Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Security firm released Singularity, an open source DNS Rebinding attack tool

Cybersecurity firm NCC Group has released an open source tool for penetration testers that allows carrying out DNS rebinding attacks. Security firm NCC Group has released an open source tool for penetration testing dubbed Singularity of Origin that allows carrying out DNS rebinding attacks. Singularity also aims to raise awareness on how DNS rebinding attacks work and […]

Singularity DNS rebinding attack

Cybersecurity firm NCC Group has released an open source tool for penetration testers that allows carrying out DNS rebinding attacks.

Security firm NCC Group has released an open source tool for penetration testing dubbed Singularity of Origin that allows carrying out DNS rebinding attacks.

Singularity also aims to raise awareness on how DNS rebinding attacks work and how to protect from them.

Singularity DNS rebinding attack

A DNS rebinding attack allows any website to create a DNS name that they are authorized to communicate with, and then make it resolve to localhost.

This attack technique could be exploited to target a vulnerable machine and exploit vulnerabilities in applications running on the localhost interface or exposing local services.

The attacker only needs to trick victims into visiting a malicious page or view a malicious ad to launch the attack.

“During recent security assessments, we’ve seen applications running on the localhost interface or exposing services on an internal network without authentication. This includes Electron-based applications or applications exposing Chrome Developer Tools and other various debuggers,” states NCC Group Senior Security Consultant Roger Meyer.

“Exploiting such services is typically straight forward, but it takes a substantial effort to implement an attack in the context of a security assessment. There are tools available to exploit DNS rebinding vulnerabilities but they pose a number of challenges including the lack of support or documentation. They sometimes do not even work, are very specific and/or do not provide a full exploitation stack, requiring much effort to assemble and integrate all the missing bits and pieces.”

Differently from publicly available tools for DNS rebinding attacks, the Singularity tool provides a full exploitation stack.

It implements a custom DNS server that allows rebinding the DNS name and IP address of the attacker’s server to the targeted machine and includes an HTTP server for serving HTML and JavaScript code to targeted users.

The Singularity tool includes several attack payloads that allow pen testers to carry out various activities, such as grabbing an app’s homepage and remotely executing code.

The payload could be modified to implements new attacks.

NCC Group published the source code for the Singularity tool on GitHub and a demo instance of the tool is available at the following URL:

http://rebind.it:8080/manager.html

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – DNS rebinding attack, Singularity Tool)

[adrotate banner=”5″]

[adrotate banner=”13″]