From 26cd0f08ad16504b47447c04490b8ed84cd90a58 Mon Sep 17 00:00:00 2001 From: soh_cah_toa Date: Mon, 28 Apr 2014 20:28:47 -0400 Subject: [PATCH] Removed support for HINFO and MINFO resource records. These RR's are very difficult to validate and, in their current state, are vulnerable to RCE attacks. Furthermore, BeEF does not have a use for these RR's. --- extensions/dns/model.rb | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/extensions/dns/model.rb b/extensions/dns/model.rb index d12c2fb15..210914fde 100644 --- a/extensions/dns/model.rb +++ b/extensions/dns/model.rb @@ -94,30 +94,6 @@ module BeEF else raise InvalidDnsResponseError, 'CNAME' end - elsif resource == Resolv::DNS::Resource::IN::HINFO - if response.is_a?(Array) - response.each { |r| raise InvalidDnsResponseError, 'HINFO' unless r.is_a?(String) } - data = { :cpu => response[0], :os => response[1] } - sprintf "t.respond!('%s', '%s')", data - elsif (response.is_a?(Symbol) && response.to_s =~ sym_regex) || response =~ sym_regex - sprintf "t.fail!(:%s)", response.to_sym - else - raise InvalidDnsResponseError, 'HINFO' - end - elsif resource == Resolv::DNS::Resource::IN::MINFO - if response.is_a?(Array) - response.each { |r| raise InvalidDnsResponseError, 'MINFO' unless r.is_a?(String) && BeEF::Filters.is_valid_domain?(r) } - - data = { :rmailbx => response[0], :emailbx => response[1] } - - sprintf "t.respond!(Resolv::DNS::Name.create('%s'), " + - "Resolv::DNS::Name.create('%s'))", - data - elsif (response.is_a?(Symbol) && response.to_s =~ sym_regex) || response =~ sym_regex - sprintf "t.fail!(:%s)", response.to_sym - else - raise InvalidDnsResponseError, 'MINFO' - end elsif resource == Resolv::DNS::Resource::IN::MX if response[0].is_a?(Integer) && BeEF::Filters.is_valid_domain?(response[1])