From 69baadce295e6123509a71b3bf2c474ede0a8c4d Mon Sep 17 00:00:00 2001 From: radekk Date: Sun, 15 Sep 2019 13:39:21 +0200 Subject: [PATCH 1/4] Adding a new DNS Rebinding section for tips and tools --- README.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README.md b/README.md index a2b0983..e480e70 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Web Shell](#web-shell) - [OSINT](#osint) - [Books](#books) + - [DNS Rebinding](#dns-rebinding) - [Evasions](#evasions) - [CSP](#evasions-csp) - [WAF](#evasions-waf) @@ -95,6 +96,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Webshell](#tools-webshell) - [Disassembler](#tools-disassembler) - [Decompiler](#tools-decompiler) + - [DNS Rebinding](#tools-dns-rebinding) - [Others](#tools-others) - [Social Engineering Database](#social-engineering-database) - [Blogs](#blogs) @@ -292,10 +294,17 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [102 Deep Dive in the Dark Web OSINT Style Kirby Plessas](https://www.youtube.com/watch?v=fzd3zkAI_o4) - Presented by [@kirbstr](https://twitter.com/kirbstr). - [The most complete guide to finding anyone’s email](https://www.blurbiz.io/blog/the-most-complete-guide-to-finding-anyones-email) - Written by [Timur Daudpota](https://www.blurbiz.io/). + ### Books - [XSS Cheat Sheet - 2018 Edition](https://leanpub.com/xss) - Written by [@brutelogic](https://twitter.com/brutelogic). + +### DNS Rebinding + +- [Attacking Private Networks from the Internet with DNS Rebinding](https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325) - Written by [@brannondorsey](https://medium.com/@brannondorsey) +- [Hacking home routers from the Internet](https://medium.com/@radekk/hackers-can-get-access-to-your-home-router-1ddadd12a7a7) - Written by [@radekk](https://medium.com/@radekk) + ## Evasions @@ -657,6 +666,14 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [CFR](http://www.benf.org/other/cfr/) - Another java decompiler by [@LeeAtBenf](https://twitter.com/LeeAtBenf). + +### DNS Rebinding + +- [DNS Rebind Toolkit](https://github.com/brannondorsey/dns-rebind-toolkit) - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN) by [@brannondorsey] +- [dref](https://github.com/mwrlabs/dref) - DNS Rebinding Exploitation Framework. Dref does the heavy-lifting for DNS rebinding. +- [Singularity of Origin](https://github.com/nccgroup/singularity) - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine by [@nccgroup] +- [Whonow DNS Server](https://github.com/brannondorsey/whonow) - A malicious DNS server for executing DNS Rebinding attacks on the fly by [@brannondorsey] + ### Others From 8cebee9f781037a847c94260d8a8b63bbb3c4e7f Mon Sep 17 00:00:00 2001 From: radekk Date: Sun, 15 Sep 2019 13:43:44 +0200 Subject: [PATCH 2/4] Fixing links to github users --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e480e70..84cc5ea 100644 --- a/README.md +++ b/README.md @@ -669,10 +669,10 @@ If you enjoy this awesome list and would like to support it, check out my [Patre ### DNS Rebinding -- [DNS Rebind Toolkit](https://github.com/brannondorsey/dns-rebind-toolkit) - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN) by [@brannondorsey] -- [dref](https://github.com/mwrlabs/dref) - DNS Rebinding Exploitation Framework. Dref does the heavy-lifting for DNS rebinding. -- [Singularity of Origin](https://github.com/nccgroup/singularity) - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine by [@nccgroup] -- [Whonow DNS Server](https://github.com/brannondorsey/whonow) - A malicious DNS server for executing DNS Rebinding attacks on the fly by [@brannondorsey] +- [DNS Rebind Toolkit](https://github.com/brannondorsey/dns-rebind-toolkit) - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN) by [@brannondorsey](https://github.com/brannondorsey) +- [dref](https://github.com/mwrlabs/dref) - DNS Rebinding Exploitation Framework. Dref does the heavy-lifting for DNS rebinding by [@mwrlabs](https://github.com/mwrlabs) +- [Singularity of Origin](https://github.com/nccgroup/singularity) - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine by [@nccgroup](https://github.com/nccgroup) +- [Whonow DNS Server](https://github.com/brannondorsey/whonow) - A malicious DNS server for executing DNS Rebinding attacks on the fly by [@brannondorsey](https://github.com/brannondorsey) ### Others From c6ac2c5ddb5251c871d8c6cb2c10fa285a75e322 Mon Sep 17 00:00:00 2001 From: radekk Date: Sun, 15 Sep 2019 13:49:22 +0200 Subject: [PATCH 3/4] Update README-jp.md --- README-jp.