Browsing articles from "December, 2016"
Dec 21, 2016
PermaNulled

Hijacking a Victim’s DNS with DNS-Rebinding

OSSEC CVE(s)

Thanks to Kurt over at DWF I was able to get a CVE assigned for the OSSEC SQL-Injection detailed in my previous post CVE-2016-1000266 / CVE-2016-1000265

Was happy to help the guys over at OSSEC patch the problem and I’m glad it’s getting some acknowledgement.

Hijacking a Victim’s DNS with Anti DNS-Pinning(DNS Re-binding)

Last night I got on the kick of router/modem security considering the recent attacks we’ve had going on I thought it might be nice to jump on the bandwagon of researchers and check it out for myself.

With this I thought I’d simulate an attack I was able to perform in a penetration test because a router had remote management enabled, which was hijacking the victim’s DNS requests via DNSChef and getting a MITM to steal the victim’s credentials as they logged into a specific website.

That was all achieved by simply changing the victim’s DNS settings on their router,

So the question became what’s stopping me from doing this to my own modem via a web browser on an internet facing URL.

Immediately I started looking for any code which may not enforce the Same-origin policy to explain briefly the Same-origin policy was created to protect against attacks where web code attempts to make a request to a server where it’s unauthorized to do so (meaning local network resources as well like modems and routers).

Continue reading »