changed dns to dns-projects to divide scripts and projects

dns-projects/dnsdigger/dns-server.dat

@@ -0,0 +1 @@
+217.5.115.7

dns-projects/dnsdigger/dnsdigger.pl

@@ -0,0 +1,325 @@
+#!/usr/local/bin/perl
+# (c) 2003 Michael Thumann
+# Distribute freely
+# DNS Module from Michael Fuhr, Thankx Michael ;-).
+
+use Net::DNS;
+
+sub get_axfr{
+print "\nInitiating Zone Transfer ...\n";
+$res->usevc(1);
+@zone = $res->axfr($domain);
+    if (@zone) {
+        foreach $rr (@zone) {
+            $rr->print;
+        }
+        print "\n----------------------------------------------------------------------\n\n";
+        return 1;
+    }
+    else {
+        print ';;Zone transfer failed: ', $res->errorstring, "\n";
+        print "\n----------------------------------------------------------------------\n\n";
+        return 0;
+    }
+}
+
+sub find_rootserver{
+$res->usevc(0);
+ if (open(ROOT,"root-servers.dat")){
+  while (<ROOT>){
+         chomp($_);
+         $res->nameservers($_);
+         print "Asking Root Server $_\n";
+         $packet=$res->send($domain, 'NS');
+         if ($packet){
+         @additional_tld = $packet->additional;
+         if (@additional_tld) {
+             foreach $rr (@additional_tld) {
+             $tld=$rr->rdatastr;
+             if (find_ns()){close(ROOT); return 1;}
+             else {print "No Records found!\n";}
+             }
+             }
+             }
+         }
+         close(ROOT);             
+         return 0;
+         die "Can't connect to the Root-Servers! \n";
+     }
+   else {die "Can't open root-servers.dat!\n";}
+close(ROOT);
+}
+
+sub resolve_name{
+# Enter the IP of your favorite DNS Server in the next line
+#$res->nameservers('217.5.115.7');
+if (open(DNS,"dns-server.dat")){
+  while (<DNS>){
+         chomp($_);
+         $res->nameservers($_);
+         }
+    }
+close(DNS);
+print "Resolving $name\n";
+$packet_resolve=$res->send($name,'ANY');
+if ($packet_resolve){
+     @nameserv = $packet_resolve->answer;
+     if (@nameserv) {
+         foreach $rr (@nameserv) {
+         $ns=$rr->rdatastr;}
+     }
+    }
+}
+
+sub find_ns{
+$ok=0;
+$res->usevc(0);
+$res->recurse(1);
+$res->nameservers($tld);
+print "Asking TLD Server $tld\n";
+$packet=$res->send($domain, 'NS');
+if ($packet){
+     @additional_ns = $packet->additional;
+     @answer_ns = $packet->answer;
+     if (@additional_ns) {
+         foreach $rr (@additional_ns) {
+         $ns=$rr->rdatastr;
+         if (get_dns()){$ok= 1;}
+         }
+         if ($ok){return 1;}
+     }
+     else {
+     if (@answer_ns) {
+         foreach $rr (@answer_ns) {
+         $name=$rr->rdatastr;
+         resolve_name();
+         if (get_dns()){$ok= 1;}
+         }
+         if ($ok){return 1;}
+     }
+     else {return 0;}
+     }
+}
+return 0;
+}
+
+sub get_dns(){
+$res->nameservers($ns);
+$res->usevc(0);
+print "Asking Name Server $ns\n";
+if ($version){get_ver();}
+$packet=$res->send($domain, 'NS');
+if ($packet){
