kgretzky / pwndrop

Self-deployable file hosting service for red teamers, allowing to easily upload and share payloads over HTTP and WebDAV.
https://breakdev.org/pwndrop
GNU General Public License v3.0
2.02k stars 259 forks source link

Feature Request : Ability to change port on which DNS server listens #10

Closed HarshaVardhanJ closed 4 years ago

HarshaVardhanJ commented 4 years ago

Similar to how there are directives in the pwndrop.ini file for changing the HTTP and HTTPS ports, it would be nice if there was such an option for changing the DNS port.

Apart from offering more flexibility, there is another advantage to this. I'm trying to build a Docker image in which the processes(mainly pwndrop) are run as an unprivileged user(for security purposes).

Since the port on which the DNS server listens is hard-coded to a privileged port(53), there is no possibility to change it without changing the value in the /core/nameserver.go file as shown below:

func NewNameserver(ch_exit *chan bool) (*Nameserver, error) {
... [truncated]

    listen_ip := Cfg.GetListenIP()
    dns_host := fmt.Sprintf("%s:%d", listen_ip, 5353)

...[truncated]
}

Since a process started by a non-root user cannot be bound to a privileged port(<1024), it would be convenient if the ability to change the port on which the DNS server listens would be provided. Thanks!

kgretzky commented 4 years ago

Good suggestion. I haven't thought really about making the DNS port customizable.

Have you checked a setting to allow any program to listen on port <1024 with:

setcap 'cap_net_bind_service=+ep' /path/to/program

https://unix.stackexchange.com/questions/10735/allowing-a-user-to-let-listen-to-a-port-below-1024

HarshaVardhanJ commented 4 years ago

Thanks for taking the time to consider my suggestions. I have now implemented the workaround that you had suggested. The image works as intended. The 'pwndrop' process is now able to bind to privileged ports while running as a non root user. Thanks! You can take a look at the image I've pushed to my repository on Docker Hub. I've added the image with the tag nonroot.