mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-25 22:20:43 +00:00
GitBook: [master] 2 pages modified
This commit is contained in:
parent
81336c9141
commit
be1799a87b
2 changed files with 26 additions and 1 deletions
|
@ -30,7 +30,6 @@
|
|||
* **Replacement**: Like homoglyph but less stealthy. It replaces one of the letters in the domain name, perhaps with a letter in proximity of the original letter on the keyboard \(e.g, zektser.com\).
|
||||
* **Subdomained**: Introduce a **dot** inside the domain name \(e.g., ze.lster.com\).
|
||||
* **Insertion**: It **inserts a letter** into the domain name \(e.g., zerltser.com\).
|
||||
* **Bitsquatting:** It anticipates a small portion of systems encountering hardware errors, resulting in the mutation of the resolved domain name by 1 bit. \(e.g., xeltser.com\).
|
||||
* **Missing dot**: Append the TLD to the domain name. \(e.g., zelstercom.com\)
|
||||
|
||||
#### Automatic Tools
|
||||
|
@ -44,6 +43,18 @@
|
|||
* [https://dnstwister.report/](https://dnstwister.report/)
|
||||
* [https://www.internetmarketingninjas.com/tools/free-tools/domain-typo-generator/](https://www.internetmarketingninjas.com/tools/free-tools/domain-typo-generator/)
|
||||
|
||||
### Bitflipping
|
||||
|
||||
In the world of computing, everything is stored in bits \(zeros and ones\) in memory behind the scenes.
|
||||
This applies to domains too. For example, _windows.com_ becomes _01110111..._ in the volatile memory of your computing device.
|
||||
However, what if one of these bits got automatically flipped due to a solar flare, cosmic rays, or a hardware error? That is one of the 0's becomes a 1 and vice versa.
|
||||
Applying this concept to DNS request, it's possible that the **domain requested** that arrives to the DNS server **isn't the same as the domain initially requested.**
|
||||
|
||||
For example a 1 bit modification in the domain microsoft.com can transform it into _windnws.com._
|
||||
**Attackers may register as many bit-flipping domains as possible related to the victim in order to redirect legitimate users to their infrastructure**.
|
||||
|
||||
For more information read [https://www.bleepingcomputer.com/news/security/hijacking-traffic-to-microsoft-s-windowscom-with-bitflipping/](https://www.bleepingcomputer.com/news/security/hijacking-traffic-to-microsoft-s-windowscom-with-bitflipping/)
|
||||
|
||||
### Buy a trusted domain
|
||||
|
||||
You can search in [https://www.expireddomains.net/](https://www.expireddomains.net/) for a expired domain that you could use.
|
||||
|
|
|
@ -18,6 +18,20 @@ For this purpose you can use any of the following tools. Note that these tolls w
|
|||
* \*\*\*\*[**dnstwist**](https://github.com/elceef/dnstwist)\*\*\*\*
|
||||
* [**urlcrazy**](https://github.com/urbanadventurer/urlcrazy)\*\*\*\*
|
||||
|
||||
### Bitflipping
|
||||
|
||||
In the world of computing, everything is stored in bits \(zeros and ones\) in memory behind the scenes.
|
||||
This applies to domains too. For example, _windows.com_ becomes _01110111..._ in the volatile memory of your computing device.
|
||||
However, what if one of these bits got automatically flipped due to a solar flare, cosmic rays, or a hardware error? That is one of the 0's becomes a 1 and vice versa.
|
||||
Applying this concept to DNS request, it's possible that the **domain requested** that arrives to the DNS server **isn't the same as the domain initially requested.**
|
||||
|
||||
For example a 1 bit modification in the domain microsoft.com can transform it into _windnws.com._
|
||||
**Attackers may register as many bit-flipping domains as possible related to the victim in order to redirect legitimate users to their infrastructure**.
|
||||
|
||||
For more information read [https://www.bleepingcomputer.com/news/security/hijacking-traffic-to-microsoft-s-windowscom-with-bitflipping/](https://www.bleepingcomputer.com/news/security/hijacking-traffic-to-microsoft-s-windowscom-with-bitflipping/)
|
||||
|
||||
**All possible bit-flipping domain names should be also monitored.**
|
||||
|
||||
### Basic checks
|
||||
|
||||
Once you have a list of potential suspicions domain names you should **check** them \(mainly the ports HTTP and HTTPS\) to **see if they are using some login form similar** to someone of the victim's domain.
|
||||
|
|
Loading…
Reference in a new issue