Could not load tags. Latest commit. Git stats 4 commits. Failed to load latest commit information. View code. DNS-Spoofing Python. Note: To utilize this application in real-world, the application should have access to sniff the packets in the network. Python Version Python3 Requirements pip3 install -r requirements.
Y www. Router DNS hijack — many routers have default passwords or firmware vulnerabilities. Attackers can take over a router and overwrite DNS settings, affecting all users connected to that router.
Man in the middle DNS attacks — attackers intercept communication between a user and a DNS server, and provide different destination IP addresses pointing to malicious sites. Cybersecurity Trends and Predictions Register Now. Request demo Learn more. Article's content. Latest Blogs. Application Security Application Delivery Data Security. Erez Hasson , Bruce Lynch. Application Delivery This means any request to the queried domain in this case prateek.
I would suggest you try querying for the other domains yourself. We will do this by traversing the entire DNS hierarchy from the root servers to the top-level domain. You will get something as shown in the figure below. We do this as shown in the figure below. What we get is a list of authoritative name servers for the com domain. Notice the dot. Now we get the list of authoritative name servers for infosecinstitute.
Now we need to query these name servers to get the IP address of Infosecinstitute. And now in the Answer Section we can see that the Ip-address for infosecinstitute. For this, we need to write the IP address in reverse order for e. A wildcard entry is used to provide responses for subdomains that do not exist.
For e. In the information gathering stage of a penetration test of a website, it is important to identify the subdomains and the IP addresses corresponding to them. Introducing a Wildcard feature reduces this to a small extent. In case wildcard entries are set on a particular domain, they could be bypassed to reveal information about its subdomains.
This is done by brute-forcing the subdomains. We have a wordlist in which we contain the subdomain names we want to test the domain against. Then we do a ping of all these subdomains, if these domains resolve to an IP address different than the host IP address, then we can very surely say that this subdomain actually exists.
However, before performing a brute force it would be better to actually check if Wildcard entries are enabled or not. For that we can ping some random subdomains for e. If this is the case for some random subdomains, then we can clearly say that Wildcard entries are enabled for this domain. We will perform a demo of this in the coming section. We saw in the previous exercises that every domain has some authoritative name servers associated with it.
For eg in the case of google. These Nameservers are used for handling requests related to the domain google. Usually, a big organization will have more than one nameservers so that if one goes down for some time, the other one is ready to back it up and handle the requests. Usually one of these servers will be the Master server and the other one will be the slave server.
Hence to stay in sync with each other, the slave server must query the Master server and fetch the latest records after a specific period of time. The Master server will provide the slave server with all the information it has. A properly configured nameserver should only be allowed to serve requests of Zone transfer from other Nameservers of the same domain. However, if the server is not configured properly it will serve all requests of Zone transfer made to it without checking the querying client.
This leads to the leakage of valuable information. We will be using the tool Fierce present by default in Backtrack. Fierce is one of the best tools available out there for DNS Analysis. We get something as shown in the figure below. What fierce does is that it first finds out the nameservers for the domain. It then checks to see if they allow zone transfers. Since one of the nameservers is not properly configured, it allows zone transfer and what we see is a dump of all the information records, subdomains etc.
A zone transfer reveals a lot of information about the domain. We can figure out a lot of things by looking at the dump. Some of them might be running on different servers. That server may not be fully patched and hence be vulnerable. From this point, we can start thinking about Metasploit, Nessus, Nmap etc and do a full vulnerability assessment of the domain. Hence this kind of information increases our attack vector by a fair amount, an amount which cannot be ignored. To protect your nameservers from leaking valuable information, one must allow zone transfer to other nameservers of the same domain only.
0コメント