Attempt to perform the equivalent of this operation:
dig www.google.com @ns1.sandbox.alphasoc.xyz
We'll then set up a simple resolver (e.g. TinyDNS) on the server that only ever resolves www.google.com and we can test to see whether it's possible in customer environments for arbitrary name servers to be used by workstations (which can be used to facilitate DNS hijacking..)
Here's what it would look like in terms of terminal output:
Time Module Description
--------------------------------------------------------------------------------
09:30:28 hijack Starting
09:30:28 hijack Resolving www.google.com via ns1.sandbox.alphasoc.xyz
09:30:29 hijack Success! DNS hijacking is possible in this environment
09:30:30 hijack Finished
If the test fails, we'd serve this instead:
Time Module Description
--------------------------------------------------------------------------------
09:30:28 hijack Starting
09:30:28 hijack Resolving www.google.com via ns1.sandbox.alphasoc.xyz
09:30:29 hijack Test failed (queries to arbitrary DNS servers are blocked)
09:30:30 hijack Finished
Attempt to perform the equivalent of this operation:
dig www.google.com @ns1.sandbox.alphasoc.xyzWe'll then set up a simple resolver (e.g. TinyDNS) on the server that only ever resolves
www.google.comand we can test to see whether it's possible in customer environments for arbitrary name servers to be used by workstations (which can be used to facilitate DNS hijacking..)Here's what it would look like in terms of terminal output:
If the test fails, we'd serve this instead: