Metasploit mailing list archives
bailiwicked_domain not working even with static source port?
From: richard.k.miles at googlemail.com (Richard Miles)
Date: Mon, 17 Aug 2009 10:03:19 -0500
Make sense, but in my case it use a static source port and the metasploit is freezing, while it should be attacking the name-server with a storm of DNS packets (looking at tcpdump there is no dns packets).... On Sat, Aug 15, 2009 at 8:07 AM, MaXe<metafan at intern0t.net> wrote:
It's relatively simple, there is an ID field in the DNS protocol which Metasploit has to be able to guess as well. At least that's how I have interpreted the Karminsky bug but, if One uses both a good random number generation in the DNS ID field and random source ports then it becomes very hard to poison anything. Have you tried with an outdated nameserver which you are 100% sure has the bug as well? Else I don't believe it will work. Best regards, MaXe Richard Miles wrote:hi Sometime ago I posted a question about bailiwicked_domain and HD explained the code it unable to exploit DNS using sequential source ports. Now I tried against a DNS server with static source port and it just freeze. My output is below (it's a internal name-server that allow recursive queries)... [*] ?>> ADDRESS: xxx.xxx.xxx.xxx ?PORT: 53276 [*] ?>> ADDRESS: xxx.xxx.xxx.xxx ?PORT: 53276 [*] ?>> ADDRESS: xxx.xxx.xxx.xxx ?PORT: 53276 [*] ?>> ADDRESS: xxx.xxx.xxx.xxx ?PORT: 53276 [*] ?>> ADDRESS: xxx.xxx.xxx.xxx ?PORT: 53276 [*] ?>> ADDRESS: xxx.xxx.xxx.xxx ?PORT: 53276 [*] ?>> ADDRESS: xxx.xxx.xxx.xxx ?PORT: 53276 [*] FAIL: This server uses a static source port and is vulnerable to poisoning msf auxiliary(bailiwicked_domain) > exploit [*] Switching to target port 53276 based on Metasploit service [*] Warning: target address xxx.xxx.xxx.xxx is not the same as the nameserver's query source address yyy.yyy.yyy.yyy! [*] Targeting nameserver xxx.xxx.xxx.xxx for injection of www.hacker.com. nameservers as www.google.com [*] Querying recon nameserver for www.hacker.com.'s nameservers... At this point the exploitation get freezes, I can wait for hours or even a day and it never goes on.... Any feedback is werlcome. thankz _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- bailiwicked_domain not working even with static source port? Richard Miles (Aug 14)
- Message not available
- bailiwicked_domain not working even with static source port? Richard Miles (Aug 17)
- Message not available