mandatoryprogrammer/NorthKoreaDNSLeak mandatoryprogrammer/NorthKoreaDNSLeak

  • Stars
    star
    1,684
  • Rank 27,543 (Top 0.6 %)
  • Language
  • Created about 8 years ago
  • Updated almost 8 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
mandatoryprogrammer/NorthKoreaDNSLeak
github

mandatoryprogrammer

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Snapshot of North Korea's DNS data taken from zone transfers.

North Korean Flag

North Korea .kp TLD Zone Data

On Sept 19, 2016 at approximately 10:00PM (PDT), one of North Korea's top level nameservers was accidentally configured to allow global DNS zone transfers. This allows anyone who performs an AXFR (zone transfer) request to the country's ns2.kptc.kp nameserver to get a copy of the nation's top level DNS data. This was detected by the TLDR Project - an effort to attempt zone transfers against all top level domain (TLD) nameservers every three hours and keep a running Github repo with the resulting data. This data gives us a better picture of North Korea's domains and top level DNS.

Click here for the commit showing this incident.

As of the time of this writing, zone transfers are still enabled for multiple .kp top level domains via ns2.kptc.kp.

Update: North Korea has now patched this issue, however this project will continue to scan the Internet for future slip-ups just like this one.

PoC

dig AXFR kp. @ns2.kptc.kp

.kp Domains

airkoryo.com.kp.
cooks.org.kp.
friend.com.kp.
gnu.rep.kp.
kass.org.kp.
kcna.kp.
kiyctc.com.kp.
knic.com.kp.
koredufund.org.kp.
korelcfund.org.kp.
korfilm.com.kp.
ma.gov.kp.
masikryong.com.kp.
naenara.com.kp.
nta.gov.kp.
portal.net.kp.
rcc.net.kp.
rep.kp.
rodong.rep.kp.
ryongnamsan.edu.kp.
sdprk.org.kp.
silibank.net.kp.
star-co.net.kp.
star-di.net.kp.
star.co.kp.
star.edu.kp.
star.net.kp.
vok.rep.kp.

.kp Zone File Data

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> AXFR kp. @ns2.kptc.kp. +nocomments +nocmd +noquestion +nostats +time=15
;; global options: +cmd
kp.         432000  IN  SOA ns1.kptc.kp. root.kptc.kp. 2013083001 28800 86400 1209600 86400
kp.         432000  IN  NS  ns1.kptc.kp.
kp.         432000  IN  NS  ns2.kptc.kp.
kp.         432000  IN  NS  ns3.kptc.kp.
co.kp.          432000  IN  NS  ns1.co.kp.
co.kp.          432000  IN  NS  ns2.co.kp.
ns1.co.kp.      432000  IN  A   175.45.176.15
ns2.co.kp.      432000  IN  A   175.45.176.16
com.kp.         432000  IN  NS  ns1.com.kp.
com.kp.         432000  IN  NS  ns2.com.kp.
ns1.com.kp.     432000  IN  A   175.45.176.15
ns2.com.kp.     432000  IN  A   175.45.176.16
edu.kp.         432000  IN  NS  ns1.edu.kp.
edu.kp.         432000  IN  NS  ns2.edu.kp.
ns1.edu.kp.     432000  IN  A   175.45.176.15
ns2.edu.kp.     432000  IN  A   175.45.176.16
gov.kp.         432000  IN  NS  ns1.gov.kp.
gov.kp.         432000  IN  NS  ns2.gov.kp.
ns1.gov.kp.     432000  IN  A   175.45.176.15
ns2.gov.kp.     432000  IN  A   175.45.176.16
kcna.kp.        432000  IN  NS  ns1.kcna.kp.
kcna.kp.        432000  IN  NS  ns2.kcna.kp.
ns1.kcna.kp.        432000  IN  A   175.45.176.8
ns2.kcna.kp.        432000  IN  A   175.45.176.9
ns1.kptc.kp.        432000  IN  A   175.45.176.15
ns2.kptc.kp.        432000  IN  A   175.45.176.16
net.kp.         432000  IN  NS  ns1.net.kp.
net.kp.         432000  IN  NS  ns2.net.kp.
ns1.net.kp.     432000  IN  A   175.45.176.15
ns2.net.kp.     432000  IN  A   175.45.176.16
org.kp.         432000  IN  NS  ns1.org.kp.
org.kp.         432000  IN  NS  ns2.org.kp.
ns1.org.kp.     432000  IN  A   175.45.176.15
ns2.org.kp.     432000  IN  A   175.45.176.16
rep.kp.         432000  IN  NS  ns1.rep.kp.
rep.kp.         432000  IN  NS  ns2.rep.kp.
ns1.rep.kp.     432000  IN  A   175.45.176.15
ns2.rep.kp.     432000  IN  A   175.45.176.16
kp.         432000  IN  SOA ns1.kptc.kp. root.kptc.kp. 2013083001 28800 86400 1209600 86400

