nesser 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: bffba7aa303feb0c9264e87bea0b4071dd43de0a
+  data.tar.gz: f9d20c7da26f034657c8fbb16ded9222571d1b1b
+SHA512:
+  metadata.gz: 5a92a2bd9131b145d848cfc2204dbcbc5468424e43fb60cf8a8cd08d1e5480cfae325f5ec47c0e5824c20c7fcb99285a923bfa6a747e6c2bbdfaf616bb631232
+  data.tar.gz: 42c424af1ba877d784b05f1a40cb1577067d47ff6b06b672f62bb5f7a5393ace29abbcd8a1e305d282e098fe2751862dc4a1063637884b8c7ede1717370ec79c

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/.travis.yml

@@ -0,0 +1,4 @@
+language: ruby
+rvm:
+  - 2.3.1
+before_install: gem install bundler -v 1.11.2

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in nesser.gemspec
+gemspec

data/README.md

@@ -0,0 +1,28 @@
+# Nesser
+
+A DNS client and server class, written for Dnscat2 (and other similar projects).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'nesser'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install nesser
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/iagox86/nesser
+

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "nesser"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/nesser.rb

@@ -0,0 +1,149 @@
+# Encoding: ASCII-8BIT
+##
+# nesser.rb
+# Created Oct 7, 2015
+# By Ron Bowes
+#
+# See: LICENSE.md
+#
+# I had nothing but trouble using rubydns (which became celluloid-dns, whose
+# documentation is just flat out wrong), and I only really need a very small
+# subset of DNS functionality, so I decided that I should just wrote my own.
+#
+# Note: after writing this, I noticed that Resolv::DNS exists in the Ruby
+# language, I need to check if I can use that.
+#
+# There are two methods for using this library: as a client (to make a query)
+# or as a server (to listen for queries and respond to them).
+#
+# To make a query, use Nesser.query:
+#
+#   Nesser.query("google.com") do |response|
+#     ...
+#   end
+#
+# `response` will be of type Nesser::Packet.
+#
+# To listen for queries, create a new instance of Nesser, which will begin
+# listening on a port, but won't actually handle queries yet:
+#
+#   nesser = Nesser.new("0.0.0.0", 53) do |transaction|
+#     ...
+#   end
+#
+# `transaction` is of type Nesser::Transaction, and allows you to respond to the
+# request either immediately or asynchronously.
+#
+# Nesser currently supports the following record types: A, NS, CNAME, SOA, MX,
+# TXT, and AAAA.
+##
+
+require 'ipaddr'
+require 'socket'
+require 'timeout'
+
+require "nesser/version"
+
+module Nesser
+  class Nesser
+    attr_reader :thread
+
+    def initialize(s:, logger:, host:"0.0.0.0", port:53)
+      @s = s
+      @s.bind(host, port)
+      @logger = logger
+
+      @thread = Thread.new() do
+        begin
+          loop do
+            # Grab all the data we can off the socket
+            data = @s.recvfrom(65536)
+
+            begin
+              # Data is an array where the first element is the actual data, and the second is the host/port
+              request = Packet.parse(data[0])
+            rescue DnsException => e
+              logger.error("Failed to parse the DNS packet: %s" % e.to_s())
+              next
+            end
+
+            # Create a transaction object, which we can use to respond
+            transaction = Transaction.new(
+              s: @s,
+              request_packet: request,
+              host: data[1][3],
+              port: data[1][1],
+            )
+
+            begin
+              proc.call(transaction)
+            rescue StandardError => e
+              logger.error("Error thrown while processing the DNS packet: %s" % e.to_s())
+              logger.info(e.backtrace())
+              transaction.error!(RCODE_SERVER_FAILURE)
+            end
+          end
+        ensure
+          @s.close()
+        end
+      end
+    end
+
+    # Kill the listener
+    def stop()
+      if(@thread.nil?)
+        @logger.error("Tried to stop a listener that wasn't listening!")
+        return
+      end
+
+      @thread.kill()
+      @thread = nil
+    end
+
+    # After calling on_request(), this can be called to halt the program's
+    # execution until the thread is stopped.
+    def wait()
+      if(@thread.nil?)
+        @logger.error("Tried to wait on a Nesser instance that wasn't listening!")
+        return
+      end
+
+      @thread.join()
+    end
+
+    # Send out a query, asynchronously. This immediately returns, then, when the
+    # query is finished, the callback block is called with a Nesser::Packet that
+    # represents the response (or nil, if there was a timeout).
+    def Nesser.query(s, hostname, params = {})
+      server   = params[:server]   || "8.8.8.8"
+      port     = params[:port]     || 53
+      type     = params[:type]     || Nesser::Packet::TYPE_A
+      cls      = params[:cls]      || Nesser::Packet::CLS_IN
+      timeout  = params[:timeout]  || 3
+
+      packet = Nesser::Packet.new(rand(65535), Nesser::Packet::QR_QUERY, Nesser::Packet::OPCODE_QUERY, Nesser::Packet::FLAG_RD, Nesser::Packet::RCODE_SUCCESS)
+      packet.add_question(Nesser::Packet::Question.new(hostname, type, cls))
+
+      s = UDPSocket.new()
+
+      return Thread.new() do
+        begin
+          s.send(packet.serialize(), 0, server, port)
+
+          timeout(timeout) do
+            response = s.recv(65536)
+            proc.call(Nesser::Packet.unpack(response))
+          end
+        rescue Timeout::Error
+          proc.call(nil)
+        rescue Exception => e
+          @logger.error("There was an exception sending a query for #{hostname} to #{server}:#{port}: #{e}")
+        ensure
+          if(s)
+            s.close()
+          end
+        end
+      end
+    end
+  end
+end

