Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- DNS Spoofing
- ARP Spoofing Attack We have already discussed this attack thoroughly. 160
- Using Ettercap to Launch DNS Spoofing Attack
|
DNS Spoofing
We have discussed DNS reconnaissance and related topics in the introductory chapter (Chapter 1). In a DNS spoofing attack, an attacker spoofs the IP address behind a domain name. So even if the victim sees facebook.com in the browser, the real IP behind it is different. This attack can be mostly used to perform phishing attacks. We can also use this attack to perform a client-side exploitation by setting up a malicious web server and making the victim redirect our malicious web server whenever he visits a particular URL, say, google.com. Ettercap has a built-in plug-in called “dnsspoof,” which we can use to perform a dns spoofing attack. The steps required to perform a dns spoofing attack are as follows: 1. Launching an ARP spoofing attack 2. Manipulating the dns records 3. Using Ettercap to launch a DNS spoofing attack ARP Spoofing Attack We have already discussed this attack thoroughly. 160 ◾ Ethical Hacking and Penetration Testing Guide Manipulating the DNS Records The next step is to manipulate the dns records. To do that, we need to edit the /usr/share/ettercap/ etter.dns file using a text editor. We would now need to manipulate the A records with the following: www.google.com A Our Webserver IP So I changed the A record of www.google.com with my own IP address, where I am hosting my own web server. The web server can contain malicious content, or it may be a phishing page. Using Ettercap to Launch DNS Spoofing Attack Finally, we will use the ettercap plug-in “dnsspoof” to launch a dns spoofing attack. The next time when the victim visits google.com, he will be redirected to our server. DHCP Spoofing DHCP stands for “Dynamic Host Configuration Protcol”. Its purpose is to automatically assign IP addresses to any host that requests an IP. So when a new host connects to a network, the DHCP server would assign an IP address and the gateway. The DHCP requests are made in the form of broadcasts. The idea behind this attack is to send a reply to the victim before the real DHCP does. In case we are able to successfully accomplish this, we are able to manipulate the following things: 1. The IP address of the victim 2. Default gateway 3. DNS address Network Sniffing ◾ 161 Since we are able to manipulate the gateway, we can point the victim’s gateway to a non-existing IP address and hence cause a Denial of Service attack. In cases where we want to sniff the traffic, we can launch a DHCP spoofing attack, where by we would change the default gateway of the victim to our address and hence be able to intercept all the traffic that the victim sends. From the MITM menu, we will select DHCP spoofing. You would now need to insert the address of IP pool, netmask, and the IP address of your DNS server. IP Pool - This step is optional, as in case you don’t provide an IP pool it would get the IP from the current DHCP server. Netmask - In most of the cases it is 255.255.255.0, however it might be different in your case. DNS Server - Finally the IP address of your DNS server (Default gateway). Next click “OK” to start the attack. Next on the victim’s machine we would use the following command to release the current DHCP lease. Yüklə 22,44 Mb. Dostları ilə paylaş:
|