Preface:
Vulhub is based on a set of environmental vulnerability and docker docker-compose, and enter the corresponding directory and execute a statement to start a new loophole environment for vulnerabilities easier to reproduce, so security vulnerability researchers to focus more on the principle itself.
Voulhub drone platform environment to build and use:
https://blog.csdn.net/qq_41832837/article/details/103948358
Vulnerabilities principle
DNS server is divided into the main server, from the (backup) server, the cache server. DNS protocol supports axfr type of recording zone transfers, to solve the problem of the master-slave synchronization. If the administrator when configuring the DNS server is no limit to allow sources to obtain records, will cause the DNS domain transfer vulnerabilities, exploits can obtain all records for a domain.
Vulnerability Details
Affected: support axfr recorded version, such as bind9
DNS server using the domain transfer function, the data from the master to achieve synchronization purposes. Domain transmission key configuration item to: allow-transfer, allow-transfer parameter configuration item allows to achieve the limit of the effect of the source of acquisition records. After bind9 default installation, configuration item is no allow-transfer, so if you do not manually add items allow-transfer, the transfer will exist dns domain vulnerability.
Vulnerability reproduction
After starting the environment, it will listen port 53, DNS protocol supports both TCP and UDP ports from the two data transmission. Because it involves a port number below 1024, you may need to run the above command with root privileges.
1, kali dns transmission request command using the dig, obtaining the domain name on the target vulhub.com A recording server dns
dig @192.168.232.135 vulhub.org
2, the transmission request dns type axfr
dig @192.168.232.135 -t axfr vulhub.org
Successfully acquired the vulhub.org all subdomains record
END
Accumulated a little each day, eventually burst out one day a powerful force. I jammny, like the point of a praise! Add attention to it! Continuously updated vulhub vulnerabilities recurring series.