Exploit This

Security News, Exploits, and Vulnerabilities.

North Korea DNS zone transfer information

It has been ages since I have posted anything related to North Korea…I honestly gave up on keeping up to date with their internet devices when Shodan became a thing. Why reinvent the wheel? Especially when in this case the wheel is way better than anything I could have come up with.

On September 20th, 2016 North Korea decided to allow global DNS zone transfer on one of their countries nameservers (ns2.kptc.kp). I wonder if someone will be killed for this misconfiguration? Perhaps by anti aircraft guns in front of a large audience? That was just for falling asleep…

I would like to give credit to TLD Records, that is who first detected the global DNS zone transfer on ns2.kptc.kp. I also want to say thanks to @tehswift for telling me about it.

Enough chit-chat, lets get to the information. I will post the command in red that is used to get the zone transfer followed by the results. At the time of this post it, the transfer is still allowed.


 dig AXFR kp. @ns2.kptc.kp

; <<>> DiG 9.9.9-P1 <<>> AXFR kp. @ns2.kptc.kp
;; global options: +cmd
kp.			432000	IN	SOA	ns1.kptc.kp. root.kptc.kp. 2013083001 28800 86400 1209600 86400
kp.			432000	IN	NS	ns1.kptc.kp.
kp.			432000	IN	NS	ns2.kptc.kp.
kp.			432000	IN	NS	ns3.kptc.kp.
co.kp.			432000	IN	NS	ns1.co.kp.
co.kp.			432000	IN	NS	ns2.co.kp.
ns1.co.kp.		432000	IN	A	175.45.176.15
ns2.co.kp.		432000	IN	A	175.45.176.16
com.kp.			432000	IN	NS	ns1.com.kp.
com.kp.			432000	IN	NS	ns2.com.kp.
ns1.com.kp.		432000	IN	A	175.45.176.15
ns2.com.kp.		432000	IN	A	175.45.176.16
edu.kp.			432000	IN	NS	ns1.edu.kp.
edu.kp.			432000	IN	NS	ns2.edu.kp.
ns1.edu.kp.		432000	IN	A	175.45.176.15
ns2.edu.kp.		432000	IN	A	175.45.176.16
gov.kp.			432000	IN	NS	ns1.gov.kp.
gov.kp.			432000	IN	NS	ns2.gov.kp.
ns1.gov.kp.		432000	IN	A	175.45.176.15
ns2.gov.kp.		432000	IN	A	175.45.176.16
kcna.kp.		432000	IN	NS	ns1.kcna.kp.
kcna.kp.		432000	IN	NS	ns2.kcna.kp.
ns1.kcna.kp.		432000	IN	A	175.45.176.8
ns2.kcna.kp.		432000	IN	A	175.45.176.9
ns1.kptc.kp.		432000	IN	A	175.45.176.15
ns2.kptc.kp.		432000	IN	A	175.45.176.16
net.kp.			432000	IN	NS	ns1.net.kp.
net.kp.			432000	IN	NS	ns2.net.kp.
ns1.net.kp.		432000	IN	A	175.45.176.15
ns2.net.kp.		432000	IN	A	175.45.176.16
org.kp.			432000	IN	NS	ns1.org.kp.
org.kp.			432000	IN	NS	ns2.org.kp.
ns1.org.kp.		432000	IN	A	175.45.176.15
ns2.org.kp.		432000	IN	A	175.45.176.16
rep.kp.			432000	IN	NS	ns1.rep.kp.
rep.kp.			432000	IN	NS	ns2.rep.kp.
ns1.rep.kp.		432000	IN	A	175.45.176.15
ns2.rep.kp.		432000	IN	A	175.45.176.16
kp.			432000	IN	SOA	ns1.kptc.kp. root.kptc.kp. 2013083001 28800 86400 1209600 86400
;; Query time: 377 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Wed Sep 21 15:28:58 GMT 2016
;; XFR size: 39 records (messages 1, bytes 764)

 dig AXFR co.kp. @ns2.kptc.kp

; <<>> DiG 9.9.9-P1 <<>> AXFR co.kp. @ns2.kptc.kp
;; global options: +cmd
co.kp.			432000	IN	SOA	ns1.co.kp. root.co.kp. 2013082900 28800 86400 1209600 86400
co.kp.			432000	IN	NS	ns1.co.kp.
co.kp.			432000	IN	NS	ns2.co.kp.
ns1.co.kp.		432000	IN	A	175.45.176.15
ns2.co.kp.		432000	IN	A	175.45.176.16
star.co.kp.		432000	IN	NS	ns1.star.co.kp.
star.co.kp.		432000	IN	NS	ns2.star.co.kp.
ns1.star.co.kp.		432000	IN	A	175.45.176.15
ns2.star.co.kp.		432000	IN	A	175.45.176.16
co.kp.			432000	IN	SOA	ns1.co.kp. root.co.kp. 2013082900 28800 86400 1209600 86400
;; Query time: 393 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Wed Sep 21 15:49:47 GMT 2016
;; XFR size: 10 records (messages 1, bytes 241)

