Security firm NCC Group has released an open source tool for penetration testing dubbed Singularity of Origin that allows carrying out DNS rebinding attacks.
Singularity also aims to raise awareness on how DNS rebinding attacks work and how to protect from them.
A DNS rebinding attack allows any website to create a DNS name that they are authorized to communicate with, and then make it resolve to localhost.
This attack technique could be exploited to target a vulnerable machine and exploit vulnerabilities in applications running on the localhost interface or exposing local services.
The attacker only needs to trick victims into visiting a malicious page or view a malicious ad to launch the attack.
“During recent security assessments, we’ve seen applications running on the localhost interface or exposing services on an internal network without authentication. This includes Electron-based applications or applications exposing Chrome Developer Tools and other various debuggers,” states NCC Group Senior Security Consultant Roger Meyer.
“Exploiting such services is typically straight forward, but it takes a substantial effort to implement an attack in the context of a security assessment. There are tools available to exploit DNS rebinding vulnerabilities but they pose a number of challenges including the lack of support or documentation. They sometimes do not even work, are very specific and/or do not provide a full exploitation stack, requiring much effort to assemble and integrate all the missing bits and pieces.”
Differently from publicly available tools for DNS rebinding attacks, the Singularity tool provides a full exploitation stack.
It implements a custom DNS server that allows rebinding the DNS name and IP address of the attacker’s server to the targeted machine and includes an HTTP server for serving HTML and JavaScript code to targeted users.
The Singularity tool includes several attack payloads that allow pen testers to carry out various activities, such as grabbing an app’s homepage and remotely executing code.
The payload could be modified to implements new attacks.
NCC Group published the source code for the Singularity tool on GitHub and a demo instance of the tool is available at the following URL:
http://rebind.it:8080/manager.html
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – DNS rebinding attack, Singularity Tool)
[adrotate banner=”5″]
[adrotate banner=”13″]