DNS, possibly one of the most hated things ever. Since it's always DNS anyway, I thought I might as well do a little article about all the funny stuff you can do with DNS and things that are very closely related to DNS. Let's not waste any more time and jump right in!
- My journey into the "Hacking" & Infosec community
- What is a DNS
- The problem with DNS
- The amalgamation
- The fun stuff
- Evade website blocking and restrictions
- Get access to non password Wi-Fi
- Messing with the hosts file
As always, I don't guarantee for the accuracy of these articles and am not to be held responsible for what you do with the information presented here. I only write these articles with the best of intentions and for mostly educational purposes, while not trying to present the subject as too dry. With that said, I put a lot of time and effort into these and I hope that you enjoy reading them.
My Journey Into The Infosec Community
Writing this, could possibly be a self dox, since this isn't the first time I've written and/or told this story, but in fact it's the first time I'm talking about this under my real name. So in case you're reading this and feel like this story sounds familiar, it might very well be. Please keep that stuff to yourself though wink.
Damn French Classes
Back when I was in 7th grade, we had to choose between a variety of subjects. The options were chemistry, biology, home economics and drumroll French. I really just chose it, because at the beginning we had a really "strict" French teacher. She was generally really nice to me though and usually I had a B+ on every test, so I couldn't complain. However, when I officially chose the French course, she apparently went to another school or something. Most importantly though, she wasn't there anymore. Unfortunately she got a replaced with a (in friendly terms, since I don't know who's reading this) a not so nice teacher. I've tried to hide most of my tests etc. at that point, but obviously some were getting through, so I had to come up with another strategy.
Good old Duolingo that saved my life. This is now about 6 years old (as of time of writing), so I think I was one of the first Duolingo users ever, at least I sometimes feel like it. The huge advantage that Duolingo gave me though, it was a platform to prove that it was my teachers fault and not my lacking competence.
Fun fact, I think it was a bit of both and more.
I didn't want to give in on this though, so I sat on this damn laptop all day. Some day I eventually snapped (I'm assuming, I don't really remember how it came to be) and I couldn't stand wasting my whole day on this damn website. So I googled something along the lines of "How to change website".
This was partially where a whole world opened up to me. Anyways, the first tutorial I remember was all about the "inspect" button, if you right click a page. Quickly I noticed, that if you selected some text, or right click on an image it would select the "code" (which when I first looked at it, I didn't know it was HTML). Good thing was, maybe my grades weren't that good in French, but English was a subject that saved my ass multiple times (also thanks to my fantastic teacher). HTML was all really just English and some mess, but it was ordered mess. Somehow it had a structure and all I really needed was to just edit one little part of the structure and it gave me the wanted result.
Maybe I overdid it though when I found out, since I always gave me the best possible result. My dad noticed and simply reloaded the page. Gone were my good results and my cover was blown, something new had to do. Once again I turned back to google, but this time I googled "How to change a website permanently".
This was where the "hacking/infosec" fun began for me.
Honestly I can't recall how I did it, but with lots of tears and pain (overwhelmingly much pain) I somehow managed to make it permanently. I really can't recall, if I just edited the host file, managed to pull of a DNS hijack or something else. Somehow all the possibilities in my head seem equally unlikely though, mostly because I don't even know how to do most of the things in this very moment. Sure, I could look it up again, but I have no idea how I made it in 7th grade. Since most of my approaches I can think of are DNS related though, I thought I'd dedicate a whole (or at least a big part) of this article to fun stuff you can do with DNS.
What is DNS
In case you don't know DNS, I'm just going to give you a quick explanation. The acronym is really unimportant if you need an explanation of it, so I'm just gonna leave it out. DNS is the system, where you can essentially browse a big telephone list. Just that the telephone list isn't filled with peoples names and their phone number, but instead with domains (like Google.com) and the correlating IP addresses. With that, your computer can ask a so called "DNS server" about who this Google.com is and which number you need to reach him. The DNS translates Google.com into an IP address and you can finally reach Google, yaaay.
The Problem With DNS
Mainly, DNS is a very old thing and really insecure for a backbone of the Internet. After all, it gives you all the IP addresses you need, to reach a certain website. What if it's telling lies though, or somebody might be interested in what you talk about with the DNS server? Worry not, for there are some "solutions" even if they might not be perfect. But when was something ever perfect anyways?
DNSSEC is an official standard, that isn't used by every DNS provider though. It maybe doesn't prevent some snooping on DNS traffic, but it verifies that what the DNS server says is true, or untrue. The important part here being, that your computer knows when it's getting nonsense or malicious replies.
DNScrypt on the other hand, prevents people from snooping around. DNScrypt doesn't provide, that the results from the DNS server are accurate though, it "just" authenticates and encrypts the given systems traffic to the given DNS server. This means, your computer has no idea when it's getting told nonsense.
