EvilZone

Hacking and Security => Hacking and Security => : erogol December 11, 2012, 01:36:03 AM

: How could I detect DNS servers on my university network?
: erogol December 11, 2012, 01:36:03 AM: I aim to detect the ip addresses of the DNS machines on my university network. Since they propose a filtering, I'll try to thrash them up. Hence the first step is to detect DNS servers. I have some experiences with nmap but I cannot set it specifically for finding DNS servers on net. How could I do it?
: Re: How could I detect DNS servers on my university network?
: RedBullAddicted December 11, 2012, 06:57:03 AM: Hi,

if you get you settings automatically via DHCP you can run ipconfig /all or you can do a nslookup www.google.de. The internal DNS Server should reply to this. On linux you can have a look with cat /etc/resolv.conf . With nmap you need to scan for port 53 UDP and TCP
nmap -p U:53,T:53 [your Subnet]. you can add the switch -sV to get a version detection as well.

Hope this helps.
: Re: How could I detect DNS servers on my university network?
: kenjoe41 December 13, 2012, 10:00:39 AM: here is a tool thanks to null security that looks for dns servers. hope its of any use to u.
:
dnsgoblin.c - nasty creature constantly searching for DNS servers DESCRIPTION * * dnsgoblin uses standard dns querys and waits for the replies. COMPILE * * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic \ * * --std=gnu99 -D_REENTRANT * * You may pipe stdout into a file: ./dnsgoblin > dnslist#include <stdio.h> #include <time.h> #include <stdlib.h> #include <signal.h> #include <string.h> #include <netinet/udp.h> #include <sys/socket.h> #include <unistd.h> #include <sys/time.h> #include <arpa/inet.h> #include <linux/ip.h> #include <inttypes.h> #include <pthread.h> /* the ip header struct */ struct ipheader { uint8_t v; uint8_t tos; uint16_t len; uint16_t id; uint16_t off; u_char ttl; u_char p; uint16_t sum; uint32_t src; uint32_t dst; }; /* _beginning_ of dns header */ struct dnsheader { uint16_t trans_id; /* incomplete */ }; void sig_int(int sig); char *human_addr(uint32_t ip_addr); void *lstn(void *ptr); int8_t check_ip_addr(char *ptr); int main(int argc, char **argv); /* quit if SIGINT is received */ void sig_int(int sig) { if (sig != SIGINT) { exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* check if the given ip is valid */ int8_t check_ip_addr(char *ptr) { if( strlen(ptr) > 16) { printf("error: ip addr too long\n"); exit(EXIT_FAILURE); } if( (int)inet_addr(ptr) == -1 ) { printf("error: ip addr not correct\n"); exit(EXIT_FAILURE); } return(0); } /* int ip -> dotted decimals */ char * human_addr(uint32_t ip_addr) { char *ptr = calloc(1,16); uint8_t oct1 = 0; uint8_t oct2 = 0; uint8_t oct3 = 0; uint8_t oct4 = 0;; oct1 = ( ip_addr >> 24 ) & 0xFF; oct2 = ( ip_addr >> 16 ) & 0xFF; oct3 = ( ip_addr >> 8 ) & 0xFF; oct4 = ip_addr & 0xFF; sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1); return(ptr); } /* listen for dns responses */ void *lstn(void *ptr) { int *sptr = ptr; int sockfd = *sptr; struct ipheader *ip = NULL; uint8_t *pkt_recv = calloc(1,2048); char *cptr = NULL; while(1==1) { memset(pkt_recv,0x00,2047); if( recv(sockfd, pkt_recv, 2047, 0) > 0) { ip = (struct ipheader *)pkt_recv; cptr = human_addr(ip->src); printf("%s\n",cptr); free(cptr); } } } int main(int argc, char **argv) { int32_t sockfd; /* raw socket to inject packets */ int32_t sockfd2; /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */ struct sockaddr_in ifcfg; struct sockaddr_in sin; int one = 1; const int *val = &one; /* what can you find out here? */ char packet[] = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01"; struct ipheader *ip = NULL; struct udphdr *udp = NULL; struct dnsheader *dns = NULL; uint16_t local_port = 0; pthread_t trd_lstn; if( argc < 2) { printf("error: need local ip as arg\n"); exit(EXIT_FAILURE); } check_ip_addr(argv[1]); srand ( time(NULL) ); signal(SIGINT, sig_int); /* set up a signal handler */ /* get random