Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
    alxk
    @serain
    @benichmt1 giving the fix a spin - it's in the fix-linting-error branch atm but if you give me a few minutes I'll confirm and merge into master
    spotted a couple of other errors, working on it
    alxk
    @serain
    @benichmt1 merged into master
    can you let me know if this worked?
    Francisco Oca
    @0ca
    Hey! I have a question about dref. In these instructions https://github.com/mwrlabs/dref/wiki/Setup you only change one of the NS servers, shouldn't you change both of them? I'm having problems that the domains only resolves sometimes
    alxk
    @serain
    Hey @0ca , I've been using dref with namecheap, only changing one of the NS, and have not had those problems
    that is a bit odd, can you set both of them to the same host in your registrar?
    Francisco Oca
    @0ca
    I'm not sure, I think I solved it adding a subdomain, and a NS entry
    I think the terminology is delegating a subdomain xD
    Maybe I should have waited a bit longer for the changes to propagate, I waited like 12 hours. When you do a dig NS yourdomain.com you see in the response your nameserver and the namecheap one?
    alxk
    @serain
    I'll have to check when I get home
    yeah so from my experience it doesn't usually take that long, ~30 mins and I'm golden usually
    Francisco Oca
    @0ca
    ok, thanks!
    plenumlab
    @plenumlab
    hey guys
    i'm having trouble setting up dref on ubuntu here is the error message , Error starting userland proxy: listen udp 0.0.0.0:53: bind: address already in use
    ERROR: Encountered errors while bringing up the project.
    do you guys know how to fix this thanks in advance
    plenumlab
    @plenumlab
    Never Mind i got a work around but yet i followed all the steps
    it works but i get no results
    Random Robbie
    @Random_Robbie_twitter
    does it take ages to add new subdomains?
    alxk
    @serain
    @plenumlab hey man, yeah you probably have something running on port 53/udp already?
    check with netstat and stop that service
    @Random_Robbie_twitter do you mean when you are adding new target in the dref-config.yml?
    you need to restart the docker-compose if you change dref-config.yml - the docs cover that
    give me a shout if any issues ^^
    plenumlab
    @plenumlab
    @alxk appearently it is an issue with ubuntu i used version 16 and it worked.
    it seems like nothing is being logged to the db i don't really know why
    i got a couple of hits using the demo module and sysinfo
    plenumlab
    @plenumlab
    im not sure why
    alxk
    @serain
    have you checked the docker-compose logs for any insights?
    @plenumlab
    I recommend just testing with sysinfo for now, it'll be easier to debug
    the docker-compose logs will either show the record that was inserted into the DB or the error you're having while trying to insert
    I did fix a bug earlier this afternoon, try to git pull origin master and see if that works
    plenumlab
    @plenumlab
    thanks now logs are working does it support ipv6 ?
    alxk
    @serain
    @plenumlab no unfortunately - you'd have to work on extending the custom DNS server to support AAAA records
    plenumlab
    @plenumlab
    thanx alot @serain
    plenumlab
    @plenumlab
    hello @serain i have been testing the tool it seems like it doesn't work in if CORS are inforced, i tried to see what happen on my machine but i wasn't able to extract any information, tried scanning an local ip reachable on 80 and got false positives
    alxk
    @serain
    @plenumlab I'll need a bit more details to help you out
    I just tried the latest from github (presumably the one you're using) - I can successfully exfiltrate HTTP pages from my home printer and router
    try to use the fetch-page payload first, by manually setting the host and port to check if it works
    if you got a false positive on the port (ie: it showed up closed instead of open) that could be a plurality of reasons, from network interference to peculiarities with the target tcp stack
    it's worth reading this https://github.com/serain/netmap.js for more information on how the browser-based port scanning works
    let me know how you get on!
    plenumlab
    @plenumlab
    @serain i have tried all the payloads none of them worked, scanning port 80,4444 and 1234 shows that all ports are open
    i tried to replicate the dns rebinding attack on aws service but it didn't work scanning show the whole ip range is accessible over port 80 and 8080, all hosts are live so im probably doing something wrong
    i'm 100% sure that the metadata api is accessible and not being filtered
    alxk
    @serain
    @plenumlab can you try exfiltrating something from an http service on your home network as a test?
    This message was deleted
    it'll be easier to figure out what's going wrong in a simpler setup like a home network
    you can console.log(results) from the netmap.tcpScan - that should show you the raw results from the scan... then look at the delta values for each port on say, your home router
    if you're happy with it, feel free to post the results from the scan on your router, it's possible you just need to tweak timeout or ratio options for your network