How to setup a BIND9 DNS server for OOB Exfiltration! (step by step) BUG BOUNTY - PENTEST
ฝัง
- เผยแพร่เมื่อ 7 ม.ค. 2020
- A quick HEADS UP! Secure your sever once deployed!!
Fersingb brought it to my attention that the default state of the server allows for external recursions and lookups, (this is not good at all) so make sure you lock down the DNS server by limiting the recursions to localhost using this trick
gist.github.com/fersingb/f29d...
Bug Bounty hunters and Pentesters alike, they all love to run their own domain and DNS Servers to log Out of Band interactions caused by RCEs, XXE's SSRFs and blind requests. And now you can do that too! Better safe than sorry!!
This tutorial will guide you through the process of setting up your own domain and installing BIND9 on a AWS hosted Free Tier Virtual machine in a very simple way using a custom script created by JuxhinDB!
Setup Script and tools used:
github.com/JuxhinDB/OOB-Server
teamrot.fi
/ putsi
aws.amazon.com
Comments are disabled by default, but you can find me and the community over at / stokfredrik
-------------- -- --
Support my work:
Join me on Patreon! / stokfredrik
Need a shell to hack from? setup your own droplet today!
Get $100 credit on Digital Ocean using this link
m.do.co/c/5884b0601466
-------------- -- --
FAQ:
What gear do you use? :
Check out www.stokfredrik.com
Dude, I love what you do can we do "work stuff" together?
Sure, Email me at workwith @ stokfredrik.com - วิทยาศาสตร์และเทคโนโลยี
![CAMPปลิ้น | EP.79[1/2] แก๊งไทบ้านพาบุกเมืองบั้งไฟโก้ ยโสธรรรร!!!](http://i.ytimg.com/vi/Ldr3_fvTEXk/mqdefault.jpg)
