Rebind: A DNS Rebinding Tool!

[begood]

This project is WOW! Simply WOW! We just loved this tool at the first instance itself. The author has taken into consideration about all the things that you might face when running this tool and packaged it all into an open source application – Rebind. The package contains all the necessary libraries and a Firefox Greasemonkey script that will make it easier for you to run this tool.

Rebind is a DNS rebinding tool, that implements the multiple “A” record DNS rebinding attacks. It can let you access a target router’s internal Web interface! The best part is remote administration does not need to be enabled for this attack to work! All that is required is that a user inside the target network surf to a Web site that is controlled, or has been compromised, by you. You could possibly use social engineering tricks to trick a user into viewing this web site. It does not require prior knowledge of the target router or the router’s configuration settings such as make, model, IP address, host name, etc, and does not use any anti-DNS pinning techniques. Rebind integrates a DNS server, two Web servers and an HTTP proxy server into a single Linux binary.

A simple explanation about how DNS rebinding works:

Now, how do you get it to work. In the authors words -

“Actually, you need to configure your domain to use Rebind as your primary DNS server. This is done in two steps: first, you need to register the machine that you intend to run Rebind from as a nameserver, then you must configure your domain to use that nameserver. Most registrars will let you perform both of these actions, although some don’t and many make it difficult to find these settings, so you may have to search around a little.

Go to the registrar where you registered your domain name (Host-Unlimited, GoDaddy, Yahoo, etc.) and first register two nameservers. You will want to register two because most registrars will require your domain to have at least two nameservers, and you want Rebind to handle all DNS lookups. Name the nameservers ns1 and ns2 and set their IP addresses to that of the machine from where you intend to run Rebind.

Once you have registered your nameservers, go do your domain DNS settings and set these nameservers as the authoritative nameservers for your domain. If for example your domain is ‘mydomain.com’, you will enter ns1.mydomain.com and ns2.mydomain.com. Now all DNS traffic will be directed to the machine where you intend to run Rebind, which will allow Rebind to accept and handle all DNS requests for your domain.”

Rebind has been specially programmed to work with only Linux operating systems. So, it might work on BSD, but NOT on Windows. It will also work on 64-bit operating systems. Only pre-requisite is that, it must be run as root, and you must have iptables installed and listed in $PATH. It has all images filtered out. It will not work with IPv6 either. Considering that we have another year for IPv6 to be popular, we might as well play with it for now!

About time every one gets serious with router security!

Remember! You have to have the end-user visit http://your-domain-name/init and not just http://your-domain-name/. (We actually were left wondering about that!)

Enjoy the current release – Rebind v0.3.4 here.

[blech]

cred ca o sa avem parte de ceva distractie cu tool-ul asta