Author Topic: How could I detect DNS servers on my university network?  (Read 2132 times)

0 Members and 3 Guests are viewing this topic.

Offline erogol

  • /dev/null
  • *
  • Posts: 19
  • Cookies: -3
    • View Profile
How could I detect DNS servers on my university network?
« on: December 11, 2012, 01:36:03 am »
I aim to detect the ip addresses of the DNS machines on my university network. Since they propose a filtering, I'll try to thrash them up. Hence the first step is to detect DNS servers. I have some experiences with nmap but I cannot set it specifically for finding DNS servers on net. How could I do it?
« Last Edit: December 11, 2012, 01:53:49 am by erogol »

Offline RedBullAddicted

  • Moderator
  • Sir
  • *
  • Posts: 519
  • Cookies: 189
    • View Profile
Re: How could I detect DNS servers on my university network?
« Reply #1 on: December 11, 2012, 06:57:03 am »
Hi,

if you get you settings automatically via DHCP you can run ipconfig /all or you can do a nslookup www.google.de. The internal DNS Server should reply to this. On linux you can have a look with cat /etc/resolv.conf . With nmap you need to scan for port 53 UDP and TCP
nmap -p U:53,T:53 [your Subnet]. you can add the switch -sV to get a version detection as well.

Hope this helps.
Deep into that darkness peering, long I stood there, wondering, fearing, doubting, dreaming dreams no mortal ever dared to dream before. - Edgar Allan Poe