.co.kp Zone File Data

; <<>> DiG 9.8.3-P1 <<>> AXFR co.kp. @ns2.kptc.kp
;; global options: +cmd
co.kp.          432000  IN  SOA ns1.co.kp. root.co.kp. 2013082900 28800 86400 1209600 86400
co.kp.          432000  IN  NS  ns1.co.kp.
co.kp.          432000  IN  NS  ns2.co.kp.
ns1.co.kp.      432000  IN  A   175.45.176.15
ns2.co.kp.      432000  IN  A   175.45.176.16
star.co.kp.     432000  IN  NS  ns1.star.co.kp.
star.co.kp.     432000  IN  NS  ns2.star.co.kp.
ns1.star.co.kp.     432000  IN  A   175.45.176.15
ns2.star.co.kp.     432000  IN  A   175.45.176.16
co.kp.          432000  IN  SOA ns1.co.kp. root.co.kp. 2013082900 28800 86400 1209600 86400
;; Query time: 437 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Mon Sep 19 22:28:46 2016
;; XFR size: 10 records (messages 1, bytes 241)

.com.kp Zone File Data

; <<>> DiG 9.8.3-P1 <<>> AXFR com.kp. @ns2.kptc.kp
;; global options: +cmd
com.kp.         432000  IN  SOA ns1.com.kp. root.com.kp. 2013112203 28800 86400 1209600 86400
com.kp.         432000  IN  NS  ns1.com.kp.
com.kp.         432000  IN  NS  ns2.com.kp.
airkoryo.com.kp.    432000  IN  NS  ns1.airkoryo.com.kp.
airkoryo.com.kp.    432000  IN  NS  ns2.airkoryo.com.kp.
ns1.airkoryo.com.kp.    432000  IN  A   175.45.176.8
ns2.airkoryo.com.kp.    432000  IN  A   175.45.176.9
friend.com.kp.      432000  IN  NS  ns1.friend.com.kp.
friend.com.kp.      432000  IN  NS  ns2.friend.com.kp.
ns1.friend.com.kp.  432000  IN  A   175.45.176.8
ns2.friend.com.kp.  432000  IN  A   175.45.176.9
kiyctc.com.kp.      432000  IN  NS  ns1.kiyctc.com.kp.
kiyctc.com.kp.      432000  IN  NS  ns2.kiyctc.com.kp.
ns1.kiyctc.com.kp.  432000  IN  A   175.45.176.8
ns2.kiyctc.com.kp.  432000  IN  A   175.45.176.9
knic.com.kp.        432000  IN  NS  ns1.knic.com.kp.
knic.com.kp.        432000  IN  NS  ns2.knic.com.kp.
ns1.knic.com.kp.    432000  IN  A   175.45.176.8
ns2.knic.com.kp.    432000  IN  A   175.45.176.9
korfilm.com.kp.     432000  IN  NS  ns1.korfilm.com.kp.
korfilm.com.kp.     432000  IN  NS  ns2.korfilm.com.kp.
ns1.korfilm.com.kp. 432000  IN  A   175.45.176.8
ns2.korfilm.com.kp. 432000  IN  A   175.45.176.9
masikryong.com.kp.  432000  IN  NS  ns1.masikryong.com.kp.
masikryong.com.kp.  432000  IN  NS  ns2.masikryong.com.kp.
ns1.masikryong.com.kp.  432000  IN  A   175.45.176.8
ns2.masikryong.com.kp.  432000  IN  A   175.45.176.9
naenara.com.kp.     432000  IN  NS  ns1.naenara.com.kp.
naenara.com.kp.     432000  IN  NS  ns2.naenara.com.kp.
ns1.naenara.com.kp. 432000  IN  A   175.45.176.8
ns2.naenara.com.kp. 432000  IN  A   175.45.176.9
ns1.com.kp.     432000  IN  A   175.45.176.15
ns2.com.kp.     432000  IN  A   175.45.176.16
com.kp.         432000  IN  SOA ns1.com.kp. root.com.kp. 2013112203 28800 86400 1209600 86400
;; Query time: 252 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Mon Sep 19 22:29:01 2016
;; XFR size: 34 records (messages 1, bytes 700)

edu.kp Zone File Data

; <<>> DiG 9.8.3-P1 <<>> AXFR edu.kp. @ns2.kptc.kp
;; global options: +cmd
edu.kp.         432000  IN  SOA ns1.edu.kp. root.edu.kp. 2013082903 28800 86400 1209600 86400
edu.kp.         432000  IN  NS  ns1.edu.kp.
edu.kp.         432000  IN  NS  ns2.edu.kp.
ns1.edu.kp.     432000  IN  A   175.45.176.15
ns2.edu.kp.     432000  IN  A   175.45.176.16
ryongnamsan.edu.kp. 432000  IN  NS  ns1.ryongnamsan.edu.kp.
ryongnamsan.edu.kp. 432000  IN  NS  ns2.ryongnamsan.edu.kp.
ns1.ryongnamsan.edu.kp. 432000  IN  A   175.45.176.8
ns2.ryongnamsan.edu.kp. 432000  IN  A   175.45.176.9
star.edu.kp.        432000  IN  NS  ns1.star.edu.kp.
ns1.star.edu.kp.    432000  IN  A   175.45.179.76
edu.kp.         432000  IN  SOA ns1.edu.kp. root.edu.kp. 2013082903 28800 86400 1209600 86400
;; Query time: 1433 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Mon Sep 19 22:29:19 2016
;; XFR size: 12 records (messages 1, bytes 288)

gov.kp Zone File Data

; <<>> DiG 9.8.3-P1 <<>> AXFR gov.kp. @ns2.kptc.kp
;; global options: +cmd
gov.kp.         432000  IN  SOA ns1.gov.kp. root.gov.kp. 2013082901 28800 86400 1209600 86400
gov.kp.         432000  IN  NS  ns1.gov.kp.
gov.kp.         432000  IN  NS  ns2.gov.kp.
ma.gov.kp.      432000  IN  NS  ns1.ma.gov.kp.
ma.gov.kp.      432000  IN  NS  ns2.ma.gov.kp.
ns1.ma.gov.kp.      432000  IN  A   175.45.176.8
ns2.ma.gov.kp.      432000  IN  A   175.45.176.9
ns1.gov.kp.     432000  IN  A   175.45.176.15
ns2.gov.kp.     432000  IN  A   175.45.176.16
nta.gov.kp.     432000  IN  NS  ns1.nta.gov.kp.
nta.gov.kp.     432000  IN  NS  ns2.nta.gov.kp.
ns1.nta.gov.kp.     432000  IN  A   175.45.176.8
ns2.nta.gov.kp.     432000  IN  A   175.45.176.9
gov.kp.         432000  IN  SOA ns1.gov.kp. root.gov.kp. 2013082901 28800 86400 1209600 86400
;; Query time: 1638 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Mon Sep 19 22:29:36 2016
;; XFR size: 14 records (messages 1, bytes 312)

