metasploit-framework/dns_amp.md at master

1.2 KiB

Raw Permalink Blame History

Vulnerable Application

This module can be used to discover DNS servers which expose recursive name lookups which can be used in an amplification attack against a third party.

BIND 9.4.1-P1: source Ubuntu 7.10: Gutsy Gibbon

Verification Steps

Start msfconsole
Do: use modules/auxiliary/scanner/dns/dns_amp
Do: set DOMAINNAME [domain]
Do: set RHOST [ip]
Do: run

Scenarios

A run on Ubuntu 7.10 (Gutsy Gibbon) and BIND 9.4.1-P1

msf > use modules/auxiliary/scanner/dns/dns_amp
msf auxiliary(scanner/dns/dns_amp) > set DOMAINNAME domain.com
  DOMAINNAME => domain.com
msf auxiliary(scanner/dns/dns_amp) > set RHOSTS 192.168.10.254
  RHOSTS => 192.168.10.254
msf auxiliary(scanner/dns/dns_amp) > run
  [*] Sending DNS probes to 192.168.10.254->192.168.10.254 (1 hosts)
  [*] Sending 70 bytes to each host using the IN ANY domain.com request
  [+] 192.168.10.254:53 - Response is 374 bytes [5.34x Amplification]
  [*] Scanned 1 of 1 hosts (100% complete)
  [*] Auxiliary module execution completed

1.2 KiB Raw Permalink Blame History

Vulnerable Application

Verification Steps

Scenarios

A run on Ubuntu 7.10 (Gutsy Gibbon) and BIND 9.4.1-P1

1.2 KiB

Raw Permalink Blame History