Penetration Testing mailing list archives
Re: DNS Pen-Test Tools
From: Jonathan Cran <jcran () 0x0e org>
Date: Fri, 25 Dec 2009 02:20:33 -0500
-Create excessive dns queries to DNS server, i.e. Try to DOS a DNS server probably best to script this using something like Net::DNS (http://www.net-dns.org/) in perl. could also be done on the command line, but without significant effort, you're going to get less than the volume of queries you'd need to DOS a server. -Report all recorsd [sic] for a top level domain, i.e. query for all records in a domain assuming you want to do a reverse lookup: IP -> DNS, you can use fierce to brute force records. example: C:\fierce\perl fierce.pl -dns example.com -dnsserver 1.2.3.4 -range [reverse lookup] -Perform a zone transfer fierce will try to do this automatically when pointed at a domain. example: C:\fierce\perl fierce.pl -dns example.com -dnsserver 1.2.3.4 you can use almost any dns client to do this - nslookup, dig, even host can do it. example: dig @1.2.3.4 example.com -t axfr Also, look into dns cache poisoning (this link is a bit dated, but explains the issue - http://www.secureworks.com/research/articles/cachepoisoning) and dns cache snooping (http://blog.commandlinekungfu.com/2009/03/episode-17-dns-cache-snooping-in-single.html). Additionally, see if you can create arbitrary entries in the DNS cache via DHCP, or by registering via Dynamic DNS (http://en.wikipedia.org/wiki/Dynamic_DNS). also, you may want to look for default entries such as the WPAD dns registration issue (http://www.securityfocus.com/bid/33989/discuss) make sure to check for known vulnerabilities - i run into a lot of vulnerable bind servers... hope it helps. jcran On Mon, Dec 21, 2009 at 1:41 AM, Zaki Akhmad <zakiakhmad () gmail com> wrote:
On Tue, Dec 15, 2009 at 3:54 PM, Shohn Trojacek <trojacek () gmail com> wrote:This may help: http://wiki.remote-exploit.org/backtrack/wiki/ScriptsIs there a problem? I can't download the script mention above Oops… Trac detected an internal error: RuntimeError: instance.__dict__ not accessible in restricted mode There was an internal error in Trac. It is recommended that you inform your local Trac administrator and give him all the information he needs to reproduce the issue. To that end, you could The action that triggered the error was: ... ... GET: /wiki/wifu-setup.sh Thanks! -- Zaki Akhmad ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
-- Jonathan Cran jcran () 0x0e org 515.890.0070 ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- DNS Pen-Test Tools dpfromme (Dec 15)
- Re: DNS Pen-Test Tools Shohn Trojacek (Dec 15)
- Re: DNS Pen-Test Tools Zaki Akhmad (Dec 21)
- Re: DNS Pen-Test Tools Jonathan Cran (Dec 29)
- Re: DNS Pen-Test Tools Zaki Akhmad (Dec 21)
- Re: DNS Pen-Test Tools Shohn Trojacek (Dec 15)