Nmap Development mailing list archives

Re: DNSSEC nsec3 enumeration script

From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 8 Jun 2012 23:13:49 +0200

On Fri, Jun 8, 2012 at 10:59 PM, David Fifield <david () bamsoftware com> wrote:

On Wed, Jun 06, 2012 at 12:16:58PM +0200, Aleksandar Nikolic wrote:

I've just finished most of the work on dns-nsec3-enum script.

How this works:
When DNSSEC nsec3 capable server is asked for a non existant domain
it replies with something like:
There are no domains who's names' hashes are between HASH_A nad HASH_B.

That single reply gives us some information.
First, it gives us two domain hashes,  salt and number of iterations
used to hash the names.
Second, it tells us which other ranges we should check for more hashes.

By doing a search and keeping track of ranges we can pretty quickly
exhaust all the ranges
and conclude that we know all the hashes for which the server is responsible.

Once we get the hashes, the salt and number of iterations, we can
proceed to crack them offline.

With all this, we can sort of do a zone transfer and reveal all domains.


This is great work, Aleksandar. Did you test the script with subdomains?
For example the @output of dns-nsec-enum has names like
|     dugtrio.example.com
|     www.dugtrio.example.com
|     gyarados.example.com
|       johto.example.com
|       blue.johto.example.com
|       green.johto.example.com
|       ns.johto.example.com
|       red.johto.example.com

You might consider, rather than generating a random string each time
using Lua's built-in generator, instead initializing a large counter
(where a "counter" is going over the possible domain name characters)
and then just incrementing it. So for example you first guess might be
FvNssgHPeEQy0RgQ and your next
FvNssgHPeEQy0RgR and your next
FvNssgHPeEQy0RgS and so on.

David Fifield


I don't understand, I am not generating hashes at random , I'm
generating domains at random
and then checking if they hash to something that falls into one of the ranges.
I do need the plaintext of the hash to actually do the query.
And just incrementing the domain names wouldn't be of any use since
that relation
is destroyed by hashing.

Or am I missing your point ?

Will run a test against some "double" subdomain sample to see what happens.
Altho I do handle those as the protocol suggests haven't tested them
explicitly.

Aleksandar
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

DNSSEC nsec3 enumeration script Aleksandar Nikolic (Jun 06)
- Re: DNSSEC nsec3 enumeration script David Fifield (Jun 08)
  - Re: DNSSEC nsec3 enumeration script Aleksandar Nikolic (Jun 08)
  - Re: DNSSEC nsec3 enumeration script Aleksandar Nikolic (Jun 09)