84
◾
Ethical Hacking and Penetration Testing Guide
Attack Scenario
Let’s talk about some of the attack scenarios and how an attacker can benefit from dns snooping
attack. An attacker could launch more targeted phishing attacks by figuring
out what sites users are
accessing on a network. For example, you are in the middle of the penetration test on a company’s
network and You query their name servers to find out what sites the users are visiting. You
find out
that they are browsing “facebook.com” or “orkut.com”. Based on this, you can launch more tar-
geted phishing attacks. Also, we can launch DNS poisoning attacks to redirect
all the users visiting
Facebook to our malicious server hosted somewhere on that network. That malicious server could
then be used to compromise the targets. We will learn more about this in Chapter 6.
Automating DNS Cache Snooping Attacks
You can build an automated script yourself or try a neat program called “FOCA,” which has the
capability of performing DNS cache snooping attacks. We can also
use an nmap script named
“dns-cache-snoop” for automating this attack. You can learn more about these tools from follow-
ing links:
References
:
◾
http://nmap.org/nsedoc/scripts/dns-cache-snoop.html
◾
http://www.informatica64.com/foca.aspx
Enumerating SNMP
SNMP stands for Simple
Network Mapping Protocol; it is widely used for the purpose of man-
agement and remote configurations of the devices. SNMP runs on UDP port 161. It has three
versions:
SNMP V1
,
SNMP V2
,
and
SNMP V3
Dostları ilə paylaş: 