port */ local_port = (uint32_t)rand(); /* pseudo socket */ sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* bind to port (used to prevent icmp bla) */ ifcfg.sin_family = AF_INET; ifcfg.sin_port = htons(local_port); ifcfg.sin_addr.s_addr = htonl(INADDR_ANY); bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg)); /* create main raw sock */ sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); sin.sin_family = AF_INET; sin.sin_port = htons (local_port); if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) { printf("err\n"); } if(sockfd < 0) { fprintf(stderr,"error: rawsock cannot be created. No permission.\n"); exit(EXIT_FAILURE); } /* change the UDI (-> nobody) */ setuid(65534); /* create thread which is listening for dns responses */ pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd); ip = (struct ipheader *)packet; ip->id = ntohs( rand() ); ip->v = 0x45; ip->tos = 0x0054; ip->len = 30; ip->off = 0x0000; ip->ttl = 0xff; ip->p = 17; ip->sum = 0x0000; ip->src = inet_addr(argv[1]); udp = (struct udphdr *)(packet + sizeof(struct ipheader)); udp->source = ntohs( local_port ); udp->dest = ntohs(53); dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) ); while(1==1) { /* do some modifications */ ip->id = ntohs( rand() ); ip->dst = ntohl( rand() ); dns->trans_id = ntohs( rand() ); if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0){ printf("error: sendto failed\n"); exit(EXIT_FAILURE); } usleep(5000); /* you may increase/decrease this */ } close(sockfd); return 0; } /* EOF */
: Re: How could I detect DNS servers on my university network?
: Xires December 13, 2012, 04:53:48 PM: Dear g0d..learn to check line endings.
: kenjoe41 December 13, 2012, 10:00:39 AM
here is a tool thanks to null security that looks for dns servers. hope its of any use to u.
:
dnsgoblin.c - nasty creature constantly searching for DNS servers DESCRIPTION * * dnsgoblin uses standard dns querys and waits for the replies. COMPILE * * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic \ * * --std=gnu99 -D_REENTRANT * * You may pipe stdout into a file: ./dnsgoblin > dnslist#include <stdio.h> #include <time.h> #include <stdlib.h> #include <signal.h> #include <string.h> #include <netinet/udp.h> #include <sys/socket.h> #include <unistd.h> #include <sys/time.h> #include <arpa/inet.h> #include <linux/ip.h> #include <inttypes.h> #include <pthread.h> /* the ip header struct */ struct ipheader { uint8_t v; uint8_t tos; uint16_t len; uint16_t id; uint16_t off; u_char ttl; u_char p; uint16_t sum; uint32_t src; uint32_t dst; }; /* _beginning_ of dns header */ struct dnsheader { uint16_t trans_id; /* incomplete */ }; void sig_int(int sig); char *human_addr(uint32_t ip_addr); void *lstn(void *ptr); int8_t check_ip_addr(char *ptr); int main(int argc, char **argv); /* quit if SIGINT is received */ void sig_int(int sig) { if (sig != SIGINT) { exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* check if the given ip is valid */ int8_t check_ip_addr(char *ptr) { if( strlen(ptr) > 16) { printf("error: ip addr too long\n"); exit(EXIT_FAILURE); } if( (int)inet_addr(ptr) == -1 ) { printf("error: ip addr not correct\n"); exit(EXIT_FAILURE); } return(0); } /* int ip -> dotted decimals */ char * human_addr(uint32_t ip_addr) { char *ptr = calloc(1,16); uint8_t oct1 = 0; uint8_t oct2 = 0; uint8_t oct3 = 0; uint8_t oct4 = 0;; oct1 = ( ip_addr >> 24 ) & 0xFF; oct2 = ( ip_addr >> 16 ) & 0xFF; oct3 = ( ip_addr >> 8 ) & 0xFF; oct4 = ip_addr & 0xFF; sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1); return(ptr); } /* listen for dns responses */ void *lstn(void *ptr) { int *sptr = ptr; int sockfd = *sptr; struct ipheader *ip = NULL; uint8_t *pkt_recv = calloc(1,2048); char *cptr = NULL; while(1==1) { memset(pkt_recv,0x00,2047); if( recv(sockfd, pkt_recv, 2047, 0) > 0) { ip = (struct ipheader *)pkt_recv; cptr = human_addr(ip->src); printf("%s\n",cptr); free(cptr); } } } int main(int argc, char **argv) { int32_t sockfd; /* raw socket to inject