Thursday, May 24, 2018
redirect all traffic...and maybe steal credentials
welcome back to war! So, we want to redirect all traffic...and maybe steal credentials ..."I want to convert the json data to java object automatically.."
class Foo {
private String str;
private Bar bar;
getter/setter
}
class Foo {
private String str;
private Bar bar;
getter/setter
}
class Bar {
private String ss;
getter/setter
}
...which makes change on server side, just create a constructor for Bar, like
public Bar(String ss) {
this.ss = ss
}
private String ss;
getter/setter
}
...which makes change on server side, just create a constructor for Bar, like
public Bar(String ss) {
this.ss = ss
}
..starting warfare...the attack today is....hacking diplomatic call signs permission for flights, and smuggle guns under diplomatic undercover....so, we have to hack satellite internet based communications...like epic turla group does...first thing we need is to hide our ass
I would like hosts located on the internal network to resolve "host1.example.com", "host2.example.com" and "example.com" to internal IP addresses instead of that of the gateway.
EDIT: Let's do this properly then. I will document what I've done based on the tutorial linked above.
My OS is Raspbian 4.4 for Raspberry Pi, but the technique should work without any changes on Debian and Ubuntu, or with minimal changes on other platforms.
Go to where your Bind config files are kept on your system - here it's in
/etc/bind. Create in there a file called db.rpz with the following contents:$TTL 60
@ IN SOA localhost. root.localhost. (
2015112501 ; serial
1h ; refresh
30m ; retry
1w ; expiry
30m) ; minimum
IN NS localhost.
localhost A 127.0.0.1
www.some-website.com A 127.0.0.1
www.other-website.com CNAME fake-hostname.com.
What does it do?
- it overrides the IP address for
www.some-website.comwith the fake address127.0.0.1, effectively sending all traffic for that site to the loopback address - it sends traffic for
www.other-website.comto another site calledfake-hostname.com
Anything that could go in a Bind zone file you can use here.
To activate these changes there are a few more steps:
Edit
named.conf.local and add this section:zone "rpz" {
type master;
file "/etc/bind/db.rpz";
};
The tutorial linked above tells you to add more stuff to
zone "rpz" { } but that's not necessary in simple setups - what I've shown here is the minimum to make it work on your local resolver.
Edit
named.conf.options and somewhere in the options { } section add the response-policyoption:options {
// bunch
// of
// stuff
// please
// ignore
response-policy { zone "rpz"; };
}
Now restart Bind:
service bind9 restart
That's it. The nameserver should begin overriding those records now.
If you need to make changes, just edit
db.rpz, then restart Bind again.
Bonus: if you want to log DNS queries to syslog, so you can keep an eye on the proceedings, edit
named.conf.local and make sure there's a logging section that includes these statements:logging {
// stuff
// already
// there
channel my_syslog {
syslog daemon;
severity info;
};
category queries { my_syslog; };
};
Restart Bind again and that's it.
I've used this technique with great success to override the CNAME for a website I was working on, sending it to a new AWS load balancer that I was just testing. A Raspberry Pi was used to run Bind, and the RPi was also configured to function as a WiFi router - so by connecting devices to the SSID running on the RPi I would get the DNS overrides I needed for testing.
Subscribe to:
Posts (Atom)
Satellite hacking Intel 1 (BACK@WAR CyberArmy friends let´s start Satellite GPS navigation hack IT WILL HV A PRICE)
https://stackoverflow.com/questions/63010812/how-to-access-http-port-5001-from-public-internet
