[Security] DNS Spoofing!

WARNING: hacking into other Network without permission is a crime - don't do it! Please try on your own network.

DNS spoofing is one of most popular techniques in network hacking , it simply means that hacker provide false web sites to the victim, for example ; if the victim request Facebook website the hacker will provide it with another website (e.g Google!), This attack is very useful to get login information by redirect the victim to fake login sites .

DNS spoofing is one of Man-In-The-Middle-Attack (MITM) techniques.

Image Source



Today i will show you how to make DNS spoofing by using Ettercap and BackTrack 4 .

DNS Spoofing!

1. Start the console and login as root "sudo su".


2. We will make some modification to etter.conf file , so we will try to locate it first so write "locate etter.dns".


3. Open the file to edit it , i used "kate" here.



4. We will make any request to yahoo.com redirect to google.com , so we have to know the IP address for Google.com , so run this command to locate the IP "ping www.google.com" 209.85.227.18


5. Now change the file as follow , the first section is the website you want to redirect (Yahoo.com) , and the second one is the IP address for website you want redirect to (Google.com) , as you see we cover more than one probability , for example if the user wrote www.yahoo.com or yahoo.com ; this will work either ways.


6. Save the file and exit.

7. Start ettercap in graphic interface "ettercap -G".



8. Choose "Sniff">"Unified Sniffing" > "wlan0" if you use wireless , but if you use ethernet choose "eth0".



9. We will scan for hosts . "Hosts" > "Scan for Hosts".



10. Here is the hosts i found . "Hosts" > " Hosts List".



11. Now my victim is 192.168.1.13 and the router is 192.168.1.1 , so choose the victim IP and click "Add to Target 1 " then choose the router IP and click "Add to Target 2 ".


12. Now check the targets list "Targets" > "Current Targets".



13. We will start Man in the middle attack , "Mitm" > "Arp Poisoning" , and tick the two choices .



14. Now we will start the DNS spoof plugins , "Plugins">"Manage the Plugins" > then double click over "dns_spoof".



15. Start the sniffing. "Start" > "Start Sniffing" .


16. That's it! now if the victim request www.yahoo.com it will be redirect to www.google.com.


Notes:
  • If you didn't choose any victim, all the IPs in your network will be targeted, but be careful this will slow down all the network traffic on other computers.
  • For this technique to work you have to be on local network (LAN) or wireless network.

See Also!

[LAN] How To Control Your Computer Remotely

Read Users' Comments (0)

0 Response to "[Security] DNS Spoofing!"

Post a Comment