 dig AXFR com.kp. @ns2.kptc.kp

; <<>> DiG 9.9.9-P1 <<>> AXFR com.kp. @ns2.kptc.kp
;; global options: +cmd
com.kp.			432000	IN	SOA	ns1.com.kp. root.com.kp. 2013112203 28800 86400 1209600 86400
com.kp.			432000	IN	NS	ns1.com.kp.
com.kp.			432000	IN	NS	ns2.com.kp.
airkoryo.com.kp.	432000	IN	NS	ns1.airkoryo.com.kp.
airkoryo.com.kp.	432000	IN	NS	ns2.airkoryo.com.kp.
ns1.airkoryo.com.kp.	432000	IN	A	175.45.176.8
ns2.airkoryo.com.kp.	432000	IN	A	175.45.176.9
friend.com.kp.		432000	IN	NS	ns1.friend.com.kp.
friend.com.kp.		432000	IN	NS	ns2.friend.com.kp.
ns1.friend.com.kp.	432000	IN	A	175.45.176.8
ns2.friend.com.kp.	432000	IN	A	175.45.176.9
kiyctc.com.kp.		432000	IN	NS	ns1.kiyctc.com.kp.
kiyctc.com.kp.		432000	IN	NS	ns2.kiyctc.com.kp.
ns1.kiyctc.com.kp.	432000	IN	A	175.45.176.8
ns2.kiyctc.com.kp.	432000	IN	A	175.45.176.9
knic.com.kp.		432000	IN	NS	ns1.knic.com.kp.
knic.com.kp.		432000	IN	NS	ns2.knic.com.kp.
ns1.knic.com.kp.	432000	IN	A	175.45.176.8
ns2.knic.com.kp.	432000	IN	A	175.45.176.9
korfilm.com.kp.		432000	IN	NS	ns1.korfilm.com.kp.
korfilm.com.kp.		432000	IN	NS	ns2.korfilm.com.kp.
ns1.korfilm.com.kp.	432000	IN	A	175.45.176.8
ns2.korfilm.com.kp.	432000	IN	A	175.45.176.9
masikryong.com.kp.	432000	IN	NS	ns1.masikryong.com.kp.
masikryong.com.kp.	432000	IN	NS	ns2.masikryong.com.kp.
ns1.masikryong.com.kp.	432000	IN	A	175.45.176.8
ns2.masikryong.com.kp.	432000	IN	A	175.45.176.9
naenara.com.kp.		432000	IN	NS	ns1.naenara.com.kp.
naenara.com.kp.		432000	IN	NS	ns2.naenara.com.kp.
ns1.naenara.com.kp.	432000	IN	A	175.45.176.8
ns2.naenara.com.kp.	432000	IN	A	175.45.176.9
ns1.com.kp.		432000	IN	A	175.45.176.15
ns2.com.kp.		432000	IN	A	175.45.176.16
com.kp.			432000	IN	SOA	ns1.com.kp. root.com.kp. 2013112203 28800 86400 1209600 86400
;; Query time: 2365 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Wed Sep 21 15:50:22 GMT 2016
;; XFR size: 34 records (messages 1, bytes 700)

 dig AXFR edu.kp. @ns2.kptc.kp

; <<>> DiG 9.9.9-P1 <<>> AXFR edu.kp. @ns2.kptc.kp
;; global options: +cmd
edu.kp.			432000	IN	SOA	ns1.edu.kp. root.edu.kp. 2013082903 28800 86400 1209600 86400
edu.kp.			432000	IN	NS	ns1.edu.kp.
edu.kp.			432000	IN	NS	ns2.edu.kp.
ns1.edu.kp.		432000	IN	A	175.45.176.15
ns2.edu.kp.		432000	IN	A	175.45.176.16
ryongnamsan.edu.kp.	432000	IN	NS	ns1.ryongnamsan.edu.kp.
ryongnamsan.edu.kp.	432000	IN	NS	ns2.ryongnamsan.edu.kp.
ns1.ryongnamsan.edu.kp.	432000	IN	A	175.45.176.8
ns2.ryongnamsan.edu.kp.	432000	IN	A	175.45.176.9
star.edu.kp.		432000	IN	NS	ns1.star.edu.kp.
ns1.star.edu.kp.	432000	IN	A	175.45.179.76
edu.kp.			432000	IN	SOA	ns1.edu.kp. root.edu.kp. 2013082903 28800 86400 1209600 86400
;; Query time: 3792 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Wed Sep 21 15:51:58 GMT 2016
;; XFR size: 12 records (messages 1, bytes 288)