Offline kenjoe41

  • Symphorophiliac Programmer
  • Administrator
  • Baron
  • *
  • Posts: 990
  • Cookies: 224
    • View Profile
Re: How could I detect DNS servers on my university network?
« Reply #2 on: December 13, 2012, 10:00:39 am »
here is a tool thanks to null security that looks for dns servers. hope its of any use to u.
Code: [Select]
dnsgoblin.c - nasty creature constantly searching for DNS servers   DESCRIPTION                                                                 * * dnsgoblin uses standard dns querys and waits for the replies.   COMPILE                                                                     * * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic \                     * * --std=gnu99 -D_REENTRANT                                                    * *                          You may pipe stdout into a file: ./dnsgoblin > dnslist#include <stdio.h> #include <time.h> #include <stdlib.h> #include <signal.h> #include <string.h> #include <netinet/udp.h> #include <sys/socket.h> #include <unistd.h> #include <sys/time.h> #include <arpa/inet.h> #include <linux/ip.h> #include <inttypes.h> #include <pthread.h> /* the ip header struct */ struct ipheader { uint8_t v; uint8_t tos; uint16_t len; uint16_t id; uint16_t off; u_char ttl; u_char p; uint16_t sum; uint32_t src; uint32_t dst; }; /* _beginning_ of dns header */ struct dnsheader { uint16_t trans_id; /* incomplete */ }; void sig_int(int sig); char *human_addr(uint32_t ip_addr); void *lstn(void *ptr); int8_t   check_ip_addr(char *ptr); int  main(int argc, char **argv); /* quit if SIGINT is received */ void sig_int(int sig) { if (sig != SIGINT) { exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* check if the given ip is valid */ int8_t check_ip_addr(char *ptr) { if( strlen(ptr) > 16) { printf("error: ip addr too long\n"); exit(EXIT_FAILURE); } if( (int)inet_addr(ptr) == -1 ) { printf("error: ip addr not correct\n"); exit(EXIT_FAILURE); } return(0); } /* int ip -> dotted decimals */ char * human_addr(uint32_t ip_addr) { char *ptr    = calloc(1,16); uint8_t oct1 = 0; uint8_t oct2 = 0; uint8_t oct3 = 0; uint8_t oct4 = 0;; oct1 = ( ip_addr >> 24 ) & 0xFF; oct2 = ( ip_addr >> 16 ) & 0xFF; oct3 = ( ip_addr >> 8  ) & 0xFF; oct4 =   ip_addr         & 0xFF; sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1); return(ptr); } /* listen for dns responses */ void *lstn(void *ptr) { int *sptr             = ptr; int sockfd            = *sptr; struct ipheader *ip   = NULL; uint8_t *pkt_recv     = calloc(1,2048); char *cptr            = NULL; while(1==1) { memset(pkt_recv,0x00,2047); if( recv(sockfd, pkt_recv, 2047, 0) > 0) { ip = (struct ipheader *)pkt_recv; cptr = human_addr(ip->src); printf("%s\n",cptr); free(cptr); } } } int main(int argc, char **argv) { int32_t sockfd; /* raw socket to inject packets */ int32_t sockfd2; /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */ struct sockaddr_in ifcfg; struct sockaddr_in sin; int        one = 1; const int *val = &one; /* what can you find out here? */ char packet[]  = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01"; struct ipheader  *ip  = NULL; struct udphdr    *udp = NULL; struct dnsheader *dns = NULL; uint16_t local_port   = 0; pthread_t trd_lstn; if( argc < 2) { printf("error: need local ip as arg\n"); exit(EXIT_FAILURE); } check_ip_addr(argv[1]); srand ( time(NULL)    ); signal(SIGINT, sig_int); /* set up a signal handler */ /* get random port */ local_port = (uint32_t)rand(); /* pseudo socket */ sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* bind to port (used to prevent icmp bla) */ ifcfg.sin_family      = AF_INET; ifcfg.sin_port        = htons(local_port); ifcfg.sin_addr.s_addr = htonl(INADDR_ANY); bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg)); /* create main raw sock */ sockfd         = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); sin.sin_family = AF_INET; sin.sin_port   = htons (local_port); if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) { printf("err\n"); } if(sockfd < 0) { fprintf(stderr,"error: rawsock cannot be created. No permission.\n"); exit(EXIT_FAILURE); } /* change the UDI (-> nobody) */ setuid(65534); /* create thread which is listening for dns responses */ pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd); ip = (struct ipheader *)packet; ip->id  = ntohs( rand() ); ip->v   = 0x45; ip->tos = 0x0054; ip->len = 30; ip->off = 0x0000; ip->ttl = 0xff; ip->p   = 17; ip->sum = 0x0000; ip->src = inet_addr(argv[1]); udp         = (struct udphdr *)(packet + sizeof(struct ipheader)); udp->source = ntohs( local_port ); udp->dest   = ntohs(53); dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) ); while(1==1) { /* do some modifications */ ip->id  = ntohs( rand() ); ip->dst = ntohl( rand() ); dns->trans_id = ntohs( rand() ); if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0){ printf("error: sendto failed\n"); exit(EXIT_FAILURE); } usleep(5000); /* you may increase/decrease this */ } close(sockfd); return 0; } /* EOF */
If you can't explain it to a 6 year old, you don't understand it yourself.
http://upload.alpha.evilzone.org/index.php?page=img&img=GwkGGneGR7Pl222zVGmNTjerkhkYNGtBuiYXkpyNv4ScOAWQu0-Y8[<NgGw/hsq]>EvbQrOrousk[/img]

