DNSCrypt: How to Encrypt All DNS Traffic

DNS is one of the fundamental building blocks of the Internet.  It's used any time you visit a website, send an email, have an IM conversation or do anything else online.  While OpenDNS has provided world-class security using DNS for years, and OpenDNS is the most secure DNS service available, the underlying DNS protocol has not been secure enough for our comfort.

That said, the class of problems that the Kaminsky Vulnerability related to were a result of some of the underlying foundations of the DNS protocol that are inherently weak  -- particularly in the "last mile."  The "last mile" is the portion of your Internet connection between your computer and your ISP.  DNSCrypt is our way of securing the "last mile" of DNS traffic and resolving (no pun intended) an entire class of serious security concerns with the DNS protocol.

There have been numerous examples of tampering, or man-in-the-middle attacks, and snooping of DNS traffic at the last mile and it represents a serious security risk that we've always wanted to fix. Today we can.

Why DNSCrypt is so significant

In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.  It doesn't require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers.  We know that claims alone don't work in the security world, however, so we've opened up the source to our DNSCrypt code base and it's available on GitHub.

DNSCrypt has the potential to be the most impactful advancement in Internet security since SSL, significantly improving every single Internet user's online security and privacy.

Download DNSCrypt!  (mac only at the moment)

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ vendredi 16 décembre 2011 0 commentaires

Bruteforce Subdomains with DNSMap

 This one's really quick - if you've ever needed to know some subdomains of a site, consider "dnsmap". It will bruteforce a bunch of subdomains for any domain you give it - and you can customise your own domain. It's pretty simple. Here's the linux instructions:

DOWNLOAD IT

tar xf dnsmap-latest.tar && cd dnsmap

3. Make sure you have a C compiler installed (i.e. GNU C++ Compiler) and compile it:

gcc dnsmap.c -o dnsmap

4. Make it executable:

chmod +x dnsmap

5. Run it:

./dnsmap domain.com

6. View results:

dnsmap - DNS Network Mapper by pagvac

(http://ikwt.com, http://foro.elhacker.net)

