
    else
      # Fall back to default nameservers
      upstream_resolvers = super
    end
    results_from_all_questions << upstream_resolvers.uniq
  end
  results_from_all_questions.uniq!
  if results_from_all_questions.size != 1
    raise ResolverError.new('Inconsistent nameserver entries attempted to be sent in the one packet')
  end

  results_from_all_questions[0]
end

#upstream_rules ⇒ Object

# File 'lib/rex/proto/dns/custom_nameserver_provider.rb', line 195

def upstream_rules
  @upstream_rules.dup
end