packets */ int32_t sockfd2; /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */ struct sockaddr_in ifcfg; struct sockaddr_in sin; int one = 1; const int *val = &one; /* what can you find out here? */ char packet[] = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01"; struct ipheader *ip = NULL; struct udphdr *udp = NULL; struct dnsheader *dns = NULL; uint16_t local_port = 0; pthread_t trd_lstn; if( argc < 2) { printf("error: need local ip as arg\n"); exit(EXIT_FAILURE); } check_ip_addr(argv[1]); srand ( time(NULL) ); signal(SIGINT, sig_int); /* set up a signal handler */ /* get random port */ local_port = (uint32_t)rand(); /* pseudo socket */ sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* bind to port (used to prevent icmp bla) */ ifcfg.sin_family = AF_INET; ifcfg.sin_port = htons(local_port); ifcfg.sin_addr.s_addr = htonl(INADDR_ANY); bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg)); /* create main raw sock */ sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); sin.sin_family = AF_INET; sin.sin_port = htons (local_port); if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) { printf("err\n"); } if(sockfd < 0) { fprintf(stderr,"error: rawsock cannot be created. No permission.\n"); exit(EXIT_FAILURE); } /* change the UDI (-> nobody) */ setuid(65534); /* create thread which is listening for dns responses */ pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd); ip = (struct ipheader *)packet; ip->id = ntohs( rand() ); ip->v = 0x45; ip->tos = 0x0054; ip->len = 30; ip->off = 0x0000; ip->ttl = 0xff; ip->p = 17; ip->sum = 0x0000; ip->src = inet_addr(argv[1]); udp = (struct udphdr *)(packet + sizeof(struct ipheader)); udp->source = ntohs( local_port ); udp->dest = ntohs(53); dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) ); while(1==1) { /* do some modifications */ ip->id = ntohs( rand() ); ip->dst = ntohl( rand() ); dns->trans_id = ntohs( rand() ); if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0){ printf("error: sendto failed\n"); exit(EXIT_FAILURE); } usleep(5000); /* you may increase/decrease this */ } close(sockfd); return 0; } /* EOF */

Cleaned code:
: (c)
/* dnsgoblin.c - nasty creature constantly searching for DNS servers * * DESCRIPTION * * dnsgoblin uses standard dns querys and waits for the replies. * * COMPILE * * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic --std=gnu99 -D_REENTRANT * * You may pipe stdout into a file: ./dnsgoblin > dnslist */ #include <stdio.h> #include <time.h> #include <stdlib.h> #include <signal.h> #include <string.h> #include <netinet/udp.h> #include <sys/socket.h> #include <unistd.h> #include <sys/time.h> #include <arpa/inet.h> #include <linux/ip.h> #include <inttypes.h> #include <pthread.h> /* the ip header struct */ struct ipheader { uint8_t v; uint8_t tos; uint16_t len; uint16_t id; uint16_t off; u_char ttl; u_char p; uint16_t sum; uint32_t src; uint32_t dst; }; /* _beginning_ of dns header */ struct dnsheader { uint16_t trans_id; /* incomplete */ }; void sig_int(int sig); char *human_addr(uint32_t ip_addr); void *lstn(void *ptr); int8_t check_ip_addr(char *ptr); int main(int argc, char **argv); /* quit if SIGINT is received */ void sig_int(int sig) { if (sig != SIGINT) { exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* check if the given ip is valid */ int8_t check_ip_addr(char *ptr) { if( strlen(ptr) > 16) { printf("error: ip addr too long\n"); exit(EXIT_FAILURE); } if( (int)inet_addr(ptr) == -1 ) { printf("error: ip addr not correct\n"); exit(EXIT_FAILURE); } return(0); } /* int ip -> dotted decimals */ char * human_addr(uint32_t ip_addr) { char *ptr = calloc(1,16); uint8_t oct1 = 0; uint8_t oct2 = 0; uint8_t oct3 = 0; uint8_t oct4 = 0; oct1 = ( ip_addr >> 24 ) & 0xFF; oct2 = ( ip_addr >> 16 ) & 0xFF; oct3 = ( ip_addr >> 8 ) & 0xFF; oct4 = ip_addr & 0xFF; sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1); return(ptr); } /* listen for dns responses */ void *lstn(void *ptr) { int *sptr = ptr; int