Re: (lame) spoofing DNS with hosts files...

From: .MetsyS. (stfat_private)
Date: Mon Aug 20 2001 - 15:37:53 PDT

  • Next message: Dennis McHenry: "Re: Windows XP RC2"

    Hi all,
    
    Quite right, it is very lame, it is not a bug.
    hence the subject line
    
    You understand perfectly.
    
    I am just looking at ways to meddle around with security, and causing a
    user to do something they did not intend to, however if you can alter the
    host file... you already have root, so all in all I made a pretty silly
    post, my apologies.
    
    I too read bugtraq.
    
    I very much enjoy the more relaxed discussion that goes on in vuln-dev
    there is an immense amount of talent on this list.
    
    Right enough of my ranting and raving and carrying on.
    
    I'm on the hunt for some info on setting up a packet with source routing,
    any pointers please ?
    
    Hints, suggestions, questions, comments, welcome.
    
    Thanks.
    .MetsyS.
    
    At 08:24 PM 20/8/01 +0400, Mitino-PTT support wrote:
    >:))
    >hehe
    >really lame
    >
    >or maybe i don't understand
    >
    >i think first operating system looks hosts file and then (if not true) makes
    >a dns query
    >its not a bug or vulnerability
    >it is feature (which came from ancient times when there was no domain name
    >system on the Earth)
    >i think it is not a topic for this list
    >
    >i can create zone file for microsoft.com on my ISP master NS server with
    >entry like this
    >
    >www IN A 127.0.0.1
    >and it will work BUT I WILL NOT WRITE about this in bugtraq !!
    >
    >forgive me my bad english, usually i only read bugtraq, but now after this
    >message i can't be silent ;)
    >
    >-----Исходное сообщение-----
    >От: .MetsyS. <stfat_private>
    >Кому: vuln-devat_private <vuln-devat_private>
    >Дата: 20 августа 2001 г. 20:06
    >Тема: (lame) spoofing DNS with hosts files...
    >
    >
    >>Hi everybody,
    >>
    >>The recent discussion on the IE bookmark problem made me think of some
    >>other ways you could force sombody to point their browser somewhere they
    >>were not intending to.
    >>
    >>My apologies if this is already well known and i'm wasting bandwidth.
    >>(which is probably the case)
    >>
    >>You will end up at abcnews.com instead of hotmail.com in this example
    >>
    >>Open up your windows host file and add an entry like:
    >>204.202.136.30 www.hotmail.com
    >>
    >>I tested this with Netscape 4.08 Win98SE with proxies turned off.
    >>
    >>Now open up your web browser and tell it to go to www.hotmail.com if your
    >>proxy server settings are not forced you should end up at www.abcnews.com.
    >>
    >>I know this is silly, and rather obvious... just remember... this is not
    >>just limited to the web browser, your curcumventing a DNS lookup.
    >>
    >>eg:
    >>C:\WINDOWS>ping www.hotmail.com
    >>
    >>Pinging www.hotmail.com [64.4.44.7] with 32 bytes of data:
    >>
    >>Control-C
    >>C:\WINDOWS>echo 192.168.1.2 www.hotmail.com >> hosts
    >>
    >>C:\WINDOWS>ping www.hotmail.com
    >>
    >>Pinging www.hotmail.com [192.168.1.2] with 32 bytes of data:
    >>
    >>Reply from 192.168.1.2: bytes=32 time=38ms TTL=255
    >>
    >>Ping statistics for 192.168.1.2:
    >>    Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
    >>Approximate round trip times in milli-seconds:
    >>    Minimum = 38ms, Maximum =  38ms, Average =  38ms
    >>Control-C
    >>
    >>
    >>Tested the same thing under linux too... no suprises really I spose just
    >>something to ponder...
    >>
    >>Keep a tripwire DB.
    >>
    >>One last thing which is kind of off topic... has anybody seen some good
    >>papers that discuss loose source routing ? and how to set up a packet with
    >>LSR ?
    >>
    >>Suggestions, comments welcome.
    >>
    >>.MetsyS.
    >>
    >
    >
    



    This archive was generated by hypermail 2b30 : Mon Aug 20 2001 - 19:51:51 PDT