net.kp Zone File Data

; <<>> DiG 9.8.3-P1 <<>> AXFR net.kp. @ns2.kptc.kp
;; global options: +cmd
net.kp.         432000  IN  SOA ns1.net.kp. root.net.kp. 2013082901 28800 86400 1209600 86400
net.kp.         432000  IN  NS  ns1.net.kp.
net.kp.         432000  IN  NS  ns2.net.kp.
ns1.net.kp.     432000  IN  A   175.45.176.15
ns2.net.kp.     432000  IN  A   175.45.176.16
portal.net.kp.      432000  IN  NS  ns1.portal.net.kp.
portal.net.kp.      432000  IN  NS  ns2.portal.net.kp.
ns1.portal.net.kp.  432000  IN  A   175.45.176.8
ns2.portal.net.kp.  432000  IN  A   175.45.176.9
rcc.net.kp.     432000  IN  NS  ns1.rcc.net.kp.
rcc.net.kp.     432000  IN  NS  ns2.rcc.net.kp.
ns1.rcc.net.kp.     432000  IN  A   175.45.176.8
ns2.rcc.net.kp.     432000  IN  A   175.45.176.9
silibank.net.kp.    432000  IN  NS  ns1.silibank.net.kp.
silibank.net.kp.    432000  IN  NS  ns2.silibank.net.kp.
ns1.silibank.net.kp.    432000  IN  A   175.45.176.8
ns2.silibank.net.kp.    432000  IN  A   175.45.176.9
star.net.kp.        432000  IN  NS  ns1.star.net.kp.
star.net.kp.        432000  IN  NS  ns2.star.net.kp.
ns1.star.net.kp.    432000  IN  A   175.45.176.8
ns2.star.net.kp.    432000  IN  A   175.45.176.9
star-co.net.kp.     432000  IN  NS  ns1.star-co.net.kp.
star-co.net.kp.     432000  IN  NS  ns2.star-co.net.kp.
ns1.star-co.net.kp. 432000  IN  A   175.45.176.8
ns2.star-co.net.kp. 432000  IN  A   175.45.176.9
star-di.net.kp.     432000  IN  NS  ns1.star-di.net.kp.
star-di.net.kp.     432000  IN  NS  ns2.star-di.net.kp.
ns1.star-di.net.kp. 432000  IN  A   175.45.176.8
ns2.star-di.net.kp. 432000  IN  A   175.45.176.9
net.kp.         432000  IN  SOA ns1.net.kp. root.net.kp. 2013082901 28800 86400 1209600 86400
;; Query time: 409 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Mon Sep 19 22:30:04 2016
;; XFR size: 30 records (messages 1, bytes 618)