Offline Xires

  • Noob Eater
  • Administrator
  • Knight
  • *
  • Posts: 379
  • Cookies: 149
    • View Profile
    • Feed The Trolls - Xires
Re: How could I detect DNS servers on my university network?
« Reply #3 on: December 13, 2012, 04:53:48 pm »
Dear g0d..learn to check line endings.
here is a tool thanks to null security that looks for dns servers. hope its of any use to u.
Code: [Select]
dnsgoblin.c - nasty creature constantly searching for DNS servers   DESCRIPTION                                                                 * * dnsgoblin uses standard dns querys and waits for the replies.   COMPILE                                                                     * * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic \                     * * --std=gnu99 -D_REENTRANT                                                    * *                          You may pipe stdout into a file: ./dnsgoblin > dnslist#include <stdio.h> #include <time.h> #include <stdlib.h> #include <signal.h> #include <string.h> #include <netinet/udp.h> #include <sys/socket.h> #include <unistd.h> #include <sys/time.h> #include <arpa/inet.h> #include <linux/ip.h> #include <inttypes.h> #include <pthread.h> /* the ip header struct */ struct ipheader { uint8_t v; uint8_t tos; uint16_t len; uint16_t id; uint16_t off; u_char ttl; u_char p; uint16_t sum; uint32_t src; uint32_t dst; }; /* _beginning_ of dns header */ struct dnsheader { uint16_t trans_id; /* incomplete */ }; void     sig_int(int sig); char    *human_addr(uint32_t ip_addr); void    *lstn(void *ptr); int8_t   check_ip_addr(char *ptr); int      main(int argc, char **argv); /* quit if SIGINT is received */ void sig_int(int sig) { if (sig != SIGINT) { exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* check if the given ip is valid */ int8_t check_ip_addr(char *ptr) { if( strlen(ptr) > 16) { printf("error: ip addr too long\n"); exit(EXIT_FAILURE); } if( (int)inet_addr(ptr) == -1 ) { printf("error: ip addr not correct\n"); exit(EXIT_FAILURE); } return(0); } /* int ip -> dotted decimals */ char * human_addr(uint32_t ip_addr) { char *ptr    = calloc(1,16); uint8_t oct1 = 0; uint8_t oct2 = 0; uint8_t oct3 = 0; uint8_t oct4 = 0;; oct1 = ( ip_addr >> 24 ) & 0xFF; oct2 = ( ip_addr >> 16 ) & 0xFF; oct3 = ( ip_addr >> 8  ) & 0xFF; oct4 =   ip_addr         & 0xFF; sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1); return(ptr); } /* listen for dns responses */ void *lstn(void *ptr) { int *sptr             = ptr; int sockfd            = *sptr; struct ipheader *ip   = NULL; uint8_t *pkt_recv     = calloc(1,2048); char *cptr            = NULL; while(1==1) { memset(pkt_recv,0x00,2047); if( recv(sockfd, pkt_recv, 2047, 0) > 0) { ip = (struct ipheader *)pkt_recv; cptr = human_addr(ip->src); printf("%s\n",cptr); free(cptr); } } } int main(int argc, char **argv) { int32_t sockfd;         /* raw socket to inject packets */ int32_t sockfd2;      /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */ struct sockaddr_in ifcfg; struct sockaddr_in sin; int        one = 1; const int *val = &one; /* what can you find out here? */ char packet[]  = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01"; struct ipheader  *ip  = NULL; struct udphdr    *udp = NULL; struct dnsheader *dns = NULL; uint16_t local_port   = 0; pthread_t trd_lstn; if( argc < 2) { printf("error: need local ip as arg\n"); exit(EXIT_FAILURE); } check_ip_addr(argv[1]); srand ( time(NULL)    ); signal(SIGINT, sig_int); /* set up a signal handler */ /* get random port */ local_port = (uint32_t)rand(); /* pseudo socket */ sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* bind to port (used to prevent icmp bla) */ ifcfg.sin_family      = AF_INET; ifcfg.sin_port        = htons(local_port); ifcfg.sin_addr.s_addr = htonl(INADDR_ANY); bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg)); /* create main raw sock */ sockfd         = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); sin.sin_family = AF_INET; sin.sin_port   = htons (local_port); if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) { printf("err\n"); } if(sockfd < 0) { fprintf(stderr,"error: rawsock cannot be created. No permission.\n"); exit(EXIT_FAILURE); } /* change the UDI (-> nobody) */ setuid(65534); /* create thread which is listening for dns responses */ pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd); ip = (struct ipheader *)packet; ip->id  = ntohs( rand() ); ip->v   = 0x45; ip->tos = 0x0054; ip->len = 30; ip->off = 0x0000; ip->ttl = 0xff; ip->p   = 17; ip->sum = 0x0000; ip->src = inet_addr(argv[1]); udp         = (struct udphdr *)(packet + sizeof(struct ipheader)); udp->source = ntohs( local_port ); udp->dest   = ntohs(53); dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) ); while(1==1) { /* do some modifications */ ip->id  = ntohs( rand() ); ip->dst = ntohl( rand() ); dns->trans_id = ntohs( rand() ); if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0){ printf("error: sendto failed\n"); exit(EXIT_FAILURE); } usleep(5000); /* you may increase/decrease this */ } close(sockfd); return 0; } /* EOF */