Searching subhosts on domain google.com

ap.google.com

IP Address #1:209.85.173.103

IP Address #2:209.85.173.104

IP Address #3:209.85.173.147

IP Address #4:209.85.173.99

blog.google.com

IP Address #1:72.14.207.191

catalog.google.com

IP Address #1:74.125.19.100

IP Address #2:74.125.19.101

IP Address #3:74.125.19.102

IP Address #4:74.125.19.113

catalogue.google.com

IP Address #1:74.125.19.113

IP Address #2:74.125.19.100

IP Address #3:74.125.19.101

IP Address #4:74.125.19.102

directory.google.com

IP Address #1:209.85.173.103

IP Address #2:209.85.173.104

IP Address #3:209.85.173.147

IP Address #4:209.85.173.99

download.google.com

IP Address #1:209.85.173.99

IP Address #2:209.85.173.103

IP Address #3:209.85.173.104

IP Address #4:209.85.173.147

downloads.google.com

IP Address #1:209.85.173.147

IP Address #2:209.85.173.99

IP Address #3:209.85.173.103

IP Address #4:209.85.173.104

email.google.com

IP Address #1:74.125.19.100

IP Address #2:74.125.19.101

IP Address #3:74.125.19.102

IP Address #4:74.125.19.113

finance.google.com

IP Address #1:209.85.173.104

IP Address #2:209.85.173.147

IP Address #3:209.85.173.99

IP Address #4:209.85.173.103

groups.google.com

IP Address #1:209.85.171.113

IP Address #2:209.85.171.100

IP Address #3:209.85.171.101

IP Address #4:209.85.171.102

images.google.com

IP Address #1:209.85.173.147

IP Address #2:209.85.173.99

IP Address #3:209.85.173.103

IP Address #4:209.85.173.104

labs.google.com

IP Address #1:74.125.19.113

IP Address #2:74.125.19.100

IP Address #3:74.125.19.101

IP Address #4:74.125.19.102

mail.google.com

IP Address #1:209.85.201.18

IP Address #2:209.85.201.19

IP Address #3:209.85.201.83

mobile.google.com

IP Address #1:209.85.173.193

news.google.com

IP Address #1:209.85.171.99

IP Address #2:209.85.171.103

IP Address #3:209.85.171.104

IP Address #4:209.85.171.147

photo.google.com

IP Address #1:74.125.47.91

IP Address #2:74.125.47.93

IP Address #3:74.125.47.136

IP Address #4:74.125.47.190

photos.google.com

IP Address #1:74.125.47.190

IP Address #2:74.125.47.91

IP Address #3:74.125.47.93

IP Address #4:74.125.47.136

proxy.google.com

IP Address #1:64.233.169.4

IP Address #2:64.233.171.4

IP Address #3:64.233.179.4

IP Address #4:64.233.183.4

IP Address #5:64.233.184.4

IP Address #6:64.233.187.4

IP Address #7:66.102.0.4

IP Address #8:66.102.9.4

IP Address #9:66.102.14.225

IP Address #10:66.102.14.241

IP Address #11:216.239.42.4

IP Address #12:216.239.53.4

IP Address #13:216.239.55.5

IP Address #14:216.239.57.4

IP Address #15:216.239.59.4

IP Address #16:64.233.161.4

IP Address #17:64.233.165.4

IP Address #18:64.233.167.4

research.google.com

IP Address #1:74.125.19.102

IP Address #2:74.125.19.113

IP Address #3:74.125.19.100

IP Address #4:74.125.19.101

sandbox.google.com

IP Address #1:209.85.171.81

search.google.com

IP Address #1:209.85.173.99

IP Address #2:209.85.173.103

IP Address #3:209.85.173.104

IP Address #4:209.85.173.147

services.google.com

IP Address #1:209.85.139.110

shopping.google.com

IP Address #1:209.85.171.103

IP Address #2:209.85.171.104

IP Address #3:209.85.171.147

IP Address #4:209.85.171.99

smtp.google.com

IP Address #1:209.85.237.25

sms.google.com

IP Address #1:209.85.173.147

IP Address #2:209.85.173.99

IP Address #3:209.85.173.103

IP Address #4:209.85.173.104

support.google.com

IP Address #1:74.125.19.101

IP Address #2:74.125.19.102

IP Address #3:74.125.19.113

IP Address #4:74.125.19.100

uploads.google.com

IP Address #1:72.14.243.49

vpn.google.com

IP Address #1:64.9.224.69

IP Address #2:64.9.224.70

IP Address #3:64.9.224.68

www.google.com

IP Address #1:209.85.173.104

IP Address #2:209.85.173.147

IP Address #3:209.85.173.99

IP Address #4:209.85.173.103

www2.google.com

IP Address #1:64.233.179.104

www3.google.com

IP Address #1:64.233.179.104

31 subhost(s) found

Enjoy, and use it legally in your penetration tests.

Read more

by Malik korrich ~ dimanche 4 septembre 2011 0 commentaires

DNS Spoofing- Ettercap Backtrack5 Tutorial

Spoofing attack is unlike sniffing attack, there is a little difference between spoofing and sniffing. Sniffing is an act to capture or view the incoming and outgoing packets from the network while spoofing is an act to forging one's source address. In spoofing attack an attacker make himself a source or desire address. This is basically done by using some tricks.

Spoofing is so general word and it contains attack like DNS spoofing, IP spoofing and others.

What Is DNS Spoofing?

DNS spoofing is an attack that can categorize under Man-In-The-Middle-Attack, beside DNS Spoofing MIMA contain:

• ARP poisoning
• Sessions hijacking
• SSL hijacking
• DNS Spoofing

Each attack has its own importance but to be sure it is very difficult to discuss all attacks in single article, I will post some more articles related to MIMA.

