Author Topic: Problem with DNS servers allow phishing attacks...  (Read 3005 times)

0 Members and 1 Guest are viewing this topic.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Problem with DNS servers allow phishing attacks...
« on: October 22, 2005, 01:53:03 pm »
There are a lot of problems with IE and Outlook that let you show one thing in the status bar/address bar and a different site, but here's a fairly cross platform method. 

Use the url, "http://www.anysiteyouwant.com+www.evilsite.com".  For example, I'm making up an ip here:
http://www.citibank.com+207.161.152.16.  That will take the user to 207.161.152.16. 

This isn't a browser problem, however, this is a DNS problem.  Here is an example, using a DNS name:

iago@slayer:~$ host "www.seclists.org"
www.seclists.org has address 205.217.153.59
iago@slayer:~$ host "any-site-here.com+www.seclists.org"
any-site-here.com+www.seclists.org has address 205.217.153.59

One interesting thing to note, however, is that this doesn't work in FireFox. 

Offline deadly7

  • 42
  • x86
  • Hero Member
  • *****
  • Posts: 6496
    • View Profile
Re: Problem with DNS servers allow phishing attacks...
« Reply #1 on: October 22, 2005, 03:17:11 pm »
Haha, where'd you find this out? Neat.
[17:42:21.609] <Ergot> Kutsuju you're girlfrieds pussy must be a 403 error for you
 [17:42:25.585] <Ergot> FORBIDDEN

on IRC playing T&T++
<iago> He is unarmed
<Hitmen> he has no arms?!

on AIM with a drunk mythix:
(00:50:05) Mythix: Deadly
(00:50:11) Mythix: I'm going to fuck that red dot out of your head.
(00:50:15) Mythix: with my nine

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: Problem with DNS servers allow phishing attacks...
« Reply #2 on: October 22, 2005, 03:41:17 pm »
On a mailing list.