DNS (Domain Name System) decodes human-readable domain names into IP addresses. In vulnerability research and pentesting, analyzing DNS can reveal the following potential attack vectors that could help in identifying security flaws:-
Subdomain enumeration
Misconfigurations
DNS-related vulnerabilities
Besides this, the DNS data can also provide insights into the network infrastructure, which helps map potential targets.
Oryxlabs recently launched a free DNS server written in Python 3.x for vulnerability research and pentesting, dubbed “PolarDNS.”
Document
(‘https://fonts.googleapis.com/css2?family=Poppins&display=swap’);
(‘https://fonts.googleapis.com/css2?family=Poppins&family=Roboto&display=swap’);
*{
margin: 0; padding: 0;
text-decoration: none;
}
.container{
font-family: roboto, sans-serif;
width: 90%;
border: 1px solid lightgrey;
padding: 20px;
background: linear-gradient(2deg,#E0EAF1 100%,#BBD2E0 100%);
margin: 20px auto ;
border-radius: 40px 10px;
box-shadow: 5px 5px 5px #e2ebff;
}
.container:hover{
box-shadow: 10px 10px 5px #e2ebff;
}
.container .title{
color: #015689;
font-size: 22px;
font-weight: bolder;
}
.container .title{
text-shadow: 1px 1px 1px lightgrey;
}
.container .title:after {
width: 50px;
height: 2px;
content: ‘ ‘;
position: absolute;
background-color: #015689;
margin: 20px 8px;
}
.container h2{
line-height: 40px;
margin: 2px 0;
font-weight: bolder;
}
.container a{
color: #170d51;
}
.container p{
font-size: 18px;
line-height: 30px;
}
.container button{
padding: 15px;
background-color: #4469f5;
border-radius: 10px;
border: none;
background-color: #00456e ;
font-size: 16px;
font-weight: bold;
margin-top: 5px;
}
.container button:hover{
box-shadow: 1px 1px 15px #015689;
transition: all 0.2S linear;
}
.container button a{
color: white;
}
hr{
/* display: none; */
}
Free Webinar
Live API Attack Simulation Webinar
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
Register for Free
PolarDNS
This free DNS server, PolarDNS, enables its operators to produce fully custom DNS responses for several DNS protocol testing purposes. This free server can be used for the testing of the following things:-
DNS resolvers (server-side)
DNS clients
DNS libraries
DNS parsers and dissectors
Any software handling DNS information
Over the DNS protocol layer, the operator of the PolarDNS gets full control as it supports the following two protocols:-
UDP protocol
TCP protocol
It is also capable of producing the following DNS responses:-
Non-standard DNS responses
Non-compliant DNS responses
DNS responses violating the RFC standards
Malformed DNS responses
However, this could be useful for the following purposes:-
Functional testing
RFC compliance
Vulnerability research
Features & Response Modifiers
Besides this, for diverse DNS responses, the PolarDNS offers numerous built-in features and modifiers.
Combining them creates countless response variants, enabling testing of receivers’ handling of unusual, abnormal, and malformed DNS responses for technical robustness.
Here below, we have mentioned some of the DNS responses produced by PolarDNS that could contain the following things:-
Alias (CNAME) chains and alias loops
DNS header malformations (ID, Flags, number of sections)
Injection of unsolicited records (cache poisoning)
Injection of arbitrary bytes of arbitrary lengths
Incomplete/empty/ NULL byte(s) responses
Compression issues (loops, invalid pointers)
Slowly transmitted chunked responses
Illegal labels or domain name lengths
An arbitrary number of TXT records of arbitrary size
Packet length manipulations (TCP)
Apart from this, all these data can aid in identifying several vulnerabilities like:-
Sloth domain attacks
Phantom domain attacks
Domain lock-up attacks
Cache poisoning
Resource exhaustion
Crashes
DoS
With basic Python and DNS protocol understanding, PolarDNS facilitates easy implementation of:-
New ideas
Test cases
Features
PoCs
Specific scenarios
How to Run it?
First of all, execute the following command:
python polardns.py
Now the Polardns server starts listening on localhost (127.0.0.1) by default.
Then it will use the UDP and TCP ports 53 to handle DNS queries.
To check you have to perform the following sample queries:
In UDP mode: dig always.yourdomain.com @127.0.0.1
In TCP Mode: dig always.yourdomain.com @127.0.0.1 +tcp
After that, you have to ensure that the response includes an A record with the IP address 2.3.4.5.
Now, if the server returns the A 2.3.4.5 record, it indicates that Polardns is functioning correctly.
Installation
First of all, you have to install Python 3.10 or newer.
Then you have to install PyYAML:
pip3 install pyyaml
Now, edit the configuration file polardns.yml.
Then you have to add your domain and nameserver IP addresses.
That’s it, now you are done.
Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
The post PolarDNS – A Free DNS Server For Vulnerability Research & Pentesting can be searched on searchng.ng & dotifi.comCyber Security News.
