dns2proxy is an offensive DNS server that offers various features for post-exploitation once you’ve changed the DNS server of a victim. It’s very frequently used in combination with sslstrip. Features Traditional DNS Spoofing Implements DNS Spoofing via Forwarding Detects and corrects changes for sslstrip to work Usage Using the spoof.cfg config file with the format: […]
hacking dns
dnsscan – DNS Open Recursive Resolver Scanner/Scanning Tool
[ad] Dnsscan is a tool for finger printing open recursive resolvers. It runs in conjuction with a small server that knows how to reply to queries forwarded from probed resolvers. For example, assume that you have delegated osd.example.org:
1 2 |
osd.example.org. 900 IN NS ns1.example.org. ns1.example.org. 900 IN A 10.0.0.1 |
On 10.0.0.1, you would run:
1 |
# ./dnsresponder -Q .osd.example.org |
On the client that initiates the DNS probes, you would […]
PorkBind v1.3 – Nameserver (DNS) Security Scanner
[ad] This program retrieves version information for the nameservers of a domain and produces a report that describes possible vulnerabilities of each. Vulnerability information is configurable through a configuration file; the default is porkbind.conf. Each nameserver is tested for recursive queries and zone transfers. The code is parallelized with libpthread. Changes for v1.3 Wrote in-a-bind […]
Exploit for Kaminsky DNS Bug Goes Wild
[ad] There has been a lot of hype about this one, but this flaw is a real threat and the working exploits are now available in the wild. To top that, they have already been ported into Metasploit! I hope all the major ISPs are in a patching frenzy right now and not thinking to […]
Zodiac – DNS Protocol Monitoring and Spoofing Tool
[ad] Zodiac is a DNS protocol analyzation and exploitation program. It is a robust tool to explore the DNS protocol. Internally it contains advanced DNS routines for DNS packet construction and disassembling and is the optimal tool if you just want to try something out without undergoing the hassle to rewrite DNS packet routines or […]