spoon.c - (ab)use dig.cgi to proxy DNS dig requests. Useful to request a zone transfer without revealing your IP.
bed34a7508213f2937d73bf1e00100537cc8f3ff8ce9ac45961c75bcec76988e/*
* . .
* _( (_) )_ _________ ________
* <----, / _____// _____// _____/
* <-----====\_____ \=\_____ \/ \========== RELEASE
* <----' / \/ \ \_\ \
* /_______ /_______ /\______ /
* /\___________\/________\/_______/ /
* /_________________________________/
*
* spoon.c - (ab)use dig.cgi to proxy DNS dig requests
* (c) 2000 obecian <obecian@celerity.bartoli.org>
*
* Why spoon? Sorta a cross between spoof and a tool that can be used
* to "dig" -- I happened to be watching the movie Top Secret at the
* time of this writing -- so the name stuck.
*
* This little util was written cuz I got tired of pulling up a web
* browser to bounce dig queries off the ever-so-handy dig.cgi script.
* Also many hackers hunt through dns prior to using common techniqz such
* as wingate to bounce further connections. However, if the victim
* seldom gets traffic (hping and watch ip id's) the ip of the shell you
* are using naturally will start the process of the remaining traffic.
* Why give out your ip (or your hacked shell) when you don't have to.
*
* --
* "Do not try and bend the spoon. That's impossible. Instead, only try to
* realize the truth."
* "What truth?"
* "There is no spoon."
* "There is no spoon?"
* "Then you'll see that it is not the spoon that bends, it is only yourself."
* -- Little boy with spoon and Neo, "The Matrix"
*
*/
#define TITLE "spoon - (ab)use dig.cgi to proxy DNS dig requests"
#define CODER "(c) 2000 obecian <obecian@celerity.bartoli.org>"
#include <stdio.h>
#include <strings.h>
#include <stdlib.h>
#include <netdb.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
void
usage(char *arg)
{
printf("usage: %s <optlist>\n"
"<-v victim> domain (eg. victim.com)\n"
"[-t dns record type {any, mx, a, ns, soa}] (default: any)\n"
"[-n victim's nameserver]\n"
"[-p dig proxy] (default: www.ip-plus.ch)\n\n", arg);
printf("eg. spoon -v victim.com > victim-dig.html;\n"
" w3m victim-dig.html (or lynx or netscape)\n\n");
exit(-1);
}
int
main(int argc, char **argv)
{
int opt;
extern char *optarg;
extern int opterr;
int i;
int sock;
struct sockaddr_in sin;
struct hostent *he;
char buffer[1024];
char *victim;
char *ns_type = "any";
char *nameserver = "";
char *proxy = "www.ip-plus.ch";
if (argc < 2)
{
putchar('\n');
puts(TITLE);
puts(CODER);
putchar('\n');
usage(argv[0]);
}
putchar('\n'); puts(TITLE); puts(CODER); putchar('\n');
opterr = 0;
while ((opt = getopt(argc, argv, "v:t:n:p:")) != EOF)
{
switch (opt)
{
case 'v':
victim = optarg;
break;
case 't':
ns_type = optarg;
break;
case 'n':
nameserver = optarg;
break;
case 'p': /* use the default unless you know a uniq dig proxy */
proxy = optarg;
break;
case '?':
usage(argv[0]);
break;
}
}
if ((he = gethostbyname(proxy)) == NULL)
{
herror("gethostbyname");
exit(-1);
}
if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1)
{
perror("socket");
exit(-1);
}
sin.sin_family = AF_INET;
sin.sin_port = htons(80);
sin.sin_addr = *((struct in_addr *)he->h_addr);
bzero(&(sin.sin_zero), 8);
printf("-=- Connecting to DIG proxy... ");
if (connect(sock, (struct sockaddr *)&sin, sizeof(struct sockaddr)) == -1)
{
perror("connect");
exit(-1);
}
printf("Connected!\n");
snprintf(buffer, sizeof(buffer), "GET /cgi-bin/dig.cgi?action=process&domain=%s&type=%s&atserver=%s HTTP/1.0\r\nHost: ww
w.ip-plus.ch\r\nReferer: http://%s/cgi-bin/dig.cgi\r\nUser-Agent: spoon-SSG/31337\r\n\r\n", victim, ns_type, nameserver, proxy);
printf("-=- Throwing request at %s... ", proxy);
if ((write(sock, buffer, sizeof(buffer)))<0)
{
perror("write");
exit(-1);
}
printf("Caught!\n\n");
bzero(&buffer, sizeof(buffer));
while((i=read(sock, buffer, sizeof(buffer)))!=0)
write(1, buffer, i);
close(sock);
exit(0);
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed