![]() ![]() One is a normal A-record (domain name to IP) and one of the type NS that is redirected to the A-record so it points to the public IP of the server at home.įor the A-record fill in a sub domain (can be anything, just remember it) and choose a domain (these are donated by a large community to use). So make an account and go to “subdomains”. You can use for the dynamic DNS and the NS-record. Router which you can setup with static IP’s and Port forwarding.Iodine-daemon on the server (explained in this article).A subdomain that holds a NAMESERVER-record (explained in this article).Dynamic DNS that resolves to public IP of server (explained in this article).Spare (Linux) machine at home, this can be an existing server or desktop.To encode this data, there are multiple tools available but iodine is a great one, and this is that is used in this article. #Hack router port 53 dns servers downloadThe result is that we can upload data through an extra attached subdomain and download data encoded in the DNS-record that is send back. ![]() This means that if we control the subdomain we are looking up, and we control the nameserver assosiated with it, we can decide which IP (or better DNS record) to send back. Now if you specify a subdomain (“mail” in ) it will ask the nameserver of the subdomain (if it exists) to give the right IP and relay it back. If we give the router a domain, it will resolve it by sending it to a nameserver and it will keep searching till if finds the IP, which it will send back to us. You don’t need to get a PING back, but you can see that resolved to 172.217.17.36, this means that DNS is still working… strange if you don’t have an internet connection right? You can test if this attack is possible by trying to ping. Often you can bypass a captive portal page by using DNS tunneling. Great if you have a login but otherwise you are stuck behind this ‘captive’ portal (that is what this page is called). But at airports, train-stations or homes with a routers from a big provider you will have a unsecured wifi hotspot, but when you connect to it and you open your browser, you will get prompted to log in or supply a credit card, etc…. Everybody knows that you can’t connect to a WiFi-hotspot if it is secured and you don’t have a the password. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |