Browsing articles from "January, 2017"
Jan 7, 2017
PermaNulled

DNS-Rebinding Part # 2

Coming into this and learning of DNS Rebinding I had decided I wanted  to make my own attack platform,

After doing research it was apparent that this could be quite deadly getting a victim’s LAN IP is trivial, and port scanning from a browser is even more trivial via websockets.

The idea that if I was able to identify LAN based services and generate payloads (even bypassing CSRF tokens when DNS Rebinding) was just something I couldn’t resist admittedly I had done minimal research on the matter before deciding I was going to write said platform only to discover now that BeEF project (which I haven’t used since 2013) supports exactly this and achieves the kind of crazy I was only dreaming of ( Reverse-shell from a web browser with nothing more then javascript ).

Funny enough I feel that when I was more active in the information security industry / scene that XSS/CSRF were not taken seriously enough and I feel a lot of developers still do not take them seriously when it seems they can lead to full-scale network compromise and it’s been proven time and time again that if enough payloads were distributed for common networks you’d be able to achieve MITM attacks on routers, reverse-shells on insecure systems and more.

Some software and users seem to rely on the idea that if it’s running on the same system they’re accessing it on that authorization shouldn’t be needed (If they access from 127.0.0.1) with attacks like this however we overcome the fact that things are running on the in-side of the network so chaining things together such as CSRF and code exec issues in systems leads to actual network compromise.

Continue reading »