Antichat снова доступен.
Форум Antichat (Античат) возвращается и снова открыт для пользователей.
Здесь обсуждаются безопасность, программирование, технологии и многое другое.
Сообщество снова собирается вместе.
Новый адрес: forum.antichat.xyz
 |
Man-in-the-middle Fake DNS for Metasploit |
25.09.2008, 00:20
|
|
Постоянный
Регистрация: 23.09.2007
Сообщений: 416
Провел на форуме:
1781065
Репутация:
869
|
|
Man-in-the-middle Fake DNS for Metasploit
Man-in-the-middle Fake DNS for Metasploit
Man-in-the-middle Fake DNS for Metasploit
posted by usb at 00:40:43 24.09.2008
On Episode 116 of PaulDotCom Security Weekly, Paul mentioned how it would be nice if one could have a little bit finer control over the behavior of Metasploit’s fake DNS server. It seemed like an easy enough hack, so I’ve thrown this together. I can see this being useful in some situations, and hopefully you will too.
Metasploit’s fakedns.rb is good at what it does, which is respond to any DNS query with a spoofed response pointing at a specific IP address. This module, which I’ve decided to name “mitm_fakedns.rb”, is a dirty, filthy hack of fakedns.rb. It’s not nearly as polished and thought-out as the web_search_scan.rb module I wrote and posted about a couple of days ago, but it is kinda neat anyway.
It’ll listen for DNS, and when it gets a request, it will go ahead and pass it on to a real DNS server that you can specify. Once it gets the response from the real DNS server, it’ll modify that response to point to the IP addresses you specify if it matches one of a set of regexes you provide. This allows you to be a little more “surgical” with whatever attack you have planned, by only spoofing domain names of-interest.
Let’s have a look at the “show info”:
Код:
HacBook:framework wesley$ sudo ./msfconsole
Password:
_
| | o
_ _ _ _ _|_ __, , _ | | __ _|_
/ |/ |/ | |/ | / | / \_|/ \_|/ / \_| |
| | |_/|__/|_/\_/|_/ \/ |__/ |__/\__/ |_/|_/
/|
\|
=[ msf v3.2-release
+ -- --=[ 299 exploits - 124 payloads
+ -- --=[ 18 encoders - 6 nops
=[ 68 aux
msf > use auxiliary/server/mitm_fakedns
msf auxiliary(mitm_fakedns) > info
Name: MITM DNS Service
Version: 5540
Provided by:
unknown <ddz>
hdm <hdm@metasploit.com>
Wesley McGrew <wesley@mcgrewsecurity.com>
Basic options:
Name Current Setting Required Description
---- --------------- -------- -----------
FILENAME yes File of ip,regex for filtering responses
REALDNS yes Ask this server for answers
SRVHOST 0.0.0.0 yes The local host to listen on.
SRVPORT 53 yes The local port to listen on.
Description:
This hack of the metasploit fakedns.rb serves as a sort of MITM DNS
server. Requests are passed through to a real DNS server, and the
responses are modified before being returned to the client, if they
match regular expressions set in FILENAME.
Once it's loaded, we can set our variables:
Код:
msf auxiliary(mitm_fakedns) > cat /Users/wesley/hosts.txt[*] exec: cat /Users/wesley/hosts.txt
192.168.1.1,google.com
10.0.0.1,example.com
msf auxiliary(mitm_fakedns) > set FILENAME /Users/wesley/hosts.txt
FILENAME => /Users/wesley/hosts.txt
msf auxiliary(mitm_fakedns) > set REALDNS 192.168.1.254
REALDNS => 192.168.1.254
msf auxiliary(mitm_fakedns) > run[*] Auxiliary module running as background job
msf auxiliary(mitm_fakedns) >
The file you specify should have an IP address and a regular expression, one pair per line. Once it’s running, you can test it out by pointing “dig” at it:
Код:
HacBook:~ wesley$ dig @127.0.0.1 example.com
; <<>> DiG 9.4.1-P1 <<>> @127.0.0.1 example.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38312
;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 99270 IN A 10.0.0.1
;; Query time: 39 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Aug 4 22:59:01 2008
;; MSG SIZE rcvd: 45
This should serve as a pretty good drop-in replacement for fakedns.rb for some attacks. Here’s the source:
http://mcgrewsecurity.com/codedump/mitm_fakedns.rb
SOurce:
http://www.mcgrewsecurity.com/2008/0...or-metasploit/
btw,I have posted the full article because that site was down.
|
|
|
|
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Линейный вид