data/lib/nesser/dns_exception.rb

@@ -0,0 +1,18 @@
+# Encoding: ASCII-8BIT
+##
+# dns_exception.rb
+# Created June 20, 2017
+# By Ron Bowes
+#
+# See LICENSE.md
+#
+# Implements a simple exception class for dns errors.
+##
+
+module Nesser
+  class DnsException < StandardError
+  end
+
+  class FormatException < DnsException
+  end
+end

data/lib/nesser/packets/answer.rb

@@ -0,0 +1,79 @@
+# Encoding: ASCII-8BIT
+##
+# answer.rb
+# Created June 20, 2017
+# By Ron Bowes
+#
+# See: LICENSE.md
+#
+# A DNS answer. A DNS response packet contains zero or more Answer records
+# (defined by the 'ancount' value in the header). An answer contains the
+# name of the domain from the question, followed by a resource record.
+##
+
+module Nesser
+  class Answer
+    attr_reader :name, :type, :cls, :ttl, :rr
+
+    def initialize(name:, type:, cls:, ttl:, rr:)
+      @name = name
+      @type = type
+      @cls  = cls
+      @ttl  = ttl
+      @rr   = rr
+    end
+
+    def self.unpack(unpacker)
+      name = unpacker.unpack_name()
+      type, cls, ttl = unpacker.unpack("nnN")
+
+      case type
+      when TYPE_A
+        rr = A.unpack(unpacker)
+      when TYPE_NS
+        rr = NS.unpack(unpacker)
+      when TYPE_CNAME
+        rr = CNAME.unpack(unpacker)
+      when TYPE_SOA
+        rr = SOA.unpack(unpacker)
+      when TYPE_MX
+        rr = MX.unpack(unpacker)
+      when TYPE_TXT
+        rr = TXT.unpack(unpacker)
+      when TYPE_AAAA
+        rr = AAAA.unpack(unpacker)
+      else
+        rr = RRUnknown.unpack(unpacker, type)
+      end
+
+      return self.new(
+        name: name,
+        type: type,
+        cls: cls,
+        ttl: ttl,
+        rr: rr,
+      )
+    end
+
+    def pack(packer)
+      # The name is echoed back
+      packer.pack_name(@name)
+
+      # The type/class/ttl are added
+      packer.pack('nnN', @type, @cls, @ttl)
+
+      # Finally, the length and rr (the length is included)
+      @rr.pack(packer)
+    end
+
+    def to_s()
+      return '%s %d [%s %s] %s' % [
+        @name,
+        @ttl,
+        TYPES[@type] || '<0x%04x?>' % @type,
+        CLSES[@cls]  || '<0x%04x?>' % @cls,
+        @rr.to_s(),
+      ]
+    end
+  end
+end