Cleaned code:
Code: (c) [Select]

/* dnsgoblin.c - nasty creature constantly searching for DNS servers
 *
 * DESCRIPTION
 *
 * dnsgoblin uses standard dns querys and waits for the replies.
 *
 * COMPILE
 *
 * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic --std=gnu99 -D_REENTRANT
 *
 * You may pipe stdout into a file: ./dnsgoblin > dnslist
 */
#include <stdio.h>
#include <time.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <netinet/udp.h>
#include <sys/socket.h>
#include <unistd.h>
#include <sys/time.h>
#include <arpa/inet.h>
#include <linux/ip.h>
#include <inttypes.h>
#include <pthread.h>

/* the ip header struct */
struct ipheader {
   uint8_t v;
   uint8_t tos;
   uint16_t len;
   uint16_t id;
   uint16_t off;
   u_char ttl;
   u_char p;
   uint16_t sum;
   uint32_t src;
   uint32_t dst;
};

/* _beginning_ of dns header */
struct dnsheader {
   uint16_t trans_id;
   /* incomplete */
};

void     sig_int(int sig);
char    *human_addr(uint32_t ip_addr);
void    *lstn(void *ptr);
int8_t   check_ip_addr(char *ptr);
int      main(int argc, char **argv);

/* quit if SIGINT is received */
void sig_int(int sig) {
   if (sig != SIGINT) {
      exit(EXIT_FAILURE);
   }

   exit(EXIT_SUCCESS);
}

/* check if the given ip is valid */
int8_t check_ip_addr(char *ptr) {
   if( strlen(ptr) > 16) {
      printf("error: ip addr too long\n");
      exit(EXIT_FAILURE);
   }
   if( (int)inet_addr(ptr) == -1 ) {
      printf("error: ip addr not correct\n");
      exit(EXIT_FAILURE);
   }

   return(0);
}

/* int ip -> dotted decimals */
char * human_addr(uint32_t ip_addr) {
   char *ptr    = calloc(1,16);
   uint8_t oct1 = 0;
   uint8_t oct2 = 0;
   uint8_t oct3 = 0;
   uint8_t oct4 = 0;

   oct1 = ( ip_addr >> 24 ) & 0xFF;
   oct2 = ( ip_addr >> 16 ) & 0xFF;
   oct3 = ( ip_addr >> 8  ) & 0xFF;
   oct4 =   ip_addr         & 0xFF;

   sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1);

   return(ptr);
}

/* listen for dns responses */
void *lstn(void *ptr) {
   int *sptr             = ptr;
   int sockfd            = *sptr;
   struct ipheader *ip   = NULL;
   uint8_t *pkt_recv     = calloc(1,2048);
   char *cptr            = NULL;

   while(1==1) {
      memset(pkt_recv,0x00,2047);
      if( recv(sockfd, pkt_recv, 2047, 0) > 0) {
         ip = (struct ipheader *)pkt_recv;
         cptr = human_addr(ip->src);
         printf("%s\n",cptr); free(cptr);
      }
   }
}

int main(int argc, char **argv) {
   int32_t sockfd;         /* raw socket to inject packets */
   int32_t sockfd2;      /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */
   struct sockaddr_in ifcfg;
   struct sockaddr_in sin;
   int        one = 1;
   const int *val = &one;

   /* what can you find out here? */
   char packet[]  = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01";
   struct ipheader  *ip  = NULL;
   struct udphdr    *udp = NULL;
   struct dnsheader *dns = NULL;
   uint16_t local_port   = 0;
   pthread_t trd_lstn;

   if( argc < 2) {
      printf("error: need local ip as arg\n");
      exit(EXIT_FAILURE);
   }

   check_ip_addr(argv[1]);
   srand ( time(NULL)    );
   signal(SIGINT, sig_int);      /* set up a signal handler */