DNS spoofing is an attack in which an attacker force victim to enter his credential into a fake website, the term fake does not mean that the website is a phishing page while. To understand DNS spoofing refer to this pictures.

In the normal communication a user send request to the real DNS server while if an attacker spoof the DNS server than this attack is called Man-In-The-Middle-Attack.

Now the question is how to perform DNS spoofing attack, the term spoofing is very similar with sniffing and the sniffing tools can used to perform spoofing attack. For this article I will use ettercap.

What Is Ettercap?

According to official website “Ettercap is a suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks”.

It is support cross operating system like it can run on Windows, Linux, BSD and MAC.

DNS Spoofing Tutorial With Ettercap-Backtrack5

If you want to learn more background theory than you can ask question by using comment box, now this section will teach you how to perform Spoofing (Man-In-The-Middle-Attack) attack.

Requirement:

• An Operating system (Linux, Windows etc)
• Ettercap
• SET

I am using backtrack 5 for this tutorial you can use some other OS, social engineering toolkit is not a necessary part but as discussed before about SET tutorial for hacking windows by using fake IP so you can use Spoof your IP into a website. So this is little advance tutorial.

It is recommended to use DNS spoofing attack with Social engineering toolkit attack to make the job done effectively.

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Other Readings

• DNS, ISA and 2003 server (edugeek.net)
• MIT researchers craft defense against wireless man-in-middle attacks (infoworld.com)
• Responsibilities of the DNS: "Oh YES you will!", "Oh NO you will not!" (via CommunityDNS Blog) (chrisbuijs.com)

Read more

by Malik korrich ~ vendredi 26 août 2011 0 commentaires

DNS poisoning using Cain

Hey guys Smile this Tutorial is about DNS poisoning on your network using Cain & Abel.

Download Cain here http://www.oxid.it/cain.html

This Tutorial Will be limited to just redirecting the traffic to another website.



Note: This Tutorial is for educational purposes only (you’ll be responsible for your own actions)



First What is the DNS ? (wikipedia.org)

The Domain Name System (DNS) is a hierarchical naming system for
computers, services, or any resource connected to the internet or a
private network. It associates various information with domain names
assigned to each of the participants. Most importantly, it translates
domain names meaningful to humans into the numerical (binary)
identifiers associated with networking equipment for the purpose of
locating and addressing these devices worldwide. An often used analogy
to explain the Domain Name System is that it serves as the "phone book"
for the Internet by translating human-friendly computer hostnames into
IP addresses. For example, http://www.example.com translates to 208.77.188.166.



What does poisoning the DNS allow us to do ?

It allows us to redirect the traffic to another website.



First This is the structure of the network :




1 , 2 and 3 are computers



1 is the computer being the gateway (could be a router) (172.128.254.1)



2 is the target computer (172.128.254.10)



3 is the attacker using cain



Note : IPs are just used for this tutorial and chosen randomly.



Our work is on computer number 3.

__________________________________________________  ______



1-After you install cain , open it and go to the sniffer tab



2-Click on configure and choose your adapter



3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)



4-Right click in the empty area and choose scan MAC addresses. We get the results above.



5-Click on the APR Tab



6-Click on the + sign in the toolbar to add a new ARP poison routing



7-choose the gateway which is 172.128.254.1 , in the next list you’ll
get the IP of the computer 2 which is 172.128.254.10 and click ok



8-now click on the APR-DNS tab





9-click on the + sign



10-enter the web address that you want to spoof , (in this case when the
user goes to facebook he’ll be redirected to myspace) click on resolve
type the web address that you want to redirect the user to it, and click
ok, and you’ll get the IP of the web address, then click ok



you'll get something like this:



11-now to make this work we have to enable APR poisoning , click on the
icon next to the sniffer icon, and everything should work as we expect.



Now the computer 2 will get the routes poisoned and when the user requests http://www.facebook.com he will be redirected to http://www.myspace.com .

Imagine what you can do with this technique.



