Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
For any nonsense or banter that doesn't fit anywhere else. LoL! omg! ROFL! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
spoof reverse DNS..
Posted by: sirdarckcat
Date: December 18, 2009 03:45PM

I've seen some dudes that change their reverse DNS (eg. hi.h4x0r.xd)..

My ISP doesn't allow me to do that, but I guess some hosting services do.. can you tell me some? superbhosting I think allows to do that, but I'm not sure..


I actually want <script>open(name).sirdarckcat.net as a hostname haha..or maybe something for SQLinjection.. any ideas? since a complete cross browser XSS vector (html) requires spaces or slashes =/

Greetings!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: spoof reverse DNS..
Posted by: id
Date: December 21, 2009 12:40PM

A lot of them will let you do it, TimeWarner (business class) lets me, but I have to send in a request to have them change it for me.

But anyway, you couldn't add those symbols, only a hyphen and dot are allowed punctuation.
see:
http://tools.ietf.org/html/rfc3696#section-2

-id



Edited 1 time(s). Last edit at 12/21/2009 12:40PM by id.

Options: ReplyQuote
Re: spoof reverse DNS..
Posted by: sirdarckcat
Date: December 25, 2009 05:23PM

well, they do say anything is accepted by the protocol, the restrictions are made on the application.

what I was wondering was if there's any that allows me to do it myself (without submitting a ticket) since they will probably suspect if I ask them to change it to ')union(select xD

IE6 for example, permits anything in a domain name, from @ to <> etc..

Greetings!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 1 time(s). Last edit at 12/25/2009 05:24PM by sirdarckcat.

Options: ReplyQuote
Re: spoof reverse DNS..
Posted by: id
Date: December 29, 2009 04:51PM

The web browser isn't the issue, it's the resolver, I doubt BIND will return non-standard, but I'm too lazy to test.

edit:

well maybe I'm not too lazy since I just did, anyway it worked adding <script> to a CNAME.

-id



Edited 1 time(s). Last edit at 12/29/2009 05:28PM by id.

Options: ReplyQuote
Re: spoof reverse DNS..
Posted by: darknessends
Date: January 05, 2010 01:38AM

Guys Guys Guys ::
Are u going to bring the CSS injections to DNS now ?? Gosh !! Someday you are gonna crash internet am sure.

Options: ReplyQuote
Re: spoof reverse DNS..
Posted by: sirdarckcat
Date: January 07, 2010 08:49PM

CSS? =/ yeah.. right..

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: spoof reverse DNS..
Posted by: Gareth Heyes
Date: January 08, 2010 08:34AM

DNSSS

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: spoof reverse DNS..
Posted by: darknessends
Date: January 22, 2010 03:06PM

@SirDarckCat, Sorry, I meant XSS.

Options: ReplyQuote
Re: spoof reverse DNS..
Posted by: Gareth Heyes
Date: April 26, 2010 03:34PM

http://www.skullsecurity.org/blog/?p=433

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: spoof reverse DNS..
Posted by: sirdarckcat
Date: April 29, 2010 02:09AM

yep! but we still need the victim to try to resolve the domain to our IP.. :(

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: spoof reverse DNS..
Posted by: picci
Date: May 14, 2010 07:00PM

hahahaha, good one guys.

anyways.... about SQL injections... any site that offers a DNS lookup service will probably have fun logging everything.. and where if not in a mysql db?

trying to think about what else could be done with this stuff.. nothing coming to mind atm.. will re-post l8r if i get any ideas.

Options: ReplyQuote


Sorry, only registered users may post in this forum.