   /* get random port */
   local_port = (uint32_t)rand();

   /* pseudo socket */
   sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);

   /* bind to port (used to prevent icmp bla) */
   ifcfg.sin_family      = AF_INET;
   ifcfg.sin_port        = htons(local_port);
   ifcfg.sin_addr.s_addr = htonl(INADDR_ANY);
   bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg));

   /* create main raw sock */
   sockfd         = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
   sin.sin_family = AF_INET;
   sin.sin_port   = htons (local_port);
   if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) {
      printf("err\n");
   }
   if(sockfd < 0) {
      fprintf(stderr,"error: rawsock cannot be created. No permission.\n");
      exit(EXIT_FAILURE);
   }

   /* change the UDI (-> nobody) */
   setuid(65534);

   /* create thread which is listening for dns responses */
   pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd);

   ip = (struct ipheader *)packet;
   ip->id  = ntohs( rand() );
   ip->v   = 0x45;
   ip->tos = 0x0054;
   ip->len = 30;
   ip->off = 0x0000;
   ip->ttl = 0xff;
   ip->p   = 17;
   ip->sum = 0x0000;
   ip->src = inet_addr(argv[1]);
   udp         = (struct udphdr *)(packet + sizeof(struct ipheader));
   udp->source = ntohs( local_port );
   udp->dest   = ntohs(53);
   dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) );

   while(1==1) {
      /* do some modifications */
      ip->id  = ntohs( rand() );
      ip->dst = ntohl( rand() );
      dns->trans_id = ntohs( rand() );

      if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0) {
         printf("error: sendto failed\n");
         exit(EXIT_FAILURE);
      }

      usleep(5000); /* you may increase/decrease this */
   }

   close(sockfd);

   return 0;
}
/* EOF */

I did find a couple minor mistakes that were rather glaring.  I corrected those.  I've not tested the code yet, just cleaned it up.



@OP; 'dig' is a useful tool.  There's also DJB's 'dnstrace' tool.  Research a little.

-Xires

Offline s3my0n

  • Knight
  • **
  • Posts: 276
  • Cookies: 58
    • View Profile
    • ::1
Re: How could I detect DNS servers on my university network?
« Reply #4 on: December 13, 2012, 05:10:43 pm »
I'm confused about this dnsgoblin, whatever IP address I give it, it always prints out "error: sendto failed" :/
Easter egg in all *nix systems: E(){ E|E& };E

