nesser 0.0.1

data/lib/nesser/packets/unpacker.rb

@@ -0,0 +1,127 @@
+# Encoding: ASCII-8BIT
+##
+# unpacker.rb
+# Created June 20, 2017
+# By Ron Bowes
+#
+# See: LICENSE.md
+#
+# DNS has some unusual properties that we have to handle, which is why I
+# wrote this class. It handles building / parsing DNS packets and keeping
+# track of where in the packet we currently are. The advantage, besides
+# simpler unpacking, is that encoded names (with pointers to other parts
+# of the packet) can be trivially handled.
+##
+
+require 'hexhelper'
+
+require 'nesser/dns_exception'
+require 'nesser/packets/constants'
+
+module Nesser
+  class Unpacker
+    attr_accessor :data, :offset
+
+    public
+    def initialize(data)
+      @data = data
+      @offset = 0
+    end
+
+    private
+    def _verify_results(results)
+      # If there's at least one nil included in our results, bad stuff happened
+      if results.index(nil)
+        raise(FormatException, "DNS packet was truncated (or we messed up parsing it)!")
+      end
+    end
+
+    # Unpack from the string, exactly like the normal `String#Unpack` method
+    # in Ruby, except that an offset into the string is maintained and updated.
+    public
+    def unpack(format)
+      if @offset >= @data.length
+        raise(FormatException, "DNS packet was invalid!")
+      end
+
+      results = @data[@offset..-1].unpack(format + "a*")
+      remaining = results.pop
+      @offset = @data.length - remaining.length
+
+      _verify_results(results)
+
+      return *results
+    end
+
+    public
+    def unpack_one(format)
+      results = unpack(format)
+
+      _verify_results(results)
+      if results.length != 1
+        raise(FormatException, "unpack_one() was passed a bad format string")
+      end
+
+      return results.pop()
+    end
+
+    # This temporarily changes the offset that we're reading from, runs the
+    # given block, then changes it back. This is used internally while
+    # unpacking names.
+    private
+    def _with_offset(offset)
+      old_offset = @offset
+      @offset = offset
+      yield
+      @offset = old_offset
+    end
+
+    # Unpack a name from the packet. Names are special, because they're
+    # encoded as:
+    # * A series of length-prefixed blocks, each indicating a segment
+    # * Blocks with a length the starts with two '1' bits (11xxxxx...), which
+    #   contains a pointer to another name elsewhere in the packet
+    public
+    def unpack_name(depth:0)
+      segments = []
+
+      if depth > MAX_RECURSION_DEPTH
+        raise(FormatException, "It looks like this packet contains recursive pointers!")
+      end
+
+      loop do
+        # If no offset is given, just eat data from the normal source
+        len = unpack_one("C")
+
+        # Stop at the null terminator
+        if len == 0
+          break
+        end
+
+        # Handle "pointer" records by updating the offset
+        if (len & 0xc0) == 0xc0
+          # If the first two bits are 1 (ie, 0xC0), the next
+          # 10 bits are an offset, so we have to mask out the first two bits
+          # with 0x3F (00111111)
+          offset = ((len << 8) | unpack_one("C")) & 0x3FFF
+
+          _with_offset(offset) do
+            segments << unpack_name(depth:depth+1).split(/\./)
+          end
+
+          break
+        end
+
+        # It's normal, just unpack what we need to!
+        segments << unpack("a#{len}")
+      end
+
+      return segments.join('.')
+    end
+
+    public
+    def to_s()
+      return HexHelper::to_s(@data, offset: @offset)
+    end
+  end
+end

data/lib/nesser/transaction.rb

@@ -0,0 +1,94 @@
+# Encoding: ASCII-8BIT
+##
+# transaction.rb
+# Created June 20, 2017
+# By Ron Bowes
+#
+# See: LICENSE.md
+#
+# When a request comes in, a transaction is created and sent to the callback.
+# The transaction can be used to respond to the request at any point in the
+# future.
+#
+# Any methods with a bang ('!') in front will send the response back to the
+# requester. Only one bang method can be called, any subsequent calls will
+# throw an exception.
+##
+module Nesser
+  class Transaction
+    attr_reader :request_packet, :response_packet, :sent
+
+    public
+    def initialize(s:, request_packet:, host:, port:)
+      @s = s
+      @request_packet = request_packet
+      @host = host
+      @port = port
+      @sent = false
+
+      @response_packet = request_packet.answer()
+    end
+
+    private
+    def not_sent!()
+      if @sent
+        raise ArgumentError("Already sent!")
+      end
+    end
+
+    public
+    def answer!(answers=[])
+      answers.each do |answer|
+        @response_packet.add_answer(answer)
+      end
+
+      reply!()
+    end
+
+    public
+    def error!(rcode)
+      not_sent!()
+
+      @response_packet.rcode = rcode
+      reply!()
+    end
+
+#    public
+#    def passthrough!(pt_host, pt_port, callback = nil)
+#      not_sent!()
+#
+#      Nesser.query(@request.questions[0].name, {
+#          :server  => pt_host,
+#          :port    => pt_port,
+#          :type    => @request.questions[0].type,
+#          :cls     => @request.questions[0].cls,
+#          :timeout => 3,
+#        }
+#      ) do |response|
+#        # If there was a timeout, handle it
+#        if(response.nil?)
+#          response = @response
+#          response.rcode = Nesser::Packet::RCODE_SERVER_FAILURE
+#        end
+#
+#        response.trn_id = @request.trn_id
+#        @s.send(response.serialize(), 0, @host, @port)
+#
+#        # Let the callback know if anybody registered one
+#        if(callback)
+#          callback.call(response)
+#        end
+#      end
+#
+#      @sent = true
+#    end
+
+    private
+    def reply!()
+      not_sent!()
+
+      @s.send(@response_packet.to_bytes(), 0, @host, @port)
+      @sent = true
+    end
+  end
+end

data/lib/nesser/version.rb

@@ -0,0 +1,3 @@
+module Nesser
+  VERSION = "0.0.1"
+end

data/nesser.gemspec

@@ -0,0 +1,22 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'nesser/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "nesser"
+  spec.version       = Nesser::VERSION
+  spec.authors       = ["iagox86"]
+  spec.email         = ["ron-git@skullsecurity.org"]
+
+  spec.summary       = "A simple and straight forward DNS library, created for dnscat2"
+  spec.homepage      = "https://github.com/iagox86/nesser"
+
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "simplecov"
+  spec.add_dependency "hexhelper"
+end

metadata

@@ -0,0 +1,118 @@
+--- !ruby/object:Gem::Specification
+name: nesser
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- iagox86
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-06-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: hexhelper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email:
+- ron-git@skullsecurity.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- Gemfile
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/nesser.rb
+- lib/nesser/dns_exception.rb
+- lib/nesser/packets/answer.rb
+- lib/nesser/packets/constants.rb
+- lib/nesser/packets/packer.rb
+- lib/nesser/packets/packet.rb
+- lib/nesser/packets/question.rb
+- lib/nesser/packets/rr_types.rb
+- lib/nesser/packets/unpacker.rb
+- lib/nesser/transaction.rb
+- lib/nesser/version.rb
+- nesser.gemspec
+homepage: https://github.com/iagox86/nesser
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: A simple and straight forward DNS library, created for dnscat2
+test_files: []