Security firm NCC Group has released an open source tool for penetration testing dubbed Singularity of Origin that allows carrying out DNS rebinding attacks.
Singularity also aims to raise awareness on how DNS rebinding attacks work and how to protect from them.
A DNS rebinding attack allows any website to create a DNS name that they are authorized to communicate with, and then make it resolve to localhost.
This attack technique could be exploited to target a vulnerable machine and exploit vulnerabilities in applications running on the localhost interface or exposing local services.
The attacker only needs to trick victims into visiting a malicious page or view a malicious ad to launch the attack.
“During recent security assessments, we’ve seen applications running on the localhost interface or exposing services on an internal network without authentication. This includes Electron-based applications or applications exposing Chrome Developer Tools and other various debuggers,” states NCC Group Senior Security Consultant Roger Meyer.
“Exploiting such services is typically straight forward, but it takes a substantial effort to implement an attack in the context of a security assessment. There are tools available to exploit DNS rebinding vulnerabilities but they pose a number of challenges including the lack of support or documentation. They sometimes do not even work, are very specific and/or do not provide a full exploitation stack, requiring much effort to assemble and integrate all the missing bits and pieces.”
Differently from publicly available tools for DNS rebinding attacks, the Singularity tool provides a full exploitation stack.
The Singularity tool includes several attack payloads that allow pen testers to carry out various activities, such as grabbing an app’s homepage and remotely executing code.
The payload could be modified to implements new attacks.
NCC Group published the source code for the Singularity tool on GitHub and a demo instance of the tool is available at the following URL:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.