A kitten prank.

Earlier today, i was sitting down, watching tv with my brother. We were both on laptops doing other things at the same time. He started watching an episode of loaded featuring 50 cent. I do not like 50 cent. After several minutes of the god-awful, talentless, garbage, i got sick of it. Did I go the pansy route and ask him to change it? No! I took the high road and made a few changed to my dns server causing all sites he tried to go to, to instead, go to kittenwar.com. I’ll show you how i did it.

Now, first things first; you need to run your own dns server. Secondly, the target must be using your dns server for lookups.

The first thing we need is the ip address to kittenwar.com. Thats easy. Its 64.111.96.38. I shouldn’t have even mentioned this part.

Secondly, we need to construct a zone declaration that will claim to be the master for anything. I used the following:

zone "." {
	type master;
	file "kittenwar/all.hosts";
	};

It worked great. See, in dns, all domains end with an usually implied “.”. (Its the one between the quotes) This dot represents the root nameservers and how they’re the start of the domain name system. I claim here to be the master authoritative namerserver for any domain ending in “.”. That is to say, all domains.

Next, is the actual redirection…trickery…dns spoofing…whatever. We now need to match all domains to have an A record of 64.111.96.38. Luckily, this is easy. I used the following:

$TTL	86400
@			IN	SOA	localhost. root.localhost. (
					      2		; Serial
					 604800		; Refresh
					  86400		; Retry
					2419200		; Expire
					  86400 )	; Negative Cache TTL
;
@			IN	NS	localhost.
@			IN	A	64.111.96.38
*			IN	A	64.111.96.38

Which also worked great. Most of that isn’t strictly necessary for a zone like this but, i already had that one mostly made. As you can see, we define “.” to have an A record for kittenwar as well as anything else “*”. Well thats great, your done, your target is now going to kittenwar.com and there’s nothing he can do, right? WRONG!! You still need to select that victim to be the one that feels your wrath.

This next step involves views. If your not using views, well, you should. The tricky thing about them is every zone *must* be in a view if even one is. So, remember that. Bind cries bloody tears of pain everytime you don’t. Sorry just wanted to make that point as graphic as possible. You can add them manually if you want. The way i did it, was with acl’s. I used the following:

acl kittened { 192.168.0.102; 192.168.0.110; };

This matches both my brother (192.168.0.102) and myself (192.168.0.110). I added myself so i could test that its working. I recommend doing this temporarily. Now, add the acl to any views that the hosts may already be matched by.

view "internal" {
    match-clients { !kittened; localnets; };
    recursion yes;
    include "/etc/bind/internal/internal.conf";
};

There i’ve removed the acl “kittened” and all its hosts from normal service because i’m going to add them to a completely separate view. Now, lets create that view. The syntax is fairly simple, really just copy and paste from above where necessary.

view "kittenwar" {
    match-clients { kittened; };
    recursion no;
    include "/etc/bind/kittenwar/kittenwar.conf";
};

And thats it. I turned off recursion for this view because its already authoritative for everything. You don’t need to. Give bind a good restart (it tends to like restarts better for changes like this) and try it out. Now any domain/website that the target attempts to visit will simply bring up the page kittenwar.com.

*Note. Operatings systems and browsers both tend to cache dns lookups. It may take some time for these to expire and the effects to be seen. For best results, have ssh access to the machine and clear the cache yourself/reboot the machine. Also, you can do this for any site for which visiting the ip address takes you to the site. Thats not always true, especially with shared hosting. If you have any questions at all, leave a comment.

*Note 2. When the target goes insane and begins chasing you around the house with a bloody chainsaw (why do the chainsaws always already have blood on them?). And it will happen. Its very easy to reverse this. Just remove the ip address from the acl declaration and restart bind. Then restart the machine/clear caches. Intense “The Shining” style killing urges should subside after a while. If it doesn’t, use your telepathic powers to summon the black guy to his death. Somehow thats relevant and everything ends with you living despite being a retarded 9 year old vs a madman with an axe.

Related Posts