+if ( get_axfr()){
+    print " Zone Transfer succesful!\n";
+    }
+else {
+     get_any();
+     get_activedir();
+     if ($dig){dig_dns();}
+     print "All possible information for $domain gathered!\n";
+}
+return 1;
+}
+else {return 0;}
+}
+
+sub get_ver{
+$res->usevc(0);
+print "\nChecking for DNS Server Version ...\n";
+$packet=$res->query('version.bind', 'TXT','CH');
+if ($res->errorstring eq "NOTIMP"){print "Microsoft DNS Server detected!\n";}
+if ($res->errorstring eq "FORMERR"){print "TinyDNS Server detected!\n";}
+if ($res->errorstring eq "NOERROR")
+{
+    print "BIND DNS Server detected!\n";
+    if ($packet) { 
+     @dnsversion = $packet->answer;
+     if (@dnsversion) {
+         foreach $rr (@dnsversion) {
+         $ver=$rr->rdatastr;
+         print "BIND Version: $ver \n";}
+     }
+    }
+}
+}
+
+sub get_any{
+print "\nGetting ANY DNS Record ...\n";
+$res->usevc(0);
+$packet=$res->query($domain, 'ANY');
+if ($packet) { 
+     $packet->print;
+     print "\n----------------------------------------------------------------------\n\n";
+    }
+@dnstypes=(
+"A",
+"AAAA",
+"AFSDB",
+"CERT",
+"CNAME",
+"DNAME",
+"EID",
+"HINFO",
+"ISDN",
+"LOC",
+"MB",
+"MG",
+"MINFO",
+"MR",
+"MX",
+"NAPTR",
+"NIMLOC",
+"NS",
+"NSAP",
+"NULL",
+"OPT",
+"PTR",
+"PX",
+"RP",
+"RT",
+"SOA",
+"TKEY",
+"TSIG",
+"TXT",
+"WKS",
+"X25"
+);
+foreach $i (@dnstypes) {
+ print "\nTrying $i Record Type ...\n";
+ $packet=$res->query($domain, $i);
+ if ($packet) { 
+     $packet->print;
+     print "\n----------------------------------------------------------------------\n\n";
+     }
+}
+}
+
+sub get_activedir{
+print "\nLooking for Active Directory SRV Records ...\n";
+$res->usevc(0);
+@srvtype=(
+"_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.",
+"_kerberos._tcp.Default-First-Site-Name._sites.",
+"_kerberos._tcp.dc._msdcs.",
+"_kerberos._tcp.",
+"_kerberos._udp.",
+"_kpasswd._tcp.",
+"_kpasswd._udp.",
+"_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.",
+"_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.",
+"_ldap._tcp.Default-First-Site-Name._sites.",
+"_ldap._tcp.dc._msdcs.",
+"_ldap._tcp.gc._msdcs.",
+"_ldap._tcp.pdc._msdcs.",
+"_ldap._tcp.",
+"_gc._tcp.Default-First-Site-Name._sites.",
+"_gc._tcp."
+);
+foreach $i (@srvtype) {
+ $service = $i.$domain;
+ print "\nTrying $service ...\n";
+ $packet=$res->query($service, 'SRV');
+ if ($packet) { 
+     $packet->print;
+     print "\n----------------------------------------------------------------------\n\n";
+    }
+}
+}
+
+sub dig_dns{
+print "\nStarting the DNS Digger ...\n";
+@hybridlst1=("0","1","2","3","4","5","6","7","8","9");
+@hybridlst2=("0","1","2","3","4","5","6","7","8","9");
+$res->usevc(0);
+ if (open(NAMES,"names.txt")){
+  while (<NAMES>){
+         chomp($_);
+         $host = $_.".".$domain;
+         $packet=$res->query($host, 'ANY');
+         if ($packet){
+             $packet->print;
+             print "\n----------------------------------------------------------------------\n\n";
+         }
+         if ($hybrid){
+             foreach $h1 (@hybridlst1) {
+             foreach $h2 (@hybridlst2) {
+               $hybrid_host=$_.$h1.$h2.".".$domain;
+               $packet=$res->query($hybrid_host, 'ANY');
+               if ($packet){
+                  $packet->print;
+                  print "\n----------------------------------------------------------------------\n\n";
+                  }
+              }
+             }
+         }
+         if ($silent){sleep 1};         
+         }
+      }
+   else {print "Can't open names.txt!\n";}
+close(NAMES);
+}
+
+sub usage(){
+print "\nUsage: perl dnsdigger.pl <domain name> [OPTIONS]\n";
+print "-----------------------------------------------------------\n";
+print "OPTIONS:\n";
+print "silent : Activates a time loop of 1 second in the DNS Digger function\n";
+print "debug  : Starts a debug output\n";
+print "nodig  : Disable the Digger\n";
+print "port53 : Use Port 53 as Source Port\n";
+print "host   : Use a specific DNS Server and must be followed by the IP Address\n";
+print "hybrid : Appends 01 to 99 to the names while digging\n";
+print "version: Try to get the DNS Server Version\n";
+print "\nEXAMPLES:\n";
+print "perl dnsdigger.pl example.com\n";
+print "perl dnsdigger.pl example.com silent\n";
+print "perl dnsdigger.pl example.com debug\n";
+print "perl dnsdigger.pl example.com host 10.1.1.1\n";
+exit;
+}
+
+# Main Programm
+if (@ARGV==0){usage();}
+$dig=1;
+$root=1;
+$version=0;
+print "\n";
+print "DNSDigger 0.3beta (c) 2003 by Michael Thumann (mthumann\@ernw.de)\n";
+print "----------------------------------------------------------------------\n\n";
+$res = Net::DNS::Resolver->new;
+$res->tcp_timeout(5);
+$res->udp_timeout(5);
+$res->retry(2);
+$res->retrans(3);
+if (@ARGV==1){
+    $domain=$ARGV[0];
+    if (find_rootserver()){print "Done.\n";}
+    else{print "Error: Can't connect to the DNS Server!\n";}
+    }
+if (@ARGV>=2){
+    $domain=$ARGV[0];
+    for ($o=1;$o<=@ARGV;$o++){    
+        $option=$ARGV[$o];
+        if ($option eq "silent") {$silent=1;print "Time Loop enabled!\n"}
+        if ($option eq "debug") {$res->debug(1);print "Debug enabled!\n";}
+        if ($option eq "port53") {$res->srcport(53);print "Switching to Source Port 53!\n";}
+        if ($option eq "nodig") {$dig=0;print "Digger disabled!\n";}
+        if ($option eq "version") {$version=1;print "Query DNS Server Version enabled!\n";}
+        if ($option eq "hybrid") {$hybrid=1;print "Hybrid Mode for Digger enabled!\n";}
+        if ($option eq "host") {
+            $root=0;
+            print "Use specific DNS Server!\n";
+            $ns=$ARGV[$o+1];
+        }
+    }
+    if ($root){    
+       if (find_rootserver()){print "Done.\n";}
+       else{print "Error: Can't connect to the DNS Server!\n";}
+    }
+    else{
+       if (get_dns()){print "Done.\n";}
+       else{print "Error: Can't connect to the DNS Server!\n";}
+    }
+    }
+# end

dns-projects/dnsdigger/names.txt

@@ -0,0 +1,319 @@
+ILMI
+academico
+acceso
+access
+acid
+admin
+admins
+administracion
+administrador
+afiliados
+agenda
+agent
+aix
+alerts
+antivirus
+app
+apps
+appserver
+archie
+as400
+auto
+ayuda
+backup
+banking
+bbs
+bbdd
+bea
+beta
+bolsa
+buscador
+ca
+canal
+catalog
+certify
+cgi
+channel
+channels
+chat
+chats
+cisco
+clientes
+club
+cluster
+clusters
+code
+commerce
+community
+compaq
+compras
+consola
+console
+consumer
+contact
+contracts
+corporate
+correo
+correoweb
+cortafuegos
+cso
+data
+datos
+db
+db2
+default
+demo
+desarrollo
+descargas
+design
+dev
+develop
+developer
+device
+dial
+digital
+dilbert
+directory
+disc
+discovery
+disk
+disney
+dns
+dns1
+dns2
+dns3
+dns-2
+docs
+documentos
+documentacion
+domain
+domains
+dominio
+domino
+dominoweb
+download
+earth
+ecommerce
+e-commerce
+edi
+education
+ejemplo
+email
+empresa
+empresas
+enable
+engine
+engineer
+enterprise
+estadisticas
+events
+example
+exchange
+extern
+external
+extranet
+fax
+field
+firewall
+formacion
+foro
+foros
+forum
+forums
+foto
+fotos
+fsp
+ftp
+ftp2
+fw
+fw1
+fw-1
+galeria
+galerias
+galleries
+games
+gateway
+gopher
+guest
+gw
+hello
+help
+helpdesk
+helponline
+hp
+ibm
+ibmdb
+ids
+images
+imap
+imap4
+img
+info
+intern
+internal
+intranet
+invalid
+ipsec
+ipsec-gw
+irc
+ircserver
+jobs
+juegos
+ldap
+link
+linux
+lista
+lists
+listserver
+localhost
+log
+login
+lotus
+mail
+mailhost
+management
+manager
+map
+maps
+mapas
+marketing
+media
+members
+messenger
+mngt
+mobile
+monitor
+mrtg
+multimedia
+music
+names
+netdata
+netstats
+network
+news
+nms
+nntp
+nombres
+noticias
+ns
+ns1
+ns2
+ntp
+online
+openview
+outlook
+oracle
+page
+pages
+paginas
+partner
+partners
+pda
+personal
+ph
+pictures
+pix
+pop
+pop3
+portal
+postales
+prensa
+press
+private
+proxy
+prueba
+pruebas
+project
+projects
+public
+ra
+radio
+raptor
+ras
+read
+register
+registro
+remote
+reports
+resumenes
+root
+router
+rwhois
+sac
+schedules
+scotty
+search
+secret
+secure
+security
+seri
+serv
+serv2
+server
+service
+services
+servicio
+servidor
+shop
+shopping
+site
+sms
+smtp
+smtphost
+snmp
+snmpd
+snort
+solaris
+solutions
+soporte
+source
+sql
+ssl
+stats
+store
+streaming
+sun
+support
+switch
+sysback
+system
+tech
+terminal
+test
+tienda
+time
+tivoli
+transfers
+training
+uddi
+update
+video
+vpn
+wais
+wap
+web
+webdocs
+weblib
+weblogic
+webmail
+webserver
+webservices
+websphere
+whois
+wireless
+work
+world
+write
+w1
+w2
+w3
+ws
+ws1
+ws2
+ws3
+www
+www1
+www2
+www3
+
+

dns-projects/dnsdigger/readme.txt

@@ -0,0 +1,41 @@
+DNSDigger is a programm to gather as much as possible informations from DNS Servers. Two different methods are use:
+
+1. DNS Server Query
+Query every DNS Server that is responsible for the domain, primary and each secondary. Sometimes only one DNS Server is misconfigured, but that could be enough to get the whole zone file or a provider DNS is used. Some providers allow zone transfers from their DNS Servers.
+
+2. DNS Digging
+The idea is to use the same technique as with password attacks based on dictionaries to find hostnames hidden in the DNS zone.There's a names.txt which contains the dictionary. The option HYBRID will append the nummbers 01 to 99 to each entry in the names.txt to uncover additional hostnames.
+
+3. DNS Server Version
+DNSDigger uses a chaos class query to find out which DNS Server is running. Microsoft DNS Server and TinyDNS answer with a very special error message and BIND responds with it's version, if not configured to fake the information.
+
+4. Active Directory
+DNSdigger queries the common SRV records for windows 2000 domain controllers to identify them.
+
+The tools might be useful for all pen-testers that have to gather DNS informations during a pen-test.
+
+The program is in beta state, so there might be bugs. If you find some please report them to mthumann@ernw.de
+
+You need the NET::DNS Module from Michael Fuhr to run the program. You can download it from the original website
+http://www.net-dns.org
+or from activestate for ActivePerl
+http://ppm.activestate.com/PPMPackages/zips/6xx-builds-only/Net-DNS-0.34.zip
+
+For resolving dns names enter the ip address of your favorite dns server in the file dns-server.dat
+
+Known bugs:
+None so far ;-))
+
+License:
+Copyright (c) 2003 Michael Thumann. 
+You can use and distribute the program for free as long as the code is not modified.
+
+Disclaimer:
+The program is provided "AS IS" without warranty 
+of any kind. In no event shall the author be liable for any damages 
+whatsoever including direct, indirect, incidental, consequential, 
+loss of business profits or special damages due to the misuse of this
+program. 
+
+
+

dns-projects/dnsdigger/root-servers.dat

@@ -0,0 +1,13 @@
+198.41.0.4
+128.9.0.107
+192.33.4.12
+128.8.10.90
+192.203.230.10
+192.5.5.241
+192.112.36.4
+128.63.2.53
+192.36.148.17
+192.58.128.30
+193.0.14.129
+198.32.64.12
+202.12.27.33