Offline erogol

  • /dev/null
  • *
  • Posts: 19
  • Cookies: -3
    • View Profile
Re: How could I detect DNS servers on my university network?
« Reply #5 on: December 17, 2012, 02:05:13 pm »
here is a tool thanks to null security that looks for dns servers. hope its of any use to u.
Code: [Select]
dnsgoblin.c - nasty creature constantly searching for DNS servers   DESCRIPTION                                                                 * * dnsgoblin uses standard dns querys and waits for the replies.   COMPILE                                                                     * * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic \                     * * --std=gnu99 -D_REENTRANT                                                    * *                          You may pipe stdout into a file: ./dnsgoblin > dnslist#include <stdio.h> #include <time.h> #include <stdlib.h> #include <signal.h> #include <string.h> #include <netinet/udp.h> #include <sys/socket.h> #include <unistd.h> #include <sys/time.h> #include <arpa/inet.h> #include <linux/ip.h> #include <inttypes.h> #include <pthread.h> /* the ip header struct */ struct ipheader { uint8_t v; uint8_t tos; uint16_t len; uint16_t id; uint16_t off; u_char ttl; u_char p; uint16_t sum; uint32_t src; uint32_t dst; }; /* _beginning_ of dns header */ struct dnsheader { uint16_t trans_id; /* incomplete */ }; void     sig_int(int sig); char    *human_addr(uint32_t ip_addr); void    *lstn(void *ptr); int8_t   check_ip_addr(char *ptr); int      main(int argc, char **argv); /* quit if SIGINT is received */ void sig_int(int sig) { if (sig != SIGINT) { exit(EXIT_FAILURE); } exit(EXIT_SUCCESS); } /* check if the given ip is valid */ int8_t check_ip_addr(char *ptr) { if( strlen(ptr) > 16) { printf("error: ip addr too long\n"); exit(EXIT_FAILURE); } if( (int)inet_addr(ptr) == -1 ) { printf("error: ip addr not correct\n"); exit(EXIT_FAILURE); } return(0); } /* int ip -> dotted decimals */ char * human_addr(uint32_t ip_addr) { char *ptr    = calloc(1,16); uint8_t oct1 = 0; uint8_t oct2 = 0; uint8_t oct3 = 0; uint8_t oct4 = 0;; oct1 = ( ip_addr >> 24 ) & 0xFF; oct2 = ( ip_addr >> 16 ) & 0xFF; oct3 = ( ip_addr >> 8  ) & 0xFF; oct4 =   ip_addr         & 0xFF; sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1); return(ptr); } /* listen for dns responses */ void *lstn(void *ptr) { int *sptr             = ptr; int sockfd            = *sptr; struct ipheader *ip   = NULL; uint8_t *pkt_recv     = calloc(1,2048); char *cptr            = NULL; while(1==1) { memset(pkt_recv,0x00,2047); if( recv(sockfd, pkt_recv, 2047, 0) > 0) { ip = (struct ipheader *)pkt_recv; cptr = human_addr(ip->src); printf("%s\n",cptr); free(cptr); } } } int main(int argc, char **argv) { int32_t sockfd;         /* raw socket to inject packets */ int32_t sockfd2;      /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */ struct sockaddr_in ifcfg; struct sockaddr_in sin; int        one = 1; const int *val = &one; /* what can you find out here? */ char packet[]  = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01"; struct ipheader  *ip  = NULL; struct udphdr    *udp = NULL; struct dnsheader *dns = NULL; uint16_t local_port   = 0; pthread_t trd_lstn; if( argc < 2) { printf("error: need local ip as arg\n"); exit(EXIT_FAILURE); } check_ip_addr(argv[1]); srand ( time(NULL)    ); signal(SIGINT, sig_int); /* set up a signal handler */ /* get random port */ local_port = (uint32_t)rand(); /* pseudo socket */ sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); /* bind to port (used to prevent icmp bla) */ ifcfg.sin_family      = AF_INET; ifcfg.sin_port        = htons(local_port); ifcfg.sin_addr.s_addr = htonl(INADDR_ANY); bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg)); /* create main raw sock */ sockfd         = socket(AF_INET, SOCK_RAW, IPPROTO_UDP); sin.sin_family = AF_INET; sin.sin_port   = htons (local_port); if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) { printf("err\n"); } if(sockfd < 0) { fprintf(stderr,"error: rawsock cannot be created. No permission.\n"); exit(EXIT_FAILURE); } /* change the UDI (-> nobody) */ setuid(65534); /* create thread which is listening for dns responses */ pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd); ip = (struct ipheader *)packet; ip->id  = ntohs( rand() ); ip->v   = 0x45; ip->tos = 0x0054; ip->len = 30; ip->off = 0x0000; ip->ttl = 0xff; ip->p   = 17; ip->sum = 0x0000; ip->src = inet_addr(argv[1]); udp         = (struct udphdr *)(packet + sizeof(struct ipheader)); udp->source = ntohs( local_port ); udp->dest   = ntohs(53); dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) ); while(1==1) { /* do some modifications */ ip->id  = ntohs( rand() ); ip->dst = ntohl( rand() ); dns->trans_id = ntohs( rand() ); if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0){ printf("error: sendto failed\n"); exit(EXIT_FAILURE); } usleep(5000); /* you may increase/decrease this */ } close(sockfd); return 0; } /* EOF */


Do I need to do something special other than the compile command in the code since I get lot of errors while compilation.




Offline Xires

  • Noob Eater
  • Administrator
  • Knight
  • *
  • Posts: 379
  • Cookies: 149
    • View Profile
    • Feed The Trolls - Xires
Re: How could I detect DNS servers on my university network?
« Reply #6 on: December 17, 2012, 04:38:06 pm »
Here..'fixed'...it compiles, it runs...it still sucks.  I suggest at least running, as root:
Code: (bash) [Select]
# ip=127.0.0.1; ./dnsgoblin ${ip} | grep -v ${ip} | uniq
This eliminates some of the redundant output so you don't have to wade through hundreds of lines of your own IP address.
Code: (c) [Select]
/* dnsgoblin.c - nasty creature constantly searching for DNS servers
 *
 * DESCRIPTION
 *
 * dnsgoblin uses standard dns querys and waits for the replies.
 *
 * COMPILE
 *
 * gcc dnsgoblin.c -O2 -lpthread -Wall -Wextra -pedantic --std=gnu99 -D_REENTRANT (newer systems may want to use -pthread instead of -lpthread)
 *
 * You may pipe stdout into a file: ./dnsgoblin > dnslist
 */
#define _XOPEN_SOURCE 500

#include <stdio.h>
#include <time.h>
#include <stdlib.h>
#include <signal.h>
#include <string.h>
#include <netinet/udp.h>
#include <sys/socket.h>
#include <unistd.h>
#include <sys/time.h>
#include <arpa/inet.h>
#include <linux/ip.h>
#include <inttypes.h>
#include <pthread.h>

typedef unsigned char u_char;

/* the ip header struct */
struct ipheader {
   uint8_t v;
   uint8_t tos;
   uint16_t len;
   uint16_t id;
   uint16_t off;
   u_char ttl;
   u_char p;
   uint16_t sum;
   uint32_t src;
   uint32_t dst;
};

/* _beginning_ of dns header */
struct dnsheader {
   uint16_t trans_id;
   /* incomplete */
};

void     sig_int(int sig);
char    *human_addr(uint32_t ip_addr);
void    *lstn(void *ptr);
int8_t   check_ip_addr(char *ptr);
int      main(int argc, char **argv);

/* quit if SIGINT is received */
void sig_int(int sig) {
   if (sig != SIGINT) {
      exit(EXIT_FAILURE);
   }

   exit(EXIT_SUCCESS);
}

/* check if the given ip is valid */
int8_t check_ip_addr(char *ptr) {
   if( strlen(ptr) > 16) {
      printf("error: ip addr too long\n");
      exit(EXIT_FAILURE);
   }
   if( (int)inet_addr(ptr) == -1 ) {
      printf("error: ip addr not correct\n");
      exit(EXIT_FAILURE);
   }

   return(0);
}

/* int ip -> dotted decimals */
char * human_addr(uint32_t ip_addr) {
   char *ptr    = calloc(1,16);
   uint8_t oct1 = 0;
   uint8_t oct2 = 0;
   uint8_t oct3 = 0;
   uint8_t oct4 = 0;

   oct1 = ( ip_addr >> 24 ) & 0xFF;
   oct2 = ( ip_addr >> 16 ) & 0xFF;
   oct3 = ( ip_addr >> 8  ) & 0xFF;
   oct4 =   ip_addr         & 0xFF;

   sprintf(ptr,"%d.%d.%d.%d",oct4,oct3,oct2,oct1);

   return(ptr);
}

/* listen for dns responses */
void *lstn(void *ptr) {
   int *sptr             = ptr;
   int sockfd            = *sptr;
   struct ipheader *ip   = NULL;
   uint8_t *pkt_recv     = calloc(1,2048);
   char *cptr            = NULL;

   while(1==1) {
      memset(pkt_recv,0x00,2047);
      if( recv(sockfd, pkt_recv, 2047, 0) > 0) {
         ip = (struct ipheader *)pkt_recv;
         cptr = human_addr(ip->src);
         printf("%s\n",cptr); free(cptr);
      }
   }
}

int main(int argc, char **argv) {
   int32_t sockfd;         /* raw socket to inject packets */
   int32_t sockfd2;      /* prevent ICMP port unreach msgs creating a layer4 udp sock on iface */
   struct sockaddr_in ifcfg;
   struct sockaddr_in sin;
   int        one = 1;
   const int *val = &one;

   /* what can you find out here? */
   char packet[]  = "\x45\x00\x00\x3b\x6c\xbb\x40\x00\x40\x11\x6b\xd4\xc0\xa8\x02\x65\x55\xd6\x49\x3f\x13\x37\x00\x35\x00\x27\x00\x00\xd6\x88\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03\x77\x77\x77\x06\x61\x6d\x61\x7a\x6f\x6e\x02\x64\x65\x00\x00\x01\x00\x01";
   struct ipheader  *ip  = NULL;
   struct udphdr    *udp = NULL;
   struct dnsheader *dns = NULL;
   uint16_t local_port   = 0;
   pthread_t trd_lstn;

   if( argc < 2) {
      printf("error: need local ip as arg\n");
      exit(EXIT_FAILURE);
   }

   check_ip_addr(argv[1]);
   srand ( time(NULL)    );
   signal(SIGINT, sig_int);      /* set up a signal handler */

   /* get random port */
   local_port = (uint32_t)rand();

   /* pseudo socket */
   sockfd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);

   /* bind to port (used to prevent icmp bla) */
   ifcfg.sin_family      = AF_INET;
   ifcfg.sin_port        = htons(local_port);
   ifcfg.sin_addr.s_addr = htonl(INADDR_ANY);
   bind(sockfd2, (struct sockaddr *)&ifcfg, sizeof(ifcfg));

   /* create main raw sock */
   sockfd         = socket(AF_INET, SOCK_RAW, IPPROTO_UDP);
   sin.sin_family = AF_INET;
   sin.sin_port   = htons (local_port);
   if (setsockopt (sockfd, IPPROTO_IP, IP_HDRINCL, val, sizeof (one)) < 0) {
      printf("err\n");
   }
   if(sockfd < 0) {
      fprintf(stderr,"error: rawsock cannot be created. No permission.\n");
      exit(EXIT_FAILURE);
   }

   /* change the UDI (-> nobody) */
   setuid(65534);

   /* create thread which is listening for dns responses */
   pthread_create(&trd_lstn, NULL, lstn, (void *)&sockfd);

   ip = (struct ipheader *)packet;
   ip->id  = ntohs( rand() );
   ip->v   = 0x45;
   ip->tos = 0x0054;
   ip->len = 30;
   ip->off = 0x0000;
   ip->ttl = 0xff;
   ip->p   = 17;
   ip->sum = 0x0000;
   ip->src = inet_addr(argv[1]);
   udp         = (struct udphdr *)(packet + sizeof(struct ipheader));
   udp->source = ntohs( local_port );
   udp->dest   = ntohs(53);
   dns = (struct dnsheader *)(packet + sizeof(struct ipheader) + sizeof(struct udphdr) );

   while(1==1) {
      /* do some modifications */
      ip->id  = ntohs( rand() );
      ip->dst = ntohl( rand() );
      dns->trans_id = ntohs( rand() );

      if( sendto(sockfd, &packet, sizeof(packet)-1 , 0, (struct sockaddr *) &sin, sizeof (sin)) < 0) {
         printf("error: sendto failed\n");
         exit(EXIT_FAILURE);
      }

      usleep(5000); /* you may increase/decrease this */
   }

   close(sockfd);

   return 0;
}
/* EOF */
Note the changes in the comment header.  You may need to use -pthread instead of -lpthread.
Code: (bash) [Select]
$ gcc -O2 -Wall -Wextra -ansi -pedantic --std=gnu99 -D_REENTRANT -pthread -o dnsgoblinc{,.c}

-Xires