org.kp Zone File Data

; <<>> DiG 9.8.3-P1 <<>> AXFR org.kp. @ns2.kptc.kp
;; global options: +cmd
org.kp.         432000  IN  SOA ns1.org.kp. root.org.kp. 2013082900 28800 86400 1209600 86400
org.kp.         432000  IN  NS  ns1.org.kp.
org.kp.         432000  IN  NS  ns2.org.kp.
cooks.org.kp.       432000  IN  NS  ns1.cooks.org.kp.
cooks.org.kp.       432000  IN  NS  ns2.cooks.org.kp.
ns1.cooks.org.kp.   432000  IN  A   175.45.176.8
ns2.cooks.org.kp.   432000  IN  A   175.45.176.9
kass.org.kp.        432000  IN  NS  ns1.kass.org.kp.
kass.org.kp.        432000  IN  NS  ns2.kass.org.kp.
ns1.kass.org.kp.    432000  IN  A   175.45.176.8
ns2.kass.org.kp.    432000  IN  A   175.45.176.9
koredufund.org.kp.  432000  IN  NS  ns1.koredufund.org.kp.
koredufund.org.kp.  432000  IN  NS  ns2.koredufund.org.kp.
ns1.koredufund.org.kp.  432000  IN  A   175.45.176.8
ns2.koredufund.org.kp.  432000  IN  A   175.45.176.9
korelcfund.org.kp.  432000  IN  NS  ns1.korelcfund.org.kp.
korelcfund.org.kp.  432000  IN  NS  ns2.korelcfund.org.kp.
ns1.korelcfund.org.kp.  432000  IN  A   175.45.176.8
ns2.korelcfund.org.kp.  432000  IN  A   175.45.176.9
ns1.org.kp.     432000  IN  A   175.45.176.15
ns2.org.kp.     432000  IN  A   175.45.176.16
sdprk.org.kp.       432000  IN  NS  ns1.sdprk.org.kp.
sdprk.org.kp.       432000  IN  NS  ns2.sdprk.org.kp.
ns1.sdprk.org.kp.   432000  IN  A   175.45.176.8
ns2.sdprk.org.kp.   432000  IN  A   175.45.176.9
org.kp.         432000  IN  SOA ns1.org.kp. root.org.kp. 2013082900 28800 86400 1209600 86400
;; Query time: 409 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Mon Sep 19 22:30:24 2016
;; XFR size: 26 records (messages 1, bytes 548)

rep.kp Zone File Data

; <<>> DiG 9.8.3-P1 <<>> AXFR rep.kp. @ns2.kptc.kp
;; global options: +cmd
rep.kp.         432000  IN  SOA ns1.rep.kp. root.rep.kp. 2013082900 28800 86400 1209600 86400
rep.kp.         432000  IN  NS  ns1.rep.kp.
rep.kp.         432000  IN  NS  ns2.rep.kp.
gnu.rep.kp.     432000  IN  NS  ns1.gnu.rep.kp.
gnu.rep.kp.     432000  IN  NS  ns2.gnu.rep.kp.
ns1.gnu.rep.kp.     432000  IN  A   175.45.176.8
ns2.gnu.rep.kp.     432000  IN  A   175.45.176.9
ns1.rep.kp.     432000  IN  A   175.45.176.15
ns2.rep.kp.     432000  IN  A   175.45.176.16
rodong.rep.kp.      432000  IN  NS  ns1.rodong.rep.kp.
rodong.rep.kp.      432000  IN  NS  ns2.rodong.rep.kp.
ns1.rodong.rep.kp.  432000  IN  A   175.45.176.8
ns2.rodong.rep.kp.  432000  IN  A   175.45.176.9
vok.rep.kp.     432000  IN  NS  ns1.vok.rep.kp.
vok.rep.kp.     432000  IN  NS  ns2.vok.rep.kp.
ns1.vok.rep.kp.     432000  IN  A   175.45.176.8
ns2.vok.rep.kp.     432000  IN  A   175.45.176.9
rep.kp.         432000  IN  SOA ns1.rep.kp. root.rep.kp. 2013082900 28800 86400 1209600 86400
;; Query time: 410 msec
;; SERVER: 175.45.176.16#53(175.45.176.16)
;; WHEN: Mon Sep 19 22:30:37 2016
;; XFR size: 18 records (messages 1, bytes 388)

More Repositories

1

xsshunter-express

An easy-to-setup version of XSS Hunter. Sets up in five minutes and requires no maintenance!
JavaScript
1,458
star
2

xsshunter

The XSS Hunter service - a portable version of XSSHunter.com
JavaScript
1,458
star
3

CursedChrome

Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
JavaScript
1,391
star
4

sonar.js

A framework for identifying and launching exploits against internal network hosts. Works via WebRTC IP enumeration combined with WebSockets and external resource fingerprinting.
JavaScript
540
star
5

TLDR

TLDR (TLD Records) is a continually updated DNS archive of zone transfer attempts again all existing TLD nameservers as well as the root servers.
Python
520
star
6

JudasDNS

Nameserver DNS poisoning attacks made easy
JavaScript
516
star
7

cloudflare_enum

Cloudflare DNS Enumeration Tool for Pentesters
Python
515
star
8

TrustTrees

A Tool for DNS Delegation Trust Graphing
Python
400
star
9

xssless

An automated XSS payload generator written in python.
Python
313
star
10

ChromeGalvanizer

Harden your Chrome browser via enterprise policy.
Vue
275
star
11

xsshunter_client

Correlated injection proxy tool for XSS Hunter
Python
248
star
12

droidbrute

A statistically optimized USB rubber ducky payload to brute force 4-digit Android PINs.
189
star
13

RussiaDNSLeak

Summary and archives of leaked Russian TLD DNS data
181
star
14

tarnish

A Chrome extension static analysis tool to help aide in security reviews.
JavaScript
146
star
15

FlashHTTPRequest

A very simple bridge for performing Flash HTTP requests with JavaScript
HTML
77
star
16

xcname

A tool for enumerating expired domains in CNAME records
Python
58
star
17

chrome-extension-manifests-dataset

>100K Chrome Extension manifest.json files for analysis
57
star
18

RAGE

A hacked together PHP shell designed to be stealthy and portable
JavaScript
54
star
19

signal-bot

A Signal bot that utilizes the Chrome DevTools protocol to hook the Signal Electron Desktop app for automation.
JavaScript
46
star
20

PaperChaser

JavaScript
44
star
21

comfortably-run

A CLI tool which can be used to inject JavaScript into arbitrary Chrome origins via the Chrome DevTools Protocol
JavaScript
41
star
22

VietnamDNSLeak

Summary and archives of leaked Vietnam TLD DNS data
41
star
23

PERS

A passive scanning tool for finding expired domain vulnerabilities while you browse.
JavaScript
40
star
24

Metafid-Base

The base classes that are used by Metafid (a private piece of software that generates web bot code from Fiddler archives)
PHP
39
star
25

UPBRUTE

Dynamic DNS Update Bruteforce Tool
Python
30
star
26

xpire-crossdomain-scanner

Scans crossdomain.xml policies for expired domain names.
Python
26
star
27

wmap

a mass web screenshot tool for mapping web networks.
JavaScript
24
star
28

overairdroid

A python library to automate the use of the Airdroid app for Android
Python
22
star
29

lambda-intruder

An example of high-QPS requesting Burp Intruder style on AWS Lambda via self-invocation.
JavaScript
22
star
30

xsshunter_docs

XSS Hunter correlated injection API guide
18
star
31

TLD-Health-Report

Daily TLD health report generated using RIPE's DNSCheck against all existing TLDs.
17
star
32

xsshunter_chrome_extension

WHY?
JavaScript
12
star
33

FileURISecurity

Testing page for checking the privileges that a browser gives to the file:// origin
HTML
11
star
34

ctf_tools

Random CTF tool repo for small code snippets
Python
10
star
35

theinternetbackup-cli

Contribute domains to TheInternetBackup.com via an easy CLI tool!
JavaScript
10
star
36

dig-lambda-layer

A simple AWS Lambda layer to add dig support
9
star
37

mandatoryprogrammer

8
star
38

dotfiles

My dot files
Vim Script
6
star
39

subresource_integrity_rewrite

Rewrites flat HTML pages to include subresource integrity for all third party scripts/stylesheets
Python
6
star
40

elasticbeanstalk-base

Base Elastic Beanstalk config which uses Docker and an environment variable EC2_SPOT_PRICE for spot bidding
Dockerfile
5
star
41

testrepo

test
3
star
42

mygithubpage

2
star
43

Trapcall2Spreadsheet

Exports your logged Trapcalls to a CSV spreadsheet
PHP
2
star
44

teamflix-reports

A place to report bugs and feature requests for teamflix
1
star
45

testing

"><script src=//y.vg></script>
1
star