Land #18526, Add a command to customise DNS resolution

rapid7 · Nov 23, 2023 · 0d591a3 · 0d591a3
2 parents 21d23be + 473ded3
commit 0d591a3
Show file tree

Hide file tree

Showing 13 changed files with 873 additions and 67 deletions.
diff --git a/lib/msf/base/sessions/meterpreter.rb b/lib/msf/base/sessions/meterpreter.rb
@@ -602,6 +602,10 @@ def create(param)
     sock
   end
 
+  def supports_udp?
+    true
+  end
+
   #
   # Get a string representation of the current session platform
   #

diff --git a/lib/msf/base/sessions/ssh_command_shell_bind.rb b/lib/msf/base/sessions/ssh_command_shell_bind.rb
@@ -287,6 +287,10 @@ def create(params)
       sock
     end
 
+    def supports_udp?
+      false
+    end
+
     def create_server_channel(params)
       msf_channel = nil
       mutex = Mutex.new

diff --git a/lib/msf/core/feature_manager.rb b/lib/msf/core/feature_manager.rb
@@ -20,6 +20,7 @@ class FeatureManager
     MANAGER_COMMANDS = 'manager_commands'
     METASPLOIT_PAYLOAD_WARNINGS = 'metasploit_payload_warnings'
     DEFER_MODULE_LOADS = 'defer_module_loads'
+    DNS_FEATURE = 'dns_feature'
     DEFAULTS = [
       {
         name: WRAPPED_TABLES,
@@ -53,6 +54,12 @@ class FeatureManager
         description: 'When enabled will not eagerly load all modules',
         requires_restart: true,
         default_value: false
+      }.freeze,
+      {
+        name: DNS_FEATURE,
+        description: 'When enabled, allows configuration of DNS resolution behaviour in Metasploit',
+        requires_restart: false,
+        default_value: false
       }.freeze
     ].freeze
 

diff --git a/lib/msf/core/framework.rb b/lib/msf/core/framework.rb
@@ -82,6 +82,12 @@ def initialize(options={})
     require 'msf/core/cert_provider'
     Rex::Socket::Ssl.cert_provider = Msf::Ssl::CertProvider
 
+    if options.include?('CustomDnsResolver')
+      self.dns_resolver = options['CustomDnsResolver']
+      self.dns_resolver.set_framework(self)
+      Rex::Socket._install_global_resolver(self.dns_resolver)
+    end
+
     subscriber = FrameworkEventSubscriber.new(self)
     events.add_exploit_subscriber(subscriber)
     events.add_session_subscriber(subscriber)
@@ -147,6 +153,10 @@ def version
     Version
   end
 
+  #
+  # DNS resolver for the framework
+  #
+  attr_reader   :dns_resolver
   #
   # Event management interface for registering event handler subscribers and
   # for interacting with the correlation engine.
@@ -278,6 +288,7 @@ def eicar_corrupted?
   #   @return [Hash]
   attr_accessor :options
 
+  attr_writer   :dns_resolver #:nodoc:
   attr_writer   :events # :nodoc:
   attr_writer   :modules # :nodoc:
   attr_writer   :datastore # :nodoc:

diff --git a/lib/msf/core/session/comm.rb b/lib/msf/core/session/comm.rb
@@ -22,6 +22,13 @@ module Comm
   def create(param)
     raise NotImplementedError
   end
+
+  #
+  # Does the Comm support sending UDP messages?
+  #
+  def supports_udp?
+    raise NotImplementedError
+  end
 end
 
 end

diff --git a/lib/msf/ui/console/command_dispatcher/core.rb b/lib/msf/ui/console/command_dispatcher/core.rb
@@ -1350,6 +1350,7 @@ def cmd_save(*args)
       # Save the framework's datastore
       begin
         framework.save_config
+        driver.framework.dns_resolver.save_config
 
         if active_module
           active_module.save_config
-Original file line number
+Diff line change
@@ Expand Up / @@ -602,6 +602,10 @@ def create(param) @@
         sock
       end
+      def supports_udp?
+        true
+      end
       #
       # Get a string representation of the current session platform
       #
@@ Expand Down @@