Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

NCC Group Releases Open Source DNS Rebinding Attack Tool

Cyber security and risk mitigation company NCC Group has released a new open source tool designed to make it easier for penetration testers and others to perform DNS rebinding attacks.

Cyber security and risk mitigation company NCC Group has released a new open source tool designed to make it easier for penetration testers and others to perform DNS rebinding attacks.

DNS rebinding, an attack method that has been known for more than a decade, can allow a remote hacker to abuse a targeted entity’s web browser to directly communicate with devices on the local network. DNS rebinding can be leveraged to exploit vulnerabilities in services the targeted machine has access to.

Getting the target to access a malicious page or view a malicious ad is often enough to conduct an attack that can lead to theft of sensitive information or taking control of vulnerable systems.

NCC Group on Friday announced the availability of Singularity of Origin, an open source tool designed for conducting DNS rebinding attacks.

“During recent security assessments, we’ve seen applications running on the localhost interface or exposing services on an internal network without authentication. This includes Electron-based applications or applications exposing Chrome Developer Tools and other various debuggers,” NCC Group Senior Security Consultant Roger Meyer said in a blog post.

“Exploiting such services is typically straight forward, but it takes a substantial effort to implement an attack in the context of a security assessment. There are tools available to exploit DNS rebinding vulnerabilities but they pose a number of challenges including the lack of support or documentation. They sometimes do not even work, are very specific and/or do not provide a full exploitation stack, requiring much effort to assemble and integrate all the missing bits and pieces,” Meyer noted.

According to NCC, Singularity provides a complete exploitation stack, including a custom DNS server that allows rebinding the DNS name and IP address of the attacker’s server to the targeted machine, an HTTP server for serving HTML and JavaScript code to targeted users, and various attack payloads. The payloads, which include grabbing an app’s homepage and remotely executing code, can be adapted for new and custom attacks.

NCC Group Senior Security Consultant Gerald Doussot told SecurityWeek that the purpose of Singularity is to provide penetration testers “a simple tool that rapidly exploits a DNS rebinding attack finding and illustrates graphically its potential impact, including remote code execution.”

Advertisement. Scroll to continue reading.

Singularity also aims to increase awareness of DNS rebinding attacks among application developers and security teams.

“We wanted to increase awareness that DNS rebinding attacks are easy to exploit and damaging but can be remediated with appropriate controls,” Doussot explained.

Singularity source code is available on GitHub, where users can also find detailed instructions on how the tool can be set up and utilized. For demo purposes, NCC Group is also temporarily offering a test instance of the tool.

Singularity of Origin

Google Project Zero researcher Tavis Ormandy earlier this year put the spotlight on DNS rebinding attacks after finding serious vulnerabilities in some popular BitTorrent apps and Blizzard games.

Tripwire researcher Craig Young showed recently how the technique can be used against Google Home and Chromecast devices to reveal a user’s precise physical location. A study published in July by IoT security firm Armis showed that DNS rebinding exposes nearly half a billion devices used by enterprises to attacks.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...