Luckily for you and me, DNSSEC and DNScrypt can work complimentarily. So you know, when you're getting accurate results and when not, but also don't have to fear that somebody is snooping the DNS traffic between you and the given DNS server.
The Fun Stuff
Now that you know somewhat, how DNS works and how you can secure yourself in the context of it, let's get to the fun stuff you can do with DNS and its closely related things. Even if these things might not be as technical etc. they sometimes save the day for me. Besides, this is an homage anyways.
Evade Website Blocking & Restrictions
You know the situation, you're sitting in a Starbucks, McDonald's, are waiting at the airport etc. and you just wanna surf the web. Eventually you'll want to visit a website though, that you can't reach or that displays some message talking about some restrictions. Luckily for us, this website censoring is mostly done through DNS. If you happen to not being able to surf a website therefore, you can simply change your DNS. I'd recommend downloading 126.96.36.199 from the Playstore or Appstore, if you happen to be on mobile. For other platforms, which aren't smartphones there are great tutorials on how to change your DNS, so I'm not stretching this article.
Alternatively, you can also try to put a . behind the .com for example. This means, instead of typing Google.com, you'd type Google.com.
This is a defined standard and you won't believe how often this works. Besides evading "censorship", it's also a great help if you want to browse some news sites for example, that want you to log in or make you sign a subscription. Maybe it won't work on all of them, but for a huge amount of them for sure.
Get Access To Non Password Wi-Fi
That title seems a little bit confusing, doesn't it? After all, it's non password Wi-Fi, so just start browsing no? Well, it's not always as easy as that. Some non password Wi-Fi's redirect you to a local website, no matter what you type in your browser. Meaning, you can't browse the Internet until you've typed something in. Why people, companies or schools do something like that is a mystery even for me. Worry not though, because here you can (sometimes) just enforce a specific DNS server. So instead of taking the one, that the given Wi-Fi network "recommends" you can enforce your own. I've seen this work on school, airport, bakery Wi-Fi etc.
The list is basically endless on all the Wi-Fi's it works. Unfortunately this trick doesn't work on every Router manufacturer, so sometimes you'll either have to come up with some different trick, or simply give up.
Messing With The Hosts File
Ohh dear, the hosts file. A real legacy fragment of computing that is still available in most operating systems. Its existence may be mostly unnecessary nowadays, but it's great for pulling tricks on someone and so many more things. It honestly theoretically deserves a whole blogpost on its own, but for now let me list some of the funniest/useful stuff you can do with it.
- In case you get access to a fairly interesting computer (if you're a "redteamer") you can play some funny tricks on the blueteam by configuring the hosts file to either not allow access to a certain website, or redirect it to a different website. Potentially even a malicious one, or a site that looks like the original, so you can get some nice credentials etc. (Unfortunately you most of the time need Admin etc. rights to even modify the hosts file).
- Access the "website" of your router (for example Fritz.box), download the given website of your router, edit it and put it on the wanted computer/laptop so it essentially acts as a middle point and the user name and password get stored somewhere, where only you can access it. I should note, that this is only useful if you still live with your parents or somewhere, where you don't have access to the router. Also you still need to get access to the given computer/laptop, but if your parents (like mine) should happen to write all their passwords down on a sticky note, that's either literally on the trackpad of the laptop or in a neat password book that you know the location of, this should be a simple task. Additionally I should add, that this is the closest you can get to a perfect phish, since the website address is literally the same as usual.
- Now onto the useful part, you can also block automatic Windows updates. You simply have to redirect "put address here" into the void and no all of a sudden windows update is gonna restart your computer/laptop. Of course I know, that generally updating is an important thing to do, but I'm also a strong believer that everybody (at least in this field) can decide on how to handle their own security. Besides of stopping auto updates for Windows, just for your own sanity you can also theoretically use this to weaken the security of a given target and not just by blocking the update servers for Windows.
- Besides using the hosts file, to achieve something malicious or blocking updates, you can also use it to make sure, that you're connecting to the correct IP address and aren't redirected because of some malicious actor, whether it's a certain individual or a government.
- Alternatively of making sure you connect to the right website, you can also use it to blackhole known malicious websites or websites that you don't want others to visit for whatever reason. Theoretically you could enforce certain security policies that way, but in my opinion there are better methods for that.
DNS is from my viewpoint the reason why I first really got into infosec and started messing around with computers generally. Even if I can't tell you for sure it happened because of it, I'm happy to have written this article for others to maybe reflect on their past and how they got here. Besides all the things I listed there are obviously many more ways to do fun stuff with DNS and as already said, this isn't a very techie article, but it doesn't have to be. Many people just see this field as a job, but without fun there's no value for me in it. Cheers.