Re: Exploit for DNS Cache Poisoning - RELEASED

• From: Ganbold Tsagaankhuu
• Date: Fri Jul 25 00:16:27 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

On Thu, Jul 24, 2008 at 10:32 AM, Tuc at T-B-O-H.NET <[email protected]> wrote:

> > - -- "Robert D. Scott" <[email protected]> wrote:
> >
> > >Now, there is an exploit for it.
> > >
> > >http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
> >
> > Now also (mirrored) here:
> >
> >  http://www.milw0rm.com/exploits/6122
> >
> > ...and probably a slew of other places, too. ;-)
> >
>         The changes the put into metasploit for this don't seem
> to work if running from FreeBSD 5.5, possibly other BSD's and
> versions from talking to the author.
>
>                Tuc/TBOH
>
>
True. On FreeBSD 7.0-STABLE (updated on Fri May 23) it fails to create raw
socket:
...
[-] This module is configured to use a raw IP socket. On Unix systems, only
the root user is allowed to create raw sockets.Please run the framework as
root to use this module.

[*] Attempting to inject poison records for example.com.'s nameservers into
202.72.241.4:55088...
[-] Auxiliary failed: undefined method `sendto' for nil:NilClass

• Follow-Ups:
  • Re: Exploit for DNS Cache Poisoning - RELEASED Tuc at T-B-O-H.NET

• References:
  • Re: Exploit for DNS Cache Poisoning - RELEASED Paul Ferguson
  • Re: Exploit for DNS Cache Poisoning - RELEASED Tuc at T-B-O-H.NET

• Prev by Date: Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)
• Next by Date: Re: Exploit for DNS Cache Poisoning - RELEASED
• Date Index
• Thread Index
• Author Index
• Historical