injecting dns requests remotely...

is this possible? what i mean by it is say a victim types in the address google.com, is there a way to(remotely) manipulate the dns server or returned information so that a different ip is returned from google's real one? p.s. i have googled before anyone asks/tells

it would be hard to do if possible but the rewards would be huge. In advertising you could manipulate search results so your service/product comes out first, you could get peoples email/paypal/ebay passwords and redirect them and submit the info so they log in as normal and are completely unsuspecting.

Knowledge on how to do it would be worth loads and i dont think many people would disclose it readily though if anyone does know how…. ;)

but if anyones offering… :D

Not impossible. It would require a lot of low-level programming and won't be as easy as choose an IP and click a button.

i know, i hate automated programs that "hack" people, hence why i dont use them. i like to be able to write my own code to do these things. well i guess ill research into sockets that DNS uses and interception methods and try and work it out from there.

let us know if you do indeed figure it out :p

will do :)

yknow i think hbh should have a research team or something that goes out and finds out things that the overall community want to learn about :P

Not impossible. It would require a lot of low-level programming and won't be as easy as choose an IP and click a button.

Of, course there is a way to do it! Manipulate their DNS Cache. http://en.wikipedia.org/wiki/DNS_cache_poisoning

Don't suggest/mislead people when you're NOT sure of what you're talking about, that's being counterproductive.

Mr_Noob, catch me on AIM if you need further help on accomplishing this.

I know how you could do something similar to what you want to do. You check the packets' destination IP address, and if it is the one you are interested to, you change it to a proxy you own, or a server that will fake the host the user requested.

If it is through HTTP, you would also need to change some HTTP headers.

we would have to have a poll thing or something and a reward in points for people to want to do it

thanks for the link netfish :) and sorry dont have AIM :/

was thinking of a new way of possibly attacking windows boxes, by changing the dns record of windowsupdate.com and making the user download malocious code disguised as a patch :ninja:

mr noob wrote: thanks for the link netfish :) and sorry dont have AIM :/

was thinking of a new way of possibly attacking windows boxes, by changing the dns record of windowsupdate.com and making the user download malocious code disguised as a patch :ninja:

that would be awesome and to make it even more ironic you could have more downloads as patches for your malicious downloads to keep ahead of the antivirus programs

lol that would be quality :-)

You wouldn't have that much access to the victim's packet, arcube. But way is also do-able (slow).

Remember, he's going after the DNS Server (not the victim), because he only wants to redirect their DNS requests.

You can make multiple queries in one request. Just change the:

• QName
• QType
• QCLASS

Simply define the amount in QDCount. Look at the RFC for more details on the technology and protocol itself:

http://www.netfor2.com/dns.htm

was thinking of a new way of possibly attacking windows boxes, by changing the dns record of windowsupdate.com and making the user download malocious code disguised as a patch

It's been done before. And it still is being done today. Not many people are exposed to it. If you study worms more thoroughly you'd see what I'm referring to.

yeah im in the process of reading up on DNS internals and your link from wiki netfish :)