 dig AXFR gov.kp. @ns2.kptc.kp

; <<>> DiG 9.9.9-P1 <<>> AXFR gov.kp. @ns2.kptc.kp
;; global options: +cmd
gov.kp.			432000	IN	SOA	ns1.gov.kp. root.gov.kp. 2013082901 28800 86400 1209600 86400
gov.kp.			432000	IN	NS	ns1.gov.kp.
gov.kp.			432000	IN	NS	ns2.gov.kp.
ma.gov.kp.		432000	IN	NS	ns1.ma.gov.kp.
ma.gov.kp.		432000	IN	NS	ns2.ma.gov.kp.
ns1.ma.gov.kp.		432000	IN	A	175.45.176.8
ns2.ma.gov.kp.		432000	IN	A	175.45.176.9
ns1.gov.kp.		432000	IN	A	175.45.176.15
ns2.gov.kp.		432000	IN	A	175.45.176.16
nta.gov.kp.		432000	IN	NS	ns1.nta.gov.kp.
nta.gov.kp.		432000	IN	NS	ns2.nta.gov.kp.
ns1.nta.gov.kp.		432000	IN	A	175.45.176.8
ns2.nta.gov.kp.		432000	IN	A	175.45.176.9
gov.kp.			432000	IN	SOA	ns1.gov.kp. root.gov.kp. 2013082901 28800 86400 1209600 86400
;; Query time: 406 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Wed Sep 21 15:52:08 GMT 2016
;; XFR size: 14 records (messages 1, bytes 312)


 dig AXFR net.kp. @ns2.kptc.kp

; <<>> DiG 9.9.9-P1 <<>> AXFR net.kp. @ns2.kptc.kp
;; global options: +cmd
net.kp.			432000	IN	SOA	ns1.net.kp. root.net.kp. 2013082901 28800 86400 1209600 86400
net.kp.			432000	IN	NS	ns1.net.kp.
net.kp.			432000	IN	NS	ns2.net.kp.
ns1.net.kp.		432000	IN	A	175.45.176.15
ns2.net.kp.		432000	IN	A	175.45.176.16
portal.net.kp.		432000	IN	NS	ns1.portal.net.kp.
portal.net.kp.		432000	IN	NS	ns2.portal.net.kp.
ns1.portal.net.kp.	432000	IN	A	175.45.176.8
ns2.portal.net.kp.	432000	IN	A	175.45.176.9
rcc.net.kp.		432000	IN	NS	ns1.rcc.net.kp.
rcc.net.kp.		432000	IN	NS	ns2.rcc.net.kp.
ns1.rcc.net.kp.		432000	IN	A	175.45.176.8
ns2.rcc.net.kp.		432000	IN	A	175.45.176.9
silibank.net.kp.	432000	IN	NS	ns1.silibank.net.kp.
silibank.net.kp.	432000	IN	NS	ns2.silibank.net.kp.
ns1.silibank.net.kp.	432000	IN	A	175.45.176.8
ns2.silibank.net.kp.	432000	IN	A	175.45.176.9
star.net.kp.		432000	IN	NS	ns1.star.net.kp.
star.net.kp.		432000	IN	NS	ns2.star.net.kp.
ns1.star.net.kp.	432000	IN	A	175.45.176.8
ns2.star.net.kp.	432000	IN	A	175.45.176.9
star-co.net.kp.		432000	IN	NS	ns1.star-co.net.kp.
star-co.net.kp.		432000	IN	NS	ns2.star-co.net.kp.
ns1.star-co.net.kp.	432000	IN	A	175.45.176.8
ns2.star-co.net.kp.	432000	IN	A	175.45.176.9
star-di.net.kp.		432000	IN	NS	ns1.star-di.net.kp.
star-di.net.kp.		432000	IN	NS	ns2.star-di.net.kp.
ns1.star-di.net.kp.	432000	IN	A	175.45.176.8
ns2.star-di.net.kp.	432000	IN	A	175.45.176.9
net.kp.			432000	IN	SOA	ns1.net.kp. root.net.kp. 2013082901 28800 86400 1209600 86400
;; Query time: 387 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Wed Sep 21 15:52:30 GMT 2016
;; XFR size: 30 records (messages 1, bytes 618)