I hope this was a good tutorial for you guys , and please leave your feedback.
       

-----------------------

Read more

by Malik korrich ~ lundi 22 août 2011 0 commentaires

Backtrack 5- DNSenum Information Gathering Tool

Information gathering is generally a first step of ethical hacking/penetration testing, you need to get the maximum information about the victim because information is a key of success. As discussed before about information gathering in detail with different tools and technique like maltego and for DNS information gathering we have discussed DNSmap.
Information is weapon so in this article i will explain you how to get a information from DNS.

For this purpose i will use DNSenum, it is available on backtrack5 if you are using some other distribution and version than you can install it because it need only a perl, this may be a active perl or strawberry perl, you can run dnsenum on windows too. You can get the following information by using DNSenum.

• Host address
• Name server
• MX record 
• Sub domains
• Whois performance 
• Reverse lookup for netblocks
• Use google to do the job done

DNSenum is a very important tool to perform a quick enumeration step on penetration testing.

Download

Tutorial

For this tutorial i am using backtrack, you can use some other distribution if you are using backtrack 5 than you can get DNSenum by click on Applications-->Backtrack-->Information gathering-->Network analysis-->DNS analysis-->DNSenum
By looking the options you can realize that the script has no many options and choices to use. It is very difficult to explain all options but i will try my best to explain most important options. Well the simple scan can start by just typing,

root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl website.com

root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl ehacking.net

For a powerful scan use,

root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl --enum google.com 

For more power scan with sub domains

root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl --enum -f -r google.com

I hope you are enjoying by using DNSenum.

Scanning and Enumeration- Second Step Of Ethical Hacking

Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ jeudi 21 juillet 2011 0 commentaires

Dnsmap- DNS Network Mapper

Information is very important for performing penetration testing, on a vary first step ethical hackers/penetration tester try to get the maximum information about the target.

The steps required for information gathering or footprinting has been discussed on earlier article click here to read.

After all there are some automatic tools present to gather the information and these tools also help out to map the victim network by using their officials websites.In this article we will cover about DNSMAP.

Dnsmap is a passive network mapper and normally known as subdomain brute forcer, it originally released on 2006, it used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. Dnsmap is a open source and tested on linux based operating system although it can be used on FreeBSD and windows plate form by using Cygwin, dnsmap was included in Backtrack 2, 3 and 4

Key Features

• IPv6 support
• Makefile included
• delay option (-d) added. This is useful in cases where dnsmap is killing your bandwidth
• ignore IPs option (-i) added. This allows ignoring user-supplied IPs from the results. Useful for domains which cause dnsmap to produce false positives
• changes made to make dnsmap compatible with OpenDNS
• disclosure of internal IP addresses (RFC 1918) are reported
• updated built-in wordlist
• included a standalone three-letter acronym (TLA) subdomains wordlist
• domains susceptible to “same site” scripting are reported
• completion time is now displayed to the user
• mechanism to attempt to bruteforce wildcard-enabled domains
• unique filename containing timestamp is now created when no specific output filename is supplied by user
• various minor bugs fixed

Download

DNSMAP Tutorial

After downloading extract it now open terminal and go on the place where you have extract dnsmap and follow these steps:

• Type   gcc dnsmap.c -o dnsmap    or  g++ dnsmap.c -o dnsmap make sure you have installed C compiler  
• After this make it executable type chmod +x dnsmap 
• And than run it by typing ./dnsmap domain.com 

$ dnsmap baidu.com
dnsmap 0.22 - DNS Network Mapper by pagvac (gnucitizen.org)

[+] searching (sub)domains for baidu.com using built-in wordlist

accounts.baidu.com
IP address #1: 10.11.252.74

events.baidu.com
IP address #1: 202.108.23.40

finance.baidu.com
IP address #1: 60.28.250.196

Note: If you enjoyed this post, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.

Read more

by Malik korrich ~ lundi 28 février 2011 0 commentaires