search

iagox86 / dnscat2

BSD 3-Clause "New" or "Revised" License
3.43k stars 601 forks source link

Certain input for server in console mode throws error #43

Closed izhan closed 9 years ago

izhan commented 9 years ago

For certain input, a response packet whose size is greater than max_length is created, throwing an error in session_manager.rb.

dnscat2> [ERROR] Error caught:
[ERROR] [NoMethodError]: undefined method `length' for #<Packet:0x007fc32a09ae30>
[ERROR] /Users/irvinzhan/Documents/open-source/tor/dnscat2/server/session_manager.rb:153:in `block in go'
[ERROR] /Users/irvinzhan/Documents/open-source/tor/dnscat2/server/driver_dns.rb:226:in `block (2 levels) in recv'
[ERROR] /Users/irvinzhan/.rvm/gems/ruby-2.0.0-p353/gems/rubydns-0.7.3/lib/rubydns/server.rb:170:in `[]'

Note the "undefined method length" error message is fixed in an existing PR (https://github.com/iagox86/dnscat2/pull/41).

To replicate: 1) download the binary file located here: https://drive.google.com/file/d/0B8q-4HfjZWI7Znl5aHJjbkdRcnM/view?usp=sharing 2) copy it to your clipboard — for instance, use cat dummyfile8 | pbcopy if you are using a Mac 3) start up the server with rvmsudo ruby ./dnscat2.rb -u 4) start up the client with ./dnscat --host 0.0.0.0 --port 53 --console 5) paste the contents of the binary file into the console for the server side

The error is only found for messages from server to client, and not from client to server.

izhan commented 9 years ago

Turns out it was an issue with the encoding. The string we receive from next_outgoing is encoded in UTF-8 — however, calling pack on that string within MsgBody converts it to a string using ASCII-8BIT encoding. The length of the string increases as a result.

Example:

"µ".length
=> 1
"µ".force_encoding("ASCII-8BIT")
=> 2

Where do you suppose we should handle this? @outgoing_data within session.rb is already array of UTF-8 characters....perhaps we should convert any queued data to ASCII-8BIT strings immediately?

iagox86 commented 9 years ago

I merged your pull request, thanks!

Does that solve this issue?

On Fri, Apr 24, 2015 at 10:57 PM, Irvin Zhan notifications@github.com wrote:

Turns out it was an issue with the encoding. The string we receive from next_outgoing is encoded in UTF-8 — however, calling pack on that string within MsgBody converts it to a string using ASCII-8BIT encoding. The length of the string increases as a result.

Example:

"µ".length => 1 "µ".force_encoding("ASCII-8BIT") => 2

Where do you suppose we should handle this? @outgoing_data within session.rb is already array of UTF-8 characters....perhaps we should convert any queued data to ASCII-8BIT strings immediately?

— Reply to this email directly or view it on GitHub https://github.com/iagox86/dnscat2/issues/43#issuecomment-96135252.

izhan commented 9 years ago

Solved that particular issue, yup!