The goals of this lab are to:
- Practice scapy-based packet injection
- Gain experience in hijacking DNS queries
DNS operates by default over UDP port 53. For an on-path attacker, it is straightforward to sniff queries and craft malicious responses. As one example, an attacker could forge a malicious response that maps a hostname to an IP address that the attacker controls.
In this lab, your objective is to perform exactly this attack. You have been provided a client in a container image that can be loaded and executed as follows:
$ docker load -i netsec-lab-dns-spoofing.img $ docker run -it --rm netsec-lab-dns-spoofing
This client will attempt to resolve the IP address for a server running a service it will try to communicate with. Your exploit should sniff these DNS queries and forge a response that maps that hostname to an IP address you control.
If you are successful, the client will send a UDP datagram to your IP address on port 5353. Your malicious server should respond with your
@northeastern.edu email address. The client will then print a JSON object.
An exploit skeleton as well as the client container image is available in Canvas.
- Forge malicious DNS responses to redirect the client to a malicious server you control
Submit the JSON object the client outputs to Canvas.