Wednesday, 2019-07-17, 0:17 AM
TechGeenix MainRegistrationLogin
Welcome Guest | RSS
Site menu
Section categories
Computer tricks and tips [5]
Advanced Computing [6]
H4ckers' Z0n3 [8]

Total online: 1
Guests: 1
Users: 0
Login form
Main » 2012 » September » 2 » DNS poisoning via Port Exhaustion
7:32 PM
DNS poisoning via Port Exhaustion

Today we are releasing a very interesting whitepaper which describes a DNS poisoning attack against stub resolvers.
It discloses two vulnerabilities:
  1. A vulnerability in Java (CVE-2011-3552, CVE-2010-4448) which enables remote DNS poisoning using Java applets. This vulnerability can be triggered when opening a malicious webpage. A successful exploitation of this vulnerability may lead to disclosure and manipulation of cookies and web pages, disclosure of NTLM credentials and clipboard data of the logged-on user, and even firewall bypass.
  1. A vulnerability in multiuser Windows environments which enables local DNS cache poisoning of arbitrary domains. This  vulnerability can be triggered by a normal user (i.e. one with non-administrative rights) in order to attack other users of the system. A successful exploitation of this vulnerability may lead to information disclosure, privilege escalation, universal XSS and more.
The whitepaper can be found here.
A few video demos of our Proof-of-Concept:
  1. Attack: Remote DNS poisoning via Java Applets: Cookie theft.
  1. Environment: Ubuntu 11.04, Firefox 7.0.1. Movie link  
  1. Attack: Remote DNS poisoning via Java Apples: NTLM credentials and Clipboard theft.
  1. Environment: Windows 2008, Internet Explorer 9.  Movie link
  1. Attack: Remote DNS poisoning via Java Applets: Firewall bypass.
  1. Environment: Windows 2008, Firefox 7.0.1. Movie Link
  1. Attack: Local DNS poisoning via port exhaustion. Movie link
  1. Environment: Windows 2008
Category: H4ckers' Z0n3 | Views: 1625 | Added by: geenix | Rating: 0.0/0
Total comments: 0
Name *:
Email *:
Code *:
«  September 2012  »
Entries archive
Site friends
  • Create a free website
  • Online Desktop
  • Free Online Games
  • Video Tutorials
  • All HTML Tags
  • Browser Kits
  • Copyright k4ll0l © 2019