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README-jp.md b/README-jp.md index 7d275f7..1b7364c 100644 --- a/README-jp.md +++ b/README-jp.md @@ -50,6 +50,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Web Shell](#web-shell) - [OSINT](#osint) - [Books](#books) + - [DNS Rebinding](#dns-rebinding) - [Evasions](#evasions) - [CSP](#evasions-csp) - [WAF](#evasions-waf) @@ -95,6 +96,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Webshell](#tools-webshell) - [Disassembler](#tools-disassembler) - [Decompiler](#tools-decompiler) + - [DNS Rebinding](#tools-dns-rebinding) - [Others](#tools-others) - [Social Engineering Database](#social-engineering-database) - [Blogs](#blogs) @@ -295,10 +297,17 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [102 Deep Dive in the Dark Web OSINT Style Kirby Plessas](https://www.youtube.com/watch?v=fzd3zkAI_o4) - Presented by [@kirbstr](https://twitter.com/kirbstr). - [The most complete guide to finding anyone’s email](https://www.blurbiz.io/blog/the-most-complete-guide-to-finding-anyones-email) - Written by [Timur Daudpota](https://www.blurbiz.io/). + ### Books - [XSS Cheat Sheet - 2018 Edition](https://leanpub.com/xss) - Written by [@brutelogic](https://twitter.com/brutelogic). + +### DNS Rebinding + +- [Attacking Private Networks from the Internet with DNS Rebinding](https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325) - Written by [@brannondorsey](https://medium.com/@brannondorsey) +- [Hacking home routers from the Internet](https://medium.com/@radekk/hackers-can-get-access-to-your-home-router-1ddadd12a7a7) - Written by [@radekk](https://medium.com/@radekk) + ## Evasions @@ -662,6 +671,14 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [CFR](http://www.benf.org/other/cfr/) - Another java decompiler by [@LeeAtBenf](https://twitter.com/LeeAtBenf). + +### DNS Rebinding + +- [DNS Rebind Toolkit](https://github.com/brannondorsey/dns-rebind-toolkit) - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN) by [@brannondorsey](https://github.com/brannondorsey) +- [dref](https://github.com/mwrlabs/dref) - DNS Rebinding Exploitation Framework. Dref does the heavy-lifting for DNS rebinding by [@mwrlabs](https://github.com/mwrlabs) +- [Singularity of Origin](https://github.com/nccgroup/singularity) - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine by [@nccgroup](https://github.com/nccgroup) +- [Whonow DNS Server](https://github.com/brannondorsey/whonow) - A malicious DNS server for executing DNS Rebinding attacks on the fly by [@brannondorsey](https://github.com/brannondorsey) + ### Others From 225487758a08fae804b09fe400dad42840117c40 Mon Sep 17 00:00:00 2001 From: radekk Date: Sun, 15 Sep 2019 13:50:58 +0200 Subject: [PATCH 4/4] Update README-zh.md --- README-zh.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/README-zh.md b/README-zh.md index 48cdf3d..7c5eb51 100644 --- a/README-zh.md +++ b/README-zh.md @@ -50,6 +50,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Web Shell](#web-shell) - [OSINT](#osint) - [Books](#books) + - [DNS Rebinding](#dns-rebinding) - [Evasions](#evasions) - [CSP](#evasions-csp) - [WAF](#evasions-waf) @@ -95,6 +96,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Webshell](#tools-webshell) - [Disassembler](#tools-disassembler) - [Decompiler](#tools-decompiler) + - [DNS Rebinding](#tools-dns-rebinding) - [Others](#tools-others) - [Social Engineering Database](#social-engineering-database) - [Blogs](#blogs) @@ -315,6 +317,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [102 Deep Dive in the Dark Web OSINT Style Kirby Plessas](https://www.youtube.com/watch?v=fzd3zkAI_o4) - Presented by [@kirbstr](https://twitter.com/kirbstr). - [The most complete guide to finding anyone’s email](https://www.blurbiz.io/blog/the-most-complete-guide-to-finding-anyones-email) - Written by [Timur Daudpota](https://www.blurbiz.io/). + ### Books - [Security Geek 2016 - Part. A](http://bobao.360.cn/download/book/security-geek-2016-A.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). @@ -325,6 +328,12 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Security Geek 2017 - Q4](https://static.anquanke.com/download/b/security-geek-2017-q4.pdf) - Written by [360网络攻防实验室](https://weibo.com/360adlab). - [XSS Cheat Sheet - 2018 Edition](https://leanpub.com/xss) - Written by [@brutelogic](https://twitter.com/brutelogic). + +### DNS Rebinding + +- [Attacking Private Networks from the Internet with DNS Rebinding](https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325) - Written by [@brannondorsey](https://medium.com/@brannondorsey) +- [Hacking home routers from the Internet](https://medium.com/@radekk/hackers-can-get-access-to-your-home-router-1ddadd12a7a7) - Written by [@radekk](https://medium.com/@radekk) + ## Evasions @@ -706,6 +715,14 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [CFR](http://www.benf.org/other/cfr/) - Another java decompiler by [@LeeAtBenf](https://twitter.com/LeeAtBenf). + +### DNS Rebinding + +- [DNS Rebind Toolkit](https://github.com/brannondorsey/dns-rebind-toolkit) - DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network (LAN) by [@brannondorsey](https://github.com/brannondorsey) +- [dref](https://github.com/mwrlabs/dref) - DNS Rebinding Exploitation Framework. Dref does the heavy-lifting for DNS rebinding by [@mwrlabs](https://github.com/mwrlabs) +- [Singularity of Origin](https://github.com/nccgroup/singularity) - It includes the necessary components to rebind the IP address of the attack server DNS name to the target machine's IP address and to serve attack payloads to exploit vulnerable software on the target machine by [@nccgroup](https://github.com/nccgroup) +- [Whonow DNS Server](https://github.com/brannondorsey/whonow) - A malicious DNS server for executing DNS Rebinding attacks on the fly by [@brannondorsey](https://github.com/brannondorsey) + ### Others