data/lib/nesser/packets/constants.rb

@@ -0,0 +1,111 @@
+# Encoding: ASCII-8BIT
+##
+# constants.rb
+# Created June 20, 2017
+# By Ron Bowes
+#
+# See: LICENSE.md
+##
+
+module Nesser
+  # Max recursion depth for parsing names
+  MAX_RECURSION_DEPTH = 16
+
+  # These restrictions are from RFC 952
+  LEGAL_CHARACTERS = (
+    ('a'..'z').to_a +
+    ('A'..'Z').to_a +
+    (0..9).to_a +
+    ['-', '.']
+  )
+  MAX_SEGMENT_LENGTH = 63
+  MAX_TOTAL_LENGTH = 253
+
+  CLS_IN                = 0x0001 # Internet
+  CLSES = {
+    CLS_IN => "IN",
+  }
+
+  # Request / response
+  QR_QUERY    = 0x0000
+  QR_RESPONSE = 0x0001
+
+  QRS = {
+    QR_QUERY    => "QUERY",
+    QR_RESPONSE => "RESPONSE",
+  }
+
+  # Return codes
+  RCODE_SUCCESS         = 0x0000
+  RCODE_FORMAT_ERROR    = 0x0001
+  RCODE_SERVER_FAILURE  = 0x0002 # :servfail
+  RCODE_NAME_ERROR      = 0x0003 # :NXDomain
+  RCODE_NOT_IMPLEMENTED = 0x0004
+  RCODE_REFUSED         = 0x0005
+
+  RCODES = {
+    RCODE_SUCCESS         => ":NoError (RCODE_SUCCESS)",
+    RCODE_FORMAT_ERROR    => ":FormErr (RCODE_FORMAT_ERROR)",
+    RCODE_SERVER_FAILURE  => ":ServFail (RCODE_SERVER_FAILURE)",
+    RCODE_NAME_ERROR      => ":NXDomain (RCODE_NAME_ERROR)",
+    RCODE_NOT_IMPLEMENTED => ":NotImp (RCODE_NOT_IMPLEMENTED)",
+    RCODE_REFUSED         => ":Refused (RCODE_REFUSED)",
+  }
+
+  # Opcodes - only QUERY is typically used
+  OPCODE_QUERY  = 0x0000
+  OPCODE_IQUERY = 0x0800
+  OPCODE_STATUS = 0x1000
+
+  OPCODES = {
+    OPCODE_QUERY  => "OPCODE_QUERY",
+    OPCODE_IQUERY => "OPCODE_IQUERY",
+    OPCODE_STATUS => "OPCODE_STATUS",
+  }
+
+  # The types that we support
+  TYPE_A     = 0x0001
+  TYPE_NS    = 0x0002
+  TYPE_CNAME = 0x0005
+  TYPE_SOA   = 0x0006
+  TYPE_MX    = 0x000f
+  TYPE_TXT   = 0x0010
+  TYPE_AAAA  = 0x001c
+  TYPE_ANY   = 0x00FF
+
+  TYPES = {
+    TYPE_A     => "A",
+    TYPE_NS    => "NS",
+    TYPE_CNAME => "CNAME",
+    TYPE_SOA   => "SOA",
+    TYPE_MX    => "MX",
+    TYPE_TXT   => "TXT",
+    TYPE_AAAA  => "AAAA",
+    TYPE_ANY   => "ANY",
+  }
+
+  # The DNS flags
+  FLAG_AA = 0x0008 # Authoritative answer
+  FLAG_TC = 0x0004 # Truncated
+  FLAG_RD = 0x0002 # Recursion desired
+  FLAG_RA = 0x0001 # Recursion available
+
+  # This converts a set of flags, as an integer, into a string
+  def self.FLAGS(flags)
+    result = []
+    if((flags & FLAG_AA) == FLAG_AA)
+      result << "AA"
+    end
+    if((flags & FLAG_TC) == FLAG_TC)
+      result << "TC"
+    end
+    if((flags & FLAG_RD) == FLAG_RD)
+      result << "RD"
+    end
+    if((flags & FLAG_RA) == FLAG_RA)
+      result << "RA"
+    end
+
+    return result.join("|")
+  end
+end