One Article Review
| Source |  RedTeam PL |
|---|---|
| Identifiant | 1798889 |
| Date de publication | 2019-10-06 23:12:03 (vue: 2020-07-09 15:05:43) |
| Titre | Internal domain name collision |
| Texte | Brief introductionInternal domain name collisions occurs when the organisations are using local domains in the internal network and the same domain names exist also outside of the organisation, on a global DNS. DNS query which should resolve to the internal resources leaks to the Internet. If an attacker is able to control such domain on global DNS then he can perform a MITM (Man-in-the-Middle) attacks on an organisation.Name collisionDNS name collision changed into much more severe problem when it became possible to register new TLDs (Top-Level Domain) [https://data.iana.org/TLD/tlds-alpha-by-domain.txt], especially these owned by DONUTS company [https://donuts.domains/great-domains/domain-categories/]. Most problematic TLDs which could be used in attacks are inter alia: network |
| Envoyé | Oui |
| Condensat | $rand $tld $tld;donenetwork return if */*user +0200 +cmd;; +short;done /etc/apt/sources /wpad 0/12 0/16 0/8 000 01aug14 03:13:37 03supportcreated: 057 05aug13 08engineercreated: 0get 102 104 108read 127 12businesscreated: 12companycreated: 12groupcreated: 12servicescreated: 12systemscreated: 12technologycreated: 133 1337 139 144a 15:42:43 168 172 18centercreated: 18managementcreated: 192 1connection: 1host: 200 2011 2013 2014 2015 2015:$ 2019 212 213 224 22let 240a 248 251 29softwarecreated: 2>&1 30computercreated: 30jul14 31+ 318function 401 4096 509 5353/udp 5600 5date: 600 600@ 64000 71domains 7during 95iefebee3ya 95iezo9ag0bi 95it 95oe9zah9phi 95ong7tui0ai 999 :with ; if ; return ;do @$ns aaaaaaaga4alaaaadw==http/1 abilities able about above access active actual actually adam addition additional addresation address addressation addresses adkim=r; administration administrators after against agent: ago alerting alia: alias aliveaccept: all allow allows alpha already also always amd64 analysis another answer:;; any apache2 appear application application/x approach apt are aridns as:$ttl ask asking aspf=r; assessments assigned assume attack attacked attacker attackers attacks attacksimplest attention authenticate: authoritative authorization autoconfigcontent autoproxy awk axfr axfr$ axfr;donefor axfranother aywbhagwaaaaaaa==content badwpad bar based became because beef been before behaviour being below best beta big bind bit blog both bounty brief browser browsers brute bug built burp business buster buster/updates but cache can captured carry carrying case cases catch categories/ center cert certificate certificates cest challenge change changed check chrome cisco classes:$ client collision collision/report collisiondns collisioned collisions com com/debian com/debian/pool/main/s/sl/sl com/lgandx/responder com/publications/2014 com/watch com; com;for come comlaude commands:$ common communication communications company computer computerlocal comread conf#l87 configuration configure connect connecting connections contain containing contains content control controlled copy corp correctly could cracked create created;donenetworkcreated: cryptographically currently cyberprzestepczosc d/:# dat data database days dcwp deb debian decades defence delegated delta demand depends described details development devices diagnosis different dig dig @$ns digitalocean direct directory discouraged distributions dmarc dns dns1 dns10 dns2 dns6 dns;; dnsdomainis dnspl dns” doesn doing domain domains domains/domain domains/great don done donuts downloaded due during early echo edit effective eksport email empirical employees en#127 enabling end engine engineer engineering enhttps://forms enterprises” entry enumerate enumeration esmtp especially etc even ex2013 exact example example:function examples examples:$ exchange exchangeserver executable execution exist exists expire3600 explicitly exploit export exportduring exporting expose extend external fact factors file files find findproxyforurl first fly following forcing forgot format=netntlmv2 forum forwarders found fqdn fqdns framework fri from fully further future gamma general get global gmtcontent good google got gov/ncas/alerts/ta15 gov/ncas/alerts/ta16 grep group gtld gtlds hacker hackers happens has hashcat hashes have haven having he/she header header:received: headers helpdesk high his home hook hope host hostname hostname:$ hostnames hosts how however html http http/1 http://mirrors http://security http://wpad httpd https https://adamziaja https://beefproject https://blog https://data https://donuts https://github https://icann https://redteam https://tools https://www huge hunters i=kaspersky i=onet i=wp iana icann icann: icon idea ietf iis/7 immediate important infecting information informations infrastructure inject inspect install installed instructions integrity inter interesting internal internally internet introductioninternal i |
| Tags | |
| Stories | APT 32 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.