sockfd = *sptr; struct ipheader *ip = NULL; uint8_t *pkt_recv = calloc(1,2048); char *cptr = NULL; while(1==1) { memset(pkt_recv,0x00,2047); if( recv(sockfd, pkt_recv, 2047, 0) > 0) { ip = (struct ipheader *)pkt_recv; cptr = human_addr(ip->src); printf("%s\n",cptr); free(cptr); } } } int main(int argc, char **argv) { int32_t sockfd; /* raw socket to inject packets */ int32_t sockfd2; /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */ struct sockaddr_in ifcfg; struct sockaddr_in sin; int one = 1; const int *val = &one; /* what can you find out here? */ char packet[] = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01"; struct ipheader *ip = NULL; struct udphdr *udp = NULL; struct dnsheader *dns = NULL; uint16_t local_port = 0; pthread_t trd_lstn; if( argc < 2) { printf("error: need local ip as arg\n"); exit(EXIT_FAILURE); } check_ip_addr(argv[1]); srand ( time(NULL) ); signal(SIGINT, sig_int); /* set up a signal handler */ /* get random port */ local_port = (uint32_t)rand(); /* pseudo socket */ sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* bind to port (used to prevent icmp bla) */ ifcfg.sin_family = AF_INET; ifcfg.sin_port = htons(local_port); ifcfg.sin_addr.s_addr = htonl(INADDR_ANY); bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg)); /* create main raw sock */ sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); sin.sin_family = AF_INET; sin.sin_port = htons (local_port); if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) { printf("err\n"); } if(sockfd < 0) { fprintf(stderr,"error: rawsock cannot be created. No permission.\n"); exit(EXIT_FAILURE); } /* change the UDI (-> nobody) */ setuid(65534); /* create thread which is listening for dns responses */ pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd); ip = (struct ipheader *)packet; ip->id = ntohs( rand() ); ip->v = 0x45; ip->tos = 0x0054; ip->len = 30; ip->off = 0x0000; ip->ttl = 0xff; ip->p = 17; ip->sum = 0x0000; ip->src = inet_addr(argv[1]); udp = (struct udphdr *)(packet + sizeof(struct ipheader)); udp->source = ntohs( local_port ); udp->dest = ntohs(53); dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) ); while(1==1) { /* do some modifications */ ip->id = ntohs( rand() ); ip->dst = ntohl( rand() ); dns->trans_id = ntohs( rand() ); if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0) { printf("error: sendto failed\n"); exit(EXIT_FAILURE); } usleep(5000); /* you may increase/decrease this */ } close(sockfd); return 0; } /* EOF */
I did find a couple minor mistakes that were rather glaring. I corrected those. I've not tested the code yet, just cleaned it up.

@OP; 'dig' is a useful tool. There's also DJB's 'dnstrace' tool. Research a little.
: Re: How could I detect DNS servers on my university network?
: s3my0n December 13, 2012, 05:10:43 PM: I'm confused about this dnsgoblin, whatever IP address I give it, it always prints out "error: sendto failed" :/
: Re: How could I detect DNS servers on my university network?
: erogol December 17, 2012, 02:05:13 PM: : kenjoe41 December 13, 2012, 10:00:39 AM
here is a tool thanks to null security that looks for dns servers. hope its of any use to u.
:
dnsgoblin.c - nasty creature constantly searching for DNS servers DESCRIPTION * * dnsgoblin uses standard dns querys and waits for the replies. COMPILE * * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic \ * * --std=gnu99 -D_REENTRANT * * You may pipe stdout into a file: ./dnsgoblin > dnslist#include <stdio.h> #include <time.h> #include <stdlib.h> #include <signal.h> #include <string.h> #include <netinet/udp.h> #include <sys/socket.h> #include <unistd.h> #include <sys/time.h> #include <arpa/inet.h> #include <linux/ip.h> #include <inttypes.h> #include <pthread.h> /* the ip header struct */ struct ipheader { uint8_t v; uint8_t tos; uint16_t len; uint16_t id; uint16_t off; u_char ttl; u_char p; uint16_t sum; uint32_t src; uint32_t dst; }; /* _beginning_ of dns header */ struct dnsheader { uint16_t trans_id; /* incomplete */ }; void sig_int(int sig); char *human_addr(uint32_t ip_addr); void *lstn(void *ptr); int8_t check_ip_addr(char *ptr); int main(int argc, char **argv); /* quit if SIGINT is received */ void sig_int(int sig) { if (sig != SIGINT) { exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* check if the given ip is valid */ int8_t check_ip_addr(char *ptr) { if( strlen(ptr) > 16) { printf("error: ip addr too long\n"); exit(EXIT_FAILURE); } if( (int)inet_addr(ptr) == -1 ) { printf("error: ip addr not correct\n"); exit(EXIT_FAILURE); } return(0); } /* int ip -> dotted decimals */ char * human_addr(uint32_t ip_addr) { char *ptr = calloc(1,16); uint8_t oct1 = 0; uint8_t oct2 = 0; uint8_t oct3 = 0; uint8_t oct4 = 0;; oct1 = ( ip_addr >> 24 ) & 0xFF; oct2 = ( ip_addr >> 16 ) & 0xFF; oct3 = ( ip_addr >> 8 ) & 0xFF; oct4 = ip_addr & 0xFF; sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1); return(ptr); } /* listen for dns responses */ void *lstn(void *ptr) { int *sptr = ptr; int sockfd = *sptr; struct ipheader *ip = NULL; uint8_t *pkt_recv = calloc(1,2048); char *cptr = NULL; while(1==1) { memset(pkt_recv,0x00,2047); if( recv(sockfd, pkt_recv, 2047, 0) > 0) { ip = (struct ipheader *)pkt_recv; cptr = human_addr(ip->src); printf("%s\n",cptr); free(cptr); } } } int main(int argc, char **argv) { int32_t sockfd; /* raw socket to inject packets */ int32_t sockfd2; /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */ struct sockaddr_in ifcfg; struct sockaddr_in sin; int one = 1; const int *val = &one; /* what can you find out here? */ char packet[] = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01"; struct ipheader *ip = NULL; struct udphdr *udp = NULL; struct dnsheader *dns = NULL; uint16_t local_port = 0; pthread_t trd_lstn; if( argc < 2) { printf("error: need local ip as arg\n"); exit(EXIT_FAILURE); } check_ip_addr(argv[1]); srand ( time(NULL) ); signal(SIGINT, sig_int); /* set up a signal handler */ /* get random port */ local_port = (uint32_t)rand(); /* pseudo socket */ sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* bind to port (used to prevent icmp bla) */ ifcfg.sin_family = AF_INET; ifcfg.sin_port = htons(local_port); ifcfg.sin_addr.s_addr = htonl(INADDR_ANY); bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg)); /* create main raw sock */ sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); sin.sin_family = AF_INET; sin.sin_port = htons (local_port); if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) { printf("err\n"); } if(sockfd < 0) { fprintf(stderr,"error: rawsock cannot be created. No permission.\n"); exit(EXIT_FAILURE); } /* change the UDI (-> nobody) */ setuid(65534); /* create thread which is listening for dns responses */ pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd); ip = (struct ipheader *)packet; ip->id = ntohs( rand() ); ip->v = 0x45; ip->tos = 0x0054; ip->len = 30; ip->off = 0x0000; ip->ttl = 0xff; ip->p = 17; ip->sum = 0x0000; ip->src = inet_addr(argv[1]); udp = (struct udphdr *)(packet + sizeof(struct ipheader)); udp->source = ntohs( local_port ); udp->dest = ntohs(53); dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) ); while(1==1) { /* do some modifications */ ip->id = ntohs( rand() ); ip->dst = ntohl( rand() ); dns->trans_id = ntohs( rand() ); if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0){ printf("error: sendto failed\n"); exit(EXIT_FAILURE); } usleep(5000); /* you may increase/decrease this */ } close(sockfd); return 0; } /* EOF */

Do I need to do something special other than the compile command in the code since I get lot of errors while compilation.
: Re: How could I detect DNS servers on my university network?
: Xires December 17, 2012, 04:38:06 PM: Here..'fixed'...it compiles, it runs...it still sucks. I suggest at least running, as root:
: (bash)
# ip=127.0.0.1; ./dnsgoblin ${ip} | grep -v ${ip} | uniqThis eliminates some of the redundant output so you don't have to wade through hundreds of lines of your own IP address.
: (c)
/* dnsgoblin.c - nasty creature constantly searching for DNS servers * * DESCRIPTION * * dnsgoblin uses standard dns querys and waits for the replies. * * COMPILE * * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic --std=gnu99 -D_REENTRANT (newer systems may want to use -pthread instead of -lpthread) * * You may pipe stdout into a file: ./dnsgoblin > dnslist */ #define _XOPEN_SOURCE 500 #include <stdio.h> #include <time.h> #include <stdlib.h> #include <signal.h> #include <string.h> #include <netinet/udp.h> #include <sys/socket.h> #include <unistd.h> #include <sys/time.h> #include <arpa/inet.h> #include <linux/ip.h> #include <inttypes.h> #include <pthread.h> typedef unsigned char u_char; /* the ip header struct */ struct ipheader { uint8_t v; uint8_t tos; uint16_t len; uint16_t id; uint16_t off; u_char ttl; u_char p; uint16_t sum; uint32_t src; uint32_t dst; }; /* _beginning_ of dns header */ struct dnsheader { uint16_t trans_id; /* incomplete */ }; void sig_int(int sig); char *human_addr(uint32_t ip_addr); void *lstn(void *ptr); int8_t check_ip_addr(char *ptr); int main(int argc, char **argv); /* quit if SIGINT is received */ void sig_int(int sig) { if (sig != SIGINT) { exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* check if the given ip is valid */ int8_t check_ip_addr(char *ptr) { if( strlen(ptr) > 16) { printf("error: ip addr too long\n"); exit(EXIT_FAILURE); } if( (int)inet_addr(ptr) == -1 ) { printf("error: ip addr not correct\n"); exit(EXIT_FAILURE); } return(0); } /* int ip -> dotted decimals */ char * human_addr(uint32_t ip_addr) { char *ptr = calloc(1,16); uint8_t oct1 = 0; uint8_t oct2 = 0; uint8_t oct3 = 0; uint8_t oct4 = 0; oct1 = ( ip_addr >> 24 ) & 0xFF; oct2 = ( ip_addr >> 16 ) & 0xFF; oct3 = ( ip_addr >> 8 ) & 0xFF; oct4 = ip_addr & 0xFF; sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1); return(ptr); } /* listen for dns responses */ void *lstn(void *ptr) { int *sptr = ptr; int sockfd = *sptr; struct ipheader *ip = NULL; uint8_t *pkt_recv = calloc(1,2048); char *cptr = NULL; while(1==1) { memset(pkt_recv,0x00,2047); if( recv(sockfd, pkt_recv, 2047, 0) > 0) { ip = (struct ipheader *)pkt_recv; cptr = human_addr(ip->src); printf("%s\n",cptr); free(cptr); } } } int main(int argc, char **argv) { int32_t sockfd; /* raw socket to inject packets */ int32_t sockfd2; /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */ struct sockaddr_in ifcfg; struct sockaddr_in sin; int one = 1; const int *val = &one; /* what can you find out here? */ char packet[] = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01"; struct ipheader *ip = NULL; struct udphdr *udp = NULL; struct dnsheader *dns = NULL; uint16_t local_port = 0; pthread_t trd_lstn; if( argc < 2) { printf("error: need local ip as arg\n"); exit(EXIT_FAILURE); } check_ip_addr(argv[1]); srand ( time(NULL) ); signal(SIGINT, sig_int); /* set up a signal handler */ /* get random port */ local_port = (uint32_t)rand(); /* pseudo socket */ sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* bind to port (used to prevent icmp bla) */ ifcfg.sin_family = AF_INET; ifcfg.sin_port = htons(local_port); ifcfg.sin_addr.s_addr = htonl(INADDR_ANY); bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg)); /* create main raw sock */ sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); sin.sin_family = AF_INET; sin.sin_port = htons (local_port); if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) { printf("err\n"); } if(sockfd < 0) { fprintf(stderr,"error: rawsock cannot be created. No permission.\n"); exit(EXIT_FAILURE); } /* change the UDI (-> nobody) */ setuid(65534); /* create thread which is listening for dns responses */ pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd); ip = (struct ipheader *)packet; ip->id = ntohs( rand() ); ip->v = 0x45; ip->tos = 0x0054; ip->len = 30; ip->off = 0x0000; ip->ttl = 0xff; ip->p = 17; ip->sum = 0x0000; ip->src = inet_addr(argv[1]); udp = (struct udphdr *)(packet + sizeof(struct ipheader)); udp->source = ntohs( local_port ); udp->dest = ntohs(53); dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) ); while(1==1) { /* do some modifications */ ip->id = ntohs( rand() ); ip->dst = ntohl( rand() ); dns->trans_id = ntohs( rand() ); if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0) { printf("error: sendto failed\n"); exit(EXIT_FAILURE); } usleep(5000); /* you may increase/decrease this */ } close(sockfd); return 0; } /* EOF */Note the changes in the comment header. You may need to use -pthread instead of -lpthread.
: (bash)
$ gcc -O2 -Wall -Wextra -ansi -pedantic --std=gnu99 -D_REENTRANT -pthread -o dnsgoblinc{,.c}