Security company NCC Group have released an open source tool for penetration testing named Singularity, the tool allows security researchers to test for rebinding attacks. A DNS Rebinding attack allows a website to create a fake DNS name and force visitors to run a client-side script that attacks other hosts on the network.
How can DNS Rebinding be used?
This technique can be used to target a vulnerable machine and exploit vulnerabilities in the application running on the localhost interface to expose local services. The attacker just needs to coerce their victim into browsing a malicious page.
“During recent security assessments, we’ve seen applications working on the localhost interface or exposing services on an inside network without authentication. This includes Electron-based purposes or applications exposing Chrome Developer Tools and other various debuggers,” states NCC Group Senior Security Consultant Roger Meyer.
What are the advantages of this tool?
The singularity tool provides a full exploitation suite to perform the attack. The tool implements a custom DNS server which allows the rebinding of the DNS and the IP address of the attacker’s server which includes an HTTP server for serving JavaScript and HTML content on targeted users. The tool is also provides various payloads which allow the attackers to perform various activities such as remotely executing code.
How does this tool Re-Bind the DNS?
The tool uses a custom DNS server to rebind the DNS name and IP address of the attacker’s server thus helping the attacker serve content to the victim.
NCC group has published the entire source code for the tool in GitHub. The tool is also available at the following URL.