ghopp
/
ldapscan
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Some little python code to visualize an LDAP structure.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
24 KiB
 
 
Tree: 299372fd59
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '299372fd59'
${ noResults }
ldapscan/lib/Protocol/Dns/Info.txt

103 lines
3.9 KiB
Raw Blame History

A simple DNS message and response implementation.
It only supports name queries.
good informations about dns:
rfc1035
http://technet.microsoft.com/en-us/library/dd197470(v=ws.10).aspx
serveral more could be found via google.
What we need:
dns header 6 * 16bit
16bit ID
16bit Flags
1bit request/response indicator (0 = request)
4bit operation code / what operation to be done (0 = query)
1bit authoritive answer / obviosly only used for responses
1bit truncation / indicate that the message was to large for a UDP datagram
1bit recursion desired / 1 to recurse the request (we normally want this)
1bit recursion available / obvious
3bit reserved / set to 000
4bit return code / 0 means successfull, currently all other are wrong for us
16bit Question count
16bit Answer count
16bit Authority count
16bit Additional count
1 question resource record (valriable len) our would look like this.
question name: 0x09localhost0x00
16bit question type: 0x0001 (for A record question)
16bit question class: 0x0001 (represents the IN question class)
TYPE value and meaning
========================================================
(removed all obsolete and experimental codes)
A 1 a host address
NS 2 an authoritative name server
CNAME 5 the canonical name for an alias
SOA 6 marks the start of a zone of authority
WKS 11 a well known service description
PTR 12 a domain name pointer
HINFO 13 host information
MINFO 14 mailbox or mail list information
MX 15 mail exchange
TXT 16 text strings
QTYPE values
========================================================
QTYPE fields appear in the question part of a query. QTYPES are a
superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the
following QTYPEs are defined:
AXFR 252 A request for a transfer of an entire zone
* 255 A request for all records
CLASS values
========================================================
IN 1 the Internet
CH 3 the CHAOS class
HS 4 Hesiod [Dyer 87]
Our hardcoded request message:
434301000001000000000000096C6F63616C686F73740000010001
^ ^ ^ ^ ^ ^
ID | | | | |
flags | | | |
one query | | |
query name (localhost) | |
type |
class
OK, as i analyse the response i realize that my request was repeated back along
with the answer. For now I assume this is the default behaviour of DNS.
At least I can be sure that our DNS will always respond that way.
The last 4 bytes of the answer record represent the ip address. We can savely
assume this as currently we only query IPv4 A records. With these this should
be always true.
out complete response was:
434381800001000100000000096c6f63616c686f73740000010001c00c000100010000000f00040a0100dc
^ ^ ^
no error | |
one request |
one response
We cut of the headers and the request (as it was our own...we do not care about
it), leaving us with:
c00c000100010000000f00040a0100dc
^ ^ ^ ^ ^ ^
nref | | | | |
type | | | |
class | | |
TTL | |
resource date len |
here starts our ip
nref => is a reference of the name queried corresponding the
DNS Packet Compression Schema:
2bits: compression indicator (11 when compression is active)
rest: offset to name
In our case this means the offset is 0x0c (12). The offset is the offset from
the start of the message.