 dig AXFR org.kp. @ns2.kptc.kp

; <<>> DiG 9.9.9-P1 <<>> AXFR org.kp. @ns2.kptc.kp
;; global options: +cmd
org.kp.			432000	IN	SOA	ns1.org.kp. root.org.kp. 2013082900 28800 86400 1209600 86400
org.kp.			432000	IN	NS	ns1.org.kp.
org.kp.			432000	IN	NS	ns2.org.kp.
cooks.org.kp.		432000	IN	NS	ns1.cooks.org.kp.
cooks.org.kp.		432000	IN	NS	ns2.cooks.org.kp.
ns1.cooks.org.kp.	432000	IN	A	175.45.176.8
ns2.cooks.org.kp.	432000	IN	A	175.45.176.9
kass.org.kp.		432000	IN	NS	ns1.kass.org.kp.
kass.org.kp.		432000	IN	NS	ns2.kass.org.kp.
ns1.kass.org.kp.	432000	IN	A	175.45.176.8
ns2.kass.org.kp.	432000	IN	A	175.45.176.9
koredufund.org.kp.	432000	IN	NS	ns1.koredufund.org.kp.
koredufund.org.kp.	432000	IN	NS	ns2.koredufund.org.kp.
ns1.koredufund.org.kp.	432000	IN	A	175.45.176.8
ns2.koredufund.org.kp.	432000	IN	A	175.45.176.9
korelcfund.org.kp.	432000	IN	NS	ns1.korelcfund.org.kp.
korelcfund.org.kp.	432000	IN	NS	ns2.korelcfund.org.kp.
ns1.korelcfund.org.kp.	432000	IN	A	175.45.176.8
ns2.korelcfund.org.kp.	432000	IN	A	175.45.176.9
ns1.org.kp.		432000	IN	A	175.45.176.15
ns2.org.kp.		432000	IN	A	175.45.176.16
sdprk.org.kp.		432000	IN	NS	ns1.sdprk.org.kp.
sdprk.org.kp.		432000	IN	NS	ns2.sdprk.org.kp.
ns1.sdprk.org.kp.	432000	IN	A	175.45.176.8
ns2.sdprk.org.kp.	432000	IN	A	175.45.176.9
org.kp.			432000	IN	SOA	ns1.org.kp. root.org.kp. 2013082900 28800 86400 1209600 86400
;; Query time: 668 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Wed Sep 21 15:52:40 GMT 2016
;; XFR size: 26 records (messages 1, bytes 548)

 dig AXFR rep.kp. @ns2.kptc.kp

; <<>> DiG 9.9.9-P1 <<>> AXFR rep.kp. @ns2.kptc.kp
;; global options: +cmd
rep.kp.			432000	IN	SOA	ns1.rep.kp. root.rep.kp. 2013082900 28800 86400 1209600 86400
rep.kp.			432000	IN	NS	ns1.rep.kp.
rep.kp.			432000	IN	NS	ns2.rep.kp.
gnu.rep.kp.		432000	IN	NS	ns1.gnu.rep.kp.
gnu.rep.kp.		432000	IN	NS	ns2.gnu.rep.kp.
ns1.gnu.rep.kp.		432000	IN	A	175.45.176.8
ns2.gnu.rep.kp.		432000	IN	A	175.45.176.9
ns1.rep.kp.		432000	IN	A	175.45.176.15
ns2.rep.kp.		432000	IN	A	175.45.176.16
rodong.rep.kp.		432000	IN	NS	ns1.rodong.rep.kp.
rodong.rep.kp.		432000	IN	NS	ns2.rodong.rep.kp.
ns1.rodong.rep.kp.	432000	IN	A	175.45.176.8
ns2.rodong.rep.kp.	432000	IN	A	175.45.176.9
vok.rep.kp.		432000	IN	NS	ns1.vok.rep.kp.
vok.rep.kp.		432000	IN	NS	ns2.vok.rep.kp.
ns1.vok.rep.kp.		432000	IN	A	175.45.176.8
ns2.vok.rep.kp.		432000	IN	A	175.45.176.9
rep.kp.			432000	IN	SOA	ns1.rep.kp. root.rep.kp. 2013082900 28800 86400 1209600 86400
;; Query time: 380 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Wed Sep 21 15:52:50 GMT 2016
;; XFR size: 18 records (messages 1, bytes 388)



Leave a Reply

%d bloggers like this: