Replaced system with IO.popen to prevent an unlikely RCE, and also added additional checks.

config.yaml

@@ -158,6 +158,9 @@ beef:
                 enable: false
         ipec:
             enable: true
-        # this is still experimental, we're working on it..
+        # this is still experimental..
         dns:
             enable: true
+        # this is still experimental..
+        dns_rebinding:
+            enable: false

core/ruby/security.rb

@@ -11,10 +11,10 @@ def exec(args)
 end
 
 # @note Prevent system from ever being used
-#def system(args)
-#  puts "For security reasons the system method is not accepted in the Browser Exploitation Framework code base."
-#  exit
-#end
+def system(args)
+ puts "For security reasons the system method is not accepted in the Browser Exploitation Framework code base."
+ exit
+end
 
 # @note Prevent Kernel.system from ever being used
 def Kernel.system(args)

extensions/dns_rebinding/config.yaml

@@ -3,12 +3,13 @@ beef:
         dns_rebinding:
             enable: true
             name: 'DNS Rebinding'
+            authors: ['Milovanov T.I.']
             #Addresses are split into internal/external for more convenient attack
             #from LAN.
-            address_http_internal: '192.168.0.104'
-            address_http_external: '31.211.59.107'
-            address_proxy_internal: '192.168.0.104'
-            address_proxy_external: '31.211.59.107'
+            address_http_internal:  '192.168.x.x'
+            address_http_external:  'x.x.x.x'
+            address_proxy_internal: '192.168.x.x'
+            address_proxy_external: 'x.x.x.x'
             port_http: 80
             port_proxy: 81
             debug_mode: true

extensions/dns_rebinding/dns_rebinding.rb

@@ -44,7 +44,11 @@ module DNSRebinding
                     if start_string.include?("load")
                         log "[Server] Block with iptables\n"
                         port_http = dr_config['port_http']
-                        system("iptables -A INPUT -s #{victim_ip} -p tcp --dport #{port_http} -j REJECT --reject-with tcp-reset")
+                        if BeEF::Filters::is_valid_ip?(victim_ip) && port_http.kind_of?(Integer)
+                            IO.popen(["iptables","-A","INPUT","-s","#{victim_ip}","-p","tcp","--dport","#{port_http}","-j","REJECT","--reject-with","tcp-reset"], 'r+'){|io|}
+                        else
+                          print_error "[Dns_Rebinding] victim_ip or port_http values are illegal."
+                        end
                     end
                     log "-------------------------------\n"
                 end
@@ -192,8 +196,8 @@ module DNSRebinding
             response_a = @responses[path]
             @mutex_responses.unlock
 
-            response = response_a[1];
-            content_type = response_a[0];
+            response = response_a[1]
+            content_type = response_a[0]
 
             send_http_response(socket, response, {'Content-Type'=>content_type})
 

extensions/dns_rebinding/extension.rb

@@ -5,8 +5,8 @@ module DNSRebinding
     extend BeEF::API::Extension
 
     @short_name  = 'DNS Rebinding'
-    @full_name   = 'aaaa'
-    @description = 'aaaa'
+    @full_name   = 'DNS Rebinding'
+    @description = 'DNS Rebinding extension'
 
 end
 end

modules/network/dns_rebinding/config.yaml

@@ -5,7 +5,7 @@ beef:
             category: "Network"
             name: "DNS Rebinding"
             description: "dnsrebind"
-            domain: "dnsreb.chickenkiller.com"
+            domain: "dnsreb.beefproject.com"
             authors: ["Milovanov T.I."]
             target:
                 working:
@@ -15,4 +15,4 @@ beef:
                     O:
                         min_ver: 1
                         max_ver: 27
-                not_working: ["All"]
+            not_working: ["All"]