Metasploitable/DNS Bind: Difference between revisions
From charlesreid1
| Line 1: | Line 1: | ||
=Searching= | =Searching for Exploits= | ||
Searching for exploits of the DNS service that is running, ISC BIND 9.4.2, we find the following exploit: https://www.exploit-db.com/exploits/6122/ | Searching for exploits of the DNS service that is running, ISC BIND 9.4.2, we find the following exploit: https://www.exploit-db.com/exploits/6122/ | ||
This exploit is labeled <code>auxiliary/spoof/dns/bailiwicked_domain</code>. It allows us to insert malicious DNS records into the DNS server. | This exploit is labeled <code>auxiliary/spoof/dns/bailiwicked_domain</code>. It allows us to insert malicious DNS records into the DNS server. | ||
==DNS Exploit: bailiwicked domain== | |||
More information: | More information: | ||
| Line 22: | Line 24: | ||
To interpret: | To interpret: | ||
* Metasploit induces the target nameserver to ask for a bunch of hostnames at a target domain. | |||
Metasploit induces the target nameserver to ask for a bunch of hostnames at a target domain. | * Metasploit then sends fake responses from the target domain back to the target nameserver in an attempt to confuse the target nameserver. | ||
* When the attack/spoofing is successful, the target nameserver will receive a new authority server record (faked by Metasploit), and will insert this new record into its DNS cache. | |||
Metasploit then sends fake responses from the target domain back to the target nameserver in an attempt to confuse the target nameserver. | * This means the target nameserver has a new DNS record for the target domain, containing whatever DNS servers were set in the Metasploit attack. | ||
* Now, anyone requesting the target domain from the target nameserver will actually be routed to your (malicious) nameserver, where you can tamper with the request before forwarding it along. | |||
When the attack/spoofing is successful, the target nameserver will receive a new authority server record (faked by Metasploit), and will insert this new record into its DNS cache. | |||
This means the target nameserver has a new DNS record for the target domain, containing whatever DNS servers were set in the Metasploit attack. | |||
Now, anyone requesting the target domain from the target nameserver will actually be routed to your (malicious) nameserver, where you can tamper with the request before forwarding it along. | |||
=Flags= | =Flags= | ||
{{MSFlag}} | {{MSFlag}} | ||
Revision as of 06:32, 26 March 2016
Searching for Exploits
Searching for exploits of the DNS service that is running, ISC BIND 9.4.2, we find the following exploit: https://www.exploit-db.com/exploits/6122/
This exploit is labeled auxiliary/spoof/dns/bailiwicked_domain. It allows us to insert malicious DNS records into the DNS server.
DNS Exploit: bailiwicked domain
More information:
This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver. This exploit caches a single malicious nameserver entry into the target nameserver which replaces the legitimate nameservers for the target domain. By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache. This insertion completely replaces the original nameserver records for the target domain.
To interpret:
- Metasploit induces the target nameserver to ask for a bunch of hostnames at a target domain.
- Metasploit then sends fake responses from the target domain back to the target nameserver in an attempt to confuse the target nameserver.
- When the attack/spoofing is successful, the target nameserver will receive a new authority server record (faked by Metasploit), and will insert this new record into its DNS cache.
- This means the target nameserver has a new DNS record for the target domain, containing whatever DNS servers were set in the Metasploit attack.
- Now, anyone requesting the target domain from the target nameserver will actually be routed to your (malicious) nameserver, where you can tamper with the request before forwarding it along.
Flags
 |
Metasploit any and all resources related to metasploit on this wiki
Category:Metasploit - pages labeled with the "Metasploit" category label MSF/Wordlists - wordlists that come bundled with Metasploit MSFVenom - msfvenom is used to craft payloads Meterpreter - the shell you'll have when you use MSF to craft a remote shell payload.
Category:Security · Category:Metasploit · Category:Kali
|
|
Metasploitable: The Red Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack.
Exploiting MySQL with Metasploit: Metasploitable/MySQL Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres
Exploiting VSFTP Backdoor: Metasploitable/VSFTP SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force SSH Penetration with Keys: Metasploitable/SSH/Keys SSH Penetration with Metasploit: Metasploitable/SSH/Exploits Brute-Forcing Exploiting NFS: Metasploitable/NFS Exploiting DNS Bind Server: Metasploitable/DNS Bind
Metasploitable Services: distcc: Metasploitable/distcc
Metasploitable Apache: Exploiting Apache (with Metasploit): Metasploitable/Apache Exploiting Apache (with Python): Metasploitable/Apache/Python Tor's Hammer DoS Attack: Metasploitable/TorsHammer * Apache DAV: Metasploitable/Apache/DAV * Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote
Metasploitable Memory: General approach to memory-based attacks: Metasploitable/Memory Investigating memory data: Metasploitable/Volatile Data Investigation Dumping Memory from Metasploit: Metasploitable/Dumping Memory
Metasploitable Fuzzing: (Have not done much work on fuzzing Metasploitable...)
Category:Security · Category:Metasploit · Category:Metasploitable · Category:Kali
|
|
Metasploitablue: The Blue Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions.
Hence the name, Metasploita-blue. Overview: Metasploitable/Defenses Metasploitable/Defenses/Stopping · Metasploitable/Defenses/Detecting
Metasploitable On-Machine Defenses: Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation Linux Artifact Investigation: Metasploitable/Artifact Investigation Linux Iptables Essentials: Metasploitable/Iptables Firewall Assurance and Testing: Metasploitable/Firewall Password Assessment: Metasploitable/Password Assessment Standard Unix Ports: Unix/Ports
Netcat and Cryptcat (Blue Team): Metasploitable/Netcat and Metasploitable/Cryptcat Nmap (Blue Team): Metasploitable/Nmap Network Traffic Analysis: Metasploitable/Network Traffic Analysis Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns Snort IDS: Metasploitable/Snort
|